• You've discovered RedGuides 📕 an EverQuest multi-boxing community 🛡️🧙🗡️. We want you to play several EQ characters at once, come join us and say hello! 👋
  • IS THIS SITE UGLY? Click "RG3" at the very bottom-left of this page to change it. To dismiss this notice, click the X --->
  • The 5th Annual "EverQuest Software Awards" is here! Celebrate your favorite projects and win door prizes 🎁

Problem - Direct X9? (1 Viewer)

Joined
Dec 19, 2011
RedCents
56¢
I built a new computer today ran the RGlauncher and installed MQ but I get an error saying Could not load MQ2Main.dll or one of its dependencies. Macroquest will now exit.

I can see the MQ2Main.dll file in the installation directory. I tried to search but couldn't find anything.

Running windows 10 pro 64 bit if that matters.

*fixed it* If anyone else runs into this problem you have to install directx 9.
 
Last edited:
Solution
sorry to reload this - just got myself a new laptop and am receiving the same error message, but my DX is 12... Restarted and reinstalled multiple times..
You still need Direct X 9 (as chat mentioned --- adding this in there for the "answer")

DX9.0c
Directx 9.0c June 2010 Redist
(Windows 10 comes with a stripped-down version)
you can download it directly from microsoft


moving these posts to their own thread as they are off-topic of the original question/answer

Sic

[sic]
Moderator
Joined
May 5, 2016
RedCents
34,519¢
sorry to reload this - just got myself a new laptop and am receiving the same error message, but my DX is 12... Restarted and reinstalled multiple times..
You still need Direct X 9 (as chat mentioned --- adding this in there for the "answer")

DX9.0c
Directx 9.0c June 2010 Redist
(Windows 10 comes with a stripped-down version)
you can download it directly from microsoft


moving these posts to their own thread as they are off-topic of the original question/answer
 
Solution
Joined
Apr 2, 2016
RedCents
10¢
Windows 10 Home edition...I downloaded the above direct x package sic linked and put it in a folder on my desktop and then ran the direct x setup in the folder and it installed everything but I still get the message. I dont know if it helps but I used to use mq on this laptop about a year and a half ago and only just recently downloaded all the mqnext stuff through the patcher so I am not sure if I goofed something up that way.
 
Joined
Aug 12, 2018
RedCents
385¢
Windows 10 Home edition...I downloaded the above direct x package sic linked and put it in a folder on my desktop and then ran the direct x setup in the folder and it installed everything but I still get the message. I dont know if it helps but I used to use mq on this laptop about a year and a half ago and only just recently downloaded all the mqnext stuff through the patcher so I am not sure if I goofed something up that way.
Run in compatibility mode?
 

Knightly

Moderator
Joined
Jun 28, 2014
RedCents
7,059¢
Windows 10 Home edition...I downloaded the above direct x package sic linked and put it in a folder on my desktop and then ran the direct x setup in the folder and it installed everything but I still get the message. I dont know if it helps but I used to use mq on this laptop about a year and a half ago and only just recently downloaded all the mqnext stuff through the patcher so I am not sure if I goofed something up that way.
In that case, my guess is you tried to put your new MQ in the same folder as your old MQ. Make a new folder and you should be good to go.
 
Joined
Apr 2, 2016
RedCents
10¢
Hey guys...tried a lot of different things over the past day and this laptop still has me scratching my head...mq working fine on my desktop and 2 other laptops but I still get this error on my 3rd laptop...I've followed all the instructions above to install direct x...I've googled it to makes sure I am doing the install right (pretty hard to screw up). I have deleted all the files from redguides and the launcher and redownloaded it several times...uninstalled and reinstalled eq....lol I have no idea why it wont work on this laptop...used to run mq fine like a year ago pre mq next ... using windows 10 home edition...anyways if you have any other thoughts let me know. *** I did try different compatibility modes as well to no avail***
 
Joined
Aug 12, 2018
RedCents
385¢
hmmm way back when 10 came out there was an issue of the Direct 12 kept overwriting the 9C so players had to force 9C in manually. All the reinstalling might be removing 9C.

Which version shows on yours? I think its 9.29.1974.1 for 9C
 

Lemons

Freshly Squeezed
Moderator
Joined
Sep 27, 2013
RedCents
6,821¢
I've been trying to help Red with this. I've:

  • Fresh install on 3 locations (C and D)
  • All comparability settings
  • Admin/not admin
  • Reinstalled 12
  • Installed 9 June package
  • Various restarts
At a loss at this point. His dxdiag looks better than mine.
 

Lemons

Freshly Squeezed
Moderator
Joined
Sep 27, 2013
RedCents
6,821¢
Thanks Brain. It's having trouble finding dlls. It does not give any "unable to load" errors. There are also 12 0x000135 errors.


0xC0000135

STATUS_DLL_NOT_FOUND
{Unable To Locate Component} This application has failed to start because %hs was not found. Reinstalling the application might fix this problem.

0xC000008A

STATUS_RESOURCE_TYPE_NOT_FOUND
Indicates the specified resource type cannot be found in the image file.
0xC000008B

STATUS_RESOURCE_NAME_NOT_FOUND
Indicates the specified resource name cannot be found in the image file.
1671060224078.png

I verified that they exist in System32 with good permissions and then followed the steps to load them in:

1671060114850.png
I loaded in each one manually and re-ran. It did not resolve any of the errors.


Running Win 10. I'm at a loss.
 

Lemons

Freshly Squeezed
Moderator
Joined
Sep 27, 2013
RedCents
6,821¢
There is much more data yes. Wasn't sure if it was kosher to post publicly, but it looks pretty generic.

The only other thing that caught my eye was redirects for most things, but no idea if that's normal or not.

INI:
C:\Users\ASUS\Desktop\redguides>cdb -c "g;q" MacroQuest.exe

Microsoft (R) Windows Debugger Version 10.0.22621.755 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: MacroQuest.exe

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff7`2fc60000 00007ff7`30182000   MacroQuest.exe
ModLoad: 00007ff8`e73d0000 00007ff8`e75c8000   ntdll.dll
0ab0:2c3c @ 837502250 - LdrpInitializeProcess - INFO: Beginning execution of MacroQuest.exe (C:\Users\ASUS\Desktop\redguides\MacroQuest.exe)
        Current directory: C:\Users\ASUS\Desktop\redguides\
        Package directories: (null)
0ab0:2c3c @ 837502250 - LdrpInitializeTls - INFO: DLL "C:\Users\ASUS\Desktop\redguides\MacroQuest.exe" has TLS information at 00007FF7300D3900
0ab0:2c3c @ 837502250 - LdrpAllocateTls - INFO: TlsVector 000001D3261C3120 Index 0 : 28 bytes copied from 00007FF7300DC580 to 000001D3261C3180
0ab0:2c3c @ 837502250 - LdrLoadDll - ENTER: DLL name: KERNEL32.DLL
0ab0:2c3c @ 837502250 - LdrpLoadDllInternal - ENTER: DLL name: KERNEL32.DLL
0ab0:2c3c @ 837502250 - LdrpFindKnownDll - ENTER: DLL name: KERNEL32.DLL
0ab0:2c3c @ 837502250 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502250 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ff8`e6b20000 00007ff8`e6bdf000   C:\WINDOWS\System32\KERNEL32.DLL
0ab0:2c3c @ 837502250 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502250 - LdrpFindKnownDll - ENTER: DLL name: KERNELBASE.dll
0ab0:2c3c @ 837502250 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502250 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ff8`e4d50000 00007ff8`e5022000   C:\WINDOWS\System32\KERNELBASE.dll
0ab0:2c3c @ 837502250 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502250 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-job-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-largeinteger-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502265 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processsnapshot-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-appcontainer-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-comm-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-realtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-systemtopology-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-systemtopology-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processtopology-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namespace-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502281 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-xstate-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-xstate-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-normalization-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l2-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l3-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-ansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502296 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502312 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteBarrier" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryUnbiasedInterruptTime" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventActivityIdControl" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502312 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E4D66750 for DLL "C:\WINDOWS\System32\KERNELBASE.dll"
0ab0:2c3c @ 837502312 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837502312 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502312 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDisownModuleHeapAllocation" by name
0ab0:2c3c @ 837502312 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E6B37550 for DLL "C:\WINDOWS\System32\KERNEL32.DLL"
0ab0:2c3c @ 837502312 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837502312 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502312 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryFeatureConfiguration" by name
0ab0:2c3c @ 837502312 - LdrpGetProcedureAddress - INFO: Locating procedure "NtQueryWnfStateData" by name
0ab0:2c3c @ 837502312 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502312 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseThreadInitThunk" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetWindowsDirectoryW" by name
0ab0:2c3c @ 837502328 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-appcompat-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502328 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502328 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseReadAppCompatDataForProcessWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseIsAppcompatInfrastructureDisabledWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseUpdateAppcompatCacheWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCheckAppcompatCacheWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseDumpAppcompatCacheWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCleanupAppcompatCacheSupportWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseFreeAppCompatDataForProcessWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCheckAppcompatCacheExWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseInitAppcompatCacheSupportWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseFlushAppcompatCacheWorker" by name
0ab0:2c3c @ 837502328 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502328 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502328 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepGetComputerNameFromNtPath" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepSetFileEncryptionCompression" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepCopyEncryption" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "SetVolumeMountPointWStub" by name
0ab0:2c3c @ 837502328 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502328 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502328 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTimeFormatAWorker" by name
0ab0:2c3c @ 837502328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTimeFormatWWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDateFormatWWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDateFormatAWorker" by name
0ab0:2c3c @ 837502343 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-quirks-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502343 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502343 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkGetDataWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackage2Worker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackageWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkGetData2Worker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabled3Worker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabled2Worker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForProcessWorker" by name
0ab0:2c3c @ 837502343 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-quirks-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502343 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502343 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackage4Worker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackage3Worker" by name
0ab0:2c3c @ 837502343 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502343 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502343 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentActCtxWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "ActivateActCtxWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QueryActCtxSettingsWWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "AddRefActCtxWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "DeactivateActCtxWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateActCtxWWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "FindActCtxSectionStringWWorker" by name
0ab0:2c3c @ 837502343 - LdrpGetProcedureAddress - INFO: Locating procedure "QueryActCtxWWorker" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "FindActCtxSectionGuidWorker" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "ReleaseActCtxWorker" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "ZombifyActCtxWorker" by name
0ab0:2c3c @ 837502359 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502359 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502359 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "CheckForReadOnlyResourceFilter" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepReportFault" by name
0ab0:2c3c @ 837502359 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502359 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502359 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvOpenUserClasses" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvSetValueKey" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetPreSetValue" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetWindowsDirectoryW" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetWindowsDirectoryA" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepNotifyLoadStringResource" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvOpenRegEntry" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvDeleteValue" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvDeleteKey" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvSetKeySecurity" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvRestoreKey" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvCreateRegEntry" by name
0ab0:2c3c @ 837502359 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernelbase-processthread-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502359 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502359 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepPostSuccessAppXExtension" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseElevationPostProcessing" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepInitAppCompatData" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepGetAppCompatData" by name
0ab0:2c3c @ 837502359 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseDestroyVDMEnvironment" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepCheckWebBladeHashes" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepReleaseAppXContext" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseWriteErrorElevationRequiredEvent" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepFreeAppCompatData" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepReleaseSxsCreateProcessUtilityStruct" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepAppXExtension" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepAppContainerEnvironmentExtension" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepQueryModuleChpeSettings" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCheckElevation" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepCheckWinSaferRestrictions" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "NtVdm64CreateProcessInternalW" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "RaiseInvalid16BitExeError" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepProcessInvalidImage" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseIsDosApplication" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepIsProcessAllowed" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseUpdateVDMEntry" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepQueryAppCompat" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepConstructSxsCreateProcessMessage" by name
0ab0:2c3c @ 837502375 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernelbase-processthread-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502375 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
0ab0:2c3c @ 837502375 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepGetPackageActivationTokenForSxS" by name
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepFinishPackageActivationForSxS" by name
0ab0:2c3c @ 837502375 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502375 - LdrpGetProcedureAddress - INFO: Locating procedure "KernelbasePostInit" by name
0ab0:2c3c @ 837502390 - LdrGetDllHandleEx - ENTER: DLL name: kernelbase.dll
0ab0:2c3c @ 837502390 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502390 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502390 - LdrpGetProcedureAddress - INFO: Locating procedure "ArmFeatureUsageSubscriberFlushNotification" by name
0ab0:2c3c @ 837502390 - LdrpFindKnownDll - ENTER: DLL name: USER32.dll
0ab0:2c3c @ 837502390 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502390 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\USER32.dll
ModLoad: 00007ff8`e66a0000 00007ff8`e6841000   C:\WINDOWS\System32\USER32.dll
0ab0:2c3c @ 837502390 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502390 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\USER32.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502390 - LdrpFindKnownDll - ENTER: DLL name: win32u.dll
0ab0:2c3c @ 837502390 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502390 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\win32u.dll
ModLoad: 00007ff8`e51d0000 00007ff8`e51f2000   C:\WINDOWS\System32\win32u.dll
0ab0:2c3c @ 837502390 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502390 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\win32u.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502390 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-privateprofile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-atoms-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-stringansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appinit-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502406 - LdrpFindKnownDll - ENTER: DLL name: GDI32.dll
0ab0:2c3c @ 837502406 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502406 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\GDI32.dll
ModLoad: 00007ff8`e6bf0000 00007ff8`e6c1b000   C:\WINDOWS\System32\GDI32.dll
0ab0:2c3c @ 837502406 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502406 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\GDI32.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-gdi-internal-uap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\gdi32full.dll by API set
0ab0:2c3c @ 837502421 - LdrpFindKnownDll - ENTER: DLL name: gdi32full.dll
0ab0:2c3c @ 837502421 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502421 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\gdi32full.dll
ModLoad: 00007ff8`e5300000 00007ff8`e540f000   C:\WINDOWS\System32\gdi32full.dll
0ab0:2c3c @ 837502421 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502421 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\gdi32full.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502421 - LdrpFindKnownDll - ENTER: DLL name: msvcp_win.dll
0ab0:2c3c @ 837502421 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502421 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\msvcp_win.dll
ModLoad: 00007ff8`e5030000 00007ff8`e50cd000   C:\WINDOWS\System32\msvcp_win.dll
0ab0:2c3c @ 837502421 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502421 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\msvcp_win.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpFindKnownDll - ENTER: DLL name: ucrtbase.dll
0ab0:2c3c @ 837502421 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502421 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ff8`e5200000 00007ff8`e5300000   C:\WINDOWS\System32\ucrtbase.dll
0ab0:2c3c @ 837502421 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502421 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\ucrtbase.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-locale-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837502437 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4f88 @ 837502453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedFlushSList" by name
0ab0:4f88 @ 837502453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-math-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502468 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502468 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeConditionVariable" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCallbackUnloadDllOnCompletion" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-stringansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-privateprofile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "GetProcessMitigationPolicy" by name
0ab0:2c3c @ 837502500 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502500 - LdrpFindKnownDll - ENTER: DLL name: COMDLG32.dll
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837502500 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837502500 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\COMDLG32.dll
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4cd0 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4f88 @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:247c @ 837502500 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4f88 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:247c @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWrite" by name
0ab0:4f88 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4f88 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventActivityIdControl" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:4f88 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
0ab0:4f88 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
ModLoad: 00007ff8`e6930000 00007ff8`e6a0a000   C:\WINDOWS\System32\COMDLG32.dll
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837502515 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:2c3c @ 837502515 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\COMDLG32.dll" failed with status 0xc000008b
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4cd0 @ 837502515 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "GetProcessMitigationPolicy" by name
0ab0:4cd0 @ 837502515 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502515 - LdrpFindKnownDll - ENTER: DLL name: msvcrt.dll
0ab0:4cd0 @ 837502531 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:2c3c @ 837502531 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502531 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\msvcrt.dll
ModLoad: 00007ff8`e5ee0000 00007ff8`e5f7e000   C:\WINDOWS\System32\msvcrt.dll
0ab0:2c3c @ 837502531 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502531 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\msvcrt.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502546 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502546 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:247c @ 837502562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837502562 - LdrpFindKnownDll - ENTER: DLL name: combase.dll
0ab0:2c3c @ 837502562 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502562 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\combase.dll
ModLoad: 00007ff8`e6230000 00007ff8`e6585000   C:\WINDOWS\System32\combase.dll
0ab0:2c3c @ 837502562 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502562 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\combase.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpFindKnownDll - ENTER: DLL name: RPCRT4.dll
0ab0:2c3c @ 837502562 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502562 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ff8`e70a0000 00007ff8`e71c5000   C:\WINDOWS\System32\RPCRT4.dll
0ab0:2c3c @ 837502562 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502562 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\RPCRT4.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-misc-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:2c3c @ 837502578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryDepthSList" by name
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPopEntrySList" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedFlushSList" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837502593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-realtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetCriticalSectionSpinCount" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAddressAll" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForWork" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpIsTimerSet" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseIoCompletion" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpStartAsyncIoOperation" by name
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCancelAsyncIoOperation" by name
0ab0:2c3c @ 837502609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502609 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForIoCompletion" by name
0ab0:4f88 @ 837502625 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleasePool" by name
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502625 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-privateprofile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-quirks-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processsnapshot-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-winrt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-winrt-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryDepthSList" by name
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-winrt-error-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPopEntrySList" by name
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-winrt-error-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-version-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-scaling-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:2c3c @ 837502640 - LdrpFindKnownDll - ENTER: DLL name: shcore.dll
0ab0:4cd0 @ 837502640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502640 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837502656 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502656 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\shcore.dll
0ab0:4cd0 @ 837502656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "GetProcessMitigationPolicy" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryUnbiasedInterruptTime" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockExclusive" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
ModLoad: 00007ff8`e65f0000 00007ff8`e669d000   C:\WINDOWS\System32\shcore.dll
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:2c3c @ 837502656 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAddressAll" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAddressSingle" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetWait" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWait" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:2c3c @ 837502656 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\shcore.dll" failed with status 0xc000008a
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCallbackSetEventOnCompletion" by name
0ab0:4cd0 @ 837502656 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForWork" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForWait" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventActivityIdControl" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteEx" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4cd0 @ 837502671 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-largeinteger-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-quirks-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-version-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-atoms-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-unicodeansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-largeinteger-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:4f88 @ 837502687 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-stream-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-comhelpers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockExclusive" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shell-shellcom-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-stateseparation-helpers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-url-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shcore-thread-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\shcore.dll by API set
0ab0:4f88 @ 837502703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502703 - LdrpFindKnownDll - ENTER: DLL name: SHLWAPI.dll
0ab0:4f88 @ 837502703 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837502718 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:4f88 @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\SHLWAPI.dll
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForWait" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWait" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpDisassociateCallback" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCallbackUnloadDllOnCompletion" by name
0ab0:4f88 @ 837502718 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetWait" by name
ModLoad: 00007ff8`e71d0000 00007ff8`e7225000   C:\WINDOWS\System32\SHLWAPI.dll
0ab0:2c3c @ 837502718 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502718 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\SHLWAPI.dll" failed with status 0xc000008b
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502718 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-version-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-url-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registryuserspecific-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-stringansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-versionansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-privateprofile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502734 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4cd0 @ 837502734 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4cd0 @ 837502734 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4cd0 @ 837502734 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4cd0 @ 837502750 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4cd0 @ 837502750 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502750 - LdrpPreprocessDllName - INFO: DLL COMCTL32.dll was redirected to C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll by SxS
0ab0:4cd0 @ 837502750 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:247c @ 837502750 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll
0ab0:2c3c @ 837502750 - LdrpFindKnownDll - ENTER: DLL name: SHELL32.dll
0ab0:2c3c @ 837502750 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502750 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\SHELL32.dll
0ab0:247c @ 837502750 - LdrpResolveDllName - RETURN: Status: 0x00000000
ModLoad: 00007ff8`e55e0000 00007ff8`e5d24000   C:\WINDOWS\System32\SHELL32.dll
0ab0:2c3c @ 837502750 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:247c @ 837502750 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll
0ab0:2c3c @ 837502750 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\SHELL32.dll" failed with status 0xc000008b
0ab0:2c3c @ 837502750 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
ModLoad: 00007ff8`cb770000 00007ff8`cba0a000   C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll
0ab0:2c3c @ 837502750 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:247c @ 837502750 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502750 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502750 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll" failed with status 0xc000008a
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502781 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-atoms-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-largeinteger-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-url-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-calendar-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-path-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-realtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-version-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502796 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:4f88 @ 837502796 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837502796 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-classicprovider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-stringansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-privateprofile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502812 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-atoms-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502812 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-url-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registryuserspecific-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-shell-shellcom-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-stateseparation-helpers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_W" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-job-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4f88 @ 837502828 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837502828 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-time-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-math-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502843 - LdrpFindKnownDll - ENTER: DLL name: ADVAPI32.dll
0ab0:4cd0 @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502843 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837502843 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\ADVAPI32.dll
0ab0:4cd0 @ 837502843 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockShared" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
ModLoad: 00007ff8`e6180000 00007ff8`e622e000   C:\WINDOWS\System32\ADVAPI32.dll
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockExclusive" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837502843 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4cd0 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4f88 @ 837502843 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502859 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\ADVAPI32.dll" failed with status 0xc000008a
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryEnterCriticalSection" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4f88 @ 837502859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4cd0 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_W" by name
0ab0:4f88 @ 837502859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:2c3c @ 837502859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-controller-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:2c3c @ 837502859 - LdrpFindKnownDll - ENTER: DLL name: sechost.dll
0ab0:2c3c @ 837502859 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502859 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\sechost.dll
0ab0:4f88 @ 837502859 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:4cd0 @ 837502875 - LdrpGetProcedureAddress - INFO: Loading procedure 0x8c by ordinal
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:4cd0 @ 837502875 - LdrpGetProcedureAddress - INFO: Loading procedure 0xc1 by ordinal
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:4cd0 @ 837502875 - LdrpGetProcedureAddress - INFO: Loading procedure 0xc8 by ordinal
0ab0:4cd0 @ 837502875 - LdrpGetProcedureAddress - INFO: Loading procedure 0xbe by ordinal
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetWait" by name
0ab0:4cd0 @ 837502875 - LdrpGetProcedureAddress - INFO: Loading procedure 0x8e by ordinal
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForWait" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4cd0 @ 837502875 - LdrpGetProcedureAddress - INFO: Loading procedure 0xc0 by ordinal
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWait" by name
ModLoad: 00007ff8`e6a80000 00007ff8`e6b1c000   C:\WINDOWS\System32\sechost.dll
0ab0:2c3c @ 837502875 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837502875 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\sechost.dll" failed with status 0xc000008b
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryUnbiasedInterruptTime" by name
0ab0:4f88 @ 837502875 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-crt-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-crt-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwGetTraceLoggerHandle" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwGetTraceEnableFlags" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwRegisterTraceGuidsW" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwUnregisterTraceGuids" by name
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwGetTraceEnableLevel" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPopEntrySList" by name
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
0ab0:4f88 @ 837502890 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502890 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_A" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_W" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-consumer-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-consumer-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-core-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-core-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-core-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-management-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-management-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateProcThreadAttribute" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-private-l1-1-4.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-private-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502906 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeProcThreadAttributeList" by name
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-private-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502906 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-service-winsvc-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-audit-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-audit-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502921 - LdrpGetProcedureAddress - INFO: Locating procedure "GetProcessMitigationPolicy" by name
0ab0:2c3c @ 837502921 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-pcw-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4f88 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502937 - LdrpFindKnownDll - ENTER: DLL name: ole32.dll
0ab0:4f88 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4f88 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837502937 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502937 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\ole32.dll
0ab0:4cd0 @ 837502937 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4cd0 @ 837502937 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:4cd0 @ 837502937 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
ModLoad: 00007ff8`e5f80000 00007ff8`e60aa000   C:\WINDOWS\System32\ole32.dll
0ab0:2c3c @ 837502937 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "LdrResolveDelayLoadedAPI" by name
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4cd0 @ 837502937 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502937 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\ole32.dll" failed with status 0xc000008a
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "InitOnceBeginInitialize" by name
0ab0:4cd0 @ 837502937 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "InitOnceComplete" by name
0ab0:2c3c @ 837502937 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4cd0 @ 837502937 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCallbackUnloadDllOnCompletion" by name
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseIoCompletion" by name
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCancelAsyncIoOperation" by name
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "TpStartAsyncIoOperation" by name
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837502953 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502953 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-stringansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-atoms-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-shlwapi-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-marshal-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psm-key-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-quirks-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502968 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837502968 - LdrpFindKnownDll - ENTER: DLL name: OLEAUT32.dll
0ab0:2c3c @ 837502984 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837502984 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\OLEAUT32.dll
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
ModLoad: 00007ff8`e60b0000 00007ff8`e617d000   C:\WINDOWS\System32\OLEAUT32.dll
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837502984 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:4f88 @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:2c3c @ 837502984 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\OLEAUT32.dll" failed with status 0xc000008a
0ab0:4f88 @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPopEntrySList" by name
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837502984 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837502984 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventActivityIdControl" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventProviderEnabled" by name
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetWait" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWait" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForWork" by name
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503000 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_W" by name
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503000 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837503015 - LdrpFindKnownDll - ENTER: DLL name: CRYPT32.dll
0ab0:2c3c @ 837503015 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503015 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\CRYPT32.dll
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4cd0 @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4cd0 @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
ModLoad: 00007ff8`e4ba0000 00007ff8`e4cf6000   C:\WINDOWS\System32\CRYPT32.dll
0ab0:2c3c @ 837503015 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:4cd0 @ 837503015 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837503015 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\CRYPT32.dll" failed with status 0xc000008a
0ab0:4cd0 @ 837503015 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlRunOnceInitialize" by name
0ab0:4cd0 @ 837503031 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4cd0 @ 837503031 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-version-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503031 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-grouppolicy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503046 - LdrpFindKnownDll - ENTER: DLL name: dbghelp.dll
0ab0:2c3c @ 837503046 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
0ab0:4cd0 @ 837503046 - LdrpSearchPath - ENTER: DLL name: dbghelp.dll
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837503046 - LdrpPreprocessDllName - INFO: DLL COMCTL32.dll was redirected to C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll by SxS
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:2c3c @ 837503046 - LdrpFindKnownDll - ENTER: DLL name: WS2_32.dll
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837503046 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503046 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\WS2_32.dll
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4cd0 @ 837503046 - LdrpComputeLazyDllPath - INFO: DLL search path computed: C:\Users\ASUS\Desktop\redguides;C:\WINDOWS\SYSTEM32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32\windowspowershell\v1.0\;c:\program files (x86)\common files\oracle\java\javapath;c:\program files (x86)\intel\icls client\;c:\program files\intel\icls client\;c:\w
0ab0:4f88 @ 837503046 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4cd0 @ 837503062 - LdrpResolveDllName - ENTER: DLL name: C:\Users\ASUS\Desktop\redguides\dbghelp.dll
0ab0:4f88 @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:4f88 @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
ModLoad: 00007ff8`e6a10000 00007ff8`e6a7b000   C:\WINDOWS\System32\WS2_32.dll
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837503062 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837503062 - LdrpResolveDllName - RETURN: Status: 0xc0000135
0ab0:4cd0 @ 837503062 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\SYSTEM32\dbghelp.dll
0ab0:4f88 @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:2c3c @ 837503062 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\WS2_32.dll" failed with status 0xc000008a
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-crt-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4cd0 @ 837503062 - LdrpResolveDllName - RETURN: Status: 0x00000000
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:4cd0 @ 837503062 - LdrpSearchPath - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-crt-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:2c3c @ 837503062 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503062 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCallbackUnloadDllOnCompletion" by name
0ab0:4f88 @ 837503078 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4cd0 @ 837503078 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\SYSTEM32\dbghelp.dll
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
ModLoad: 00007ff8`d4f40000 00007ff8`d5124000   C:\WINDOWS\SYSTEM32\dbghelp.dll
0ab0:4cd0 @ 837503078 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503078 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\SYSTEM32\dbghelp.dll" failed with status 0xc000008b
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-time-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-locale-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-misc-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503093 - LdrpFindKnownDll - ENTER: DLL name: bcrypt.dll
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837503093 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503093 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\bcrypt.dll
0ab0:4f88 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localregistry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
ModLoad: 00007ff8`e4b70000 00007ff8`e4b97000   C:\WINDOWS\System32\bcrypt.dll
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryEnterCriticalSection" by name
0ab0:2c3c @ 837503093 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:4f88 @ 837503093 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4cd0 @ 837503093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:4cd0 @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:4cd0 @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-downlevel-kernel32-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:4cd0 @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837503109 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\bcrypt.dll" failed with status 0xc000008a
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:4f88 @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "GetProcessMitigationPolicy" by name
0ab0:2c3c @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:247c @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837503109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503109 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:4f88 @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:247c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:4f88 @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:2c3c @ 837503125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503125 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:247c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:4cd0 @ 837503140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:247c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:247c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:2c3c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:247c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventActivityIdControl" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:247c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "VerSetConditionMask" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:4cd0 @ 837503140 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:4cd0 @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:4cd0 @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDecodePointer" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockShared" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockShared" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeConditionVariable" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837503156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837503156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableSRW" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryEnterCriticalSection" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_A" by name
0ab0:2c3c @ 837503156 - LdrpFindKnownDll - ENTER: DLL name: CRYPTBASE.DLL
0ab0:2c3c @ 837503156 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837503156 - LdrpSearchPath - ENTER: DLL name: CRYPTBASE.DLL
0ab0:2c3c @ 837503156 - LdrpResolveDllName - ENTER: DLL name: C:\Users\ASUS\Desktop\redguides\CRYPTBASE.DLL
0ab0:2c3c @ 837503156 - LdrpResolveDllName - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837503156 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL
0ab0:2c3c @ 837503156 - LdrpResolveDllName - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503156 - LdrpSearchPath - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503156 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL
ModLoad: 00007ff8`e4420000 00007ff8`e442c000   C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL
0ab0:2c3c @ 837503156 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837503156 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL" failed with status 0xc000008a
0ab0:4f88 @ 837503156 - LdrpGetProcedureAddress - INFO: Locating procedure "SystemFunction036" by name
0ab0:2c3c @ 837503156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:4f88 @ 837503171 - LdrpGetProcedureAddress - INFO: Locating procedure "CoUninitialize" by name
0ab0:4f88 @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503171 - LdrpGetProcedureAddress - INFO: Locating procedure "CoTaskMemFree" by name
0ab0:2c3c @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4f88 @ 837503171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:4f88 @ 837503171 - LdrpGetProcedureAddress - INFO: Locating procedure "CoInitializeEx" by name
0ab0:247c @ 837503171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837503171 - LdrpMergeNodes - INFO: Merging a cycle rooted at USER32.dll.
0ab0:2c3c @ 837503171 - LdrpMergeNodes - INFO: Adding cyclic module GDI32.dll.
0ab0:2c3c @ 837503171 - LdrpMergeNodes - INFO: Adding cyclic module gdi32full.dll.
(ab0.2c3c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff8`e74a0950 cc              int     3
0:000> cdb: Reading initial command 'g;q'
0ab0:2c3c @ 837504078 - LdrpInitializeNode - INFO: Calling init routine 0000000000000000 for DLL "C:\WINDOWS\System32\win32u.dll"
0ab0:2c3c @ 837504078 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E5216110 for DLL "C:\WINDOWS\System32\ucrtbase.dll"
0ab0:2c3c @ 837504078 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-synch-l1-2-0
0ab0:2c3c @ 837504078 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504078 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504078 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504078 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504078 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeCriticalSectionEx" by name
0ab0:2c3c @ 837504078 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-fibers-l1-1-1
0ab0:2c3c @ 837504093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504093 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504093 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsAlloc" by name
0ab0:2c3c @ 837504093 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsSetValue" by name
0ab0:2c3c @ 837504093 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-fibers-l1-1-1
0ab0:2c3c @ 837504093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504093 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504093 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsAlloc" by name
0ab0:2c3c @ 837504093 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-synch-l1-2-0
0ab0:2c3c @ 837504093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504093 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504093 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeCriticalSectionEx" by name
0ab0:2c3c @ 837504093 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsGetValue" by name
0ab0:2c3c @ 837504093 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsSetValue" by name
0ab0:2c3c @ 837504093 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-localization-l1-2-1
0ab0:2c3c @ 837504093 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504093 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "LCMapStringEx" by name
0ab0:2c3c @ 837504109 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E5045390 for DLL "C:\WINDOWS\System32\msvcp_win.dll"
0ab0:2c3c @ 837504109 - LdrLoadDll - ENTER: DLL name: kernel32
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - ENTER: DLL name: kernel32.DLL
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "AreFileApisANSI" by name
0ab0:2c3c @ 837504109 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-string-l1-1-0
0ab0:2c3c @ 837504109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "CompareStringEx" by name
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumSystemLocalesEx" by name
0ab0:2c3c @ 837504109 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-datetime-l1-1-1
0ab0:2c3c @ 837504109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDateFormatEx" by name
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "GetLocaleInfoEx" by name
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTimeFormatEx" by name
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "GetUserDefaultLocaleName" by name
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "IsValidLocaleName" by name
0ab0:2c3c @ 837504109 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-localization-obsolete-l1-2-0
0ab0:2c3c @ 837504109 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504109 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "LCIDToLocaleName" by name
0ab0:2c3c @ 837504109 - LdrpGetProcedureAddress - INFO: Locating procedure "LocaleNameToLCID" by name
0ab0:2c3c @ 837504109 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E5330AA0 for DLL "C:\WINDOWS\System32\gdi32full.dll"
0ab0:2c3c @ 837504109 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E6BF48E0 for DLL "C:\WINDOWS\System32\GDI32.dll"
0ab0:2c3c @ 837504125 - LdrGetDllHandleEx - ENTER: DLL name: gdi32full.dll
0ab0:2c3c @ 837504125 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504125 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504125 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiDllInitializeWrapper" by name
0ab0:2c3c @ 837504125 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E66B7F30 for DLL "C:\WINDOWS\System32\USER32.dll"
0ab0:2c3c @ 837504125 - LdrGetDllHandleEx - ENTER: DLL name: C:\WINDOWS\system32\IMM32.DLL
0ab0:2c3c @ 837504125 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\system32\IMM32.DLL
0ab0:2c3c @ 837504125 - LdrpResolveDllName - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504125 - LdrpFindLoadedDllInternal - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837504125 - LdrGetDllHandleEx - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837504125 - LdrLoadDll - ENTER: DLL name: C:\WINDOWS\system32\IMM32.DLL
0ab0:2c3c @ 837504125 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\system32\IMM32.DLL
0ab0:2c3c @ 837504125 - LdrpFindKnownDll - ENTER: DLL name: IMM32.DLL
0ab0:2c3c @ 837504125 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504125 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\IMM32.DLL
ModLoad: 00007ff8`e7350000 00007ff8`e7382000   C:\WINDOWS\System32\IMM32.DLL
0ab0:2c3c @ 837504125 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504125 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\IMM32.DLL" failed with status 0xc000008a
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504125 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-kernel32-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-obsolete-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-privateprofile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "NtdllDefWindowProc_W" by name
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837504140 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "GetProcessMitigationPolicy" by name
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837504140 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E73514D0 for DLL "C:\WINDOWS\System32\IMM32.DLL"
0ab0:2c3c @ 837504140 - LdrGetDllHandleEx - ENTER: DLL name: C:\WINDOWS\system32\IMM32.DLL
0ab0:2c3c @ 837504140 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504140 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmWINNLSEnableIME" by name
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmWINNLSGetEnableStatus" by name
0ab0:2c3c @ 837504140 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSendIMEMessageExW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSendIMEMessageExA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIMPGetIMEW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIMPGetIMEA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIMPQueryIMEW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIMPQueryIMEA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIMPSetIMEW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIMPSetIMEA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmAssociateContext" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmEscapeA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmEscapeW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetCompositionStringA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetCompositionStringW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetCompositionWindow" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetContext" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetDefaultIMEWnd" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmIsIME" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmReleaseContext" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmRegisterClient" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetCompositionFontW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetCompositionFontA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetCompositionFontW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetCompositionFontA" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetCompositionWindow" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmNotifyIME" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmLockIMC" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmUnlockIMC" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmLoadIME" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetOpenStatus" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmFreeLayout" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmActivateLayout" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetCandidateWindow" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetCandidateWindow" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmConfigureIMEW" by name
0ab0:2c3c @ 837504156 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetConversionStatus" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetConversionStatus" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetStatusWindowPos" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetImeInfoEx" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmLockImeDpi" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmUnlockImeDpi" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetOpenStatus" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetActiveContext" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmTranslateMessage" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmLoadLayout" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmProcessKey" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmPutImeMenuItemsIntoMappedFile" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmGetProperty" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetCompositionStringA" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSetCompositionStringW" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmEnumInputContext" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "ImmSystemHandler" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmTIMActivate" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmRestoreToolbarWnd" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmHideToolbarWnd" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmDispatchDefImeMessage" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmNotify" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmSetDefaultRemoteKeyboardLayout" by name
0ab0:2c3c @ 837504171 - LdrpGetProcedureAddress - INFO: Locating procedure "CtfImmGetCompatibleKeyboardLayout" by name
0ab0:2c3c @ 837504171 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504171 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504171 - LdrGetDllHandleEx - ENTER: DLL name: C:\WINDOWS\system32\IMM32.DLL
0ab0:2c3c @ 837504171 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504187 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504187 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-gdi-internal-desktop-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\gdi32full.dll by API set
0ab0:2c3c @ 837504187 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\gdi32full.dll
0ab0:2c3c @ 837504187 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "RemoveFontResourceA" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "Polygon" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyPolygon" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyBezier" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "Pie" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "InvertRgn" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextExtentPointI" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextExtentPointA" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextExtentPoint32A" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextExtentExPointA" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextCharacterExtra" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetRasterizerCaps" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "SetPaletteEntries" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEnhMetaFileDescriptionA" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEnhMetaFileA" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentPositionEx" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiComment" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "RoundRect" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumEnhMetaFile" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "Ellipse" by name
0ab0:2c3c @ 837504187 - LdrpGetProcedureAddress - INFO: Locating procedure "CreatePolyPolygonRgn" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "CreatePenIndirect" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateFontA" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateEllipticRgnIndirect" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateBrushIndirect" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "Arc" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AnimatePalette" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AddFontResourceA" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateFontIndirectWImpl" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "GetGlyphOutlineA" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "StrokePathImpl" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "StretchDIBitsImpl" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "SetROP2" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "TextOutA" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "UnrealizeObject" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "ResizePalette" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "FrameRgn" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "SetBitmapBits" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "GetROP2" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AbortPath" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "StartPageImpl" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AddFontResourceExA" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AddFontResourceExW" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AddFontResourceTracking" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AngleArc" by name
0ab0:2c3c @ 837504203 - LdrpGetProcedureAddress - INFO: Locating procedure "AnyLinkedFonts" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "ArcTo" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CancelDC" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CheckColorsInGamut" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "Chord" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "ClearBitmapAttributes" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "ClearBrushAttributes" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "ColorCorrectPalette" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "ColorMatchToTarget" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CombineTransform" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CopyEnhMetaFileA" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CopyEnhMetaFileW" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CopyMetaFileA" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CopyMetaFileW" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateColorSpaceA" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateColorSpaceW" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateDCExW" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateDIBPatternBrush" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "StartDocWImpl" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "SetWorldTransformImpl" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateDiscardableBitmap" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateEllipticRgn" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateFontIndirectExA" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateFontIndirectExW" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateHatchBrush" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateICA" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateScalableFontResourceA" by name
0ab0:2c3c @ 837504218 - LdrpGetProcedureAddress - INFO: Locating procedure "SetStretchBltModeImpl" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "SetMiterLimitImpl" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateSessionMappedDIBSection" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDxgGenericThunk" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiD3dContextCreate" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdBeginMoCompFrame" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdBlt" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCanCreateSurface" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCanCreateD3DBuffer" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdColorControl" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCreateDirectDrawObject" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCreateSurface" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCreateD3DBuffer" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCreateMoComp" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCreateSurfaceObject" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiD3dContextDestroy" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdDeleteDirectDrawObject" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdDeleteSurfaceObject" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdDestroyMoComp" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdDestroySurface" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdDestroyD3DBuffer" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdEndMoCompFrame" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdFlip" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdFlipToGDISurface" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetAvailDriverMemory" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetBltStatus" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiD3dContextDestroyAll" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetDC" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetDriverInfo" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetDxHandle" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetFlipStatus" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetInternalMoCompInfo" by name
0ab0:2c3c @ 837504234 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetMoCompBuffInfo" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetMoCompGuids" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetMoCompFormats" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetScanLine" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdLock" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiD3dValidateTextureStageState" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdLockD3D" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdQueryDirectDrawObject" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdQueryMoCompStatus" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdReenableDirectDrawObject" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdReleaseDC" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdRenderMoComp" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdResetVisrgn" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdSetColorKey" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdSetExclusiveMode" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdSetGammaRamp" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiD3dDrawPrimitives2" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdCreateSurfaceEx" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdSetOverlayPosition" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdUnattachSurface" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdUnlock" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdUnlockD3D" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdUpdateOverlay" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdWaitForVerticalBlank" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdGetDriverState" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdAddAttachedSurface" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdAlphaBlt" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "NtGdiDdAttachSurface" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "DescribePixelFormat" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "DeviceCapabilitiesExA" by name
0ab0:2c3c @ 837504250 - LdrpGetProcedureAddress - INFO: Locating procedure "DrawEscape" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "DwmCreatedBitmapRemotingOutput" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EndFormPage" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngAcquireSemaphore" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngComputeGlyphSet" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngCreateSemaphore" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngDeleteSemaphore" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngFindResource" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngFreeModule" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngGetCurrentCodePage" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngGetDriverName" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngGetPrinterDataFileName" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngLoadModule" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngMultiByteToUnicodeN" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngMultiByteToWideChar" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngQueryEMFInfo" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngQueryLocalTime" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngReleaseSemaphore" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngUnicodeToMultiByteN" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EngWideCharToMultiByte" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumFontFamiliesW" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumFontsA" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumICMProfilesA" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumICMProfilesW" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EudcLoadLinkW" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "EudcUnloadLinkW" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "ExtCreatePen" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "ExtFloodFill" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "FixBrushOrgEx" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "FlattenPath" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "FloodFill" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "FontIsLinked" by name
0ab0:2c3c @ 837504265 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiAddFontResourceW" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiAddGlsBounds" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiAddGlsRecord" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "SetICMModeImpl" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiArtificialDecrementDriver" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiCleanCacheDC" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConsoleTextOut" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertAndCheckDC" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertBitmap" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertBitmapV5" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertBrush" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertDC" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertEnhMetaFile" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertFont" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertMetaFilePict" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertPalette" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertRegion" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiConvertToDevmodeW" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiCreateLocalEnhMetaFile" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiCreateLocalMetaFilePict" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "SetTextColorImpl" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "SetTextAlignImpl" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiDeleteLocalDC" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiDeleteSpoolFileHandle" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiDescribePixelFormat" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiDrawStream" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEndDocEMF" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEndPageEMF" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry1" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry10" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry11" by name
0ab0:2c3c @ 837504281 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry12" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry14" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry15" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry16" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry2" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry3" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry4" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry5" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry6" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry7" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry8" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiEntry9" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiFixUpHandle" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetBatchLimit" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetBitmapBitsSize" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetCharDimensions" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCodePage" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetDC" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetDevmodeForPage" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetLocalBrush" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetLocalDC" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetLocalFont" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetPageCount" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetPageHandle" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiGetSpoolFileHandle" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "SetBkModeImpl" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiInitializeLanguagePack" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiIsMetaFileDC" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiIsMetaPrintDC" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiIsPlayMetafileDC" by name
0ab0:2c3c @ 837504296 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiIsScreenDC" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "SelectClipPathImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiIsUMPDSandboxingEnabled" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiLoadType1Fonts" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPlayDCScript" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPlayEMF" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPlayJournal" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPlayPageEMF" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPlayPrivatePageEMF" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPlayScript" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiPrinterThunk" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiProcessSetup" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiQueryTable" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiRealizationInfo" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiReleaseLocalDC" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiResetDCEMF" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiSetAttrs" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiSetBatchLimit" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiSetPixelFormat" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiSetServerAttr" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiStartDocEMF" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiStartPageEMF" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiSwapBuffers" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "SaveDCImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "ResetDCWImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GdiValidateHandle" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "RestoreDCImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "RemoveFontResourceWImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "RectangleImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "PolylineToImpl" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GetArcDirection" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GetAspectRatioFilterEx" by name
0ab0:2c3c @ 837504312 - LdrpGetProcedureAddress - INFO: Locating procedure "GetBitmapAttributes" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetBitmapDimensionEx" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetBoundsRect" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetBrushAttributes" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharABCWidthsA" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharABCWidthsFloatA" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharABCWidthsFloatI" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharABCWidthsFloatW" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharABCWidthsI" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharWidth32W" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharWidthFloatA" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharWidthFloatW" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharWidthI" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharacterPlacementA" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCharacterPlacementW" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetColorAdjustment" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetColorSpace" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDCDpiScaleValue" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDCPenColor" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDeviceGammaRamp" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetETM" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEUDCTimeStamp" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEUDCTimeStampExW" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEnhMetaFileDescriptionW" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEnhMetaFilePixelFormat" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetFontAssocStatus" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetFontLanguageInfo" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetFontResourceInfoW" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetGlyphIndicesA" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetGlyphOutlineWow" by name
0ab0:2c3c @ 837504328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetGraphicsMode" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetHFONT" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetICMProfileA" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetICMProfileW" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetLogColorSpaceA" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetLogColorSpaceW" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetMetaFileA" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetMetaFileW" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetMetaRgn" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetMiterLimit" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetNearestColor" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetPath" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetPixelFormat" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetPolyFillMode" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetRelAbs" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetStretchBltMode" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetStringBitmapA" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetSystemPaletteUse" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextExtentExPointWPri" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextFaceAliasW" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTransform" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "GetViewportExtEx" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "IsValidEnhMetaRecord" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "IsValidEnhMetaRecordOffExt" by name
0ab0:2c3c @ 837504343 - LdrpGetProcedureAddress - INFO: Locating procedure "LineDDA" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "MaskBlt" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "MirrorRgn" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "ModifyWorldTransform" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "NamedEscape" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "OffsetClipRgn" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PaintRgn" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PlayEnhMetaFileRecord" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PlayMetaFileRecord" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyPatBlt" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyPolyline" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyTextOutA" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyTextOutW" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "PtVisible" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "QueryFontAssocStatus" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "RemoveFontResourceExA" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "RemoveFontResourceExW" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "RemoveFontResourceTracking" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "ResetDCA" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "ScaleViewportExtEx" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "ScaleWindowExtEx" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SelectBrushLocal" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SelectFontLocal" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SetAbortProc" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SetArcDirection" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SetBitmapAttributes" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SetBitmapDimensionEx" by name
0ab0:2c3c @ 837504359 - LdrpGetProcedureAddress - INFO: Locating procedure "SetBoundsRect" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetBrushAttributes" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetColorAdjustment" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetColorSpace" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetDCPenColor" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetFontEnumeration" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetICMProfileA" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetICMProfileW" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetLayoutWidth" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetMapperFlags" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetPixelV" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetRelAbs" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetSystemPaletteUse" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetTextJustification" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetVirtualResolution" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetWinMetaFileBits" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "StartFormPage" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "StrokeAndFillPath" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "UnloadNetworkFonts" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateICMRegKeyA" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateICMRegKeyW" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "WidenPath" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "XLATEOBJ_piVector" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "bInitSystemAndFontsDirectoriesW" by name
0ab0:2c3c @ 837504375 - LdrpGetProcedureAddress - INFO: Locating procedure "bMakePathNameW" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "cGetTTFFromFOT" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "gdiPlaySpoolStream" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "DwmGetDirtyRgnImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "AddFontResourceWImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "BeginPathImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "CloseFigureImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateDCAImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateScalableFontResourceWImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "EndDocImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "EndPageImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "EndPathImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "EscapeImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "ExtEscapeImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "ExtSelectClipRgnImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "ExtTextOutAImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "ExtTextOutWImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "FillPathImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetClipBoxImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTextMetricsAImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetFontDataImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "LineToImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "MoveToExImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyBezierToImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "PolyDrawImpl" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateColors" by name
0ab0:2c3c @ 837504390 - LdrGetDllHandleEx - ENTER: DLL name: gdi32.dll
0ab0:2c3c @ 837504390 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504390 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "DeleteEnhMetaFile" by name
0ab0:2c3c @ 837504390 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-gdi-dc-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\gdi32full.dll by API set
0ab0:2c3c @ 837504390 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\gdi32full.dll
0ab0:2c3c @ 837504390 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentObject" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetObjectA" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetPaletteEntries" by name
0ab0:2c3c @ 837504390 - LdrpGetProcedureAddress - INFO: Locating procedure "GetObjectType" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "CreatePalette" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "RealizePalette" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "SelectPalette" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDCOrgEx" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "GetObjectW" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "GetStockObject" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "SetDCBrushColor" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "GetSystemPaletteEntries" by name
0ab0:2c3c @ 837504406 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E5EE7850 for DLL "C:\WINDOWS\System32\msvcrt.dll"
0ab0:2c3c @ 837504406 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E70FF0B0 for DLL "C:\WINDOWS\System32\RPCRT4.dll"
0ab0:2c3c @ 837504406 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E6324F20 for DLL "C:\WINDOWS\System32\combase.dll"
0ab0:2c3c @ 837504406 - LdrGetDllHandleEx - ENTER: DLL name: api-ms-win-core-synch-l1-2-0.dll
0ab0:2c3c @ 837504406 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504406 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504406 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeConditionVariable" by name
0ab0:2c3c @ 837504406 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504406 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeAllConditionVariable" by name
0ab0:2c3c @ 837504406 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504406 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504406 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837504406 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837504406 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlRegisterFeatureConfigurationChangeNotification" by name
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "NtQueryWnfStateData" by name
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSubscribeWnfStateChangeNotification" by name
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDisownModuleHeapAllocation" by name
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryFeatureConfiguration" by name
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - ENTER: DLL name: rpcrt4.dll
0ab0:2c3c @ 837504421 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "I_RpcInitNdrImports" by name
0ab0:2c3c @ 837504421 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E662B150 for DLL "C:\WINDOWS\System32\shcore.dll"
0ab0:2c3c @ 837504421 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E71DA7A0 for DLL "C:\WINDOWS\System32\SHLWAPI.dll"
0ab0:2c3c @ 837504421 - LdrpInitializeNode - INFO: Calling init routine 00007FF8CB809E80 for DLL "C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\COMCTL32.dll"
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - ENTER: DLL name: LPK
0ab0:2c3c @ 837504421 - LdrpFindLoadedDllInternal - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - ENTER: DLL name: GDI32
0ab0:2c3c @ 837504421 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "LpkEditControl" by name
0ab0:2c3c @ 837504421 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E56F1660 for DLL "C:\WINDOWS\System32\SHELL32.dll"
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - ENTER: DLL name: api-ms-win-core-synch-l1-2-0.dll
0ab0:2c3c @ 837504421 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504421 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeConditionVariable" by name
0ab0:2c3c @ 837504421 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504421 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837504421 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeAllConditionVariable" by name
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837504437 - LdrGetDllHandleEx - ENTER: DLL name: advapi32.dll
0ab0:2c3c @ 837504437 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "EventWrite" by name
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - ENTER: DLL name: ntdll.DLL
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWrite" by name
0ab0:2c3c @ 837504437 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E6A9CE10 for DLL "C:\WINDOWS\System32\sechost.dll"
0ab0:2c3c @ 837504437 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E61956C0 for DLL "C:\WINDOWS\System32\ADVAPI32.dll"
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "EventRegister" by name
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - ENTER: DLL name: ntdll.DLL
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "EventUnregister" by name
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - ENTER: DLL name: ntdll.DLL
0ab0:2c3c @ 837504437 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837504437 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837504437 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlRegisterFeatureConfigurationChangeNotification" by name
0ab0:2c3c @ 837504437 - LdrpGetProcedureAddress - INFO: Locating procedure "NtQueryWnfStateData" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSubscribeWnfStateChangeNotification" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDisownModuleHeapAllocation" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryFeatureConfiguration" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837504453 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E6963A50 for DLL "C:\WINDOWS\System32\COMDLG32.dll"
0ab0:2c3c @ 837504453 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E5FA6360 for DLL "C:\WINDOWS\System32\ole32.dll"
0ab0:2c3c @ 837504453 - LdrGetDllHandleEx - ENTER: DLL name: api-ms-win-core-synch-l1-2-0.dll
0ab0:2c3c @ 837504453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504453 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeConditionVariable" by name
0ab0:2c3c @ 837504453 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504453 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeAllConditionVariable" by name
0ab0:2c3c @ 837504453 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504453 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837504453 - LdrGetDllHandleEx - ENTER: DLL name: C:\WINDOWS\system32\oleaut32.dll
0ab0:2c3c @ 837504453 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837504453 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\combase.dll
0ab0:2c3c @ 837504453 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "CoUnmarshalInterface" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "CoUninitialize" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "StringFromGUID2" by name
0ab0:2c3c @ 837504453 - LdrpGetProcedureAddress - INFO: Locating procedure "CoReleaseMarshalData" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "StringFromCLSID" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoInitializeEx" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoMarshalInterface" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoTaskMemRealloc" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoCreateInstanceEx" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "GetHGlobalFromStream" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateStreamOnHGlobal" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetTreatAsClass" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoTaskMemFree" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoTaskMemAlloc" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "ProgIDFromCLSID" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CLSIDFromString" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetClassObject" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CLSIDFromProgID" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoCreateInstance" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetMarshalSizeMax" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetCurrentProcess" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "PropVariantCopy" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoLockObjectExternal" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoIsHandlerConnected" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoCreateFreeThreadedMarshaler" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "PropVariantClear" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoDecrementMTAUsage" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoIncrementMTAUsage" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetMalloc" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoDisconnectObject" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetApartmentType" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoCancelCall" by name
0ab0:2c3c @ 837504468 - LdrpGetProcedureAddress - INFO: Locating procedure "CoImpersonateClient" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoEnableCallCancellation" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoDisableCallCancellation" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetCallContext" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoRevertToSelf" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoSetProxyBlanket" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetCancelObject" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "CoWaitForMultipleHandles" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "IIDFromString" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "FreePropVariantArray" by name
0ab0:2c3c @ 837504484 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E60CDE00 for DLL "C:\WINDOWS\System32\OLEAUT32.dll"
0ab0:2c3c @ 837504484 - LdrGetDllHandleEx - ENTER: DLL name: api-ms-win-core-synch-l1-2-0.dll
0ab0:2c3c @ 837504484 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504484 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504484 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeConditionVariable" by name
0ab0:2c3c @ 837504484 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504484 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeAllConditionVariable" by name
0ab0:2c3c @ 837504484 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504484 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504484 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837504484 - LdrGetDllHandleEx - ENTER: DLL name: ext-ms-win-ole32-oleautomation-l1-1-0.dll
0ab0:2c3c @ 837504484 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-ole32-oleautomation-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ole32.dll by API set
0ab0:2c3c @ 837504484 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504484 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504484 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-ole32-oleautomation-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ole32.dll by API set
0ab0:2c3c @ 837504484 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\ole32.dll
0ab0:2c3c @ 837504500 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "WriteStorageProperties" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "MonikerLoadTypeLib" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "StdTypesGetClassObject" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "StdTypesRegisterServer" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "SetOleautModule" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "ReadStorageProperties" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "RevokeActiveObjectExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "GetActiveObjectExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "CLIPFORMAT_UserUnmarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "STGMEDIUM_UserFreeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HPALETTE_UserSizeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "STGMEDIUM_UserMarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HWND_UserMarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "CLIPFORMAT_UserFreeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "RegisterActiveObjectExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleLoadPictureExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleCreatePropertyFrameIndirectExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HWND_UserSizeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HPALETTE_UserFreeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleLoadPicturePathExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HPALETTE_UserUnmarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "STGMEDIUM_UserUnmarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "CLIPFORMAT_UserMarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleCreatePictureIndirectExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleTranslateColorExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleIconToCursorExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "CLIPFORMAT_UserSizeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HWND_UserUnmarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleSavePictureFileExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HWND_UserFreeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "STGMEDIUM_UserSizeExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "HPALETTE_UserMarshalExt" by name
0ab0:2c3c @ 837504500 - LdrpGetProcedureAddress - INFO: Locating procedure "OleLoadPictureFileExt" by name
0ab0:2c3c @ 837504515 - LdrpGetProcedureAddress - INFO: Locating procedure "OleCreateFontIndirectExt" by name
0ab0:2c3c @ 837504515 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E4BEF360 for DLL "C:\WINDOWS\System32\CRYPT32.dll"
0ab0:2c3c @ 837504515 - LdrpInitializeNode - INFO: Calling init routine 00007FF8D4F5B1A0 for DLL "C:\WINDOWS\SYSTEM32\dbghelp.dll"
0ab0:2c3c @ 837504515 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-file-l1-2-1.dll
0ab0:2c3c @ 837504515 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504515 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504515 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTempPathW" by name
0ab0:2c3c @ 837504515 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E6A24300 for DLL "C:\WINDOWS\System32\WS2_32.dll"
0ab0:2c3c @ 837504515 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E4B78690 for DLL "C:\WINDOWS\System32\bcrypt.dll"
0ab0:2c3c @ 837504515 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E4422200 for DLL "C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL"
0ab0:2c3c @ 837504515 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-synch-l1-2-0
0ab0:2c3c @ 837504515 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504515 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504515 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeCriticalSectionEx" by name
0ab0:2c3c @ 837504515 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-fibers-l1-1-1
0ab0:2c3c @ 837504515 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504515 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504515 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsAlloc" by name
0ab0:2c3c @ 837504515 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsSetValue" by name
0ab0:2c3c @ 837504515 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-synch-l1-2-0
0ab0:2c3c @ 837504515 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504515 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeCriticalSectionEx" by name
0ab0:2c3c @ 837504531 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-localization-l1-2-1
0ab0:2c3c @ 837504531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "LCMapStringEx" by name
0ab0:2c3c @ 837504531 - LdrLoadDll - ENTER: DLL name: kernel32
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - ENTER: DLL name: kernel32.DLL
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "AreFileApisANSI" by name
0ab0:2c3c @ 837504531 - LdrGetDllHandleEx - ENTER: DLL name: kernel32.dll
0ab0:2c3c @ 837504531 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsAlloc" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsFree" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsGetValue" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsSetValue" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeCriticalSectionEx" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "InitOnceExecuteOnce" by name
0ab0:2c3c @ 837504531 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "InitOnceExecuteOnce" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateEventExW" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateSemaphoreW" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateSemaphoreExW" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateThreadpoolTimer" by name
0ab0:2c3c @ 837504531 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadpoolTimer" by name
0ab0:2c3c @ 837504531 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetTimer" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "WaitForThreadpoolTimerCallbacks" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "TpWaitForTimer" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "CloseThreadpoolTimer" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseTimer" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateThreadpoolWait" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadpoolWait" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "TpSetWait" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "CloseThreadpoolWait" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWait" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "FlushProcessWriteBuffers" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "NtFlushProcessWriteBuffers" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "FreeLibraryWhenCallbackReturns" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "TpCallbackUnloadDllOnCompletion" by name
0ab0:2c3c @ 837504546 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentProcessorNumber" by name
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504546 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlGetCurrentProcessorNumber" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateSymbolicLinkW" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentPackageId" by name
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - ENTER: DLL name: kernelbase.DLL
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentPackageId" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTickCount64" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "GetFileInformationByHandleEx" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "SetFileInformationByHandle" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "GetSystemTimePreciseAsFileTime" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeConditionVariable" by name
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeConditionVariable" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeConditionVariable" by name
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeConditionVariable" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeAllConditionVariable" by name
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504562 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504562 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeSRWLock" by name
0ab0:2c3c @ 837504562 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSRWLock" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "AcquireSRWLockExclusive" by name
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "TryAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlTryAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "ReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableSRW" by name
0ab0:2c3c @ 837504578 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableSRW" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateThreadpoolWork" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "SubmitThreadpoolWork" by name
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "TpPostWork" by name
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "CloseThreadpoolWork" by name
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504578 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504578 - LdrpGetProcedureAddress - INFO: Locating procedure "TpReleaseWork" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "CompareStringEx" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "GetLocaleInfoEx" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "LCMapStringEx" by name
0ab0:2c3c @ 837504593 - LdrGetDllHandleEx - ENTER: DLL name: api-ms-win-core-synch-l1-2-0.dll
0ab0:2c3c @ 837504593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504593 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "SleepConditionVariableCS" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "WakeAllConditionVariable" by name
0ab0:2c3c @ 837504593 - LdrpLoadDllInternal - ENTER: DLL name: NTDLL.DLL
0ab0:2c3c @ 837504593 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlWakeAllConditionVariable" by name
0ab0:2c3c @ 837504593 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-string-l1-1-0
0ab0:2c3c @ 837504593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504593 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504593 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "CompareStringEx" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "EnumSystemLocalesEx" by name
0ab0:2c3c @ 837504593 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-datetime-l1-1-1
0ab0:2c3c @ 837504593 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-1 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504593 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504593 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDateFormatEx" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "GetLocaleInfoEx" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTimeFormatEx" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "GetUserDefaultLocaleName" by name
0ab0:2c3c @ 837504593 - LdrpGetProcedureAddress - INFO: Locating procedure "IsValidLocaleName" by name
0ab0:2c3c @ 837504593 - LdrLoadDll - ENTER: DLL name: api-ms-win-core-localization-obsolete-l1-2-0
0ab0:2c3c @ 837504609 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504609 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:2c3c @ 837504609 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504609 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504609 - LdrpGetProcedureAddress - INFO: Locating procedure "LCIDToLocaleName" by name
0ab0:2c3c @ 837504609 - LdrpGetProcedureAddress - INFO: Locating procedure "LocaleNameToLCID" by name
0ab0:2c3c @ 837504609 - LdrpGetProcedureAddress - INFO: Locating procedure "FlsGetValue" by name
0ab0:2c3c @ 837504609 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837504609 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504609 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504609 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlGetSystemTimeAndBias" by name
[2022-12-14 16:06:45.473] [MQ] [debug] [MacroQuest.cpp:199] Logging Initialized
[2022-12-14 16:06:45.475] [MQ] [info] [MacroQuest.cpp:1197] Starting MacroQuest Loader. Built Tue Nov 29 15:21:55 2022
0ab0:2c3c @ 837504625 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837504625 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504625 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504625 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAreLongPathsEnabled" by name
[2022-12-14 16:06:45.485] [MQ] [info] [Crashpad.cpp:97] Initializing crashpad handler
[2022-12-14 16:06:45.485] [MQ] [debug] [Crashpad.cpp:98] Handler Path: C:\Users\ASUS\Desktop\redguides\crashpad_handler.exe
[2022-12-14 16:06:45.485] [MQ] [info] [Crashpad.cpp:103] Crash report submission is: enabled
[2022-12-14 16:06:45.486] [MQ] [info] [Crashpad.cpp:107] Crash report guid: 2b7a063d-3ceb-4b53-8f3f-16b1be79adb1
[2022-12-14 16:06:45.486] [MQ] [info] [Crashpad.cpp:117] Using shared crash reporter for all MacroQuest instances
0ab0:2c3c @ 837504625 - LdrpLoadDllInternal - ENTER: DLL name: bcryptPrimitives.dll
0ab0:2c3c @ 837504625 - LdrpFindKnownDll - ENTER: DLL name: bcryptPrimitives.dll
0ab0:2c3c @ 837504625 - LdrpFindKnownDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504625 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\bcryptPrimitives.dll
ModLoad: 00007ff8`e5140000 00007ff8`e51c2000   C:\WINDOWS\System32\bcryptPrimitives.dll
0ab0:2c3c @ 837504625 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504625 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\bcryptPrimitives.dll" failed with status 0xc000008a
0ab0:2c3c @ 837504625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504625 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-xstate-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
0ab0:2c3c @ 837504640 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E5178B60 for DLL "C:\WINDOWS\System32\bcryptPrimitives.dll"
0ab0:2c3c @ 837504640 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504640 - LdrpGetProcedureAddress - INFO: Locating procedure "ProcessPrng" by name
0ab0:2c3c @ 837504640 - LdrLoadDll - ENTER: DLL name: rpcrt4.dll
0ab0:2c3c @ 837504640 - LdrpLoadDllInternal - ENTER: DLL name: rpcrt4.dll
0ab0:2c3c @ 837504640 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504656 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504656 - LdrLoadDll - ENTER: DLL name: C:\WINDOWS\system32\ntmarta.dll
0ab0:2c3c @ 837504656 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\system32\ntmarta.dll
0ab0:2c3c @ 837504656 - LdrpFindKnownDll - ENTER: DLL name: ntmarta.dll
0ab0:2c3c @ 837504656 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837504656 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\system32\ntmarta.dll
0ab0:2c3c @ 837504656 - LdrpResolveDllName - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504656 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\system32\ntmarta.dll
ModLoad: 00007ff8`e3c50000 00007ff8`e3c83000   C:\WINDOWS\system32\ntmarta.dll
0ab0:2c3c @ 837504656 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504656 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\system32\ntmarta.dll" failed with status 0xc000008a
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504656 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-activedirectoryclient-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-job-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-url-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenThreadToken" by name
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "SetThreadToken" by name
0ab0:2c3c @ 837504671 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "OpenProcessToken" by name
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
0ab0:2c3c @ 837504671 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E3C56930 for DLL "C:\WINDOWS\system32\ntmarta.dll"
0ab0:2c3c @ 837504671 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504671 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504671 - LdrpGetProcedureAddress - INFO: Locating procedure "AccProvGetCapabilities" by name
0ab0:2c3c @ 837504671 - LdrLoadDll - ENTER: DLL name: ntmarta.dll
0ab0:2c3c @ 837504687 - LdrpLoadDllInternal - ENTER: DLL name: ntmarta.dll
0ab0:2c3c @ 837504687 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504687 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "GetMartaExtensionInterface" by name
0ab0:2c3c @ 837504687 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntmarta.dll by API set
0ab0:2c3c @ 837504687 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\ntmarta.dll
0ab0:2c3c @ 837504687 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "GetExplicitEntriesFromAclW" by name
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "SetNamedSecurityInfoW" by name
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "GetNamedSecurityInfoW" by name
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "SetSecurityInfo" by name
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "GetSecurityInfo" by name
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "SetEntriesInAclW" by name
0ab0:2c3c @ 837504687 - LdrLoadDll - ENTER: DLL name: kernel32.dll
0ab0:2c3c @ 837504687 - LdrpLoadDllInternal - ENTER: DLL name: kernel32.dll
0ab0:2c3c @ 837504687 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504687 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837504687 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeCriticalSectionEx" by name
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 0 : 28 bytes copied from 00007FF7300DC580 to 000001D3261EBBB0
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 1 : 8 bytes copied from 00007FF8E5F628A8 to 000001D3261E4E70
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 2 : 8 bytes copied from 00007FF8E64FB340 to 000001D3261E4E90
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 3 : 12 bytes copied from 00007FF8E667F8C8 to 000001D3261EC280
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 4 : 8 bytes copied from 00007FF8CB97E75C to 000001D3261E50B0
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 5 : 8 bytes copied from 00007FF8E69E9A40 to 000001D3261E50D0
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 6 : 8 bytes copied from 00007FF8E5C35948 to 000001D3261E50F0
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 7 : 8 bytes copied from 00007FF8E6065B00 to 000001D3261E5230
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 8 : 8 bytes copied from 00007FF8E6160278 to 000001D3261F7690
0ab0:4e58 @ 837504687 - LdrpAllocateTls - INFO: TlsVector 000001D3261F3DA0 Index 9 : 8 bytes copied from 00007FF8E4CC9640 to 000001D3261F7830
0ab0:4e58 @ 837504703 - LdrLoadDll - ENTER: DLL name: kernel32.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - ENTER: DLL name: kernel32.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeProcThreadAttributeList" by name
0ab0:4e58 @ 837504703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeProcThreadAttributeList" by name
0ab0:4e58 @ 837504703 - LdrLoadDll - ENTER: DLL name: kernel32.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - ENTER: DLL name: kernel32.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateProcThreadAttribute" by name
0ab0:4e58 @ 837504703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateProcThreadAttribute" by name
0ab0:4e58 @ 837504703 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-isolationpolicy-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\sechost.dll by API set
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\sechost.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrpGetProcedureAddress - INFO: Locating procedure "GetEmbeddedImageMitigationPolicy" by name
0ab0:4e58 @ 837504703 - LdrLoadDll - ENTER: DLL name: ntdll.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - ENTER: DLL name: ntdll.dll
0ab0:4e58 @ 837504703 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504703 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlGetNtSystemRoot" by name
0ab0:4e58 @ 837504750 - LdrLoadDll - ENTER: DLL name: kernel32.dll
0ab0:4e58 @ 837504750 - LdrpLoadDllInternal - ENTER: DLL name: kernel32.dll
0ab0:4e58 @ 837504750 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504765 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504765 - LdrpGetProcedureAddress - INFO: Locating procedure "DeleteProcThreadAttributeList" by name
0ab0:4e58 @ 837504765 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:4e58 @ 837504765 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernelbase.dll
0ab0:4e58 @ 837504765 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:4e58 @ 837504765 - LdrpGetProcedureAddress - INFO: Locating procedure "DeleteProcThreadAttributeList" by name
0ab0:2c3c @ 837505328 - LdrLoadDll - ENTER: DLL name: api-ms-win-appmodel-runtime-l1-1-2
0ab0:2c3c @ 837505328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-appmodel-runtime-l1-1-2 was redirected to C:\WINDOWS\SYSTEM32\kernel.appcore.dll by API set
0ab0:2c3c @ 837505328 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel.appcore.dll
0ab0:2c3c @ 837505328 - LdrpFindKnownDll - ENTER: DLL name: kernel.appcore.dll
0ab0:2c3c @ 837505328 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837505328 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel.appcore.dll
0ab0:2c3c @ 837505328 - LdrpResolveDllName - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505328 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel.appcore.dll
ModLoad: 00007ff8`e2980000 00007ff8`e2992000   C:\WINDOWS\SYSTEM32\kernel.appcore.dll
0ab0:2c3c @ 837505328 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505328 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\SYSTEM32\kernel.appcore.dll" failed with status 0xc000008a
0ab0:2c3c @ 837505328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
0ab0:2c3c @ 837505328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psm-key-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psm-key-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "InitializeProcThreadAttributeList" by name
0ab0:2c3c @ 837505343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "UpdateProcThreadAttribute" by name
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReleaseSRWLockExclusive" by name
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAcquireSRWLockExclusive" by name
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
0ab0:2c3c @ 837505343 - LdrpInitializeNode - INFO: Calling init routine 00007FF8E2983F10 for DLL "C:\WINDOWS\SYSTEM32\kernel.appcore.dll"
0ab0:2c3c @ 837505343 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505343 - LdrLoadDll - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505343 - LdrpGetProcedureAddress - INFO: Locating procedure "AppPolicyGetProcessTerminationMethod" by name
0ab0:2c3c @ 837505359 - LdrGetDllHandleEx - ENTER: DLL name: mscoree.dll
0ab0:2c3c @ 837505359 - LdrpFindLoadedDllInternal - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837505359 - LdrGetDllHandleEx - RETURN: Status: 0xc0000135
0ab0:2c3c @ 837505359 - LdrShutdownProcess - INFO: Process 0x0000000000000AB0 (MacroQuest.exe) exiting
0ab0:2c3c @ 837505359 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-com-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\combase.dll by API set
0ab0:2c3c @ 837505359 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\combase.dll
0ab0:2c3c @ 837505359 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "GetFuncDescs" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "ReleaseFuncDescs" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCoUnregisterDisconnectCallback" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalTlsAllocData" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIrotRegister" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "CleanupOleStateInAllTls" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "CleanupTlsOleState" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIrotNoteChangeTime" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIrotIsRunning2" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIrotGetTimeOfLastChange2" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIrotEnumRunning2" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIrotRevoke" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIsApartmentInitialized" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "NdrOleDllGetClassObject" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalSTAInvoke" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalOleModalLoopBlockFn" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalSetAptCallCtrlOnTlsIfRequired" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "ClearCleanupFlag" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "CoUnloadingWOW" by name
0ab0:2c3c @ 837505359 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCCGetClassInformationForDde" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCCGetClassInformationFromKey" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCCSetDdeServerWindow" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "CoRegisterSurrogateEx" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "CoRegisterMessageFilter" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "CoInitializeWOW" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "NdrExtStubInitialize" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCreateIdentityHandler" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCreateCAggId" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "NdrpFindInterface" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCallFrameExceptionFilter" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "SetCleanupFlag" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalDoATClassCreate" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalIsProcessInitialized" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "CoGetInstanceFromFile" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalNotifyDDStartOrStop" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "InternalCoRegisterDisconnectCallback" by name
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837505375 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837505375 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837505375 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837505375 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837505375 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837505375 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837505375 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505390 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505390 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
0ab0:2c3c @ 837505390 - LdrGetDllHandleEx - ENTER: DLL name: ntdll.dll
0ab0:2c3c @ 837505390 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505390 - LdrGetDllHandleEx - RETURN: Status: 0x00000000
0ab0:2c3c @ 837505390 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDllShutdownInProgress" by name
quit:
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\atlmfc.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\ObjectiveC.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\concurrency.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\cpp_rest.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\stl.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Data.Json.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Devices.Geolocation.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Devices.Sensors.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Media.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\windows.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\winrt.natvis'

C:\Users\ASUS\Desktop\redguides>
 

Attachments

  • AsusDebug.txt
    356.9 KB · Views: 0

Lemons

Freshly Squeezed
Moderator
Joined
Sep 27, 2013
RedCents
6,821¢
Yup, thanks for following up. Was just thinking of this thread.

I had him nuke the entirety of Windows and reinstalled a fresh copy.

Not good news for any in the future, but at least there is a solution!
 

Users who are viewing this thread

Top