Face Prov

13:53:42 = Process Attach
13:53:42 = end process attach

13:53:42 = ***** NULL == SampleProvider *****
13:53:42 = ##### Begin waiting Mutex to release process #####
13:53:42 = hWnd = 0x00140410; ClassName:
: Inicio de sesin en Windows.
x=0, y=0, width=1366, height=768
13:53:42 = hWnd = 0x00070310; ClassName:
dow.
13:53:42 = hWnd = 0x000703ca; ClassName:
13:53:42 = hWnd = 0x00030424; ClassName:
13:53:51 = ## ERR ## Setevent
AUTHUI.DLL: LogonUI Logon Window; Title

GDI+ Hook Window Class; Title: GDI+ Win
MSCTFIME UI; Title: MSCTFIME UI.
IME; Title: Default IME.
13:53:51 = ##### Get event and release process #####

13:53:51 = begin close Process
13:53:51 = end close Process
13:53:51 = ##### Get event and release process end #####
13:53:51 = hWnd = 0x000e004c; ClassName:
13:53:51 = hWnd = 0x001b0050; ClassName:
dow.
13:53:51 = hWnd = 0x004001ce; ClassName:
13:53:51 = hWnd = 0x000e004e; ClassName:


14:2:1 = hWnd = 0x0001001c; ClassName:
Inicio de sesin en Windows.
14:2:1 = hWnd = 0x00010018; ClassName:
w.
14:2:1 = hWnd = 0x00010022; ClassName:
14:2:1 = hWnd = 0x0001001a; ClassName:
14:2:3 = Need to re-create objects.
14:2:4 = s1.
14:2:4 = s2.
14:2:7 = Start show animate
AUTHUI.DLL: LogonUI Logon Window; Title:

GDI+ Hook Window Class; Title: GDI+ Windo
14:2:7 = Shell Excutute VerifyHost

14:2:42 = Terminate Process
14:2:43 = DLL_PROCESS_DETACH
15:39:48 = hWnd = 0x001d0526; ClassName:
15:39:48 = hWnd = 0x000f0676; ClassName:
dow.
15:39:48 = hWnd = 0x000b05b8; ClassName:
15:40:9 = ## ERR ## Setevent


15:40:9 = hWnd = 0x000b01e2; ClassName:
15:40:9 = hWnd = 0x01330078; ClassName:
ow.
15:40:9 = hWnd = 0x003e0090; ClassName:
15:40:9 = hWnd = 0x003c01ba; ClassName:

GDI+ Hook Window Class; Title: GDI+ Wind

15:46:2 = hWnd = 0x00010018; ClassName:
ow.
15:46:2 = hWnd = 0x00010022; ClassName:

15:48:44 = ## ERR ## Setevent

15:48:44 = hWnd = 0x00030076; ClassName:
15:48:44 = hWnd = 0x00020074; ClassName:
dow.
15:48:44 = hWnd = 0x00020034; ClassName:


15:52:41 = hWnd = 0x00010018; ClassName:
dow.
15:52:41 = hWnd = 0x00010022; ClassName:

15:55:31 = s1.
15:55:31 = s2.
16:39:29 = hWnd = 0x000705e0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
16:39:29 = hWnd = 0x00270598; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

16:39:29 = hWnd = 0x000a04ae; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
16:39:29 = hWnd = 0x001104e8; ClassName: IME; Title: Default IME.
16:39:46 = ## ERR ## Setevent
16:39:46 = hWnd = 0x004a01fa; ClassName:
dow.
16:39:46 = hWnd = 0x005a01d8; ClassName:
16:39:46 = hWnd = 0x00100158; ClassName:


16:44:0 = hWnd = 0x00010018;
ow.
16:44:0 = hWnd = 0x00010022;
16:44:0 = hWnd = 0x0001001a;
16:46:30 = Need to re-create
ClassName: GDI+ Hook Window Class; Title: GDI+ Wind

ClassName: MSCTFIME UI; Title: MSCTFIME UI.
ClassName: IME; Title: Default IME.
objects.
16:46:30 = s1.
16:46:30 = s2.
21:31:47 = hWnd = 0x000c05da; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

dow.
21:31:47 = hWnd = 0x000803ac; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
21:31:47 = hWnd = 0x000c049a; ClassName: IME; Title: Default IME.
21:31:55 = ## ERR ## Setevent
21:31:55 = hWnd = 0x04cf0094; ClassName:
dow.
21:31:55 = hWnd = 0x008001fc; ClassName:
21:31:55 = hWnd = 0x007f002c; ClassName:


21:36:20 = hWnd = 0x00010018; ClassName:
dow.
21:36:20 = hWnd = 0x00010022; ClassName:

21:36:23 = s1.
21:36:23 = s2.

22:45:29 = hWnd = 0x000505c2; ClassName:
dow.
22:45:29 = hWnd = 0x001204dc; ClassName:
22:45:29 = hWnd = 0x00070598; ClassName:
22:45:36 = ## ERR ## Setevent


dow.
22:45:36 = hWnd = 0x000201ea; ClassName:


22:50:10 = hWnd = 0x00010018; ClassName:
dow.
22:50:11 = hWnd = 0x00010022; ClassName:
22:50:13 = s1.
22:50:13 = s2.
22:50:16
22:50:16
22:50:51
22:50:51
22:50:52
=
=
=
=
=
Start show animate

Shell Excutute VerifyHost
begin close Process
Terminate Process
end close Process

0:0:50 = hWnd = 0x000303a8; ClassName:
w.
0:0:50 = hWnd = 0x000e03a6; ClassName:
0:0:54 = ## ERR ## Setevent


w.


15:24:41 = hWnd = 0x00010018; ClassName:
dow.
15:24:42 = hWnd = 0x00010022; ClassName:
15:24:44 = s1.
15:24:44 = s2.

15:24:47
15:25:23
15:25:23
15:25:24
15:25:24
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

2:11:36 = s1.
2:11:36 = s2.
2:11:36
2:11:36
2:17:16
2:17:16
2:17:17
2:17:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:36:56 = hWnd = 0x00110476; ClassName:
2:36:56 = hWnd = 0x003b0b6c; ClassName:
ow.
2:36:56 = s1.
2:36:56 = s2.


2:38:3 = hWnd = 0x000b0d92; ClassName:
2:38:3 = hWnd = 0x000f0d1a; ClassName:
w.
2:38:3 = hWnd = 0x00180ce4; ClassName:
2:38:23 = ## ERR ## Setevent


2:38:23 = hWnd = 0x009b01fe; ClassName:
2:38:23 = hWnd = 0x01340060; ClassName:
ow.
2:38:23 = hWnd = 0x012e01de; ClassName:


11:30:27 = hWnd = 0x00010018; ClassName:
dow.
11:30:27 = hWnd = 0x00010022; ClassName:
11:30:31 = s1.

11:30:31 = s2.
15:20:48 = hWnd = 0x00030486; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
15:20:48 = hWnd = 0x0002059a; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
15:20:48 = hWnd = 0x0003047c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
15:20:48 = hWnd = 0x000304a6; ClassName: IME; Title: Default IME.
15:21:27 = ## ERR ## Setevent
15:21:27 = hWnd = 0x028f00dc; ClassName:
dow.
15:21:27 = hWnd = 0x002000bc; ClassName:


15:25:41 = hWnd = 0x00010018; ClassName:
dow.
15:25:42 = hWnd = 0x00010022; ClassName:


15:27:17 = ## ERR ## Setevent
15:27:17 = hWnd = 0x0001017e; ClassName:
dow.
15:27:17 = hWnd = 0x00010184; ClassName:


15:29:2 = hWnd = 0x00010018; ClassName:
ow.
15:29:2 = hWnd = 0x00010022; ClassName:

15:30:24 = s1.
15:30:24 = s2.
3:58:27 = hWnd = 0x003c0386; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
3:58:27 = hWnd = 0x0009065e; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
3:58:27 =
x=0, y=0,
3:58:27 =
x=0, y=0,
3:58:48 =
3:58:48 =
hWnd = 0x000c055e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
hWnd = 0x00260460; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

3:58:48 = hWnd = 0x011d002c; ClassName:
3:58:48 = hWnd = 0x011f00ea; ClassName:
ow.
3:58:48 = hWnd = 0x00ca0030; ClassName:
3:58:48 = hWnd = 0x00890054; ClassName:


12:39:36 = hWnd = 0x00010018; ClassName:
dow.
12:39:37 = hWnd = 0x00010022; ClassName:

12:39:39 = s1.
12:39:39 = s2.
12:39:43
12:39:43
12:40:20
12:40:20
12:40:21
12:40:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:43:56 = hWnd = 0x000b0364; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

dow.
22:44:11 = ## ERR ## Setevent
22:44:11 = hWnd = 0x00be0098; ClassName:
22:44:11 = hWnd = 0x00c901f2; ClassName:
dow.
22:44:11 = hWnd = 0x01de01f8; ClassName:
22:44:11 = hWnd = 0x007d01e2; ClassName:


22:48:3 = hWnd = 0x00010018; ClassName:
ow.
22:48:4 = hWnd = 0x00010022; ClassName:
22:48:8 = s1.
22:48:8 = s2.
22:48:13
22:48:13
22:48:48
22:48:48
22:48:49
22:48:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



2:42:8 = hWnd = 0x000a06aa; ClassName:
w.
2:42:8 = hWnd = 0x00130718; ClassName:
2:42:8 = hWnd = 0x004006fa; ClassName:
2:42:20 = ## ERR ## Setevent


2:42:20 = hWnd = 0x005501e6; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
2:42:20 = hWnd = 0x004601fc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
11:51:33 = hWnd = 0x00010018; ClassName:
dow.
11:51:33 = hWnd = 0x00010022; ClassName:
11:51:36 = s1.
11:51:36 = s2.
11:51:39
11:51:39
11:52:17
11:52:17
11:52:18
11:52:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


3:18:1 = hWnd = 0x0008056e; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
3:18:1 = hWnd = 0x00040422; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
3:18:1 = hWnd = 0x000305d2; ClassName: IME; Title: Default IME.
3:18:26 = ## ERR ## Setevent
3:18:26 = hWnd = 0x012201de; ClassName:
ow.
3:18:26 = hWnd = 0x00cf01ac; ClassName:


12:2:7 = hWnd = 0x00010018; ClassName:
w.
12:2:8 = hWnd = 0x00010022; ClassName:
12:2:11 = s1.
12:2:11 = s2.
12:2:14
12:2:14
12:2:50
12:2:50
12:2:51
12:2:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:9:23 = hWnd = 0x002310fe; ClassName:
2:9:23 = hWnd = 0x000a0c4a; ClassName:
w.


2:9:50 = hWnd = 0x00dd002e; ClassName:
w.


9:16:15 = hWnd = 0x00010018; ClassName:
ow.
9:16:16 = hWnd = 0x00010022; ClassName:
9:16:19 = s1.
9:16:19 = s2.


2:17:34 = hWnd = 0x000e03d2; ClassName:
ow.

2:17:38 = s1.
2:17:38 = s2.
2:46:30 = hWnd = 0x000d05ae; ClassName:
ow.
2:46:30 = hWnd = 0x008f04da; ClassName:
2:46:30 = hWnd = 0x00170610; ClassName:
2:46:51 = ## ERR ## Setevent



ow.
2:46:51 = hWnd = 0x009c01ca; ClassName:


13:12:46 = hWnd = 0x00010018; ClassName:
dow.
13:12:46 = hWnd = 0x00010022; ClassName:

13:12:48 = s1.
13:12:48 = s2.
13:12:53
13:12:53
13:13:23
13:13:23
13:13:24
13:13:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:26:9 = hWnd = 0x003f050e; ClassName:
2:26:9 = hWnd = 0x001907aa; ClassName:
w.
2:26:30 = ## ERR ## Setevent



2:26:30 = hWnd = 0x00660044; ClassName:
ow.
2:26:30 = hWnd = 0x00c501b8; ClassName:


10:48:0 = hWnd = 0x00010018; ClassName:
ow.
10:48:1 = hWnd = 0x00010022; ClassName:

10:48:5 = s1.
10:48:5 = s2.
1:13:56 = hWnd = 0x00130db8; ClassName:
1:13:56 = hWnd = 0x00020414; ClassName:
ow.
1:13:56 = hWnd = 0x00020408; ClassName:
1:13:56 = hWnd = 0x00240eb2; ClassName:
1:14:45 = ## ERR ## Setevent


1:14:45 = hWnd = 0x00730102; ClassName:
1:14:45 = hWnd = 0x014d012e; ClassName:
ow.


15:50:6 = hWnd = 0x00010018; ClassName:
ow.
15:50:6 = hWnd = 0x00010022; ClassName:

15:50:9 = s1.
15:50:9 = s2.
15:50:12
15:50:12
15:50:51
15:50:51
15:50:52
15:50:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:39:29 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

23:39:29 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
23:39:35 = s1.
23:39:35 = s2.
23:39:38
23:39:38
23:40:14
23:40:14
23:40:15
23:40:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:7:29 = hWnd = 0x00020398; ClassName:
w.


w.


12:2:21 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
12:2:21 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
12:2:21 =
x=0, y=0,
12:2:21 =
x=0, y=0,
12:2:24 =
width=1, height=1
hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
width=0, height=0
Need to re-create objects.
12:2:24 = s1.
12:2:24 = s2.
ow.
2:38:49 = hWnd = 0x00060406; ClassName:


2:39:2 = hWnd = 0x009401cc; ClassName:
w.
2:39:2 = hWnd = 0x00350036; ClassName:
2:39:2 = hWnd = 0x00fa01b6; ClassName:



13:22:56 = hWnd = 0x00010018; ClassName:
dow.
13:22:57 = hWnd = 0x00010022; ClassName:

13:23:0 = s1.
13:23:0 = s2.
1:3:15 = hWnd = 0x00030450; ClassName:
1:3:15 = hWnd = 0x00020454; ClassName:
w.
1:3:15 = hWnd = 0x00030448; ClassName:


1:3:33 = hWnd = 0x00d401fe; ClassName:
w.
1:3:33 = hWnd = 0x00140098; ClassName:
1:3:33 = hWnd = 0x00f401c4; ClassName:


8:53:10 = hWnd = 0x00010018; ClassName:
ow.
8:53:10 = hWnd = 0x00010022; ClassName:

8:53:14 = s1.
8:53:14 = s2.
8:53:18
8:53:18
8:53:54
8:53:54
8:53:55
8:53:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:27:33 = hWnd = 0x00141714; ClassName:
ow.
0:27:33 = hWnd = 0x00021972; ClassName:
0:28:20 = ## ERR ## Setevent


0:28:20 = hWnd = 0x0151019c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
0:28:20 = hWnd = 0x00c10200; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
0:28:20 =
x=0, y=0,
9:21:21 =
9:21:21 =
hWnd = 0x002c01fc; ClassName: IME; Title: Default IME.

width=0, height=0
Process Attach
end process attach

9:21:23 = hWnd = 0x00010018; ClassName:
ow.
9:21:23 = hWnd = 0x00010022; ClassName:

9:21:28 = s1.
9:21:28 = s2.
9:55:31 = hWnd = 0x00050404; ClassName:
ow.
9:55:31 = hWnd = 0x00020424; ClassName:
9:55:31 = hWnd = 0x00030428; ClassName:
9:55:38 = ## ERR ## Setevent


9:55:38 = hWnd = 0x000901f2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
9:55:38 =
x=0, y=0,
9:55:38 =
x=0, y=0,
9:57:12 =
9:57:12 =
hWnd = 0x000801fa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
hWnd = 0x001d004e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

9:57:13 = hWnd = 0x00010018; ClassName:
ow.
9:57:13 = hWnd = 0x00010022; ClassName:

9:57:18 = s1.
9:57:18 = s2.
w.
1:31:2 = hWnd = 0x00110ff8; ClassName:
1:31:2 = hWnd = 0x00260608; ClassName:
1:31:3 = s1.
1:31:3 = s2.


1:48:28 = hWnd = 0x006b077e; ClassName:
ow.
1:48:28 = hWnd = 0x00120bba; ClassName:
1:48:54 = ## ERR ## Setevent


1:48:54 = hWnd = 0x003401ae; ClassName:
ow.
1:48:54 = hWnd = 0x00d9009a; ClassName:


9:1:17 = hWnd = 0x00010018; ClassName:
w.
9:1:17 = hWnd = 0x00010022; ClassName:
9:1:19 = s1.

9:1:19 = s2.
1:16:22 = hWnd = 0x00050402; ClassName:
ow.
1:16:22 = hWnd = 0x000c03a0; ClassName:
1:16:55 = ## ERR ## Setevent


1:16:55 = hWnd = 0x01170058; ClassName:
ow.
1:16:55 = hWnd = 0x00b4004c; ClassName:
1:16:55 = hWnd = 0x00e2002a; ClassName:


12:21:26 = hWnd = 0x00010018; ClassName:
dow.
12:21:26 = hWnd = 0x00010022; ClassName:

12:21:29 = s1.
12:21:29 = s2.
14:25:31 = hWnd = 0x00060512; ClassName:
dow.
14:25:31 = hWnd = 0x000304ee; ClassName:
14:25:41 = ## ERR ## Setevent


14:25:41 = hWnd = 0x002f01ee; ClassName:
dow.


dow.

14:29:17 = s1.
14:29:17 = s2.
14:29:20
14:29:20
14:29:56
14:29:56
14:29:57
14:29:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:1:16 = hWnd = 0x00020530; ClassName:
w.


2:1:44 = hWnd = 0x00990098; ClassName:
2:1:44 = hWnd = 0x00750050; ClassName:
w.
2:1:44 = hWnd = 0x01120062; ClassName:
2:1:44 = hWnd = 0x007c01be; ClassName:



11:30:26 = hWnd = 0x00010018; ClassName:
dow.
11:30:26 = hWnd = 0x00010022; ClassName:

11:30:28 = s1.
11:30:28 = s2.
23:48:55 = hWnd = 0x000a03a0; ClassName:
dow.
23:48:55 = hWnd = 0x000805da; ClassName:
23:49:22 = ## ERR ## Setevent


dow.
23:49:22 = hWnd = 0x00060050; ClassName:
23:49:22 = hWnd = 0x00750058; ClassName:


8:36:32 = hWnd = 0x00010018; ClassName:
ow.
8:36:32 = hWnd = 0x00010022; ClassName:

8:36:36 = s1.
8:36:36 = s2.
8:36:41
8:36:41
8:37:17
8:37:17
8:37:18
8:37:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:34:9 = hWnd = 0x000c03ce; ClassName:
w.
3:34:9 = hWnd = 0x000c07ec; ClassName:


w.
3:35:7 = hWnd = 0x01af00a6; ClassName:


12:52:32 = hWnd = 0x00010018; ClassName:
dow.
12:52:32 = hWnd = 0x00010022; ClassName:

12:52:36 = s1.
12:52:36 = s2.
12:52:39
12:52:39
12:53:15
12:53:15
12:53:16
12:53:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:2:13 = hWnd = 0x00030306; ClassName:


2:2:52 = hWnd = 0x00720058; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
2:2:52 = hWnd = 0x0142002a; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
2:2:52 = hWnd = 0x00f0009a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

2:2:52 = hWnd = 0x01310056; ClassName: IME; Title: Default IME.
8:16:28 = hWnd = 0x00010018; ClassName:
ow.
8:16:28 = hWnd = 0x00010022; ClassName:

8:16:31 = s1.
8:16:31 = s2.
8:16:35
8:16:35
8:17:11
8:17:11
8:17:12
8:17:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:3:30 = hWnd = 0x001f08c8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
2:3:30 = hWnd = 0x00420a40; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
2:3:30 = hWnd = 0x001d0c54; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:3:30 = hWnd = 0x000b11c2; ClassName: IME; Title: Default IME.
2:6:14 = s1.
2:6:14 = s2.
2:6:15
2:6:16
2:6:44
2:6:44
2:6:45
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
ow.
2:24:44 = ## ERR ## Setevent


2:24:44 =
2:24:44 =
2:24:44 =
x=0, y=0,
2:24:44 =
x=0, y=0,
14:3:20 =
14:3:21 =
begin close Process

end close Process
width=0, height=0
hWnd = 0x019301c4; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

14:3:21 = hWnd = 0x00010018; ClassName:
ow.
14:3:21 = hWnd = 0x00010022; ClassName:
14:3:25 = s1.
14:3:25 = s2.


18:25:15 = hWnd = 0x00010018; ClassName:
dow.
18:25:16 = hWnd = 0x00010022; ClassName:

18:25:19 = s1.
18:25:19 = s2.
2:56:51 = hWnd = 0x00090700; ClassName:
ow.
2:56:51 = hWnd = 0x00030414; ClassName:
2:57:39 = ## ERR ## Setevent


2:57:39 = hWnd = 0x007501e2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
2:57:39 = hWnd = 0x007201ac; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
2:57:39 = hWnd = 0x002800fe; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

2:57:39 = hWnd = 0x006d011e; ClassName: IME; Title: Default IME.
13:43:0 = hWnd = 0x00010018; ClassName:
ow.
13:43:0 = hWnd = 0x00010022; ClassName:

13:43:4 = s1.
13:43:4 = s2.
1:48:20 = ## ERR ## Setevent
1:48:20 = hWnd = 0x00be01d0; ClassName:
ow.
1:48:20 = hWnd = 0x00c5016a; ClassName:
1:48:20 = hWnd = 0x010b01c6; ClassName:


11:53:42 = hWnd = 0x00010018; ClassName:
dow.
11:53:42 = hWnd = 0x00010022; ClassName:

11:53:47 = s1.
11:53:47 = s2.
11:53:49
11:53:49
11:54:26
11:54:26
11:54:27
11:54:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:29:14 = hWnd = 0x00020434; ClassName:
0:29:14 = hWnd = 0x00030428; ClassName:
0:29:15 = s1.
0:29:15 = s2.
0:29:15
0:29:15
0:30:12
0:30:12
0:30:13
0:30:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
0:51:30 = hWnd = 0x00490598; ClassName:

0:51:30 = s1.
0:51:30 = s2.
0:51:30
0:51:30
0:52:37
0:52:37
0:52:38
0:52:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:32:41 = hWnd = 0x000f041a; ClassName:
ow.
1:32:41 = hWnd = 0x00060714; ClassName:


1:33:0 = hWnd = 0x013f01e6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:33:0 = hWnd = 0x00d601ce; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:33:0 = hWnd = 0x021b0038; ClassName: IME; Title: Default IME.
dow.
12:20:59 = s1.
12:20:59 = s2.
dow.
13:18:46 = hWnd = 0x00020400; ClassName:
13:18:46 = s1.
13:18:46 = s2.


7:6:27 = hWnd = 0x00460d98; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
7:6:27 = hWnd = 0x001e0562; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
7:6:27 = hWnd = 0x002007f8; ClassName: IME; Title: Default IME.
w.
7:7:48 = hWnd = 0x00af003a; ClassName:
7:7:48 = hWnd = 0x01360050; ClassName:


14:9:48 = hWnd = 0x00010018; ClassName:
ow.
14:9:48 = hWnd = 0x00010022; ClassName:
14:9:51 = s1.

14:9:51 = s2.
ow.
2:54:53 = hWnd = 0x00090400; ClassName:
2:55:14 = ## ERR ## Setevent


2:55:14 = hWnd = 0x00430062; ClassName:
ow.
2:55:14 = hWnd = 0x00ed0050; ClassName:
2:55:14 = hWnd = 0x00700142; ClassName:


13:24:34 = hWnd = 0x00010018; ClassName:
dow.
13:24:34 = hWnd = 0x00010022; ClassName:

13:24:37 = s1.
13:24:37 = s2.
13:24:40
13:24:40
13:25:16
13:25:16
13:25:17
13:25:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:18:29 =
ow.
x=0, y=0,
3:18:29 =
x=0, y=0,
3:18:29 =
x=0, y=0,
3:19:24 =
3:19:24 =
hWnd = 0x000401e0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
hWnd = 0x00460fe4; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

3:19:24 = hWnd = 0x01480098; ClassName:
ow.
3:19:24 = hWnd = 0x01260058; ClassName:


dow.

12:40:25 = s1.
12:40:25 = s2.
1:21:16 = hWnd = 0x00040446; ClassName:
1:21:16 = hWnd = 0x000402ba; ClassName:
ow.
1:21:16 = hWnd = 0x000302be; ClassName:
1:21:37 = ## ERR ## Setevent


1:21:37 = hWnd = 0x00950090; ClassName:
ow.
1:21:37 = hWnd = 0x00ce004c; ClassName:


x=0, y=0,
8:32:42 =
ow.
x=0, y=0,
8:32:42 =
x=0, y=0,
8:32:42 =
x=0, y=0,
8:32:46 =
width=1366, height=768
hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
8:32:46 = s1.
8:32:46 = s2.
8:32:50
8:32:50
8:33:26
8:33:26
8:33:27
8:33:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:43:18 = hWnd = 0x00070236; ClassName:
9:43:24 = ## ERR ## Setevent


9:43:24 = hWnd = 0x00240060; ClassName:
ow.


11:53:34 = hWnd = 0x00010018; ClassName:
dow.
11:53:34 = hWnd = 0x00010022; ClassName:

11:53:39 = s1.
11:53:39 = s2.
11:53:41
11:53:41
11:54:18
11:54:18
11:54:19
11:54:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:18:23 = hWnd = 0x00021a3e; ClassName:
15:18:23 = hWnd = 0x00021aca; ClassName:

15:18:23 = s1.
15:18:23 = s2.
15:18:25
15:18:25
16:25:49
16:25:49
16:25:50
16:25:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.

21:48:55 = s1.
21:48:55 = s2.
21:48:55
21:48:55
21:49:58
21:49:58
21:49:59
21:49:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:50:6 = hWnd = 0x0015153a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
21:50:29 = ## ERR ## Setevent
21:50:29 = hWnd = 0x0099002a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

ow.
21:52:5 = s1.
21:52:5 = s2.
w.

22:3:1 = s1.
22:3:1 = s2.
22:3:1 =
22:3:1 =
22:18:46
22:18:46
22:18:47
22:18:47
Start show animate

= begin close Process
= Terminate Process
= end close Process
= DLL_PROCESS_DETACH

3:4:17 = hWnd = 0x00270aa8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

3:4:17 = hWnd = 0x000204b8; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
3:4:17 = hWnd = 0x000a0aaa; ClassName: IME; Title: Default IME.
w.
3:4:43 = hWnd = 0x00720036; ClassName:


13:47:3 = hWnd = 0x00010018; ClassName:
ow.
13:47:4 = hWnd = 0x00010022; ClassName:
13:47:6 = s1.
13:47:6 = s2.
13:47:10
13:47:10
13:47:46
13:47:46
13:47:47
13:47:47
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



1:36:39 = hWnd = 0x00110814; ClassName:
ow.
1:36:39 = hWnd = 0x00140802; ClassName:

1:36:39 = s1.
1:36:39 = s2.
2:22:3 = hWnd = 0x00220bdc; ClassName:
2:22:3 = hWnd = 0x00030420; ClassName:
w.
2:22:3 = hWnd = 0x00190caa; ClassName:
2:22:28 = ## ERR ## Setevent


2:22:28 = hWnd = 0x00bc0092; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
2:22:28 = hWnd = 0x00d2018e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

2:22:28 = hWnd = 0x00c001c4; ClassName: IME; Title: Default IME.
12:24:49 = hWnd = 0x00010018; ClassName:
dow.
12:24:49 = hWnd = 0x00010022; ClassName:

12:24:52 = s1.
12:24:52 = s2.
12:24:55
12:24:55
12:25:30
12:25:30
12:25:31
12:25:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:18:32 = hWnd = 0x00090b4a; ClassName:
ow.
1:18:35 = s1.
1:18:35 = s2.
1:18:39
1:18:39
1:20:14
1:20:14
1:20:15
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

1:30:19 = hWnd = 0x000d0bb2; ClassName:
1:30:19 = hWnd = 0x000f0c4e; ClassName:
ow.

1:30:19 = s1.
1:30:19 = s2.
1:30:19
1:30:19
1:32:50
1:32:50
1:32:51
1:32:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


1:54:6 = hWnd = 0x001f00a0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

w.
1:54:6 = hWnd = 0x00cd00cc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
1:54:6 = hWnd = 0x005000ce; ClassName: IME; Title: Default IME.
11:45:29 = hWnd = 0x00010018; ClassName:
dow.
11:45:29 = hWnd = 0x00010022; ClassName:

11:45:31 = s1.
11:45:31 = s2.
11:45:34
11:45:34
11:46:11
11:46:11
11:46:12
11:46:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:16:28 = hWnd = 0x00030318; ClassName:
2:16:31 = s1.
2:16:31 = s2.

2:16:32
2:16:32
2:19:50
2:19:50
2:19:51
2:19:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:27:57 = hWnd = 0x00060448; ClassName:
2:28:24 = ## ERR ## Setevent


2:28:24 = hWnd = 0x01bb0054; ClassName:
ow.
2:28:24 = hWnd = 0x00a5003a; ClassName:


11:4:58 = hWnd = 0x00010018; ClassName:
ow.
11:4:59 = hWnd = 0x00010022; ClassName:

11:5:2 = s1.
11:5:2 = s2.
13:53:14 = hWnd = 0x00040828; ClassName:
dow.
13:53:14 = hWnd = 0x00030842; ClassName:

13:53:14 = s1.
13:53:14 = s2.
13:53:14
13:53:14
15:38:19
15:38:19
15:38:20
15:38:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

19:40:34 = ## ERR ## Setevent

dow.


21:19:51 = hWnd = 0x00010018; ClassName:
dow.
21:19:52 = hWnd = 0x00010022; ClassName:

21:19:55 = s1.
21:19:55 = s2.
21:19:58
21:19:58
21:20:37
21:20:37
21:20:38
21:20:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:54:31 = hWnd = 0x000705c2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:54:31 =
x=0, y=0,
1:54:31 =
x=0, y=0,
1:54:31 =
width=1, height=1
width=0, height=0
width=0, height=0
1:54:31 = s1.
1:54:31 = s2.
2:24:35 = hWnd = 0x00080452; ClassName:
ow.
2:24:41 = ## ERR ## Setevent


ow.
2:24:41 = hWnd = 0x00750062; ClassName:



dow.
12:33:17 = s1.
12:33:17 = s2.
12:33:20
12:33:20
12:33:58
12:33:58
12:33:59
12:33:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:56:40 = hWnd = 0x00090568; ClassName:
3:56:40 = hWnd = 0x001d05c6; ClassName:
ow.
3:56:40 = hWnd = 0x00050638; ClassName:
3:57:20 = ## ERR ## Setevent


ow.


13:11:45 = hWnd = 0x00010018; ClassName:
dow.
13:11:46 = hWnd = 0x00010022; ClassName:

13:11:49 = s1.
13:11:49 = s2.
13:11:52
13:11:52
13:12:29
13:12:29
13:12:30
13:12:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:55:28 = hWnd = 0x00110c8c; ClassName:
ow.
3:55:28 = hWnd = 0x00090da2; ClassName:
3:56:19 = ## ERR ## Setevent


3:56:19 = hWnd = 0x00c301f6; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
3:56:19 =
x=0, y=0,
3:56:19 =
x=0, y=0,
11:26:0 =
11:26:0 =
hWnd = 0x005c01f0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
hWnd = 0x00af003a; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

11:26:2 = hWnd = 0x00010018; ClassName:
ow.
11:26:2 = hWnd = 0x00010022; ClassName:

11:26:5 = s1.
11:26:5 = s2.
11:26:10
11:26:10
11:26:46
11:26:46
11:26:47
11:26:47
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:54:46 = hWnd = 0x000e0b16; ClassName:
ow.
2:54:46 = hWnd = 0x00070306; ClassName:
2:55:23 = ## ERR ## Setevent


2:55:24 = hWnd = 0x003c00e8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

2:55:24 = hWnd = 0x014b0064; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
2:55:24 = hWnd = 0x009601cc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:55:24 = hWnd = 0x014b01d4; ClassName: IME; Title: Default IME.
13:1:1 = hWnd = 0x00010018; ClassName:
w.
13:1:1 = hWnd = 0x00010022; ClassName:

13:1:3 = s1.
13:1:3 = s2.
15:37:36 = hWnd = 0x00050568; ClassName:
15:37:36 = hWnd = 0x00030aa2; ClassName:
dow.
15:37:41 = ## ERR ## Setevent



dow.


20:9:35 =
ow.
x=0, y=0,
20:9:36 =
x=0, y=0,
20:9:36 =
x=0, y=0,
20:9:39 =
width=1, height=1
width=0, height=0
width=0, height=0
20:9:39 = s1.
20:9:39 = s2.
ow.
2:53:34 = ## ERR ## Setevent


ow.


12:41:37 = hWnd = 0x00010018; ClassName:
dow.
12:41:38 = hWnd = 0x00010022; ClassName:

12:41:41 = s1.
12:41:41 = s2.
12:41:44
12:41:44
12:42:22
12:42:22
12:42:23
12:42:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:15:4 = hWnd = 0x00130516; ClassName:
w.

3:15:46 = ## ERR ## Setevent

3:15:46 = hWnd = 0x01680036; ClassName:
3:15:46 = hWnd = 0x01490054; ClassName:
ow.
3:15:46 = hWnd = 0x005c01d0; ClassName:


12:48:54 = hWnd = 0x00010018; ClassName:
dow.
12:48:55 = hWnd = 0x00010022; ClassName:

12:49:1 = s1.
12:49:1 = s2.
3:7:21 = hWnd = 0x002406f4; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
3:7:21 = hWnd = 0x00080d50; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

3:7:21 = hWnd = 0x001508bc; ClassName: IME; Title: Default IME.
nicio de sesin en Windows.
3:8:7 = hWnd = 0x00e801fc; ClassName:
.
3:8:7 = hWnd = 0x012a01e2; ClassName:
AUTHUI.DLL: LogonUI Logon Window; Title: I

GDI+ Hook Window Class; Title: GDI+ Window

13:2:14 = hWnd = 0x00010018; ClassName:
ow.
13:2:14 = hWnd = 0x00010022; ClassName:

13:3:43 = s1.
13:3:43 = s2.
13:3:44
13:3:44
13:4:23
13:4:23
13:4:24
13:4:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:38:46 = hWnd = 0x000b047c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
18:38:46 = hWnd = 0x000f0520; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

18:38:46 = hWnd = 0x000b0462; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
18:38:46 = hWnd = 0x0015042e; ClassName: IME; Title: Default IME.
18:39:3 = ## ERR ## Setevent
ow.
18:39:3 = hWnd = 0x00030030; ClassName:


18:42:54 = hWnd = 0x00010018; ClassName:
dow.
18:42:54 = hWnd = 0x00010022; ClassName:

18:42:57 = s1.
18:42:57 = s2.
3:30:7 = hWnd = 0x000304a2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
3:30:7 = hWnd = 0x000c07cc; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
3:30:7 = hWnd = 0x000403f6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
3:30:7 = hWnd = 0x000a080e; ClassName: IME; Title: Default IME.
3:30:20 = ## ERR ## Setevent
3:30:20 = hWnd = 0x00760054; ClassName:
ow.


5:52:53 = hWnd = 0x00010018; ClassName:
ow.
5:52:53 = hWnd = 0x00010022; ClassName:

5:52:57 = s1.
5:52:57 = s2.

2:14:39 =
ow.
x=0, y=0,
2:14:39 =
x=0, y=0,
2:14:39 =
x=0, y=0,
2:15:35 =
2:15:35 =
hWnd = 0x000404aa; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x001b0f92; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x0009013c; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

2:15:35 = hWnd = 0x00940094; ClassName:
ow.
2:15:35 = hWnd = 0x007a01f6; ClassName:
2:15:35 = hWnd = 0x018f00cc; ClassName:


12:9:56 = hWnd = 0x00010018; ClassName:
ow.
12:9:56 = hWnd = 0x00010022; ClassName:
12:10:1 = s1.
12:10:1 = s2.


2:8:16 = hWnd = 0x00090738; ClassName:
2:8:16 = hWnd = 0x00030434; ClassName:
w.
2:8:16 = hWnd = 0x00030436; ClassName:


2:8:49 = hWnd = 0x009e01f6; ClassName:
2:8:49 = hWnd = 0x01240052; ClassName:
w.
2:8:49 = hWnd = 0x00580056; ClassName:


9:22:28 = hWnd = 0x00010018; ClassName:
ow.
9:22:28 = hWnd = 0x00010022; ClassName:
9:22:33 = s1.
9:22:33 = s2.
9:22:37
9:22:37
9:23:13
9:23:13
9:23:14
9:23:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:10:33 =
ow.
x=0, y=0,
2:10:33 =
x=0, y=0,
2:10:33 =
x=0, y=0,
2:11:16 =
2:11:16 =
width=1, height=1
width=0, height=0
hWnd = 0x001f0f90; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

2:11:16 = hWnd = 0x01470060; ClassName:
ow.


12:20:50 = hWnd = 0x00010018; ClassName:
dow.
12:20:50 = hWnd = 0x00010022; ClassName:
12:20:53 = s1.
12:20:53 = s2.
12:20:56
12:20:56
12:21:34
12:21:34
12:21:35
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

3:38:21 =
ow.
x=0, y=0,
3:38:21 =
x=0, y=0,
3:38:21 =
x=0, y=0,
3:39:29 =
3:39:29 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

3:39:29 = hWnd = 0x015c01fc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
11:9:19 = hWnd = 0x00010018; ClassName:
ow.
11:9:19 = hWnd = 0x00010022; ClassName:
11:9:22 = s1.
11:9:22 = s2.
11:9:26
11:9:26
11:10:3
11:10:3
11:10:4
11:10:4
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


3:41:45 = hWnd = 0x000c0d8c; ClassName:
3:41:45 = hWnd = 0x00240448; ClassName:
ow.
3:42:40 = ## ERR ## Setevent


3:42:40 = hWnd = 0x01010182; ClassName:
ow.
3:42:40 = hWnd = 0x00450180; ClassName:


12:27:30 = hWnd = 0x00010018; ClassName:
dow.
12:27:31 = hWnd = 0x00010022; ClassName:
12:27:33 = s1.
12:27:33 = s2.
12:27:36
12:27:36
12:28:13
12:28:13
=
=
=
=
Start show animate

begin close Process
Terminate Process


1:32:46 = hWnd = 0x00020406; ClassName:
ow.
1:33:29 = ## ERR ## Setevent


1:33:30 = hWnd = 0x00b900cc; ClassName:
ow.
1:33:30 = hWnd = 0x005a002c; ClassName:


9:24:40 = hWnd = 0x00010018; ClassName:
ow.
9:24:40 = hWnd = 0x00010022; ClassName:
9:24:42 = s1.
9:24:42 = s2.

9:25:23
9:25:23
9:25:24
9:25:24
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:47:24 = ## ERR ## Setevent


9:47:24 = hWnd = 0x00090034; ClassName:
ow.
9:47:24 = hWnd = 0x00070054; ClassName:


10:6:17 =
ow.
x=0, y=0,
10:6:17 =
x=0, y=0,
10:6:17 =
x=0, y=0,
10:6:20 =
width=1, height=1
width=0, height=0
width=0, height=0
10:6:20 = s1.
10:6:20 = s2.

dow.
10:55:37 = ## ERR ## Setevent


10:55:37 = hWnd = 0x00070036; ClassName:
dow.


ow.

12:10:10 = s1.
12:10:10 = s2.
12:10:13
12:10:13
12:10:50
12:10:50
12:10:51
12:10:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
13:49:59 = hWnd = 0x00030480; ClassName:

13:49:59 = s1.
13:49:59 = s2.
5:33:17 = hWnd = 0x00150bbe; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
5:33:17 = hWnd = 0x00180bc2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.

5:33:17 = hWnd = 0x000d0bc0; ClassName: IME; Title: Default IME.
5:34:5 = hWnd = 0x00db002a; ClassName:
w.
5:34:5 = hWnd = 0x00e901fa; ClassName:


11:38:32 = hWnd = 0x00010018; ClassName:
dow.
11:38:33 = hWnd = 0x00010022; ClassName:

11:38:35 = s1.
11:38:35 = s2.
11:38:38
11:38:38
11:39:15
11:39:15
11:39:16
11:39:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.

12:3:43 = s1.
12:3:43 = s2.
12:3:43
12:3:43
17:1:41
17:1:41
17:1:42
17:1:42
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:30:1 = hWnd = 0x000f0d1e; ClassName:
w.
3:30:39 = ## ERR ## Setevent


ow.
3:30:39 = hWnd = 0x00030104; ClassName:
3:30:39 = hWnd = 0x00090188; ClassName:


12:18:34 = hWnd = 0x00010018; ClassName:
dow.
12:18:34 = hWnd = 0x00010022; ClassName:

12:18:37 = s1.
12:18:37 = s2.
12:18:40
12:18:40
12:19:18
12:19:18
12:19:19
12:19:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:23:46 = hWnd = 0x000d0d26; ClassName:

1:23:46 = s1.
1:23:46 = s2.
1:23:47
1:23:47
1:29:18
1:29:18
1:29:19
1:29:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:17:17 = hWnd = 0x000f073a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
2:17:17 = hWnd = 0x001a0914; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:17:45 = ## ERR ## Setevent
2:17:45 = hWnd = 0x00f401d8; ClassName:
ow.
2:17:45 = hWnd = 0x00870172; ClassName:


13:25:12 = hWnd = 0x00010018; ClassName:
dow.
13:25:12 = hWnd = 0x00010022; ClassName:
13:25:16 = s1.
13:25:16 = s2.
13:25:20
13:25:20
13:25:57
13:25:57
13:25:58
13:25:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



1:31:3 = hWnd = 0x00090674; ClassName:
w.
1:31:3 = hWnd = 0x000d05a6; ClassName:
1:31:3 = hWnd = 0x00180376; ClassName:
1:31:26 = ## ERR ## Setevent


ow.
1:31:26 = hWnd = 0x000401ec; ClassName:


14:41:7 = hWnd = 0x00010018; ClassName:
ow.
14:41:7 = hWnd = 0x00010022; ClassName:
14:41:10 = s1.
14:41:10 = s2.
14:41:13
14:41:13
14:41:50
14:41:50
14:41:51
14:41:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:18:53 = hWnd = 0x00020496; ClassName:
ow.

2:18:53 = s1.
2:18:53 = s2.
2:18:56
2:18:56
2:23:20
2:23:20
2:23:21
2:23:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:39:55 = hWnd = 0x003c03c0; ClassName:
ow.
2:39:55 = hWnd = 0x01aa04ea; ClassName:
2:39:55 = s1.
2:39:55 = s2.
2:39:55
2:39:55
2:41:45
2:41:45
2:41:46
2:41:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:53:38 = hWnd = 0x00100666; ClassName:
ow.
2:53:38 = hWnd = 0x00080638; ClassName:


w.
2:54:3 = hWnd = 0x00a601fc; ClassName:


14:11:9 = hWnd = 0x00010018; ClassName:
ow.
14:11:9 = hWnd = 0x00010022; ClassName:
14:11:12 = s1.
14:11:12 = s2.


18:47:4 = hWnd = 0x000b05ec; ClassName:
ow.

18:47:6 = s1.
18:47:6 = s2.
3:4:10 = hWnd = 0x00020844; ClassName:
w.
3:4:10 = hWnd = 0x00020850; ClassName:
3:4:10 = hWnd = 0x00020c2e; ClassName:


3:4:55 = hWnd = 0x009e01c6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

3:4:55 = hWnd = 0x007c01f2; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
3:4:55 = hWnd = 0x003e01f6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
11:31:48 = hWnd = 0x00010018; ClassName:
dow.
11:31:48 = hWnd = 0x00010022; ClassName:

11:31:51 = s1.
11:31:51 = s2.
11:31:55
11:31:55
11:32:31
11:32:31
11:32:32
11:32:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:2:22 = s1.
2:2:22 = s2.


w.
2:21:31 = ## ERR ## Setevent


2:21:31 = hWnd = 0x00bc018c; ClassName:
ow.
2:21:31 = hWnd = 0x00ae0092; ClassName:


9:35:51 = hWnd = 0x00010018; ClassName:
ow.
9:35:52 = hWnd = 0x00010022; ClassName:
9:35:52 = s1.
9:35:52 = s2.

9:35:52
9:35:52
9:36:24
9:36:24
9:36:25
9:36:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:10:45 =
ow.
x=0, y=0,
3:10:45 =
x=0, y=0,
3:10:45 =
x=0, y=0,
3:11:23 =
3:11:23 =
hWnd = 0x00110aea; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x0008050e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00130cee; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


12:26:6 = hWnd = 0x00010018; ClassName:
ow.
12:26:6 = hWnd = 0x00010022; ClassName:
12:26:11 = s1.

12:26:11 = s2.
12:26:15
12:26:15
12:26:52
12:26:52
12:26:53
12:26:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:14:53 = hWnd = 0x00140642; ClassName:
ow.
2:14:53 = hWnd = 0x002b05f8; ClassName:
2:15:27 = ## ERR ## Setevent


2:15:27 = hWnd = 0x02460064; ClassName:
ow.
2:15:27 = hWnd = 0x015a01ca; ClassName:


ow.

12:54:14 = s1.
12:54:14 = s2.
12:54:17
12:54:17
12:54:53
12:54:53
12:54:54
12:54:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:42:45 = hWnd = 0x00670452; ClassName:
ow.
2:43:26 = ## ERR ## Setevent


2:43:26 = hWnd = 0x01860054; ClassName:
ow.
2:43:26 = hWnd = 0x00460154; ClassName:


ow.
x=0, y=0,
12:7:51 =
x=0, y=0,
12:7:51 =
x=0, y=0,
12:7:54 =
width=1, height=1
width=0, height=0
width=0, height=0
12:7:54 = s1.
12:7:54 = s2.
12:7:57
12:7:57
12:8:37
12:8:37
12:8:38
12:8:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:11:24 = ## ERR ## Setevent


ow.
0:11:24 = hWnd = 0x00100068; ClassName:


1:38:15 = hWnd = 0x00010018; ClassName:
ow.
1:38:15 = hWnd = 0x00010022; ClassName:

1:38:17 = s1.
1:38:17 = s2.
4:3:13 = hWnd = 0x00020414; ClassName:
w.
4:3:13 = hWnd = 0x00020416; ClassName:
4:3:13 = hWnd = 0x00020418; ClassName:


4:3:21 = hWnd = 0x00200188; ClassName:
4:3:21 = hWnd = 0x00200064; ClassName:
w.


dow.
13:26:16 = s1.
13:26:16 = s2.
13:26:19
13:26:19
13:26:58
13:26:58
13:26:59
13:26:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:31:27 = ## ERR ## Setevent


ow.
3:31:27 = hWnd = 0x00ea0058; ClassName:


13:3:12 = hWnd = 0x00010018; ClassName:
ow.
13:3:12 = hWnd = 0x00010022; ClassName:

13:3:14 = s1.
13:3:14 = s2.
13:3:18
13:3:18
13:3:55
13:3:55
13:3:56
13:3:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:56:16 = hWnd = 0x00280454; ClassName:
0:56:16 = hWnd = 0x00210710; ClassName:
0:56:38 = ## ERR ## Setevent


0:56:38 = hWnd = 0x006001dc; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.

10:19:49 = hWnd = 0x00010018; ClassName:
dow.
10:19:50 = hWnd = 0x00010022; ClassName:

10:19:53 = s1.
10:19:53 = s2.
10:19:56
10:19:56
10:20:33
10:20:33
10:20:34
10:20:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:45:22 = hWnd = 0x00050430; ClassName:
dow.
15:45:58 = ## ERR ## Setevent


15:45:58 = hWnd = 0x005e015e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
15:45:58 = hWnd = 0x008f005c; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
15:45:58 = hWnd = 0x005f017e; ClassName: IME; Title: Default IME.
19:17:27 = hWnd = 0x00010018; ClassName:
dow.
19:17:28 = hWnd = 0x00010022; ClassName:

19:17:33 = s1.
19:17:33 = s2.
19:17:36
19:17:36
19:18:13
19:18:13
19:18:14
19:18:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:40:13 = hWnd = 0x000f04ce; ClassName:
ow.
2:40:13 = hWnd = 0x00070426; ClassName:
2:40:13 = hWnd = 0x000b04ee; ClassName:
2:40:33 = ## ERR ## Setevent



2:40:33 = hWnd = 0x00cd0050; ClassName:
ow.
2:40:33 = hWnd = 0x00050064; ClassName:


12:28:5 = hWnd = 0x00010018; ClassName:
ow.
12:28:6 = hWnd = 0x00010022; ClassName:

12:28:8 = s1.
12:28:8 = s2.
12:28:12
12:28:12
12:28:48
12:28:48
12:28:49
12:28:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:17:55 = hWnd = 0x00080434; ClassName:
ow.
3:18:35 = ## ERR ## Setevent


3:18:35 = hWnd = 0x00bb01a4; ClassName:
ow.
3:18:35 = hWnd = 0x00ea01d8; ClassName:


9:30:36 = hWnd = 0x00010018; ClassName:
ow.
9:30:36 = hWnd = 0x00010022; ClassName:

9:30:39 = s1.
9:30:39 = s2.
9:30:41
9:30:41
9:31:18
9:31:18
9:31:19
9:31:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
4:35:41 = hWnd = 0x00120792; ClassName:


4:36:7 = hWnd = 0x016d00de; ClassName:
w.


13:11:12 = hWnd = 0x00010018; ClassName:
dow.
13:11:12 = hWnd = 0x00010022; ClassName:

13:11:15 = s1.
13:11:15 = s2.
13:11:18
13:11:18
13:11:56
13:11:56
13:11:57
13:11:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:45:59 = hWnd = 0x002306fa; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:45:59 =
x=0, y=0,
1:45:59 =
x=0, y=0,
1:46:20 =
1:46:20 =
hWnd = 0x001709ae; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
hWnd = 0x001f0756; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

1:46:20 = hWnd = 0x01290060; ClassName:
ow.


12:22:4 = hWnd = 0x00010018; ClassName:
ow.
12:22:4 = hWnd = 0x00010022; ClassName:

12:22:7 = s1.
12:22:7 = s2.

.
2:8:6 = hWnd = 0x00490850; ClassName:


2:8:35 = hWnd = 0x021e00e0; ClassName:
2:8:35 = hWnd = 0x01020152; ClassName:
w.
2:8:35 = hWnd = 0x00060052; ClassName:


12:5:9 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
12:5:15 = s1.
12:5:15 = s2.
12:5:18
12:5:18
12:5:54
12:5:54
12:5:55
12:5:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:9:21 = hWnd = 0x003d067c; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
2:9:21 = hWnd = 0x000c08dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:9:39 = hWnd = 0x011b01fc; ClassName:
w.


7:21:49 = hWnd = 0x00010018; ClassName:
ow.
7:21:50 = hWnd = 0x00010022; ClassName:
7:21:52 = s1.
7:21:52 = s2.
7:21:54
7:21:54
7:22:31
7:22:31
7:22:32
7:22:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
9:57:17 = ## ERR ## Setevent


ow.


11:36:59 = hWnd = 0x00010018; ClassName:
dow.
11:36:59 = hWnd = 0x00010022; ClassName:
11:37:1 = s1.
11:37:1 = s2.

11:37:43
11:37:43
11:37:44
11:37:44
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

13:1:47 = hWnd = 0x00070706; ClassName:
ow.

13:1:47 = s1.
13:1:47 = s2.
ow.
21:7:31 = s1.
21:7:31 = s2.

21:29:4
21:29:4
21:29:5
21:29:5
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

21:29:27 = hWnd = 0x00040426; ClassName:
21:29:27 = hWnd = 0x00070422; ClassName:
dow.
21:30:26 = ## ERR ## Setevent


dow.
21:30:26 = hWnd = 0x00040056; ClassName:


22:22:35 = hWnd = 0x00010018; ClassName:
dow.
22:22:35 = hWnd = 0x00010022; ClassName:

22:22:38 = s1.
22:22:38 = s2.
22:22:41
22:22:41
22:23:18
22:23:18
22:23:19
22:23:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


w.
2:4:36 = hWnd = 0x00530060; ClassName:


dow.

11:51:44 = s1.
11:51:44 = s2.
11:51:47
11:51:47
11:52:23
11:52:23
11:52:24
11:52:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:50:16 =
ow.
x=0, y=0,
1:50:16 =
x=0, y=0,
1:50:16 =
x=0, y=0,
1:50:48 =
1:50:48 =
hWnd = 0x002008fe; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x001a140e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x000e042a; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

1:50:48 = hWnd = 0x00600054; ClassName:
1:50:48 = hWnd = 0x00890088; ClassName:
ow.
1:50:48 = hWnd = 0x00360058; ClassName:


ow.
x=0, y=0,
10:6:11 =
x=0, y=0,
10:6:11 =
x=0, y=0,
10:6:14 =
width=1, height=1
width=0, height=0
width=0, height=0
10:6:14 = s1.
10:6:14 = s2.
10:6:17
10:6:17
10:6:54
10:6:54
10:6:55
10:6:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
20:57:28 = hWnd = 0x00080aaa; ClassName:
20:57:59 = ## ERR ## Setevent


dow.



21:1:52 = hWnd = 0x00010018; ClassName:
ow.
21:1:52 = hWnd = 0x00010022; ClassName:

21:1:55 = s1.
21:1:55 = s2.
21:1:59
21:1:59
21:2:35
21:2:35
21:2:36
21:2:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

4:15:5 = hWnd = 0x00070396; ClassName:
w.
4:15:29 = ## ERR ## Setevent


ow.
4:15:29 = hWnd = 0x00ce00a8; ClassName:


10:23:2 = hWnd = 0x00010018; ClassName:
ow.
10:23:2 = hWnd = 0x00010022; ClassName:

10:23:4 = s1.
10:23:4 = s2.
2:30:53 = hWnd = 0x000b08a2; ClassName:
ow.
2:30:56 = s1.
2:30:56 = s2.
2:30:57
2:30:57
2:34:53
2:34:53
2:34:54
2:34:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:48:54 = hWnd = 0x00080936; ClassName:
ow.
2:48:54 = hWnd = 0x001a04b4; ClassName:
2:49:23 = ## ERR ## Setevent


2:49:23 = hWnd = 0x00aa0066; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
11:35:16 = hWnd = 0x00010018; ClassName:
dow.
11:35:16 = hWnd = 0x00010022; ClassName:

11:35:18 = s1.
11:35:18 = s2.
3:1:44 = hWnd = 0x00040676; ClassName:

3:1:44 = hWnd = 0x00021438; ClassName:
w.
3:1:44 = hWnd = 0x00340768; ClassName:


3:2:42 = hWnd = 0x00ca01f0; ClassName:
w.


10:51:38 = hWnd = 0x00010018; ClassName:
dow.
10:51:39 = hWnd = 0x00010022; ClassName:
10:51:42 = s1.
10:51:42 = s2.
10:51:45
10:51:45
10:52:22
10:52:22
10:52:23
10:52:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:29:30 = hWnd = 0x00080460; ClassName:
1:30:11 = ## ERR ## Setevent


ow.
1:30:11 = hWnd = 0x01120052; ClassName:


1:35:4 = hWnd = 0x00010018; ClassName:
w.
1:35:4 = hWnd = 0x00010022; ClassName:
1:37:28 = s1.
1:37:28 = s2.


ow.
3:17:19 = hWnd = 0x000204ac; ClassName:
3:17:19 = hWnd = 0x00030476; ClassName:
3:17:27 = ## ERR ## Setevent


3:17:27 = hWnd = 0x00040060; ClassName:
ow.
3:17:27 = hWnd = 0x00020068; ClassName:
3:17:27 = hWnd = 0x00030062; ClassName:


6:13:42 = hWnd = 0x00010018; ClassName:
ow.
6:13:42 = hWnd = 0x00010022; ClassName:
6:13:45 = s1.
6:13:45 = s2.

6:13:49
6:13:49
6:14:25
6:14:25
6:14:26
6:14:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

6:40:53 = hWnd = 0x00050456; ClassName:
ow.
6:40:53 = hWnd = 0x00030508; ClassName:


6:41:2 = hWnd = 0x00050064; ClassName:
w.


11:10:46 = hWnd = 0x00010018; ClassName:
dow.
11:10:46 = hWnd = 0x00010022; ClassName:

11:10:48 = s1.
11:10:48 = s2.
11:10:51
11:10:51
11:11:28
11:11:28
11:11:29
11:11:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.


11:18:16 = hWnd = 0x00010018; ClassName:
dow.
11:18:16 = hWnd = 0x00010022; ClassName:


11:18:16 = s1.
11:18:16 = s2.
11:18:24
11:18:24
11:18:52
11:18:52
11:18:53
11:18:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
w.


11:38:29 = hWnd = 0x00010018; ClassName:
dow.
11:38:29 = hWnd = 0x00010022; ClassName:


11:38:32 = s1.
11:38:32 = s2.
11:38:36
11:38:36
11:39:13
11:39:13
11:39:14
11:39:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:24:6 = hWnd = 0x00050512; ClassName:
w.
2:24:6 = hWnd = 0x00040448; ClassName:
2:24:6 = hWnd = 0x00090430; ClassName:
2:24:40 = ## ERR ## Setevent


2:24:40 = hWnd = 0x00fd01f6; ClassName:
ow.
2:24:40 = hWnd = 0x00fa004c; ClassName:


dow.
x=0, y=0,
11:39:0 =
x=0, y=0,
11:39:0 =
x=0, y=0,
11:39:4 =
width=1, height=1
width=0, height=0
width=0, height=0
11:39:4 = s1.
11:39:4 = s2.
15:56:16 = hWnd = 0x00070478; ClassName:
dow.

15:56:19 = s1.
15:56:19 = s2.
15:56:19
15:56:19
15:59:58
15:59:58
15:59:59
15:59:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:8:37 = hWnd = 0x001d04b8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
x=0, y=0,
16:8:37 =
x=0, y=0,
16:8:37 =
width=0, height=0
hWnd = 0x000c04e2; ClassName: IME; Title: Default IME.
width=0, height=0
16:8:37 = s1.
16:8:37 = s2.
dow.
16:12:21 = hWnd = 0x001d06f6; ClassName:

16:12:21 = s1.
16:12:21 = s2.
16:12:21
16:12:21
16:13:35
16:13:35
16:13:36
16:13:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:27:48 = hWnd = 0x00170466; ClassName:
dow.
17:27:48 = hWnd = 0x00190576; ClassName:


17:27:48 = s1.
17:27:48 = s2.
17:27:48
17:27:48
17:56:56
17:56:56
17:56:57
17:56:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:2:29 = hWnd = 0x00160488; ClassName:
ow.

18:2:29 = s1.
18:2:29 = s2.
3:52:39 = hWnd = 0x00340820; ClassName:
3:52:39 = hWnd = 0x00170600; ClassName:
ow.


3:53:11 = ## ERR ## Setevent
3:53:11 = hWnd = 0x04960066; ClassName:
ow.


11:42:54 = hWnd = 0x00010018; ClassName:
dow.
11:42:55 = hWnd = 0x00010022; ClassName:

11:43:1 = s1.
11:43:1 = s2.
1:26:1 = hWnd = 0x000403be; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:26:1 = hWnd = 0x000403cc; ClassName: IME; Title: Default IME.

1:26:26 = ## ERR ## Setevent
ow.
1:26:26 = hWnd = 0x01290050; ClassName:


7:55:16 = hWnd = 0x00010018; ClassName:
ow.
7:55:17 = hWnd = 0x00010022; ClassName:

7:55:19 = s1.
7:55:19 = s2.
ow.
3:15:34 =
x=0, y=0,
3:15:34 =
x=0, y=0,
3:15:55 =
3:15:55 =
hWnd = 0x003404c2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
hWnd = 0x002c04c6; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
3:15:55 = hWnd = 0x01340056; ClassName:


9:49:37 = hWnd = 0x00010018; ClassName:
ow.
9:49:37 = hWnd = 0x00010022; ClassName:

9:49:39 = s1.
9:49:39 = s2.
9:49:42
9:49:42
9:50:22
9:50:22
9:50:23
9:50:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:22:39 = hWnd = 0x000303ec; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
16:23:10 = ## ERR ## Setevent
dow.
16:23:10 = hWnd = 0x00830196; ClassName:


19:22:11 = hWnd = 0x00010018; ClassName:
dow.
19:22:11 = hWnd = 0x00010022; ClassName:

19:22:14 = s1.
19:22:14 = s2.
19:22:17
19:22:17
19:22:56
19:22:56
19:22:57
19:22:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:33:56 = hWnd = 0x00060372; ClassName:
1:34:12 = ## ERR ## Setevent


1:34:12 = hWnd = 0x011e01fe; ClassName:
ow.
1:34:12 = hWnd = 0x00580158; ClassName:


8:13:56 = hWnd = 0x00010018; ClassName:
ow.
8:13:56 = hWnd = 0x00010022; ClassName:
8:13:59 = s1.
8:13:59 = s2.


4:18:33 = hWnd = 0x00120552; ClassName:
ow.
4:18:59 = ## ERR ## Setevent


ow.


12:51:10 = hWnd = 0x00010018; ClassName:
dow.
12:51:11 = hWnd = 0x00010022; ClassName:
12:51:15 = s1.
12:51:15 = s2.
12:51:18
12:51:18
12:51:56
12:51:56
=
=
=
=
Start show animate

begin close Process
Terminate Process


3:1:10 = hWnd = 0x001d04ce; ClassName:
w.
3:1:10 = hWnd = 0x00050752; ClassName:
3:1:10 = hWnd = 0x000d03fc; ClassName:


w.


9:2:38 = hWnd = 0x00010018; ClassName:
w.
9:2:39 = hWnd = 0x00010022; ClassName:
9:2:43 = s1.
9:2:43 = s2.

9:3:23
9:3:23
9:3:24
9:3:24
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

2:18:36 = hWnd = 0x00120636; ClassName:
ow.
2:18:50 = ## ERR ## Setevent


2:18:50 = hWnd = 0x006c00e2; ClassName:
ow.


10:40:56 = hWnd = 0x00010018; ClassName:
dow.
10:40:56 = hWnd = 0x00010022; ClassName:
10:41:0 = s1.

10:41:0 = s2.
2:51:8 = hWnd = 0x00140666; ClassName:
w.

2:51:8 = s1.
2:51:8 = s2.
2:51:8
2:51:8
3:1:13
3:1:13
3:1:14
3:1:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:11:33 = hWnd = 0x00180674; ClassName:
ow.
3:11:33 = s1.

3:11:33 = s2.
3:11:33
3:11:33
3:11:44
3:11:44
3:11:45
3:11:45
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:16:46 = hWnd = 0x00090566; ClassName:
3:16:46 = hWnd = 0x00250596; ClassName:


3:17:8 = hWnd = 0x00ac00c8; ClassName:
w.
3:17:8 = hWnd = 0x00050076; ClassName:
3:17:8 = hWnd = 0x00830078; ClassName:


12:50:31 = hWnd = 0x00010018; ClassName:
dow.
12:50:31 = hWnd = 0x00010022; ClassName:

12:50:34 = s1.
12:50:34 = s2.
12:50:38
12:50:38
12:51:10
12:51:10
12:51:11
12:51:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:17:34 =
ow.
x=0, y=0,
3:17:34 =
x=0, y=0,
3:17:34 =
x=0, y=0,
3:18:38 =
3:18:38 =
hWnd = 0x001f09e8; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x004408f6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x001808ce; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

3:18:38 =
ow.
x=0, y=0,
3:18:38 =
x=0, y=0,
3:18:38 =
x=0, y=0,
12:3:52 =
12:3:52 =
hWnd = 0x006c01e4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x010a0038; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

12:3:53 = hWnd = 0x00010018; ClassName:
ow.
12:3:53 = hWnd = 0x00010022; ClassName:

12:3:57 = s1.
12:3:57 = s2.
1:53:32 = hWnd = 0x001e0bf0; ClassName:
ow.
1:53:32 = hWnd = 0x00330ac8; ClassName:

1:53:32 = s1.
1:53:32 = s2.
1:53:33
1:53:33
1:55:10
1:55:10
1:55:11
1:55:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:8:19 = hWnd = 0x00eb09b8; ClassName:
w.
2:8:19 = hWnd = 0x00100546; ClassName:
2:8:19 = hWnd = 0x012f0bb0; ClassName:


2:8:39 = hWnd = 0x02620054; ClassName:
w.


10:45:1 = hWnd = 0x00010018; ClassName:
ow.
10:45:2 = hWnd = 0x00010022; ClassName:

10:45:5 = s1.
10:45:5 = s2.
ow.


w.
3:12:8 = hWnd = 0x01dc005c; ClassName:
3:12:8 = hWnd = 0x00960080; ClassName:


12:7:51 = hWnd = 0x00010018; ClassName:
ow.
12:7:51 = hWnd = 0x00010022; ClassName:

12:7:55 = s1.
12:7:55 = s2.
12:7:58
12:7:58
12:8:35
12:8:35
12:8:36
12:8:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:34:4 = hWnd = 0x001c06cc; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

2:34:33 = ## ERR ## Setevent
2:34:33 = hWnd = 0x01790128; ClassName:
2:34:33 = hWnd = 0x00ca004e; ClassName:
ow.


12:16:23 = hWnd = 0x00010018; ClassName:
dow.
12:16:24 = hWnd = 0x00010022; ClassName:

12:16:27 = s1.
12:16:27 = s2.
ow.
x=0, y=0,
2:14:46 =
x=0, y=0,
2:14:46 =
x=0, y=0,
2:15:14 =
2:15:14 =
width=1, height=1
width=0, height=0
hWnd = 0x000904de; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


11:44:21 = hWnd = 0x00010018; ClassName:
dow.
11:44:21 = hWnd = 0x00010022; ClassName:

11:44:24 = s1.
11:44:24 = s2.
2:24:31 = hWnd = 0x000a046c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
x=0, y=0,
2:24:31 =
ow.
x=0, y=0,
2:24:31 =
x=0, y=0,
2:24:31 =
x=0, y=0,
2:24:58 =
2:24:58 =
hWnd = 0x001f0480; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x001b050e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x000b04c0; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


11:27:3 = hWnd = 0x00010018; ClassName:
ow.
11:27:3 = hWnd = 0x00010022; ClassName:
11:27:6 = s1.
11:27:6 = s2.
11:27:12
11:27:12
11:27:49
11:27:49
11:27:50
11:27:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
3:22:46 = hWnd = 0x000406aa; ClassName: IME; Title: Default IME.
3:23:3 = hWnd = 0x01530060; ClassName:
w.
3:23:3 = hWnd = 0x01310058; ClassName:


8:5:9 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
w.
8:5:13 = s1.
8:5:13 = s2.
8:5:16
8:5:16
8:5:55
8:5:55
8:5:56
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
15:48:17 = hWnd = 0x00020658; ClassName:
dow.
15:48:27 = ## ERR ## Setevent


dow.
15:48:27 = hWnd = 0x00de01fe; ClassName:


18:27:26 = hWnd = 0x00010018; ClassName:
dow.
18:27:26 = hWnd = 0x00010022; ClassName:
18:27:29 = s1.
18:27:29 = s2.

18:27:32
18:28:10
18:28:10
18:28:11
18:28:11
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:27:29 = ## ERR ## Setevent


ow.
2:27:29 = hWnd = 0x00f201f8; ClassName:


12:27:7 = hWnd = 0x00010018; ClassName:
ow.
12:27:7 = hWnd = 0x00010022; ClassName:

12:27:9 = s1.
12:27:9 = s2.
12:27:13
12:27:13
12:27:51
12:27:51
12:27:52
12:27:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:59:45 = ## ERR ## Setevent


0:59:45 = hWnd = 0x00470064; ClassName:
ow.
0:59:45 = hWnd = 0x00260062; ClassName:


dow.

10:42:24 = s1.
10:42:24 = s2.
w.


.
3:4:5 = hWnd = 0x00e500ca; ClassName:


dow.
11:40:47 = s1.
11:40:47 = s2.
11:40:52
11:40:52
11:41:31
11:41:31
11:41:32
11:41:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:59:38 = hWnd = 0x00030334; ClassName:
0:59:38 = hWnd = 0x00030332; ClassName:
0:59:48 = ## ERR ## Setevent


0:59:48 = hWnd = 0x00620052; ClassName:
ow.
0:59:48 = hWnd = 0x00bb01ec; ClassName:


10:45:29 = hWnd = 0x00010018; ClassName:
dow.
10:45:30 = hWnd = 0x00010022; ClassName:

10:45:32 = s1.
10:45:32 = s2.
10:45:39
10:45:39
10:46:17
10:46:17
10:46:18
10:46:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
3:5:12 = hWnd = 0x00140478; ClassName:


3:5:36 = hWnd = 0x00d600cc; ClassName:
w.


11:11:42 = hWnd = 0x00010018; ClassName:
dow.
11:11:43 = hWnd = 0x00010022; ClassName:

11:11:46 = s1.
11:11:46 = s2.
11:11:50
11:11:50
11:12:29
11:12:29
11:12:30
11:12:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:9:18 = hWnd = 0x00050728; ClassName:
w.
2:9:18 = hWnd = 0x00040724; ClassName:


2:9:32 = hWnd = 0x013901f2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
2:9:32 = hWnd = 0x011d01fc; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
2:9:32 = hWnd = 0x017c01fa; ClassName: IME; Title: Default IME.
10:24:38 = hWnd = 0x00010018; ClassName:
dow.
10:24:38 = hWnd = 0x00010022; ClassName:

10:24:41 = s1.
10:24:41 = s2.
10:24:45
10:24:45
10:25:23
10:25:23
10:25:24
10:25:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:17:18 = hWnd = 0x00070634; ClassName:
ow.
3:17:18 = hWnd = 0x00060610; ClassName:
3:17:38 = ## ERR ## Setevent


x=0, y=0,
3:17:38 =
ow.
x=0, y=0,
3:17:38 =
x=0, y=0,
3:17:38 =
x=0, y=0,
9:50:21 =
9:50:22 =
width=1, height=1
hWnd = 0x006c00a2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00d3002c; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

9:50:24 = hWnd = 0x00010018; ClassName:
ow.
9:50:24 = hWnd = 0x00010022; ClassName:

9:50:26 = s1.
9:50:26 = s2.
ow.
1:19:56 = hWnd = 0x00200764; ClassName:
1:19:56 = hWnd = 0x003d06ea; ClassName:
1:20:11 = ## ERR ## Setevent



ow.


9:13:22 = hWnd = 0x00010018; ClassName:
ow.
9:13:22 = hWnd = 0x00010022; ClassName:

9:13:24 = s1.
9:13:24 = s2.
2:10:32 = hWnd = 0x00120620; ClassName:
ow.
2:10:32 = hWnd = 0x00440684; ClassName:
2:10:54 = ## ERR ## Setevent



2:10:54 = hWnd = 0x00410066; ClassName:
ow.
2:10:54 = hWnd = 0x00bf0062; ClassName:


10:7:45 = hWnd = 0x00010018; ClassName:
ow.
10:7:46 = hWnd = 0x00010022; ClassName:

10:7:50 = s1.
10:7:50 = s2.
10:7:54
10:7:54
10:8:32
10:8:32
10:8:33
10:8:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
10:30:57 = hWnd = 0x00050318; ClassName:
10:31:11 = ## ERR ## Setevent


10:31:11 = hWnd = 0x00350064; ClassName:
dow.


10:32:43 = hWnd = 0x00010018; ClassName:
dow.
10:32:44 = hWnd = 0x00010022; ClassName:

10:32:46 = s1.
10:32:46 = s2.
10:32:49
10:32:49
10:33:29
10:33:29
10:33:30
10:33:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:48:9 = hWnd = 0x0008066c; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

2:48:28 = ## ERR ## Setevent
2:48:28 = hWnd = 0x01ee002a; ClassName:
ow.
2:48:28 = hWnd = 0x00560094; ClassName:


w.
9:18:3 = s1.
9:18:3 = s2.
1:38:5 = hWnd = 0x000c08da; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

1:38:5 = hWnd = 0x000c08b8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
1:38:37 = ## ERR ## Setevent
1:38:37 = hWnd = 0x004a01ea; ClassName:
ow.


10:41:7 = hWnd = 0x00010018; ClassName:
ow.
10:41:7 = hWnd = 0x00010022; ClassName:

10:41:9 = s1.
10:41:9 = s2.
10:41:14
10:41:14
10:41:50
10:41:50
10:41:51
10:41:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:24:22 = hWnd = 0x000a05a4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:24:22 =
x=0, y=0,
1:24:22 =
x=0, y=0,
1:24:29 =
1:24:29 =
width=1, height=1
hWnd = 0x000b05ee; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x001a0528; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

1:24:29 = hWnd = 0x00cd008e; ClassName:
1:24:29 = hWnd = 0x00dc01ea; ClassName:
ow.
1:24:29 = hWnd = 0x00f801e0; ClassName:


10:43:4 = hWnd = 0x00010018; ClassName:
ow.
10:43:5 = hWnd = 0x00010022; ClassName:

10:43:7 = s1.
10:43:7 = s2.
10:43:10
10:43:10
10:43:49
10:43:49
10:43:50
10:43:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


1:55:38 = hWnd = 0x00090540; ClassName:
ow.
1:55:38 = hWnd = 0x00790760; ClassName:

1:55:38 = s1.
1:55:38 = s2.
1:55:40
1:55:40
1:58:15
1:58:15
1:58:16
1:58:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.


10:52:0 = hWnd = 0x00010018; ClassName:
ow.
10:52:1 = hWnd = 0x00010022; ClassName:

10:52:3 = s1.
10:52:3 = s2.
w.
1:54:4 = hWnd = 0x01380884; ClassName:
1:54:15 = ## ERR ## Setevent


1:54:15 = hWnd = 0x018b01e2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:54:15 = hWnd = 0x0178004a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0,
1:54:15 =
x=0, y=0,
8:53:20 =
8:53:20 =
width=0, height=0
hWnd = 0x013701d6; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

8:53:21 = hWnd = 0x00010018; ClassName:
ow.
8:53:22 = hWnd = 0x00010022; ClassName:

8:53:25 = s1.
8:53:25 = s2.
1:37:37 = hWnd = 0x009e07ba; ClassName:
ow.
1:37:53 = ## ERR ## Setevent


1:37:53 = hWnd = 0x002601ca; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:37:53 =
ow.
x=0, y=0,
1:37:53 =
x=0, y=0,
1:37:53 =
x=0, y=0,
9:49:47 =
9:49:47 =
hWnd = 0x003001d8; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000b01dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00e3002a; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

9:49:48 = hWnd = 0x00010018; ClassName:
ow.
9:49:48 = hWnd = 0x00010022; ClassName:

9:49:51 = s1.
9:49:51 = s2.
9:49:54
9:49:54
9:50:32
9:50:32
9:50:33
9:50:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:11:46 = hWnd = 0x00090560; ClassName:
1:11:46 = hWnd = 0x000d06b6; ClassName:
ow.
1:11:59 = ## ERR ## Setevent


1:11:59 = hWnd = 0x00290180; ClassName:

ow.


10:22:57 = hWnd = 0x00010018; ClassName:
dow.
10:22:58 = hWnd = 0x00010022; ClassName:

10:23:3 = s1.
10:23:3 = s2.
.
1:6:3 = hWnd = 0x00090622; ClassName:


1:6:40 = hWnd = 0x00ef00d4; ClassName:
w.


9:55:53 = hWnd = 0x00010018; ClassName:
ow.
9:55:53 = hWnd = 0x00010022; ClassName:

9:55:57 = s1.
9:55:57 = s2.
1:34:31 = hWnd = 0x000904d8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:34:31 = hWnd = 0x006d07ee; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.

1:34:33 = s1.
1:34:33 = s2.
1:34:33
1:34:33
1:37:10
1:37:10
1:37:11
1:37:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:1:6 = hWnd = 0x008104b6; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.
2:1:6 = hWnd = 0x001f08ee; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:1:25 = hWnd = 0x01960174; ClassName:
w.
2:1:25 = hWnd = 0x00ee0060; ClassName:


dow.

10:31:36 = s1.
10:31:36 = s2.
10:31:41
10:31:41
10:32:19
10:32:19
10:32:20
10:32:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:58:28 = hWnd = 0x00040788; ClassName:
ow.
1:58:28 = hWnd = 0x00040268; ClassName:
1:58:41 = ## ERR ## Setevent


1:58:41 = hWnd = 0x01aa002c; ClassName:
ow.
1:58:41 = hWnd = 0x00fd00a2; ClassName:


x=0, y=0,
2:36:34 =
ow.
x=0, y=0,
2:36:34 =
x=0, y=0,
2:36:34 =
x=0, y=0,
2:36:39 =
width=1, height=1
width=0, height=0
width=0, height=0
2:36:39 = s1.
2:36:39 = s2.
2:36:42
2:36:42
2:37:19
2:37:19
2:37:20
2:37:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:25:40 = hWnd = 0x00080502; ClassName:
ow.

3:25:40 = s1.
3:25:40 = s2.
3:25:41
3:25:41
3:28:30
3:28:30
3:28:31
3:28:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:35:53 = hWnd = 0x000d03c6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
x=0, y=0,
3:35:53 =
ow.
x=0, y=0,
3:35:53 =
x=0, y=0,
3:35:53 =
x=0, y=0,
3:35:59 =
3:35:59 =
hWnd = 0x000b04da; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
hWnd = 0x002e0430; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


11:6:24 = hWnd = 0x00010018; ClassName:
ow.
11:6:24 = hWnd = 0x00010022; ClassName:

11:6:27 = s1.
11:6:27 = s2.

3:11:32 = hWnd = 0x000b09ca; ClassName:
ow.
3:11:32 = hWnd = 0x00210918; ClassName:
3:11:50 = ## ERR ## Setevent


3:11:50 = hWnd = 0x016301de; ClassName: IME; Title: Default IME.
11:2:8 = hWnd = 0x00010018; ClassName:
w.
11:2:8 = hWnd = 0x00010022; ClassName:

11:2:11 = s1.
11:2:11 = s2.
11:2:15
11:2:15
11:2:52
11:2:52
11:2:53
11:2:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

4:48:38 = hWnd = 0x000b04ba; ClassName:

4:48:38 = hWnd = 0x00de046c; ClassName:
ow.
4:48:38 = hWnd = 0x00120474; ClassName:
4:48:38 = hWnd = 0x00160672; ClassName:
4:48:46 = ## ERR ## Setevent


4:48:46 = hWnd = 0x01a401ee; ClassName:
ow.


13:12:37 = hWnd = 0x00010018; ClassName:
dow.
13:12:38 = hWnd = 0x00010022; ClassName:
13:12:43 = s1.
13:12:43 = s2.
13:12:46
13:12:46
13:13:24
13:13:24
13:13:25
13:13:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
0:35:41 = hWnd = 0x00040050; ClassName:
0:35:56 = ## ERR ## Setevent


0:35:56 = hWnd = 0x005e01ec; ClassName:
ow.
0:35:56 = hWnd = 0x01490058; ClassName:


11:55:54 = hWnd = 0x00010018; ClassName:
dow.
11:55:54 = hWnd = 0x00010022; ClassName:
11:55:56 = s1.
11:55:56 = s2.


2:10:15 = hWnd = 0x00110640; ClassName:
ow.
2:10:15 = hWnd = 0x00040602; ClassName:
2:10:35 = ## ERR ## Setevent


2:10:35 = hWnd = 0x00fb01de; ClassName:
ow.
2:10:35 = hWnd = 0x00ee01dc; ClassName:


12:3:1 = hWnd = 0x00010018; ClassName:
w.
12:3:1 = hWnd = 0x00010022; ClassName:
12:3:5 = s1.
12:3:5 = s2.

12:3:48
12:3:48
12:3:49
12:3:49
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

1:24:23 = hWnd = 0x00030558; ClassName:
1:24:23 = hWnd = 0x00030564; ClassName:
ow.
1:24:23 = hWnd = 0x00030572; ClassName:
1:24:23 = hWnd = 0x00030570; ClassName:
1:24:44 = ## ERR ## Setevent


ow.
1:24:44 = hWnd = 0x00ab008e; ClassName:


10:38:54 = hWnd = 0x00010018; ClassName:
dow.
10:38:54 = hWnd = 0x00010022; ClassName:

10:38:57 = s1.
10:38:57 = s2.
0:42:56 =
ow.
x=0, y=0,
0:42:56 =
x=0, y=0,
0:42:56 =
x=0, y=0,
0:43:22 =
0:43:22 =
hWnd = 0x002307c8; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x0006065a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x001c073e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


10:21:50 = hWnd = 0x00010018; ClassName:
dow.
10:21:50 = hWnd = 0x00010022; ClassName:

10:21:52 = s1.
10:21:52 = s2.
10:21:55
10:21:55
10:22:32
10:22:32
10:22:33
10:22:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

1:21:26 = s1.
1:21:26 = s2.
1:24:56
1:24:56
1:25:28
1:25:28
=
=
=
=
Start show animate

Process Attach
## ERR ## Setevent

ow.
1:25:30 = s1.
1:25:30 = s2.
1:25:30
1:25:30
1:25:42
1:25:42
1:25:43
1:25:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:26:1 = hWnd = 0x00031184; ClassName:
1:26:40 = ## ERR ## Setevent


ow.
1:26:40 = hWnd = 0x00150090; ClassName:


dow.
10:36:58 = s1.
10:36:58 = s2.
ow.
4:11:49 = ## ERR ## Setevent


4:11:49 = hWnd = 0x01fc01f6; ClassName:
ow.
4:11:49 = hWnd = 0x00cf0094; ClassName:


7:25:7 = hWnd = 0x00010018; ClassName:
w.
7:25:7 = hWnd = 0x00010022; ClassName:

7:25:10 = s1.
7:25:10 = s2.
7:25:15
7:25:15
7:25:53
7:25:53
7:25:54
7:25:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
3:25:41 = ## ERR ## Setevent
ow.
3:25:41 = hWnd = 0x00b801de; ClassName:


10:25:26 = hWnd = 0x00010018; ClassName:
dow.
10:25:26 = hWnd = 0x00010022; ClassName:

10:25:29 = s1.
10:25:29 = s2.
0:50:41 = hWnd = 0x00070fca; ClassName:
ow.
0:50:41 = hWnd = 0x000a0e7c; ClassName:
0:50:41 = hWnd = 0x00070fa4; ClassName:
0:52:12 = ## ERR ## Setevent


0:52:12 = hWnd = 0x015e01ce; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
0:52:12 = hWnd = 0x004a01f6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

0:52:12 = hWnd = 0x01a701e4; ClassName: IME; Title: Default IME.
11:27:45 = hWnd = 0x00010018; ClassName:
dow.
11:27:45 = hWnd = 0x00010022; ClassName:

11:27:47 = s1.
11:27:47 = s2.
11:27:51
11:27:51
11:28:29
11:28:29
11:28:30
11:28:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:38:30 = hWnd = 0x00061674; ClassName:
1:38:30 = hWnd = 0x00060526; ClassName:
ow.
1:38:30 = hWnd = 0x00050624; ClassName:
1:38:30 = hWnd = 0x00050626; ClassName:
1:39:24 = ## ERR ## Setevent


1:39:24 = hWnd = 0x00ee01b8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
x=0, y=0,
1:39:24 =
ow.
x=0, y=0,
1:39:24 =
x=0, y=0,
1:39:24 =
x=0, y=0,
10:7:18 =
10:7:18 =
hWnd = 0x015a01cc; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x00fd019c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x01f2018c; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

10:7:18 = hWnd = 0x00010018; ClassName:
ow.
10:7:19 = hWnd = 0x00010022; ClassName:

10:7:21 = s1.
10:7:21 = s2.
1:7:38 = hWnd = 0x00370718; ClassName:
w.
1:7:38 = hWnd = 0x00050720; ClassName:



1:7:47 = hWnd = 0x01dd0060; ClassName:
w.


10:19:22 = hWnd = 0x00010018; ClassName:
dow.
10:19:22 = hWnd = 0x00010022; ClassName:

10:19:26 = s1.
10:19:26 = s2.
0:28:26 = hWnd = 0x00200754; ClassName:
ow.
0:30:13 = ## ERR ## Setevent


0:30:13 = hWnd = 0x00f301de; ClassName:
ow.


8:40:27 = hWnd = 0x00010018; ClassName:
ow.
8:40:27 = hWnd = 0x00010022; ClassName:

8:40:29 = s1.
8:40:29 = s2.
8:40:32
8:40:32
8:41:10
8:41:10
8:41:11
8:41:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
1:12:50 =
x=0, y=0,
1:13:59 =
1:13:59 =
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:13:59 = hWnd = 0x01520082; ClassName:
1:13:59 = hWnd = 0x01ad002e; ClassName:


10:12:2 =
ow.
x=0, y=0,
10:12:3 =
x=0, y=0,
10:12:3 =
x=0, y=0,
10:12:6 =
width=1, height=1
width=0, height=0
width=0, height=0
10:12:6 = s1.
10:12:6 = s2.
10:12:10
10:12:10
10:12:48
10:12:48
10:12:49
10:12:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:24:44 = hWnd = 0x000b06ec; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:24:44 = hWnd = 0x000f064a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:24:44 =
x=0, y=0,
1:24:44 =
x=0, y=0,
1:24:46 =
width=1, height=1
width=0, height=0
width=0, height=0
1:24:46 = s1.
1:24:46 = s2.
1:24:46
1:24:46
1:25:43
1:25:43
1:25:44
1:25:44
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:33:40 = hWnd = 0x00150622; ClassName:


w.



w.
9:9:29 = s1.
9:9:29 = s2.
1:10:8 = hWnd = 0x00170494; ClassName:
w.
1:10:46 = ## ERR ## Setevent


1:10:46 = hWnd = 0x00ab01ea; ClassName:
ow.
1:10:46 = hWnd = 0x00af0038; ClassName:


9:31:5 = hWnd = 0x00010018; ClassName:
w.
9:31:5 = hWnd = 0x00010022; ClassName:

9:31:8 = s1.
9:31:8 = s2.
9:31:11
9:31:11
9:31:50
9:31:50
9:31:51
9:31:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:52:8 = hWnd = 0x000c0bfc; ClassName:
w.
1:52:8 = hWnd = 0x000f0b9c; ClassName:
1:54:15 = ## ERR ## Setevent


1:54:15 = hWnd = 0x00be01e6; ClassName:
ow.


9:28:48 = hWnd = 0x00010018; ClassName:
ow.
9:28:49 = hWnd = 0x00010022; ClassName:

9:28:51 = s1.
9:28:51 = s2.
9:28:54
9:28:54
9:29:33
9:29:33
9:29:34
9:29:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:47:29 =
ow.
x=0, y=0,
0:47:29 =
x=0, y=0,
0:47:29 =
x=0, y=0,
0:48:16 =
0:48:16 =
width=1, height=1
hWnd = 0x001a052e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

0:48:16 = hWnd = 0x00870176; ClassName:
0:48:16 = hWnd = 0x00cf002e; ClassName:
ow.


8:21:1 = hWnd = 0x00010018; ClassName:
w.
8:21:1 = hWnd = 0x00010022; ClassName:

8:21:5 = s1.
8:21:5 = s2.
19:54:7 =
ow.
x=0, y=0,
19:54:7 =
x=0, y=0,
19:54:7 =
x=0, y=0,
19:55:0 =
19:55:0 =
width=1, height=1
width=0, height=0
hWnd = 0x000d0b90; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

19:55:0 = hWnd = 0x009e01de; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
19:55:0 = hWnd = 0x002a01d0; ClassName: IME; Title: Default IME.

19:58:52 = hWnd = 0x00010018; ClassName:
dow.
19:58:52 = hWnd = 0x00010022; ClassName:

19:58:54 = s1.
19:58:54 = s2.
19:58:58
19:58:58
19:59:37
19:59:37
19:59:38
19:59:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:27:43 =
ow.
x=0, y=0,
0:27:43 =
x=0, y=0,
0:27:43 =
x=0, y=0,
0:28:16 =
0:28:16 =
width=1, height=1
width=0, height=0
hWnd = 0x000503ee; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

0:28:16 = hWnd = 0x005b01f0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.

8:28:5 = hWnd = 0x00010018; ClassName:
w.
8:28:6 = hWnd = 0x00010022; ClassName:

8:28:10 = s1.
8:28:10 = s2.
8:28:14
8:28:14
8:28:52
8:28:52
8:28:53
8:28:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:54:43 =
ow.
x=0, y=0,
1:54:43 =
x=0, y=0,
1:54:43 =
x=0, y=0,
1:55:33 =
1:55:33 =
width=1, height=1
hWnd = 0x000409be; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x001b03d6; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

1:55:33 = hWnd = 0x006d01f8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
x=0, y=0,
1:55:33 =
x=0, y=0,
1:55:33 =
x=0, y=0,
8:59:49 =
8:59:49 =
width=1, height=1
hWnd = 0x001001ba; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x005d01fa; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

8:59:50 = hWnd = 0x00010018; ClassName:
ow.
8:59:50 = hWnd = 0x00010022; ClassName:

8:59:54 = s1.
8:59:54 = s2.
16:37:51 = hWnd = 0x001a05b0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
16:37:51 = s1.
16:37:51 = s2.

17:17:7 = hWnd = 0x000c05fa; ClassName:
ow.

17:17:7 = s1.
17:17:7 = s2.
0:2:14 = hWnd = 0x00140674; ClassName:
w.
0:2:14 = hWnd = 0x00280536; ClassName:



0:2:57 = hWnd = 0x00bc0146; ClassName:
w.


6:13:51 = hWnd = 0x00010018; ClassName:
ow.
6:13:52 = hWnd = 0x00010022; ClassName:

6:13:55 = s1.
6:13:55 = s2.
6:13:59
6:13:59
6:14:37
6:14:37
6:14:38
6:14:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:1:27 = hWnd = 0x00260334; ClassName:
2:1:27 = hWnd = 0x004c04ea; ClassName:



.
2:3:5 = hWnd = 0x01ba01ae; ClassName:


8:47:14 = hWnd = 0x00010018; ClassName:
ow.
8:47:14 = hWnd = 0x00010022; ClassName:

8:47:19 = s1.
8:47:19 = s2.
dow.


13:12:33 = ## ERR ## Setevent
13:12:33 = hWnd = 0x00ff005e; ClassName:
dow.


13:17:34 = hWnd = 0x00010018; ClassName:
dow.
13:17:35 = hWnd = 0x00010022; ClassName:

13:17:39 = s1.
13:17:39 = s2.
13:17:42
13:17:42
13:18:19
13:18:19
13:18:20
13:18:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:20:45 = hWnd = 0x000e069c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
23:20:45 = hWnd = 0x000d0314; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
23:20:45 = hWnd = 0x001204ce; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

23:21:59 = ## ERR ## Setevent
dow.


8:32:56 =
ow.
x=0, y=0,
8:32:56 =
x=0, y=0,
8:32:56 =
x=0, y=0,
8:32:58 =
width=1, height=1
width=0, height=0
width=0, height=0
8:32:58 = s1.
8:32:58 = s2.
1:40:19 =
ow.
x=0, y=0,
1:40:19 =
x=0, y=0,
width=1, height=1
hWnd = 0x001e0550; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
1:40:19 =
x=0, y=0,
1:41:20 =
1:41:20 =

width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:41:20 = hWnd = 0x00ca002a; ClassName:


w.
7:2:13 = s1.
7:2:13 = s2.
7:2:17
7:2:17
7:2:55
7:2:55
7:2:56
7:2:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
1:34:45 =
x=0, y=0,
1:35:31 =
1:35:31 =
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:35:31 = hWnd = 0x00ca01a8; ClassName:


7:37:23 = hWnd = 0x00010018; ClassName:
ow.
7:37:24 = hWnd = 0x00010022; ClassName:

7:37:26 = s1.
7:37:26 = s2.
7:37:30
7:37:30
7:38:11
7:38:11
7:38:12
7:38:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:37:59 = hWnd = 0x000613ec; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
0:37:59 = hWnd = 0x000804a4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.

0:37:59 = hWnd = 0x000c04fa; ClassName: IME; Title: Default IME.
0:39:4 = hWnd = 0x00db002a; ClassName:
0:39:4 = hWnd = 0x01ab0092; ClassName:
w.


9:22:38 = hWnd = 0x00010018; ClassName:
ow.
9:22:38 = hWnd = 0x00010022; ClassName:

9:22:41 = s1.
9:22:41 = s2.
9:22:45
9:22:45
9:23:22
9:23:22
9:23:23
9:23:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:36:41 = hWnd = 0x000b0924; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
21:37:42 = ## ERR ## Setevent
dow.
21:37:42 = hWnd = 0x01360080; ClassName:


21:41:58 = hWnd = 0x00010018; ClassName:
dow.
21:41:58 = hWnd = 0x00010022; ClassName:

21:42:1 = s1.
21:42:1 = s2.

ow.
0:52:27 = ## ERR ## Setevent


0:52:27 = hWnd = 0x00610056; ClassName:
ow.
0:52:27 = hWnd = 0x00050118; ClassName:


6:18:22 = hWnd = 0x00010018; ClassName:
ow.
6:18:22 = hWnd = 0x00010022; ClassName:
6:18:25 = s1.
6:18:25 = s2.


22:39:31 = hWnd = 0x00030384; ClassName:
dow.
22:39:31 = hWnd = 0x00040388; ClassName:
22:40:23 = ## ERR ## Setevent


22:40:23 = hWnd = 0x01ad01be; ClassName:
22:40:23 = hWnd = 0x00760100; ClassName:
dow.
22:40:23 = hWnd = 0x00470038; ClassName:


9:47:33 = hWnd = 0x00010018; ClassName:
ow.
9:47:33 = hWnd = 0x00010022; ClassName:
9:47:37 = s1.
9:47:37 = s2.
9:47:41
9:47:41
9:48:19
9:48:19
=
=
=
=
Start show animate

begin close Process
Terminate Process


23:47:18 = hWnd = 0x00200334; ClassName:
dow.
23:47:18 = hWnd = 0x000d04bc; ClassName:
23:48:24 = ## ERR ## Setevent


dow.


8:55:29 = hWnd = 0x00010018; ClassName:
ow.
8:55:30 = hWnd = 0x00010022; ClassName:
8:55:33 = s1.
8:55:33 = s2.

8:55:37
8:55:37
8:56:14
8:56:14
8:56:15
8:56:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:53:24 = ## ERR ## Setevent


0:53:24 = hWnd = 0x00fb01f6; ClassName:
ow.
0:53:24 = hWnd = 0x00ed008e; ClassName:


8:49:26 =
ow.
x=0, y=0,
8:49:26 =
x=0, y=0,
8:49:26 =
x=0, y=0,
8:49:30 =
width=1, height=1
width=0, height=0
width=0, height=0
8:49:30 = s1.
8:49:30 = s2.
8:49:34
8:49:34
8:50:10
8:50:10
8:50:11
8:50:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:0:48 = hWnd = 0x00040464; ClassName:
ow.
16:0:48 = hWnd = 0x00030506; ClassName:
16:0:54 = ## ERR ## Setevent


ow.


16:36:55 = hWnd = 0x00010018; ClassName:
dow.
16:36:56 = hWnd = 0x00010022; ClassName:


16:37:0 = s1.
16:37:0 = s2.
ow.
0:52:58 = ## ERR ## Setevent


ow.


w.

9:19:13 = s1.
9:19:13 = s2.
9:19:17
9:19:17
9:19:54
9:19:54
9:19:55
9:19:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

10:49:16 = s1.
10:49:16 = s2.
10:49:17
10:49:17
10:51:10
10:51:10
10:51:11
10:51:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:44:38 = hWnd = 0x000607ae; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:44:38 =
x=0, y=0,
1:44:38 =
x=0, y=0,
1:45:13 =
1:45:13 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:45:13 = hWnd = 0x01400094; ClassName:
ow.


2:4:50 = hWnd = 0x00010018; ClassName:
w.
2:4:50 = hWnd = 0x00010022; ClassName:

2:4:54 = s1.
2:4:54 = s2.
2:4:57
2:4:57
2:5:35
2:5:35
2:5:36
2:5:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:24:16 =
ow.
x=0, y=0,
2:24:16 =
x=0, y=0,
2:24:16 =
x=0, y=0,
2:24:24 =
2:24:24 =
hWnd = 0x0005062a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000604b6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


10:9:5 = hWnd = 0x00010018; ClassName:
w.
10:9:5 = hWnd = 0x00010022; ClassName:

10:9:9 = s1.
10:9:9 = s2.
10:9:12
10:9:12
10:9:48
10:9:48
10:9:49
10:9:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


0:27:48 = hWnd = 0x00090586; ClassName:
ow.
0:27:48 = hWnd = 0x000f04a4; ClassName:
0:28:29 = ## ERR ## Setevent


ow.


9:21:43 =
ow.
x=0, y=0,
9:21:43 =
x=0, y=0,
9:21:43 =
x=0, y=0,
9:21:48 =
width=1, height=1
width=0, height=0
width=0, height=0
9:21:48 = s1.
9:21:48 = s2.
9:21:52
9:21:52
9:22:29
9:22:29
9:22:30
9:22:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


10:26:43 = hWnd = 0x00040314; ClassName:
dow.
10:26:43 = hWnd = 0x00040316; ClassName:

10:26:43 = s1.
10:26:43 = s2.
11:58:17 = hWnd = 0x00030646; ClassName:
dow.

11:58:17 = s1.
11:58:17 = s2.
11:58:17
11:58:17
13:10:23
13:10:23
13:10:24
13:10:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.


0:5:46 = hWnd = 0x00620172; ClassName:
w.


1:19:44 = hWnd = 0x00010018; ClassName:
ow.
1:19:45 = hWnd = 0x00010022; ClassName:
1:19:48 = s1.
1:19:48 = s2.
1:19:52
1:19:52
1:20:28
1:20:28
1:20:29
1:20:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



1:28:9 = hWnd = 0x00030426; ClassName:
w.
1:28:9 = hWnd = 0x00030450; ClassName:
1:28:9 = hWnd = 0x00030430; ClassName:
1:28:23 = ## ERR ## Setevent


ow.


3:19:58 = hWnd = 0x00010018; ClassName:
ow.
3:19:58 = hWnd = 0x00010022; ClassName:
3:20:2 = s1.
3:20:2 = s2.


4:42:19 = hWnd = 0x00040514; ClassName:
ow.
4:42:19 = hWnd = 0x000a05cc; ClassName:
4:43:11 = ## ERR ## Setevent


ow.


w.
10:6:7 = s1.
10:6:7 = s2.
10:6:10
10:6:49
10:6:49
10:6:50
10:6:50
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:32:27 = hWnd = 0x00240952; ClassName:
1:32:27 = hWnd = 0x001c12ec; ClassName:
ow.
1:32:27 = hWnd = 0x00050482; ClassName:
1:33:24 = ## ERR ## Setevent


1:33:24 = hWnd = 0x01aa01f2; ClassName:
ow.


dow.
10:19:32 = s1.
10:19:32 = s2.
10:20:13
10:20:13
10:20:14
10:20:14
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

11:55:59 = hWnd = 0x00060670; ClassName:
dow.

11:56:0 = s1.
11:56:0 = s2.
17:36:13 = hWnd = 0x000b06c0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
ow.
17:37:9 = hWnd = 0x00490b3a; ClassName: IME; Title: Default IME.

1:33:59 = hWnd = 0x00080648; ClassName:
ow.
1:34:46 = ## ERR ## Setevent


1:34:46 = hWnd = 0x00880052; ClassName:
ow.
1:34:46 = hWnd = 0x010e01c0; ClassName:


9:43:30 = hWnd = 0x00010018; ClassName:
ow.
9:43:30 = hWnd = 0x00010022; ClassName:
9:43:33 = s1.
9:43:33 = s2.
9:43:37
9:43:37
9:44:14
9:44:14
9:44:15
9:44:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


11:13:34 = hWnd = 0x00030356; ClassName:
dow.
11:13:34 = hWnd = 0x00040474; ClassName:

11:13:34 = s1.
11:13:34 = s2.
11:13:35
11:13:35
11:14:56
11:14:56
11:14:57
11:14:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:18:56 = hWnd = 0x00140496; ClassName:
dow.
12:18:56 = s1.
12:18:56 = s2.
12:18:56
12:18:56
12:55:26
12:55:26
12:55:27
12:55:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.

0:36:36 = s1.
0:36:36 = s2.
0:36:36
0:36:36
0:41:23
0:41:23
0:41:24
0:41:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
0:50:0 = hWnd = 0x00090576; ClassName:
0:50:34 = ## ERR ## Setevent


0:50:34 = hWnd = 0x0192009a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
0:50:34 = hWnd = 0x003301de; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
0:50:34 =
x=0, y=0,
0:50:34 =
x=0, y=0,
7:18:46 =
7:18:46 =
width=1, height=1
hWnd = 0x0076004c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

7:18:46 = hWnd = 0x00010018; ClassName:
ow.
7:18:47 = hWnd = 0x00010022; ClassName:

7:18:50 = s1.
7:18:50 = s2.
7:18:52
7:18:52
7:19:30
7:19:30
7:19:31
7:19:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:8:59 = hWnd = 0x00050aa6; ClassName:
w.



w.
8:9:10 = hWnd = 0x01630104; ClassName:


12:55:22 = hWnd = 0x00010018; ClassName:
dow.
12:55:22 = hWnd = 0x00010022; ClassName:

12:55:26 = s1.
12:55:26 = s2.
14:7:20 = hWnd = 0x00030440; ClassName:
ow.
14:7:30 = ## ERR ## Setevent


ow.


16:31:33 = hWnd = 0x00010018; ClassName:
dow.
16:31:34 = hWnd = 0x00010022; ClassName:

16:31:37 = s1.
16:31:37 = s2.
16:31:42
16:31:42
16:32:20
16:32:20
16:32:21
16:32:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:49:57 = hWnd = 0x00200708; ClassName:
dow.
17:49:57 = hWnd = 0x00160714; ClassName:


17:50:8 = ## ERR ## Setevent
17:50:8 = hWnd = 0x00090084; ClassName:
ow.
17:50:8 = hWnd = 0x00120050; ClassName:


17:54:23 = hWnd = 0x00010018; ClassName:
dow.
17:54:24 = hWnd = 0x00010022; ClassName:

17:54:26 = s1.
17:54:26 = s2.
2:43:27 = hWnd = 0x00020d52; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
2:43:27 =
x=0, y=0,
2:43:27 =
x=0, y=0,
2:44:12 =
2:44:12 =

width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

2:44:12 = hWnd = 0x00960194; ClassName:
ow.


8:46:51 = hWnd = 0x00010018; ClassName:
ow.
8:46:51 = hWnd = 0x00010022; ClassName:

8:46:55 = s1.
8:46:55 = s2.
8:46:59
8:46:59
8:47:36
8:47:36
8:47:37
8:47:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
9:22:20 = hWnd = 0x00020140; ClassName:

9:22:20 = s1.
9:22:20 = s2.
9:22:20
9:22:20
9:25:49
9:25:49
9:25:50
9:25:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:27:36 = hWnd = 0x00030506; ClassName:
dow.
11:27:36 = hWnd = 0x00020590; ClassName:
11:27:36 = hWnd = 0x00020596; ClassName:

11:27:36 = s1.
11:27:36 = s2.
11:27:36
11:27:36
11:30:18
11:30:18
11:30:19
11:30:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:22:23 = hWnd = 0x000708ba; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
0:22:23 = hWnd = 0x000b08d2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
w.
0:23:4 = hWnd = 0x008b01dc; ClassName:


1:19:26 = hWnd = 0x00010018; ClassName:
ow.
1:19:26 = hWnd = 0x00010022; ClassName:

1:19:28 = s1.
1:19:28 = s2.

w.
1:38:13 = ## ERR ## Setevent
1:38:13 = hWnd = 0x00030182; ClassName:
1:38:13 = hWnd = 0x00230078; ClassName:
ow.
1:38:13 = hWnd = 0x00030036; ClassName:


11:40:16 = hWnd = 0x00010018; ClassName:
dow.
11:40:16 = hWnd = 0x00010022; ClassName:

11:40:20 = s1.
11:40:20 = s2.
1:40:31 = hWnd = 0x000a04ae; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

ow.
1:41:20 = ## ERR ## Setevent
1:41:20 = hWnd = 0x00570214; ClassName:
ow.


10:21:41 = hWnd = 0x00010018; ClassName:
dow.
10:21:42 = hWnd = 0x00010022; ClassName:
10:21:46 = s1.
10:21:46 = s2.
10:21:50
10:21:50
10:22:28
10:22:28
10:22:29
10:22:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


11:51:55 = hWnd = 0x00030606; ClassName:
11:51:55 = hWnd = 0x00020646; ClassName:
dow.
11:51:55 = hWnd = 0x00030604; ClassName:

11:51:55 = s1.
11:51:55 = s2.
11:51:55
11:51:55
11:54:45
11:54:45
11:54:46
11:54:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


0:32:4 = hWnd = 0x010f002c; ClassName: IME; Title: Default IME.

8:14:14 = hWnd = 0x00010018; ClassName:
ow.
8:14:14 = hWnd = 0x00010022; ClassName:

8:14:17 = s1.
8:14:17 = s2.
8:14:21
8:14:21
8:14:58
8:14:58
8:14:59
8:14:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:4:14 = hWnd = 0x00070100; ClassName:
w.


9:4:24 = hWnd = 0x001d01e6; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

13:30:47 = hWnd = 0x00010018; ClassName:
dow.
13:30:47 = hWnd = 0x00010022; ClassName:

13:30:50 = s1.
13:30:50 = s2.
13:30:54
13:30:54
13:31:31
13:31:31
13:31:32
13:31:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:27:48 = hWnd = 0x00910548; ClassName:
ow.
1:27:48 = hWnd = 0x00030782; ClassName:
1:28:41 = ## ERR ## Setevent


1:28:41 = hWnd = 0x00ca01a4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:28:41 = hWnd = 0x00b2006e; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:28:41 =
x=0, y=0,
1:28:41 =
x=0, y=0,
9:44:10 =
9:44:10 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

9:44:11 = hWnd = 0x00010018; ClassName:
ow.
9:44:11 = hWnd = 0x00010022; ClassName:

9:44:15 = s1.
9:44:15 = s2.
9:44:18
9:44:18
9:44:56
9:44:56
9:44:57
9:44:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:35:52 = hWnd = 0x00040590; ClassName:
dow.
11:35:52 = s1.
11:35:52 = s2.


ow.
0:54:38 = hWnd = 0x000a0d8c; ClassName:
0:55:40 = ## ERR ## Setevent


ow.
0:55:40 = hWnd = 0x00ee002e; ClassName:
0:55:40 = hWnd = 0x01ad0184; ClassName:


6:54:14 = hWnd = 0x00010018; ClassName:
ow.
6:54:14 = hWnd = 0x00010022; ClassName:
6:54:17 = s1.
6:54:17 = s2.


14:49:55 = hWnd = 0x00060526; ClassName:
dow.
14:49:55 = hWnd = 0x00030540; ClassName:
14:50:5 = ## ERR ## Setevent


14:50:5 = hWnd = 0x00490198; ClassName:
ow.
14:50:5 = hWnd = 0x00cb017a; ClassName:


18:13:1 = hWnd = 0x00010018; ClassName:
ow.
18:13:1 = hWnd = 0x00010022; ClassName:
18:13:4 = s1.

18:13:4 = s2.
1:23:40 = hWnd = 0x00040be4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:23:40 = hWnd = 0x00080cfc; ClassName: IME; Title: Default IME.
w.


9:3:47 = hWnd = 0x00010018; ClassName:
w.
9:3:47 = hWnd = 0x00010022; ClassName:


9:3:49 = s1.
9:3:49 = s2.
9:3:53
9:3:53
9:4:29
9:4:29
9:4:30
9:4:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


0:1:29 = hWnd = 0x00730156; ClassName:
0:1:29 = hWnd = 0x00ed01a8; ClassName:
w.
0:1:29 = hWnd = 0x00bd0148; ClassName:


ow.
8:44:51 =
x=0, y=0,
8:44:51 =
x=0, y=0,
8:44:55 =

width=0, height=0
width=0, height=0
8:44:56 = s1.
8:44:56 = s2.
dow.
19:55:30 = hWnd = 0x000b0ce4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
19:55:30 = hWnd = 0x001e05ae; ClassName: IME; Title: Default IME.
19:56:1 = ## ERR ## Setevent
19:56:1 = hWnd = 0x00df0054; ClassName:
ow.


dow.

19:59:40 = s1.
19:59:40 = s2.
dow.

21:39:53 = s1.
21:39:53 = s2.
21:39:53
21:39:53
21:43:37
21:43:37
21:43:38
21:43:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:18:32 = hWnd = 0x001f03de; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
23:18:32 = hWnd = 0x000b02c6; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
23:18:32 = hWnd = 0x000b076a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

23:18:32 = s1.
23:18:32 = s2.
0:57:40 = hWnd = 0x00310400; ClassName:
ow.
0:57:40 = hWnd = 0x00090718; ClassName:


w.
0:58:0 = hWnd = 0x00370064; ClassName:



1:45:54 = hWnd = 0x00010018; ClassName:
ow.
1:45:54 = hWnd = 0x00010022; ClassName:

1:45:57 = s1.
1:45:57 = s2.
ow.
2:23:19 = ## ERR ## Setevent


2:23:19 = hWnd = 0x00020194; ClassName:
ow.
2:23:19 = hWnd = 0x00040054; ClassName:


10:6:44 = hWnd = 0x00010018; ClassName:
ow.
10:6:44 = hWnd = 0x00010022; ClassName:

10:6:48 = s1.
10:6:48 = s2.
10:6:53
10:6:53
10:7:29
10:7:29
10:7:30
10:7:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

11:2:21 = s1.
11:2:21 = s2.
11:2:22
11:2:22
11:3:39
11:3:39
11:3:40
11:3:40
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:1:53 = hWnd = 0x000a07dc; ClassName:

ow.

12:1:53 = s1.
12:1:53 = s2.
0:26:2 = hWnd = 0x00040534; ClassName:
w.
0:26:2 = hWnd = 0x00050504; ClassName:
0:26:34 = ## ERR ## Setevent


0:26:34 = hWnd = 0x00200140; ClassName:
ow.
0:26:34 = hWnd = 0x00ef010c; ClassName:


8:43:31 = hWnd = 0x00010018; ClassName:
ow.
8:43:31 = hWnd = 0x00010022; ClassName:

8:43:35 = s1.
8:43:35 = s2.
8:43:38
8:43:38
8:44:16
8:44:16
8:44:17
8:44:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:54:47 = hWnd = 0x000f0a08; ClassName: IME; Title: Default IME.
15:55:46 = ## ERR ## Setevent
15:55:46 = hWnd = 0x004901f8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

16:0:51 = hWnd = 0x00010018; ClassName:
ow.
16:0:51 = hWnd = 0x00010022; ClassName:

16:0:54 = s1.
16:0:54 = s2.
16:0:58
16:0:58
16:1:36
16:1:36
16:1:37
16:1:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:24:57 = hWnd = 0x00180510; ClassName:
ow.
0:25:28 = ## ERR ## Setevent


0:25:28 = hWnd = 0x00e8002c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
0:25:28 =
x=0, y=0,
0:25:28 =
x=0, y=0,
7:52:47 =
7:52:47 =
width=1, height=1
width=0, height=0
hWnd = 0x009c019e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

7:52:48 = hWnd = 0x00010018; ClassName:
ow.
7:52:48 = hWnd = 0x00010022; ClassName:

7:52:51 = s1.
7:52:51 = s2.
7:52:54
7:52:54
7:53:34
7:53:34
7:53:35
7:53:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
20:4:14 = hWnd = 0x000e04ae; ClassName:
20:4:56 = ## ERR ## Setevent



20:4:56 = hWnd = 0x00b0008c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
20:4:56 = hWnd = 0x00c900cc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
20:4:56 = hWnd = 0x00e901e6; ClassName: IME; Title: Default IME.
w.
20:9:4 = s1.
20:9:4 = s2.
ow.



0:41:0 = hWnd = 0x00500098; ClassName:
w.
0:41:0 = hWnd = 0x00840044; ClassName:


9:53:7 = hWnd = 0x00010018; ClassName:
w.
9:53:7 = hWnd = 0x00010022; ClassName:

9:53:10 = s1.
9:53:10 = s2.
9:53:13
9:53:13
9:53:51
9:53:51
9:53:52
9:53:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:34:27 = hWnd = 0x00030640; ClassName:
11:34:27 = hWnd = 0x00040630; ClassName:
dow.
11:34:27 = s1.

11:34:27 = s2.
11:34:27
11:34:27
11:56:13
11:56:13
11:56:14
11:56:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:59:57 = hWnd = 0x00110842; ClassName:
ow.
1:59:57 = hWnd = 0x020b08aa; ClassName:
1:59:57 = hWnd = 0x00130956; ClassName:


w.
2:0:30 = hWnd = 0x00740056; ClassName:


7:19:3 = hWnd = 0x00010024; ClassName: UxdService; Title: UxdService.
x=19, y=25, width=1025, height=556
w.

7:19:4 = s1.
7:19:4 = s2.
7:19:7
7:19:7
7:20:4
7:20:4
7:20:5
7:20:5
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

11:42:55 = s1.
11:42:55 = s2.
1:17:20 = hWnd = 0x000d06d4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.

1:17:20 = hWnd = 0x00140e5a; ClassName: IME; Title: Default IME.
w.
1:18:2 = hWnd = 0x02500052; ClassName:


1:22:11 = hWnd = 0x00010018; ClassName:
ow.
1:22:11 = hWnd = 0x00010022; ClassName:

1:22:13 = s1.
1:22:13 = s2.
1:22:16
1:22:16
1:22:55
1:22:55
1:22:56
1:22:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
1:36:12 = ## ERR ## Setevent
1:36:12 = hWnd = 0x00040192; ClassName:
ow.
1:36:12 = hWnd = 0x00050058; ClassName:


10:5:53 = hWnd = 0x00010018; ClassName:
ow.
10:5:53 = hWnd = 0x00010022; ClassName:
10:5:55 = s1.
10:5:55 = s2.
10:5:59
10:5:59
10:6:37
10:6:37
10:6:38
10:6:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



12:5:42 =
ow.
x=0, y=0,
12:5:42 =
x=0, y=0,
12:5:42 =
x=0, y=0,
12:6:14 =
12:6:14 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


12:10:11 = hWnd = 0x00010018; ClassName:
dow.
12:10:11 = hWnd = 0x00010022; ClassName:
12:10:13 = s1.
12:10:13 = s2.
12:10:17
12:10:17
12:10:54
12:10:54
12:10:55
12:10:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



12:31:10 = hWnd = 0x00040486; ClassName:
dow.
12:31:13 = ## ERR ## Setevent


dow.


14:35:22 = hWnd = 0x00010018; ClassName:
dow.
14:35:22 = hWnd = 0x00010022; ClassName:
14:35:25 = s1.
14:35:25 = s2.


15:34:27 = hWnd = 0x00080494; ClassName:
dow.
15:34:27 = hWnd = 0x000a02ba; ClassName:
15:34:35 = ## ERR ## Setevent


dow.
15:34:35 = hWnd = 0x00110042; ClassName:


15:38:37 = hWnd = 0x00010018; ClassName:
dow.
15:38:37 = hWnd = 0x00010022; ClassName:
15:38:40 = s1.
15:38:40 = s2.

15:38:43
15:38:43
15:39:21
15:39:21
15:39:22
15:39:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
18:12:24 = ## ERR ## Setevent


dow.


18:14:21 = hWnd = 0x00010018; ClassName:
dow.
18:14:21 = hWnd = 0x00010022; ClassName:
18:14:24 = s1.
18:14:24 = s2.


ow.
18:40:1 = hWnd = 0x00060308; ClassName:
18:40:7 = ## ERR ## Setevent


18:40:7 = hWnd = 0x00040064; ClassName:
ow.


18:41:32 = hWnd = 0x00010018; ClassName:
dow.
18:41:33 = hWnd = 0x00010022; ClassName:

18:41:35 = s1.
18:41:35 = s2.
18:41:39
18:41:39
18:42:19
18:42:19
18:42:20
18:42:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
18:50:38 = hWnd = 0x00170180; ClassName:
18:50:55 = ## ERR ## Setevent


dow.


ow.

18:54:7 = s1.
18:54:7 = s2.
18:54:10
18:54:10
18:54:51
18:54:51
18:54:52
18:54:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:55:28 = hWnd = 0x00070530; ClassName:
21:56:3 = ## ERR ## Setevent


ow.
21:56:3 = hWnd = 0x00580154; ClassName:


w.
22:0:10 = s1.
22:0:10 = s2.
22:0:14
22:0:14
22:0:52
22:0:52
22:0:53
22:0:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:56:35 = hWnd = 0x00010018; ClassName:
dow.
22:56:35 = hWnd = 0x00010022; ClassName:

22:56:38 = s1.
22:56:38 = s2.
22:56:41
22:56:41
22:57:20
22:57:20
22:57:21
22:57:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:13:36 = hWnd = 0x000703a2; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

23:13:44 = ## ERR ## Setevent
dow.
23:13:44 = hWnd = 0x00020148; ClassName:
23:13:44 = hWnd = 0x00080064; ClassName:


23:15:21 = hWnd = 0x00010018; ClassName:
dow.
23:15:22 = hWnd = 0x00010022; ClassName:

23:15:24 = s1.
23:15:24 = s2.
dow.
23:35:2 = s1.
23:35:2 = s2.
0:6:20 = hWnd = 0x00010018; ClassName:
w.
0:6:20 = hWnd = 0x00010022; ClassName:

0:6:23 = s1.
0:6:23 = s2.
2:9:26 = hWnd = 0x000b03e0; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

2:9:26 = hWnd = 0x000b040c; ClassName: IME; Title: Default IME.
w.
2:9:30 = hWnd = 0x00120030; ClassName:


8:15:15 = hWnd = 0x00010018; ClassName:
ow.
8:15:15 = hWnd = 0x00010022; ClassName:

8:15:18 = s1.
8:15:18 = s2.
8:15:21
8:15:21
8:15:58
8:15:58
8:15:59
8:15:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
9:38:47 = ## ERR ## Setevent


9:38:47 = hWnd = 0x000c01de; ClassName:
9:38:47 = hWnd = 0x00260064; ClassName:
ow.
9:38:47 = hWnd = 0x00080052; ClassName:
9:38:47 = hWnd = 0x00280028; ClassName:


9:40:37 = hWnd = 0x00010018; ClassName:
ow.
9:40:37 = hWnd = 0x00010022; ClassName:
9:40:39 = s1.
9:40:39 = s2.
9:40:43
9:40:43
9:41:22
9:41:22
9:41:23
9:41:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



ow.

11:5:20 = s1.
11:5:20 = s2.
11:5:20
11:5:20
11:9:20
11:9:20
11:9:21
11:9:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:57:1 = hWnd = 0x00441450; ClassName:
2:57:48 = ## ERR ## Setevent


2:57:48 = hWnd = 0x010e002e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
x=0, y=0,
2:57:48 =
x=0, y=0,
8:56:33 =
8:56:33 =
width=0, height=0
hWnd = 0x023e01ea; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

8:56:34 = hWnd = 0x00010018; ClassName:
ow.
8:56:34 = hWnd = 0x00010022; ClassName:

8:56:37 = s1.
8:56:37 = s2.
8:56:40
8:56:40
8:57:16
8:57:16
8:57:17
8:57:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
10:57:4 = hWnd = 0x00061304; ClassName:
10:57:4 = hWnd = 0x00081302; ClassName:
13:0:38 = s1.
13:0:38 = s2.


dow.
23:22:24 = hWnd = 0x001a04c8; ClassName:
23:22:45 = ## ERR ## Setevent


23:22:45 = hWnd = 0x00480064; ClassName:
dow.


8:4:39 = hWnd = 0x00010018; ClassName:
w.
8:4:39 = hWnd = 0x00010022; ClassName:
8:4:41 = s1.
8:4:41 = s2.
8:4:44
8:4:44
8:5:23
8:5:23
=
=
=
=
Start show animate

begin close Process
Terminate Process


ow.
8:15:48 = hWnd = 0x00010480; ClassName:
8:15:48 = hWnd = 0x00010478; ClassName:

8:15:48 = s1.
8:15:48 = s2.
8:15:48
8:15:48
8:20:14
8:20:14
8:20:15
8:20:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:36:27 = hWnd = 0x00150424; ClassName:
ow.
9:36:27 = s1.
9:36:27 = s2.
9:36:27
9:36:27
9:44:14
9:44:14
9:44:15
9:44:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
11:13:17 = hWnd = 0x00050496; ClassName:

11:13:18 = s1.
11:13:18 = s2.
23:45:32 = hWnd = 0x00030414; ClassName:
dow.
23:46:21 = ## ERR ## Setevent


23:46:21 = hWnd = 0x00a001d4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
23:46:21 = hWnd = 0x011d018c; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
23:46:21 = hWnd = 0x007c01c0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

8:21:49 = hWnd = 0x00010018; ClassName:
ow.
8:21:49 = hWnd = 0x00010022; ClassName:

8:21:55 = s1.
8:21:55 = s2.
8:21:58
8:21:58
8:22:36
8:22:36
8:22:37
8:22:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:57:18 = hWnd = 0x00140fe6; ClassName:
ow.
0:57:18 = s1.
0:57:18 = s2.

1:10:29 = hWnd = 0x00130510; ClassName:
ow.


w.
1:11:0 = hWnd = 0x00c401cc; ClassName:


9:58:3 = hWnd = 0x00010018; ClassName:
w.
9:58:3 = hWnd = 0x00010022; ClassName:
9:58:8 = s1.
9:58:8 = s2.

9:58:13
9:58:49
9:58:49
9:58:50
9:58:50
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

11:30:2 = s1.
11:30:2 = s2.
0:55:18 = hWnd = 0x00280814; ClassName:
ow.
0:56:14 = ## ERR ## Setevent


x=0, y=0,
0:56:14 =
ow.
x=0, y=0,
0:56:14 =
x=0, y=0,
0:56:14 =
x=0, y=0,
8:25:16 =
8:25:16 =
hWnd = 0x0049004c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x006c01b8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

8:25:17 =
ow.
x=0, y=0,
8:25:17 =
x=0, y=0,
8:25:17 =
x=0, y=0,
8:25:20 =
width=1, height=1
width=0, height=0
width=0, height=0
8:25:20 = s1.
8:25:20 = s2.
0:42:12 =
ow.
x=0, y=0,
0:42:12 =
x=0, y=0,
0:42:12 =
x=0, y=0,
0:42:43 =
0:42:43 =
hWnd = 0x001502a6; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

0:42:43 = hWnd = 0x001101dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
x=0, y=0,
0:42:43 =
ow.
x=0, y=0,
0:42:43 =
x=0, y=0,
0:42:43 =
x=0, y=0,
8:48:34 =
8:48:34 =
width=1, height=1
hWnd = 0x00fa01d6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00a3005c; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

8:48:35 = hWnd = 0x00010018; ClassName:
ow.
8:48:35 = hWnd = 0x00010022; ClassName:

8:48:38 = s1.
8:48:38 = s2.
8:48:42
8:48:42
8:49:18
8:49:18
8:49:19
8:49:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:29:13 = hWnd = 0x00060584; ClassName:
ow.
1:30:29 = ## ERR ## Setevent


ow.
1:30:29 = hWnd = 0x00ab01f6; ClassName:


8:50:23 = hWnd = 0x00010018; ClassName:
ow.
8:50:23 = hWnd = 0x00010022; ClassName:

8:50:29 = s1.
8:50:29 = s2.
8:50:34
8:50:34
8:51:10
8:51:10
8:51:11
8:51:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:49:42 = hWnd = 0x00390488; ClassName:


9:49:42 = s1.
9:49:42 = s2.
dow.

11:52:29 = s1.
11:52:29 = s2.
11:52:29
11:52:29
11:55:21
11:55:21
11:55:22
11:55:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:13:10 = hWnd = 0x00030402; ClassName:
0:13:10 = hWnd = 0x00020406; ClassName:
ow.

0:13:43 = ## ERR ## Setevent

0:13:43 = hWnd = 0x01080098; ClassName:
ow.
0:13:44 = hWnd = 0x00b900ea; ClassName:
0:13:44 = hWnd = 0x00ec0088; ClassName:


9:17:39 =
ow.
x=0, y=0,
9:17:40 =
x=0, y=0,
9:17:40 =
x=0, y=0,
9:17:43 =
width=1, height=1
width=0, height=0
width=0, height=0
9:17:43 = s1.
9:17:43 = s2.
9:17:47
9:17:47
9:18:24
9:18:24
9:18:25
9:18:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:41:58 = hWnd = 0x00130658; ClassName:
0:41:58 = hWnd = 0x00080552; ClassName:
ow.
0:41:58 = hWnd = 0x00150506; ClassName:


0:42:48 = ## ERR ## Setevent
ow.
0:42:48 = hWnd = 0x01eb01da; ClassName:


9:3:13 = hWnd = 0x00010018; ClassName:
w.
9:3:13 = hWnd = 0x00010022; ClassName:

9:3:18 = s1.
9:3:18 = s2.
0:17:51 = hWnd = 0x001b06d0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
0:17:51 =
x=0, y=0,
0:18:37 =
0:18:37 =
hWnd = 0x000e08ae; ClassName: IME; Title: Default IME.

width=0, height=0
Process Attach
## ERR ## Setevent

0:18:37 = hWnd = 0x01bb002a; ClassName:
ow.
0:18:37 = hWnd = 0x00fa01e6; ClassName:
0:18:37 = hWnd = 0x01430056; ClassName:


9:7:50 = hWnd = 0x00010018; ClassName:
w.
9:7:51 = hWnd = 0x00010022; ClassName:

9:7:53 = s1.
9:7:53 = s2.
9:7:59
9:7:59
9:8:37
9:8:37
9:8:38
9:8:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

10:13:14 = hWnd = 0x000604bc; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
10:13:14 = hWnd = 0x000504be; ClassName: IME; Title: Default IME.
10:13:15 = s1.
10:13:15 = s2.
10:13:16
10:13:16
10:21:19
10:21:19
10:21:20
10:21:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:58:53 = hWnd = 0x00020676; ClassName:
dow.
11:58:53 = hWnd = 0x00030634; ClassName:

11:58:53 = s1.
11:58:53 = s2.
16:47:1 = hWnd = 0x000405ce; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
16:47:1 =
x=0, y=0,
16:47:1 =
x=0, y=0,
16:47:1 =

width=0, height=0
hWnd = 0x002003b6; ClassName: IME; Title: Default IME.
width=0, height=0
16:47:1 = s1.
16:47:1 = s2.
16:47:1
16:47:1
17:1:35
17:1:35
17:1:36
17:1:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

17:25:12 = s1.
17:25:12 = s2.
1:23:28 =
ow.
x=0, y=0,
1:23:28 =
x=0, y=0,
1:23:28 =
x=0, y=0,
1:23:28 =
hWnd = 0x000d06d0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
hWnd = 0x00150d4e; ClassName: IME; Title: Default IME.
width=0, height=0
1:23:28 = s1.
1:23:28 = s2.
1:23:30
1:23:30
1:25:18
1:25:18
1:25:19
1:25:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:34:43 = hWnd = 0x000c0b3c; ClassName:
ow.
1:35:25 = ## ERR ## Setevent


1:35:25 = hWnd = 0x00090086; ClassName:
ow.


9:15:0 = hWnd = 0x00010018; ClassName:
w.
9:15:1 = hWnd = 0x00010022; ClassName:

9:15:3 = s1.
9:15:3 = s2.
ow.

0:27:39 = s1.
0:27:39 = s2.
ow.
2:43:23 = ## ERR ## Setevent


2:43:23 = hWnd = 0x000b01da; ClassName:
ow.


9:45:17 = hWnd = 0x00010018; ClassName:
ow.
9:45:17 = hWnd = 0x00010022; ClassName:

9:45:21 = s1.
9:45:21 = s2.
16:5:47 =
ow.
x=0, y=0,
16:5:47 =
x=0, y=0,
16:5:47 =
x=0, y=0,
16:6:30 =
16:6:30 =
hWnd = 0x00d10d8c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
16:6:30 = hWnd = 0x00aa01c2; ClassName:


16:10:22 = hWnd = 0x00010018; ClassName:
dow.
16:10:23 = hWnd = 0x00010022; ClassName:

16:10:29 = s1.
16:10:29 = s2.
16:10:32
16:10:32
16:11:10
16:11:10
16:11:11
16:11:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
22:3:23 =
x=0, y=0,
22:3:35 =
22:3:35 =
width=0, height=0
hWnd = 0x001a04c8; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


22:7:13 = hWnd = 0x00010018; ClassName:
ow.
22:7:13 = hWnd = 0x00010022; ClassName:

22:7:17 = s1.
22:7:17 = s2.
22:7:20
22:7:20
22:7:57
22:7:57
22:7:58
22:7:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
0:30:15 = ## ERR ## Setevent
ow.


9:45:41 = hWnd = 0x00010018; ClassName:
ow.
9:45:42 = hWnd = 0x00010022; ClassName:
9:45:45 = s1.
9:45:45 = s2.
9:45:47
9:45:47
9:46:25
9:46:25
9:46:26
9:46:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


12:57:20 = hWnd = 0x00070314; ClassName:
dow.

12:57:21 = s1.
12:57:21 = s2.
12:57:22
12:57:22
13:24:11
13:24:11
13:24:12
13:24:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:33:7 = hWnd = 0x00060374; ClassName:
15:33:7 = hWnd = 0x00120676; ClassName:
ow.
15:33:7 = hWnd = 0x00660640; ClassName:

15:33:7 = s1.
15:33:7 = s2.

dow.
17:18:26 = hWnd = 0x00070310; ClassName:

17:18:26 = s1.
17:18:26 = s2.
ow.
1:26:43 = ## ERR ## Setevent


ow.


8:49:1 = hWnd = 0x00010018; ClassName:
w.
8:49:2 = hWnd = 0x00010022; ClassName:

8:49:4 = s1.
8:49:4 = s2.
ow.

10:4:43 = s1.
10:4:43 = s2.
10:4:43
10:4:43
10:8:20
10:8:20
10:8:21
10:8:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

x=0, y=0,
11:58:2 =
ow.
x=0, y=0,
11:58:2 =
x=0, y=0,
11:58:2 =
x=0, y=0,
11:58:2 =
hWnd = 0x000d03c2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
11:58:2 = s1.
11:58:2 = s2.
11:58:2
11:58:2
12:1:18
12:1:18
12:1:19
12:1:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
13:18:56 = hWnd = 0x000c0bce; ClassName:
13:19:42 = ## ERR ## Setevent


13:19:42 = hWnd = 0x002f01ec; ClassName:
dow.
13:19:42 = hWnd = 0x001e01de; ClassName:


dow.
13:23:35 = s1.
13:23:35 = s2.
13:23:40
13:23:40
13:24:17
13:24:17
13:24:18
13:24:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
4:20:59 = hWnd = 0x000e0ba8; ClassName:
4:21:59 = ## ERR ## Setevent


ow.
4:21:59 = hWnd = 0x00110194; ClassName:


10:48:33 = hWnd = 0x00010018; ClassName:
dow.
10:48:33 = hWnd = 0x00010022; ClassName:

10:48:36 = s1.
10:48:36 = s2.
10:48:40
10:48:40
10:49:18
10:49:18
10:49:19
10:49:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:8:47 = hWnd = 0x00530474; ClassName:


1:9:30 = hWnd = 0x00d601ec; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:9:30 = hWnd = 0x00a401ee; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:9:30 = hWnd = 0x010e01dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
1:9:30 = hWnd = 0x006f01f4; ClassName: IME; Title: Default IME.

10:23:18 = hWnd = 0x00010018; ClassName:
dow.
10:23:19 = hWnd = 0x00010022; ClassName:

10:23:22 = s1.
10:23:22 = s2.
dow.
10:51:53 = hWnd = 0x00020494; ClassName:
10:51:53 = s1.
10:51:53 = s2.
10:51:53
10:51:53
10:55:31
10:55:31
10:55:32
10:55:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


12:3:51 = hWnd = 0x00040418; ClassName:
ow.
12:3:51 = hWnd = 0x00080420; ClassName:
12:3:51 = hWnd = 0x00030556; ClassName:

12:3:51 = s1.
12:3:51 = s2.
12:3:52
12:3:52
12:9:40
12:9:40
12:9:41
12:9:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:9:50 = hWnd = 0x00060576; ClassName:
ow.
12:10:1 = ## ERR ## Setevent


12:10:1 = hWnd = 0x000101ec; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
12:10:1 = hWnd = 0x000101ee; ClassName: IME; Title: Default IME.
12:11:38 = hWnd = 0x00010018; ClassName:
dow.
12:11:38 = hWnd = 0x00010022; ClassName:

12:11:41 = s1.
12:11:41 = s2.
12:11:44
12:11:44
12:12:22
12:12:22
12:12:23
12:12:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:11:4 = s1.
1:11:4 = s2.


ow.
1:25:10 = hWnd = 0x00190660; ClassName:
1:25:20 = ## ERR ## Setevent


ow.
1:25:20 = hWnd = 0x01250086; ClassName:


10:34:31 = hWnd = 0x00010018; ClassName:
dow.
10:34:32 = hWnd = 0x00010022; ClassName:

10:34:35 = s1.
10:34:35 = s2.
10:34:38
10:34:38
10:35:16
10:35:16
10:35:17
10:35:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:3:19 = hWnd = 0x00060420; ClassName:


1:4:29 = hWnd = 0x00030038; ClassName:
w.
1:4:29 = hWnd = 0x00710036; ClassName:


ow.

11:3:21 = s1.
11:3:21 = s2.
dow.
16:29:55 = hWnd = 0x00050550; ClassName:
16:31:0 = ## ERR ## Setevent


ow.


dow.
x=0, y=0,
16:35:0 =
x=0, y=0,
16:35:0 =
x=0, y=0,
16:35:3 =
width=1, height=1
width=0, height=0
width=0, height=0
16:35:3 = s1.
16:35:3 = s2.
1:24:18 =
ow.
x=0, y=0,
1:24:18 =
x=0, y=0,
1:24:18 =
x=0, y=0,
1:24:57 =
1:24:57 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


dow.
10:15:59 = s1.
10:15:59 = s2.
1:56:9 = hWnd = 0x00160504; ClassName:
w.
1:56:41 = ## ERR ## Setevent


ow.
1:56:41 = hWnd = 0x00eb01e8; ClassName:


x=0, y=0,
3:17:41 =
ow.
x=0, y=0,
3:17:41 =
x=0, y=0,
3:17:41 =
x=0, y=0,
3:17:44 =
width=1, height=1
width=0, height=0
width=0, height=0
3:17:44 = s1.
3:17:44 = s2.
3:17:47
3:17:47
3:18:25
3:18:25
3:18:26
3:18:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:26:44 = ## ERR ## Setevent


ow.


ow.
10:16:13 = s1.
10:16:13 = s2.
10:16:17
10:16:17
10:16:54
10:16:54
10:16:55
10:16:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:34:49 = hWnd = 0x00560baa; ClassName:
dow.
23:34:49 = hWnd = 0x01b10b3e; ClassName:
23:35:6 = ## ERR ## Setevent


23:35:6 = hWnd = 0x007a002e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.

23:35:6 = hWnd = 0x002a006c; ClassName: IME; Title: Default IME.
23:39:48 = hWnd = 0x00010018; ClassName:
dow.
23:39:48 = hWnd = 0x00010022; ClassName:

23:39:52 = s1.
23:39:52 = s2.
23:39:57
23:39:57
23:40:34
23:40:34
23:40:35
23:40:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:24:13 = hWnd = 0x00040328; ClassName:
ow.
1:24:13 = hWnd = 0x00030324; ClassName:
1:24:18 = ## ERR ## Setevent


1:24:18 =
ow.
x=0, y=0,
1:24:18 =
x=0, y=0,
1:24:18 =
x=0, y=0,
9:50:50 =
9:50:50 =
width=1, height=1
width=0, height=0
hWnd = 0x0003012e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

9:50:50 = hWnd = 0x00010018; ClassName:
ow.
9:50:51 = hWnd = 0x00010022; ClassName:

9:50:55 = s1.
9:50:55 = s2.
9:50:58
9:50:58
9:51:36
9:51:36
9:51:37
9:51:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:17:2 = hWnd = 0x00070cdc; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
2:17:2 = hWnd = 0x000907ee; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:17:2 = hWnd = 0x00070cb0; ClassName: IME; Title: Default IME.
2:17:37 = ## ERR ## Setevent

2:17:37 = hWnd = 0x01480178; ClassName:
ow.


9:10:15 = hWnd = 0x00010018; ClassName:
ow.
9:10:15 = hWnd = 0x00010022; ClassName:

9:10:19 = s1.
9:10:19 = s2.
18:16:41 = hWnd = 0x000204fe; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
18:16:41 = hWnd = 0x000204fa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
18:17:33 = ## ERR ## Setevent

18:17:33 = hWnd = 0x00f401b6; ClassName:
dow.


18:21:23 = hWnd = 0x00010018; ClassName:
dow.
18:21:23 = hWnd = 0x00010022; ClassName:

18:21:26 = s1.
18:21:26 = s2.
1:2:20 = hWnd = 0x00050410; ClassName:
w.


1:3:20 = hWnd = 0x01150192; ClassName:
w.
1:3:20 = hWnd = 0x00020188; ClassName:
1:3:20 = hWnd = 0x00450190; ClassName:


9:1:30 = hWnd = 0x00010018; ClassName:
w.
9:1:31 = hWnd = 0x00010022; ClassName:

9:1:36 = s1.
9:1:36 = s2.
9:1:39
9:1:39
9:2:16
9:2:16
9:2:17
9:2:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
13:0:37 =
x=0, y=0,
13:1:20 =
13:1:20 =
width=0, height=0
hWnd = 0x000904aa; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

13:14:2 = hWnd = 0x00010018; ClassName:
ow.
13:14:3 = hWnd = 0x00010022; ClassName:

13:14:7 = s1.
13:14:7 = s2.
13:14:10
13:14:10
13:14:48
13:14:48
13:14:49
13:14:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:48:30 = hWnd = 0x00140524; ClassName:
ow.


1:49:2 = hWnd = 0x003f00de; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
10:13:9 = hWnd = 0x00010018; ClassName:
ow.
10:13:9 = hWnd = 0x00010022; ClassName:

10:13:14 = s1.
10:13:14 = s2.
10:13:17
10:13:17
10:13:54
10:13:54
10:13:55
10:13:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

10:34:55 = ## ERR ## Setevent
10:34:55 = hWnd = 0x00050058; ClassName:
dow.


10:36:20 = hWnd = 0x00010018; ClassName:
dow.
10:36:21 = hWnd = 0x00010022; ClassName:

10:36:25 = s1.
10:36:25 = s2.
0:45:18 = hWnd = 0x000f059a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
w.
0:46:1 = hWnd = 0x00dd016a; ClassName:


10:4:9 = hWnd = 0x00010018; ClassName:
w.
10:4:9 = hWnd = 0x00010022; ClassName:

10:4:13 = s1.
10:4:13 = s2.
10:4:16
10:4:16
10:4:54
10:4:54
10:4:55
10:4:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:8:53 = hWnd = 0x00110884; ClassName:

w.
1:8:53 = hWnd = 0x000d0e6e; ClassName:


1:9:59 = hWnd = 0x01100084; ClassName:
1:9:59 = hWnd = 0x00870096; ClassName:
w.


10:3:50 = hWnd = 0x00010018; ClassName:
ow.
10:3:51 = hWnd = 0x00010022; ClassName:
10:3:54 = s1.
10:3:54 = s2.
10:3:56
10:3:56
10:4:35
10:4:35
10:4:36
10:4:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


17:41:10 = hWnd = 0x000a16da; ClassName:
17:41:10 = hWnd = 0x000e0ba2; ClassName:
dow.
17:42:8 = ## ERR ## Setevent


ow.


19:43:41 = hWnd = 0x00010018; ClassName:
dow.
19:43:41 = hWnd = 0x00010022; ClassName:
19:43:45 = s1.
19:43:45 = s2.
19:43:49
19:43:49
19:44:27
19:44:27
=
=
=
=
Start show animate

begin close Process
Terminate Process


w.


w.


10:29:56 = hWnd = 0x00010018; ClassName:
dow.
10:29:56 = hWnd = 0x00010022; ClassName:
10:29:59 = s1.

10:29:59 = s2.
2:0:39 = hWnd = 0x00030790; ClassName:
w.
2:0:39 = hWnd = 0x00110688; ClassName:


w.


8:47:18 = hWnd = 0x00010018; ClassName:
ow.
8:47:18 = hWnd = 0x00010022; ClassName:


8:47:20 = s1.
8:47:20 = s2.
w.
0:11:24 = ## ERR ## Setevent


0:11:24 = hWnd = 0x00ec016e; ClassName:
ow.


ow.
8:29:49 =
x=0, y=0,
8:29:49 =
x=0, y=0,
8:29:53 =

width=0, height=0
width=0, height=0
8:29:53 = s1.
8:29:53 = s2.
8:29:57
8:29:57
8:30:34
8:30:34
8:30:35
8:30:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:10:31 = hWnd = 0x00060492; ClassName:
dow.
15:10:38 = ## ERR ## Setevent


dow.
15:10:38 = hWnd = 0x00600182; ClassName:
15:10:38 = hWnd = 0x00550028; ClassName:



19:25:19 = hWnd = 0x00010018; ClassName:
dow.
19:25:19 = hWnd = 0x00010022; ClassName:

19:25:22 = s1.
19:25:22 = s2.
1:18:31 = hWnd = 0x00060438; ClassName:
ow.
1:18:37 = ## ERR ## Setevent


1:18:37 = hWnd = 0x00660086; ClassName:
ow.


9:10:15 = hWnd = 0x00010018; ClassName:
ow.
9:10:15 = hWnd = 0x00010022; ClassName:

9:10:19 = s1.
9:10:19 = s2.
16:48:28 = hWnd = 0x001511e6; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
16:49:4 = ## ERR ## Setevent
16:49:4 = hWnd = 0x006a009a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.

18:47:32 = hWnd = 0x00010018; ClassName:
dow.
18:47:33 = hWnd = 0x00010022; ClassName:

18:47:36 = s1.
18:47:36 = s2.
18:47:39
18:47:39
18:48:16
18:48:16
18:48:17
18:48:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.
3:41:8 = hWnd = 0x00c4018c; ClassName: IME; Title: Default IME.
9:23:20 = hWnd = 0x00010018; ClassName:
ow.
9:23:20 = hWnd = 0x00010022; ClassName:

9:23:22 = s1.
9:23:22 = s2.
1:47:16 = hWnd = 0x00340498; ClassName:
ow.
1:47:16 = hWnd = 0x00110468; ClassName:
1:47:46 = ## ERR ## Setevent


1:47:46 = hWnd = 0x00ad002c; ClassName:

ow.
1:47:46 = hWnd = 0x00ae014e; ClassName:


10:7:49 =
ow.
x=0, y=0,
10:7:50 =
x=0, y=0,
10:7:50 =
x=0, y=0,
10:7:52 =
width=1, height=1
width=0, height=0
width=0, height=0
10:7:52 = s1.
10:7:52 = s2.
10:7:56
10:7:56
10:8:33
10:8:33
10:8:34
10:8:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:54:17 = hWnd = 0x00240426; ClassName:
ow.
0:54:17 = hWnd = 0x001b05ac; ClassName:
0:54:17 = s1.
0:54:17 = s2.

0:54:20
0:54:20
0:55:41
0:55:41
0:55:42
0:55:42
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:8:56 = hWnd = 0x00080558; ClassName:
w.
1:8:56 = hWnd = 0x00090486; ClassName:


w.


10:3:35 = hWnd = 0x00010018; ClassName:
ow.
10:3:35 = hWnd = 0x00010022; ClassName:


10:3:38 = s1.
10:3:38 = s2.
10:3:41
10:3:41
10:4:19
10:4:19
10:4:20
10:4:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


1:49:9 = hWnd = 0x00070064; ClassName:
w.
1:49:9 = hWnd = 0x00030082; ClassName:


w.

1:58:12 = s1.
1:58:12 = s2.
1:58:15
1:58:15
1:58:54
1:58:54
1:58:55
1:58:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:14:50 = hWnd = 0x00030572; ClassName:
ow.
2:14:50 = hWnd = 0x00020574; ClassName:
2:14:55 = ## ERR ## Setevent


ow.
2:14:55 = hWnd = 0x00070062; ClassName:



ow.
9:37:49 = s1.
9:37:49 = s2.
9:37:52
9:37:52
9:38:31
9:38:31
9:38:32
9:38:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

.
0:8:9 = hWnd = 0x00040572; ClassName:


w.
0:8:31 = hWnd = 0x01430056; ClassName:
0:8:31 = hWnd = 0x00fd01bc; ClassName:


10:23:32 = hWnd = 0x00010018; ClassName:
dow.
10:23:32 = hWnd = 0x00010022; ClassName:

10:23:35 = s1.
10:23:35 = s2.
10:23:38
10:23:38
10:24:16
10:24:16
10:24:17
10:24:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:58:5 = hWnd = 0x001d0ae8; ClassName:
23:58:5 = hWnd = 0x000d07fa; ClassName:
ow.
23:58:5 = hWnd = 0x002b0b2a; ClassName:
23:58:29 = ## ERR ## Setevent


23:58:29 = hWnd = 0x003701dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
23:58:29 = hWnd = 0x00a101d4; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
23:58:29 = hWnd = 0x000b00dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

10:0:37 = hWnd = 0x00010018; ClassName:
ow.
10:0:37 = hWnd = 0x00010022; ClassName:

10:0:39 = s1.
10:0:39 = s2.
10:0:43
10:0:43
10:1:22
10:1:22
10:1:23
10:1:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:38:26 =
ow.
x=0, y=0,
1:38:26 =
x=0, y=0,
1:38:26 =
x=0, y=0,
1:39:14 =
1:39:14 =
hWnd = 0x001f10b8; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:39:14 =
ow.
x=0, y=0,
1:39:14 =
x=0, y=0,
1:39:14 =
x=0, y=0,
9:21:10 =
9:21:10 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

9:21:11 = hWnd = 0x00010018; ClassName:
ow.
9:21:12 = hWnd = 0x00010022; ClassName:

9:21:15 = s1.
9:21:15 = s2.
9:21:18
9:21:18
9:21:55
9:21:55
9:21:56
9:21:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:4:46 = s1.
1:4:46 = s2.

1:4:47
1:4:47
1:10:6
1:10:6
1:10:7
1:10:7
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.


10:41:27 = hWnd = 0x00010018; ClassName:
dow.
10:41:28 = hWnd = 0x00010022; ClassName:
10:41:31 = s1.

10:41:31 = s2.
10:41:34
10:41:34
10:42:12
10:42:12
10:42:13
10:42:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:29:18 =
ow.
x=0, y=0,
1:29:18 =
x=0, y=0,
1:29:18 =
x=0, y=0,
1:29:55 =
1:29:55 =
width=1, height=1
hWnd = 0x000302fe; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


2:58:12 = hWnd = 0x00010018; ClassName:
ow.
2:58:12 = hWnd = 0x00010022; ClassName:


2:58:14 = s1.
2:58:14 = s2.
2:58:18
2:58:18
2:58:55
2:58:55
2:58:56
2:58:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:22:42 = hWnd = 0x00060604; ClassName:

3:22:42 = s1.
3:22:42 = s2.
3:22:42
3:22:42
3:26:43
3:26:43
3:26:44
3:26:44
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:26:56 = hWnd = 0x00030574; ClassName:
ow.
3:26:56 = hWnd = 0x00030334; ClassName:


w.


11:8:27 = hWnd = 0x00010018; ClassName:
ow.
11:8:28 = hWnd = 0x00010022; ClassName:

11:8:30 = s1.
11:8:30 = s2.
11:8:34
11:8:34
11:9:12
11:9:12
11:9:13
11:9:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:3:27 = hWnd = 0x00090abe; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

1:4:18 = hWnd = 0x00ec002c; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:4:18 = hWnd = 0x00fc01c4; ClassName: IME; Title: Default IME.
10:9:3 = hWnd = 0x00010018; ClassName:
w.
10:9:3 = hWnd = 0x00010022; ClassName:

10:9:6 = s1.
10:9:6 = s2.
ow.

2:28:8 = hWnd = 0x00730050; ClassName:
w.
2:28:8 = hWnd = 0x02420056; ClassName:


10:34:11 = hWnd = 0x00010018; ClassName:
dow.
10:34:11 = hWnd = 0x00010022; ClassName:

10:34:13 = s1.
10:34:13 = s2.
10:34:17
10:34:17
10:34:54
10:34:54
10:34:55
10:34:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:22:30 = hWnd = 0x00060a30; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

17:22:51 = ## ERR ## Setevent
dow.
17:22:51 = hWnd = 0x00540192; ClassName:


17:24:37 = hWnd = 0x00010018; ClassName:
dow.
17:24:37 = hWnd = 0x00010022; ClassName:

17:24:41 = s1.
17:24:41 = s2.
17:24:45
17:24:45
17:25:22
17:25:22
17:25:23
17:25:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:38:35 = ## ERR ## Setevent


1:38:35 = hWnd = 0x00370072; ClassName:
ow.


2:44:50 = hWnd = 0x00010018; ClassName:
ow.
2:44:51 = hWnd = 0x00010022; ClassName:
2:44:54 = s1.
2:44:54 = s2.
2:44:59
2:44:59
2:45:36
2:45:36
2:45:37
2:45:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


3:5:4 = hWnd = 0x00030394; ClassName:
.
3:5:4 = hWnd = 0x00020504; ClassName:
3:5:4 = hWnd = 0x00030512; ClassName:


3:5:10 = hWnd = 0x00040058; ClassName:
w.
3:5:10 = hWnd = 0x00050084; ClassName:


10:44:13 = hWnd = 0x00010018; ClassName:
dow.
10:44:14 = hWnd = 0x00010022; ClassName:
10:44:17 = s1.
10:44:17 = s2.
10:44:20
10:44:20
10:44:57
10:44:57
=
=
=
=
Start show animate

begin close Process
Terminate Process


1:59:13 = hWnd = 0x000a0bf6; ClassName:
ow.
1:59:13 = hWnd = 0x00070760; ClassName:


w.


10:49:35 = hWnd = 0x00010018; ClassName:
dow.
10:49:36 = hWnd = 0x00010022; ClassName:
10:49:39 = s1.
10:49:39 = s2.

10:49:43
10:50:21
10:50:21
10:50:22
10:50:22
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:43:46 =
ow.
x=0, y=0,
0:43:46 =
x=0, y=0,
0:43:46 =
x=0, y=0,
0:44:40 =
0:44:40 =
hWnd = 0x000a110a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

0:44:40 = hWnd = 0x00ed012c; ClassName:
0:44:40 = hWnd = 0x01490056; ClassName:
ow.


11:23:3 = hWnd = 0x00010018; ClassName:
ow.
11:23:3 = hWnd = 0x00010022; ClassName:
11:23:6 = s1.

11:23:6 = s2.
11:23:11
11:23:11
11:23:48
11:23:48
11:23:49
11:23:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:44:12 = hWnd = 0x000314ea; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
0:44:12 =
ow.
x=0, y=0,
0:44:12 =
x=0, y=0,
0:44:12 =
x=0, y=0,
0:45:14 =
0:45:14 =
hWnd = 0x00050b1e; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

0:45:14 = hWnd = 0x00cb004c; ClassName:
ow.
0:45:14 = hWnd = 0x00d901ce; ClassName:


ow.

9:43:28 = s1.
9:43:28 = s2.
ow.
1:58:12 = ## ERR ## Setevent


1:58:12 = hWnd = 0x00fd01e2; ClassName:
ow.


dow.

10:18:27 = s1.
10:18:27 = s2.
1:27:36 = hWnd = 0x00080050; ClassName:
ow.
1:27:36 = hWnd = 0x00090408; ClassName:
1:28:16 = ## ERR ## Setevent


1:28:16 = hWnd = 0x00dc0038; ClassName:
1:28:16 = hWnd = 0x01560174; ClassName:
ow.


ow.

11:27:10 = s1.
11:27:10 = s2.
11:27:14
11:27:14
11:27:51
11:27:51
11:27:52
11:27:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:31:40 = hWnd = 0x00020566; ClassName:
0:31:40 = hWnd = 0x00130774; ClassName:
ow.
0:31:40 = hWnd = 0x00020564; ClassName:
0:31:40 = hWnd = 0x00470462; ClassName:

0:31:41 = s1.
0:31:41 = s2.
ow.
x=0, y=0,
0:49:30 =
x=0, y=0,
0:49:30 =
x=0, y=0,
0:49:30 =
width=1, height=1
hWnd = 0x000205aa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
0:49:30 = s1.
0:49:30 = s2.
0:49:30
0:49:30
0:51:35
0:51:35
0:51:36
0:51:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:21:36 =
ow.
x=0, y=0,
3:21:36 =
x=0, y=0,
3:21:36 =
x=0, y=0,
3:21:53 =
3:21:53 =
hWnd = 0x001c08d2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

3:21:53 = hWnd = 0x00f9004e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
dow.

11:31:57 = s1.
11:31:57 = s2.
1:2:5 = hWnd = 0x00060412; ClassName:
1:2:5 = hWnd = 0x00060414; ClassName:
.


1:2:39 = hWnd = 0x00970036; ClassName:
w.


dow.
10:26:56 = s1.
10:26:56 = s2.
10:26:59
10:26:59
10:27:36
10:27:36
10:27:37
10:27:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:5:3 = hWnd = 0x00010018; ClassName:
w.
21:5:3 = hWnd = 0x00010022; ClassName:

21:5:6 = s1.
21:5:6 = s2.
21:5:10
21:5:10
21:5:48
21:5:48
21:5:49
21:5:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:53:45 =
ow.
x=0, y=0,
1:53:45 =
x=0, y=0,
1:53:45 =
width=1, height=1
hWnd = 0x003f0de6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0

1:54:26 = ## ERR ## Setevent
ow.


11:15:34 = hWnd = 0x00010018; ClassName:
dow.
11:15:34 = hWnd = 0x00010022; ClassName:

11:15:38 = s1.
11:15:38 = s2.
11:15:41
11:15:41
11:16:18
11:16:18
11:16:19
11:16:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:34:13 = hWnd = 0x000c0aa4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
x=0, y=0,
1:34:13 =
x=0, y=0,
1:34:59 =
1:34:59 =
width=0, height=0
hWnd = 0x001a05a8; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


w.
9:8:46 = s1.
9:8:46 = s2.
9:8:49
9:8:49
9:9:26
9:9:26
9:9:27
9:9:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

18:15:14 = ## ERR ## Setevent
18:15:14 = hWnd = 0x00ce01dc; ClassName:
dow.
18:15:14 = hWnd = 0x01210056; ClassName:


18:19:21 = hWnd = 0x00010018; ClassName:
dow.
18:19:21 = hWnd = 0x00010022; ClassName:

18:19:24 = s1.
18:19:24 = s2.
w.
0:25:8 = hWnd = 0x000504fa; ClassName: IME; Title: Default IME.
0:25:29 = ## ERR ## Setevent
ow.
0:25:29 = hWnd = 0x00050084; ClassName:


0:40:34 = hWnd = 0x00010018; ClassName:
ow.
0:40:35 = hWnd = 0x00010022; ClassName:

0:40:38 = s1.
0:40:38 = s2.
0:40:42
0:40:42
0:41:19
0:41:19
0:41:20
0:41:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:14:42 = ## ERR ## Setevent


ow.


8:33:26 = hWnd = 0x00010018; ClassName:
ow.
8:33:27 = hWnd = 0x00010022; ClassName:
8:33:30 = s1.
8:33:30 = s2.
8:33:33
8:33:33
8:34:12
8:34:12
8:34:13
8:34:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


9:41:5 = hWnd = 0x00040416; ClassName:
w.
9:41:5 = hWnd = 0x00020404; ClassName:
9:41:12 = ## ERR ## Setevent


ow.


12:13:26 = hWnd = 0x00010018; ClassName:
dow.
12:13:26 = hWnd = 0x00010022; ClassName:
12:13:29 = s1.
12:13:29 = s2.
12:13:32
12:13:32
12:14:11
12:14:11
12:14:12
12:14:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:42:36 = hWnd = 0x001b06da; ClassName:
1:43:19 = ## ERR ## Setevent


ow.
1:43:19 = hWnd = 0x00360162; ClassName:


7:45:40 = hWnd = 0x00010018; ClassName:
ow.
7:45:40 = hWnd = 0x00010022; ClassName:
7:45:42 = s1.
7:45:42 = s2.

7:46:21
7:46:21
7:46:22
7:46:22
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

0:16:47 =
ow.
x=0, y=0,
0:16:47 =
x=0, y=0,
0:16:47 =
x=0, y=0,
0:17:24 =
0:17:24 =
hWnd = 0x000a04e4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
0:17:24 = hWnd = 0x00ea00ee; ClassName:


10:8:20 = hWnd = 0x00010018; ClassName:
ow.
10:8:21 = hWnd = 0x00010022; ClassName:
10:8:23 = s1.
10:8:23 = s2.


w.
0:5:28 = s1.
0:5:28 = s2.
0:5:28
0:5:28
0:6:39
0:6:39
0:6:40
0:6:40
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:27:34 =
ow.
x=0, y=0,
3:27:34 =
x=0, y=0,
3:27:34 =
x=0, y=0,
3:27:52 =
3:27:52 =
hWnd = 0x000409b4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
x=0, y=0,
3:27:52 =
x=0, y=0,
3:27:52 =
x=0, y=0,
11:40:2 =
11:40:2 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

11:40:2 = hWnd = 0x00010018; ClassName:
ow.
11:40:2 = hWnd = 0x00010022; ClassName:

11:40:7 = s1.
11:40:7 = s2.
11:40:11
11:40:11
11:40:48
11:40:48
11:40:49
11:40:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


13:33:23 = hWnd = 0x00100044; ClassName:

dow.


dow.
14:28:39 = hWnd = 0x000f04fc; ClassName:


ow.
20:4:22 = hWnd = 0x00100400; ClassName:



dow.
20:51:57 = hWnd = 0x00110420; ClassName:


2:39:16 = hWnd = 0x00030340; ClassName:
2:39:16 = hWnd = 0x00040436; ClassName:
ow.
2:39:16 = hWnd = 0x00030338; ClassName:
2:39:25 = ## ERR ## Setevent


ow.
2:39:25 = hWnd = 0x0080018e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:39:25 = hWnd = 0x0085004c; ClassName: IME; Title: Default IME.
dow.

10:57:20 = s1.
10:57:20 = s2.
ow.


0:44:33 = hWnd = 0x00201760; ClassName:
ow.


ow.


1:14:37 = hWnd = 0x00040562; ClassName:
ow.
1:15:27 = ## ERR ## Setevent


ow.
1:15:27 = hWnd = 0x01ff007c; ClassName:


8:20:13 = hWnd = 0x00010018; ClassName:
ow.
8:20:14 = hWnd = 0x00010022; ClassName:

8:20:17 = s1.
8:20:17 = s2.
10:42:6 = hWnd = 0x00030628; ClassName:
ow.
10:42:15 = ## ERR ## Setevent


dow.


10:45:46 = hWnd = 0x00010018; ClassName:
dow.
10:45:46 = hWnd = 0x00010022; ClassName:

10:45:51 = s1.
10:45:51 = s2.
10:45:54
10:45:54
10:46:32
10:46:32
10:46:33
10:46:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
18:58:1 = hWnd = 0x000d04a0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
18:58:15 = ## ERR ## Setevent
18:58:15 = hWnd = 0x005801ca; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
18:58:15 = hWnd = 0x00e5002c; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

19:1:57 = hWnd = 0x00010018; ClassName:
ow.
19:1:58 = hWnd = 0x00010022; ClassName:

19:2:0 = s1.
19:2:0 = s2.
0:10:2 = hWnd = 0x00050654; ClassName:
w.
0:10:2 = hWnd = 0x00130706; ClassName:
0:10:2 = hWnd = 0x00060658; ClassName:
0:16:51 = s1.
0:16:51 = s2.
0:16:51
0:16:51
0:23:54
0:23:54
0:23:55
0:23:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
2:43:42 = hWnd = 0x003b0aaa; ClassName:

2:43:42 = s1.
2:43:42 = s2.
3:54:20 = hWnd = 0x000e0a6a; ClassName:
ow.
3:54:47 = ## ERR ## Setevent


3:54:47 = hWnd = 0x000c005a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
3:54:47 = hWnd = 0x016a01bc; ClassName: IME; Title: Default IME.
10:59:46 = hWnd = 0x00010018; ClassName:
dow.
10:59:46 = hWnd = 0x00010022; ClassName:

10:59:50 = s1.
10:59:50 = s2.
1:40:49 =
ow.
x=0, y=0,
1:40:49 =
x=0, y=0,
1:40:49 =
x=0, y=0,
1:41:13 =
1:41:13 =
hWnd = 0x001804fa; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:41:13 = hWnd = 0x00c1002c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:41:13 =
ow.
x=0, y=0,
1:41:13 =
x=0, y=0,
1:41:13 =
x=0, y=0,
9:17:28 =
9:17:28 =
hWnd = 0x013b01b0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x002201de; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

9:17:30 = hWnd = 0x00010018; ClassName:
ow.
9:17:31 = hWnd = 0x00010022; ClassName:

9:17:33 = s1.
9:17:33 = s2.
9:17:38
9:17:38
9:18:15
9:18:15
9:18:16
9:18:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:7:0 = hWnd = 0x00200408; ClassName:
w.
18:7:55 = s1.
18:7:55 = s2.

18:32:20
18:32:20
18:32:21
18:32:21
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:42:53 = ## ERR ## Setevent


ow.
0:42:53 = hWnd = 0x000b01ec; ClassName:


8:5:2 = hWnd = 0x00010018; ClassName:
.
8:5:3 = hWnd = 0x00010022; ClassName:
8:5:5 = s1.
8:5:5 = s2.


2:3:7 = hWnd = 0x00050588; ClassName:
2:3:7 = hWnd = 0x00201730; ClassName:
.


w.
9:24:57 = hWnd = 0x00010018; ClassName:
ow.
9:24:57 = hWnd = 0x00010022; ClassName:
9:25:0 = s1.
9:25:0 = s2.


3:50:24 = hWnd = 0x00200776; ClassName:
ow.
3:50:24 = hWnd = 0x00180460; ClassName:
3:51:27 = ## ERR ## Setevent


ow.


8:47:20 =
ow.
x=0, y=0,
8:47:20 =
x=0, y=0,
8:47:20 =
x=0, y=0,
8:47:24 =
width=1, height=1
width=0, height=0
width=0, height=0
8:47:24 = s1.
8:47:24 = s2.
w.
0:57:42 = ## ERR ## Setevent


ow.


8:17:37 = hWnd = 0x00010018; ClassName:
ow.
8:17:37 = hWnd = 0x00010022; ClassName:

8:17:43 = s1.
8:17:43 = s2.
8:17:46
8:17:46
8:18:24
8:18:24
8:18:25
8:18:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

18:57:57 = s1.
18:57:57 = s2.
1:35:15 = hWnd = 0x00050aba; ClassName:
1:35:15 = hWnd = 0x000d0a6a; ClassName:
ow.

1:35:36 = ## ERR ## Setevent

ow.


10:4:15 = hWnd = 0x00010018; ClassName:
ow.
10:4:16 = hWnd = 0x00010022; ClassName:

10:4:19 = s1.
10:4:19 = s2.
0:25:51 = hWnd = 0x00080326; ClassName:
ow.


0:26:36 = ## ERR ## Setevent
ow.


8:22:44 = hWnd = 0x00010018; ClassName:
ow.
8:22:45 = hWnd = 0x00010022; ClassName:

8:22:48 = s1.
8:22:48 = s2.
8:22:51
8:22:51
8:23:29
8:23:29
8:23:30
8:23:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:47:25 = hWnd = 0x000b05fc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
23:47:25 = hWnd = 0x000a0ac0; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

23:47:25 = hWnd = 0x000c05a2; ClassName: IME; Title: Default IME.
23:48:12 = ## ERR ## Setevent
23:48:12 = hWnd = 0x00e900a2; ClassName: IME; Title: Default IME.
9:27:53 = hWnd = 0x00010018; ClassName:
ow.
9:27:53 = hWnd = 0x00010022; ClassName:

9:27:58 = s1.
9:27:58 = s2.
1:58:41 = hWnd = 0x000b0c3e; ClassName:
ow.
1:58:41 = hWnd = 0x00100994; ClassName:


1:59:22 = ## ERR ## Setevent
ow.


17:23:28 = hWnd = 0x00010018; ClassName:
dow.
17:23:28 = hWnd = 0x00010022; ClassName:

17:23:33 = s1.
17:23:33 = s2.
17:23:39
17:23:39
17:24:16
17:24:16
17:24:17
17:24:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:53:16 =
ow.
x=0, y=0,
9:53:16 =
x=0, y=0,
9:53:16 =
x=0, y=0,
9:53:21 =
width=1, height=1
width=0, height=0
width=0, height=0
9:53:22 = s1.
9:53:22 = s2.
ow.
1:14:27 = ## ERR ## Setevent


1:14:27 = hWnd = 0x00df01de; ClassName:
1:14:27 = hWnd = 0x01bb0194; ClassName:
ow.



9:40:35 = hWnd = 0x00010018; ClassName:
ow.
9:40:35 = hWnd = 0x00010022; ClassName:

9:40:40 = s1.
9:40:40 = s2.
9:40:43
9:40:43
9:41:21
9:41:21
9:41:22
9:41:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:27:48 = hWnd = 0x00040426; ClassName:
ow.
1:28:38 = ## ERR ## Setevent


ow.


9:33:53 = hWnd = 0x00010018; ClassName:
ow.
9:33:53 = hWnd = 0x00010022; ClassName:

9:33:55 = s1.
9:33:55 = s2.
9:33:58
9:33:58
9:34:34
9:34:34
9:34:35
9:34:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:41:40 = hWnd = 0x00060418; ClassName:
ow.
0:41:40 = hWnd = 0x03de068c; ClassName:
0:42:13 = ## ERR ## Setevent


ow.


10:13:43 = hWnd = 0x00010018; ClassName:
dow.
10:13:44 = hWnd = 0x00010022; ClassName:

10:13:48 = s1.
10:13:48 = s2.
10:13:51
10:13:51
10:14:29
10:14:29
10:14:30
10:14:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
13:15:30 = ## ERR ## Setevent


13:15:30 = hWnd = 0x003e01de; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
13:15:30 = hWnd = 0x010f011c; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
13:15:30 = hWnd = 0x000d01ac; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

13:15:30 = hWnd = 0x006d005e; ClassName: IME; Title: Default IME.
dow.
13:19:14 = s1.
13:19:14 = s2.
13:19:17
13:19:17
13:19:55
13:19:55
13:19:56
13:19:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
13:47:14 = ## ERR ## Setevent


dow.
13:47:14 = hWnd = 0x000c004c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
13:51:4 = hWnd = 0x00010018; ClassName:
ow.
13:51:4 = hWnd = 0x00010022; ClassName:

13:51:7 = s1.
13:51:7 = s2.
dow.
15:53:12 = ## ERR ## Setevent
15:53:12 = hWnd = 0x00120142; ClassName:

dow.


15:57:41 = hWnd = 0x00010018; ClassName:
dow.
15:57:42 = hWnd = 0x00010022; ClassName:

15:59:18 = s1.
15:59:18 = s2.
15:59:19
15:59:19
15:59:58
15:59:58
15:59:59
15:59:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
16:55:23 = ## ERR ## Setevent


16:55:23 = hWnd = 0x00030028; ClassName:
dow.


16:58:18 = hWnd = 0x00010018; ClassName:
dow.
16:58:18 = hWnd = 0x00010022; ClassName:

16:58:21 = s1.
16:58:21 = s2.
17:27:3 = hWnd = 0x000703ea; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
17:27:3 =
x=0, y=0,
17:27:8 =
17:27:8 =

width=0, height=0
Process Attach
## ERR ## Setevent

17:27:8 = hWnd = 0x00040086; ClassName:
ow.


17:44:18 = hWnd = 0x00010018; ClassName:
dow.
17:44:18 = hWnd = 0x00010022; ClassName:

17:46:51 = s1.
17:46:51 = s2.
17:46:52
17:46:52
17:47:23
17:47:23
17:47:24
17:47:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
0:33:38 =
x=0, y=0,
0:33:38 =
x=0, y=0,
0:34:36 =
0:34:36 =
width=1, height=1
width=0, height=0
hWnd = 0x000d08e2; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


8:26:20 =
ow.
x=0, y=0,
8:26:20 =
x=0, y=0,
8:26:20 =
x=0, y=0,
8:26:22 =
width=1, height=1
width=0, height=0
width=0, height=0
8:26:22 = s1.
8:26:22 = s2.
16:27:51 = hWnd = 0x0008048e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
16:27:51 = hWnd = 0x000b04bc; ClassName: IME; Title: Default IME.
16:28:46 = ## ERR ## Setevent
16:28:46 = hWnd = 0x00c401ca; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
16:28:46 = hWnd = 0x00dd01be; ClassName: IME; Title: Default IME.
16:33:57 = hWnd = 0x00010018; ClassName:
dow.
16:33:57 = hWnd = 0x00010022; ClassName:

16:33:58 = s1.
16:33:58 = s2.
w.

2:3:59 = hWnd = 0x00190d8e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
w.


9:35:29 = hWnd = 0x00010018; ClassName:
ow.
9:35:29 = hWnd = 0x00010022; ClassName:

9:35:31 = s1.
9:35:31 = s2.
9:35:34
9:35:34
9:36:12
9:36:12
9:36:13
9:36:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:42:58 = hWnd = 0x001705c8; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
15:43:23 = ## ERR ## Setevent
dow.
15:43:23 = hWnd = 0x00590088; ClassName:


19:45:8 = hWnd = 0x00010018; ClassName:
ow.
19:45:8 = hWnd = 0x00010022; ClassName:

19:49:33 = s1.
19:49:33 = s2.
19:49:34
19:49:34
19:50:11
19:50:11
19:50:12
19:50:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
21:24:54 = ## ERR ## Setevent
dow.


21:29:27 = hWnd = 0x00010018; ClassName:
dow.
21:29:28 = hWnd = 0x00010022; ClassName:

21:31:29 = s1.
21:31:29 = s2.
0:4:6 = hWnd = 0x00030644; ClassName:

.
0:4:6 = hWnd = 0x00040710; ClassName:


w.


w.
9:4:15 = s1.
9:4:15 = s2.
9:4:19
9:4:19
9:4:58
9:4:58
9:4:59
9:4:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:33:44 = hWnd = 0x00150724; ClassName:
ow.
1:33:44 = hWnd = 0x00120640; ClassName:
1:34:25 = ## ERR ## Setevent


1:34:25 = hWnd = 0x01630198; ClassName:
ow.
1:34:25 = hWnd = 0x00660146; ClassName:


10:2:28 = hWnd = 0x00010018; ClassName:
ow.
10:2:28 = hWnd = 0x00010022; ClassName:
10:2:31 = s1.
10:2:31 = s2.

10:3:13
10:3:13
10:3:14
10:3:14
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

23:6:49 = hWnd = 0x00340bc4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
23:13:24 = s1.
23:13:24 = s2.
23:13:24
23:13:24
23:15:42
23:15:42
23:15:43
23:15:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:20:27 = hWnd = 0x001d0b5c; ClassName:
ow.
2:20:53 = ## ERR ## Setevent


2:20:53 = hWnd = 0x00260176; ClassName:

ow.
2:20:53 = hWnd = 0x01290164; ClassName:


10:36:34 = hWnd = 0x00010018; ClassName:
dow.
10:36:35 = hWnd = 0x00010022; ClassName:

10:36:37 = s1.
10:36:37 = s2.
10:36:42
10:36:42
10:37:21
10:37:21
10:37:22
10:37:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:59:31 = ## ERR ## Setevent

dow.


10:5:12 = hWnd = 0x00010018; ClassName:
ow.
10:5:12 = hWnd = 0x00010022; ClassName:

10:5:17 = s1.
10:5:17 = s2.
w.
1:5:59 = hWnd = 0x00060658; ClassName:


w.


8:17:37 = hWnd = 0x00010018; ClassName:
ow.
8:17:37 = hWnd = 0x00010022; ClassName:

8:17:41 = s1.
8:17:41 = s2.
8:17:44
8:17:44
8:18:22
8:18:22
8:18:23
8:18:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:28:20 = hWnd = 0x00230496; ClassName:
1:28:36 = ## ERR ## Setevent


ow.


8:3:13 = hWnd = 0x00010018; ClassName:
w.
8:3:14 = hWnd = 0x00010022; ClassName:

8:3:18 = s1.
8:3:18 = s2.
16:51:25 = hWnd = 0x0006032e; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

16:51:56 = ## ERR ## Setevent
dow.
16:51:56 = hWnd = 0x00bf016a; ClassName:


18:42:17 = hWnd = 0x00010018; ClassName:
dow.
18:42:17 = hWnd = 0x00010022; ClassName:

18:42:19 = s1.
18:42:19 = s2.

ow.
0:26:14 = ## ERR ## Setevent
0:26:14 = hWnd = 0x00550204; ClassName:
ow.
0:26:14 = hWnd = 0x00690066; ClassName:


9:46:23 = hWnd = 0x00010018; ClassName:
ow.
9:46:23 = hWnd = 0x00010022; ClassName:

9:46:26 = s1.
9:46:26 = s2.

dow.

13:55:34 = s1.
13:55:34 = s2.
14:10:3 = hWnd = 0x00110572; ClassName:
ow.


dow.
14:29:34 = s1.
14:29:34 = s2.
14:29:38
14:29:38
14:30:16
14:30:16
14:30:17
14:30:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:11:45 =
ow.
x=0, y=0,
0:11:45 =
x=0, y=0,
0:11:45 =
x=0, y=0,
0:12:18 =
0:12:18 =
hWnd = 0x004a15cc; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


9:18:21 = hWnd = 0x00010018; ClassName:
ow.
9:18:22 = hWnd = 0x00010022; ClassName:

9:18:24 = s1.
9:18:24 = s2.
dow.
23:56:53 = hWnd = 0x000b05b6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
23:56:53 = hWnd = 0x002b05ae; ClassName: IME; Title: Default IME.
23:57:8 = ## ERR ## Setevent
23:57:8 =
ow.
x=0, y=0,
23:57:8 =
x=0, y=0,
23:57:8 =
x=0, y=0,
9:35:36 =
9:35:36 =
width=1, height=1
width=0, height=0
hWnd = 0x00e5004c; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

9:35:37 = hWnd = 0x00010018; ClassName:
ow.
9:35:37 = hWnd = 0x00010022; ClassName:
9:35:39 = s1.

9:35:39 = s2.
9:35:42
9:35:42
9:36:21
9:36:21
9:36:22
9:36:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
17:29:19 = ## ERR ## Setevent


17:29:19 = hWnd = 0x00110172; ClassName:
dow.


20:7:55 =
ow.
x=0, y=0,
20:7:56 =
x=0, y=0,
20:7:56 =
x=0, y=0,
width=1, height=1
width=0, height=0
width=0, height=0

20:7:59 = s1.
20:7:59 = s2.
ow.
1:43:14 = ## ERR ## Setevent


1:43:14 = hWnd = 0x00850052; ClassName:
ow.


x=0, y=0,
9:26:31 =
ow.
x=0, y=0,
9:26:31 =
x=0, y=0,
9:26:31 =
x=0, y=0,
9:26:33 =
width=1, height=1
width=0, height=0
width=0, height=0
9:26:33 = s1.
9:26:33 = s2.
9:26:38
9:26:38
9:27:15
9:27:15
9:27:17
9:27:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:33:51 = ## ERR ## Setevent


0:33:51 = hWnd = 0x00310090; ClassName:
ow.
0:33:51 = hWnd = 0x01060052; ClassName:


9:5:25 = hWnd = 0x00010018; ClassName:
w.
9:5:25 = hWnd = 0x00010022; ClassName:

9:5:28 = s1.
9:5:28 = s2.
ow.
19:49:45 = ## ERR ## Setevent


dow.
19:49:45 = hWnd = 0x01380058; ClassName:


19:54:32 = hWnd = 0x00010018; ClassName:
dow.
19:54:33 = hWnd = 0x00010022; ClassName:

19:54:35 = s1.
19:54:35 = s2.
19:54:39
19:54:39
19:55:16
19:55:16
19:55:17
19:55:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:9:54 = hWnd = 0x00050438; ClassName:
w.
1:9:54 = hWnd = 0x00050476; ClassName:


1:10:0 = hWnd = 0x006c00c2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
w.
10:15:1 = hWnd = 0x00010018; ClassName:
ow.
10:15:1 = hWnd = 0x00010022; ClassName:

10:15:4 = s1.
10:15:4 = s2.
dow.
21:37:26 = s1.
21:37:26 = s2.


dow.
22:30:15 = hWnd = 0x00501812; ClassName:

22:30:15 = s1.
22:30:15 = s2.
0:44:15 =
ow.
x=0, y=0,
0:44:15 =
x=0, y=0,
0:44:15 =
x=0, y=0,
0:44:50 =
0:44:50 =
width=1, height=1
width=0, height=0
hWnd = 0x006209ae; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

0:44:50 = hWnd = 0x007c004c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
0:44:50 =
ow.
x=0, y=0,
0:44:50 =
x=0, y=0,
0:44:50 =
x=0, y=0,
6:59:50 =
6:59:50 =
width=1, height=1
hWnd = 0x00e8008e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00b701aa; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

6:59:51 = hWnd = 0x00010018; ClassName:
ow.
6:59:52 = hWnd = 0x00010022; ClassName:

6:59:55 = s1.
6:59:55 = s2.
16:9:30 = hWnd = 0x00090cc0; ClassName:
ow.
16:10:53 = ## ERR ## Setevent



dow.
16:10:53 = hWnd = 0x00040090; ClassName:


16:14:39 = hWnd = 0x00010018; ClassName:
dow.
16:14:39 = hWnd = 0x00010022; ClassName:

16:14:45 = s1.
16:14:45 = s2.
16:14:48
16:14:48
16:15:25
16:15:25
16:15:26
16:15:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:13:11 = hWnd = 0x00100dac; ClassName:
dow.
22:13:11 = hWnd = 0x000c0ca0; ClassName:

ow.
0:45:43 = hWnd = 0x00020574; ClassName:
0:45:43 = hWnd = 0x00020578; ClassName:
0:46:23 = ## ERR ## Setevent


ow.


9:21:15 = hWnd = 0x00010018; ClassName:
ow.
9:21:15 = hWnd = 0x00010022; ClassName:
9:21:19 = s1.
9:21:19 = s2.


10:3:44 = hWnd = 0x00070490; ClassName:
ow.
10:3:48 = ## ERR ## Setevent


ow.


11:33:48 = hWnd = 0x00010018; ClassName:
dow.
11:33:49 = hWnd = 0x00010022; ClassName:

11:33:52 = s1.
11:33:52 = s2.
11:33:56
11:33:56
11:34:34
11:34:34
11:34:35
11:34:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
13:53:5 = hWnd = 0x00151178; ClassName:


14:32:19 = hWnd = 0x000b0aa2; ClassName:
dow.



dow.
23:18:49 = ## ERR ## Setevent


23:18:49 = hWnd = 0x00cc01f6; ClassName:
23:18:49 = hWnd = 0x00dd004c; ClassName:
dow.
23:18:49 = hWnd = 0x00480054; ClassName:


23:22:38 = hWnd = 0x00010018; ClassName:
dow.
23:22:38 = hWnd = 0x00010022; ClassName:
23:22:42 = s1.
23:22:42 = s2.
23:22:46
23:22:46
23:23:22
23:23:22
23:23:23
23:23:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
3:22:6 = hWnd = 0x000a03ae; ClassName:


ow.
3:33:24 = hWnd = 0x00280802; ClassName:
3:33:24 = hWnd = 0x000e0ff0; ClassName:


ow.


3:39:35 = hWnd = 0x00201472; ClassName:
3:39:35 = hWnd = 0x00110ff0; ClassName:
ow.
3:39:36 = hWnd = 0x000a08da; ClassName:


ow.
3:39:54 = hWnd = 0x000e13cc; ClassName:


w.


w.


w.


10:21:23 = hWnd = 0x00010018; ClassName:
dow.
10:21:24 = hWnd = 0x00010022; ClassName:
10:21:28 = s1.
10:21:28 = s2.
10:21:32
10:21:32
10:22:11
10:22:11
=
=
=
=
Start show animate

begin close Process
Terminate Process


dow.
19:59:58 = ## ERR ## Setevent


19:59:58 = hWnd = 0x00ce005a; ClassName:
dow.


20:3:49 = hWnd = 0x00010018; ClassName:
ow.
20:3:49 = hWnd = 0x00010022; ClassName:
20:3:55 = s1.
20:3:55 = s2.

20:3:58
20:4:34
20:4:34
20:4:36
20:4:36
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.


w.


0:7:6 = hWnd = 0x000e0132; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
0:7:6 = hWnd = 0x000d0134; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.
0:7:6 = hWnd = 0x000803bc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

0:12:5 = hWnd = 0x000b09be; ClassName:
w.


0:22:56 = hWnd = 0x00170bac; ClassName:
ow.
0:22:56 = hWnd = 0x00110baa; ClassName:


ow.
0:37:10 =
x=0, y=0,
0:37:11 =
0:37:11 =
0:37:11 =

width=0, height=0
begin close Process
end close Process
DLL_PROCESS_DETACH

0:51:57 = hWnd = 0x000f09be; ClassName:
ow.
0:51:57 = hWnd = 0x000e0b1e; ClassName:


w.
2:9:39 = hWnd = 0x000b0ba4; ClassName:
2:10:10 = ## ERR ## Setevent


ow.
2:10:10 =
x=0, y=0,
2:10:10 =
x=0, y=0,
9:41:54 =
9:41:54 =

width=0, height=0
width=0, height=0
Process Attach
end process attach

9:41:54 = hWnd = 0x00010018; ClassName:
ow.
9:41:55 = hWnd = 0x00010022; ClassName:

9:42:2 = s1.
9:42:2 = s2.
dow.
11:17:45 = hWnd = 0x00070306; ClassName:



11:37:33 = hWnd = 0x00170478; ClassName:
11:37:33 = hWnd = 0x00050540; ClassName:
dow.
11:37:33 = hWnd = 0x00060386; ClassName:


dow.
11:50:57 = hWnd = 0x00070506; ClassName:


12:22:55 = hWnd = 0x00150544; ClassName:
dow.



dow.


ow.
13:43:8 = hWnd = 0x00140562; ClassName:


13:44:24 = hWnd = 0x00230478; ClassName:
dow.



19:31:48 = hWnd = 0x00050694; ClassName:
dow.
19:31:48 = hWnd = 0x00060692; ClassName:
19:31:49 = hWnd = 0x00200688; ClassName:


ow.


dow.



0:25:51 = hWnd = 0x00040778; ClassName:
ow.
0:25:52 = hWnd = 0x00040738; ClassName:


ow.


0:42:2 = hWnd = 0x00100422; ClassName:
w.


ow.
0:52:22 = hWnd = 0x00300102; ClassName:


1:33:45 = hWnd = 0x00420116; ClassName:
ow.


ow.


2:48:51 = hWnd = 0x002c03de; ClassName:
ow.
2:48:51 = hWnd = 0x00030730; ClassName:
2:49:11 = ## ERR ## Setevent


ow.
2:49:11 = hWnd = 0x00940060; ClassName:


9:21:38 = hWnd = 0x00010018; ClassName:
ow.
9:21:39 = hWnd = 0x00010022; ClassName:
9:21:42 = s1.
9:21:42 = s2.


dow.


w.


19:36:50 = hWnd = 0x002503fa; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

dow.


ow.
0:26:11 = ## ERR ## Setevent


ow.
0:26:11 =
x=0, y=0,
0:26:11 =
x=0, y=0,
9:41:30 =
9:41:30 =

width=0, height=0
width=0, height=0
Process Attach
end process attach

9:41:31 = hWnd = 0x00010018; ClassName:
ow.
9:41:31 = hWnd = 0x00010022; ClassName:

9:41:36 = s1.
9:41:36 = s2.
9:41:40
9:41:40
9:42:16
9:42:16
9:42:18
9:42:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

20:20:58 = hWnd = 0x001a0be4; ClassName:
dow.


20:28:2 = hWnd = 0x000b0bc6; ClassName:

ow.
20:28:2 = hWnd = 0x000f0bdc; ClassName:


20:42:12 = hWnd = 0x00130106; ClassName:
dow.


23:41:50 = hWnd = 0x00150388; ClassName:
dow.



dow.


0:14:36 = hWnd = 0x00030412; ClassName:
ow.

0:14:37 = s1.
0:14:37 = s2.
0:14:37
0:14:37
0:18:17
0:18:17
0:18:18
0:18:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:45:49 = hWnd = 0x00230512; ClassName:
ow.


0:46:16 = ## ERR ## Setevent
ow.


9:19:14 = hWnd = 0x00010018; ClassName:
ow.
9:19:14 = hWnd = 0x00010022; ClassName:

9:19:17 = s1.
9:19:17 = s2.
15:25:3 = hWnd = 0x000c0a4e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
x=0, y=0,
15:25:3 =
x=0, y=0,
15:25:3 =
x=0, y=0,
15:25:5 =
15:25:5 =
15:25:5 =
width=1, height=1
width=0, height=0
width=0, height=0
begin close Process
end close Process
DLL_PROCESS_DETACH

dow.
23:19:41 = hWnd = 0x01790816; ClassName:
23:20:29 = ## ERR ## Setevent


dow.
23:20:29 = hWnd = 0x00da0062; ClassName:


23:25:17 = hWnd = 0x00010018; ClassName:
dow.
23:25:17 = hWnd = 0x00010022; ClassName:

23:25:21 = s1.
23:25:21 = s2.
0:35:14 = hWnd = 0x00070424; ClassName:
ow.
0:35:20 = ## ERR ## Setevent


ow.


w.
9:11:8 = s1.
9:11:8 = s2.
9:11:11
9:11:11
9:11:47
9:11:47
9:11:49
9:11:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:7:1 = hWnd = 0x00040644; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.
1:7:1 = hWnd = 0x000f0b44; ClassName: IME; Title: Default IME.
w.
1:7:52 = hWnd = 0x00140092; ClassName:


dow.
10:23:33 = s1.
10:23:33 = s2.
10:23:37
10:23:37
10:24:14
10:24:14
10:24:15
10:24:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.


22:35:42 = hWnd = 0x00110102; ClassName:
dow.


22:41:19 = hWnd = 0x00140102; ClassName:
22:41:19 = hWnd = 0x00180496; ClassName:
dow.


dow.


w.


ow.
1:43:48 = hWnd = 0x00030afa; ClassName:
1:44:27 = ## ERR ## Setevent


1:44:27 = hWnd = 0x00dc01f4; ClassName:
ow.
1:44:27 = hWnd = 0x00670056; ClassName:
1:44:27 = hWnd = 0x005c01bc; ClassName:


10:19:56 = hWnd = 0x00010018; ClassName:
dow.
10:19:56 = hWnd = 0x00010022; ClassName:
10:20:1 = s1.
10:20:1 = s2.


w.
1:59:4 = hWnd = 0x00080afe; ClassName: IME; Title: Default IME.
1:59:43 = ## ERR ## Setevent
1:59:43 = hWnd = 0x01760074; ClassName:
ow.


9:32:30 = hWnd = 0x00010018; ClassName:
ow.
9:32:31 = hWnd = 0x00010022; ClassName:
9:32:35 = s1.
9:32:35 = s2.
9:32:40
9:32:40
9:33:16
9:33:16
9:33:17
9:33:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
3:32:46 = ## ERR ## Setevent


3:32:46 = hWnd = 0x00bb01da; ClassName:
ow.


ow.
11:25:12 = s1.
11:25:12 = s2.
11:25:54
11:25:54
11:25:55
11:25:55
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:46:52 = hWnd = 0x00040566; ClassName:
0:47:43 = ## ERR ## Setevent


ow.


11:11:47 = hWnd = 0x00010018; ClassName:
dow.
11:11:47 = hWnd = 0x00010022; ClassName:
11:11:49 = s1.

11:11:49 = s2.
11:11:53
11:11:53
11:12:31
11:12:31
11:12:32
11:12:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:16:16 = hWnd = 0x00030aec; ClassName:
dow.


16:16:27 = hWnd = 0x00110026; ClassName:
dow.


16:16:45 = hWnd = 0x00020aae; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
16:54:43 = hWnd = 0x002b0bfe; ClassName:
dow.


17:22:3 = hWnd = 0x00190776; ClassName:
ow.



17:24:32 = hWnd = 0x00310aa6; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
17:24:32 = hWnd = 0x002c0c3c; ClassName: IME; Title: Default IME.
17:59:22 = hWnd = 0x00060538; ClassName:
17:59:22 = hWnd = 0x00040578; ClassName:
dow.
17:59:22 = hWnd = 0x00350790; ClassName:
17:59:38 = ## ERR ## Setevent


17:59:38 = hWnd = 0x01dd002e; ClassName:
dow.


18:3:19 =
ow.
x=0, y=0,
18:3:19 =
x=0, y=0,
18:3:19 =
x=0, y=0,
18:3:23 =
width=1, height=1
width=0, height=0
width=0, height=0
18:3:23 = s1.
18:3:23 = s2.
18:8:2 = hWnd = 0x00030528; ClassName:
18:8:2 = hWnd = 0x00020520; ClassName:
w.
18:8:2 = hWnd = 0x00030526; ClassName:


ow.
18:10:7 = hWnd = 0x00040500; ClassName:

dow.
18:54:7 = ## ERR ## Setevent


18:54:7 = hWnd = 0x00080056; ClassName:
ow.
18:54:7 = hWnd = 0x00040198; ClassName:


18:55:52 = hWnd = 0x00010018; ClassName:
dow.
18:55:52 = hWnd = 0x00010022; ClassName:
18:55:56 = s1.
18:55:56 = s2.


dow.
20:16:49 = ## ERR ## Setevent


dow.
20:16:49 = hWnd = 0x00780054; ClassName:


20:20:19 = hWnd = 0x00010018; ClassName:
dow.
20:20:19 = hWnd = 0x00010022; ClassName:

20:20:22 = s1.
20:20:22 = s2.
23:52:23 = hWnd = 0x00070558; ClassName:
23:52:23 = hWnd = 0x00080580; ClassName:
dow.


ow.
1:38:23 = hWnd = 0x00060152; ClassName:
1:38:23 = s1.
1:38:23 = s2.
1:38:23
1:38:23
1:42:35
1:42:35
1:42:36
1:42:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:10:15 = hWnd = 0x00280654; ClassName:
ow.
2:10:25 = ## ERR ## Setevent


ow.
2:10:25 = hWnd = 0x00030088; ClassName:
2:10:25 = hWnd = 0x00820096; ClassName:


8:30:39 = hWnd = 0x00010018; ClassName:
ow.
8:30:39 = hWnd = 0x00010022; ClassName:
8:30:42 = s1.
8:30:42 = s2.

8:30:46
8:31:23
8:31:23
8:31:24
8:31:24
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:23:26 = hWnd = 0x00120422; ClassName:
21:23:26 = hWnd = 0x00610498; ClassName:
dow.
21:23:26 = hWnd = 0x00040406; ClassName:

21:23:27 = s1.
21:23:27 = s2.
21:23:27
21:23:27
21:46:58
21:46:58
21:46:59
21:46:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:7:5 = hWnd = 0x00050576; ClassName:
3:7:5 = hWnd = 0x00340352; ClassName:
.



w.


8:33:0 = hWnd = 0x00010018; ClassName:
w.
8:33:1 = hWnd = 0x00010022; ClassName:

8:33:4 = s1.
8:33:4 = s2.
12:27:5 = hWnd = 0x00080938; ClassName:
12:27:5 = hWnd = 0x00080868; ClassName:
ow.
12:27:5 = hWnd = 0x00020932; ClassName:
12:27:5 = hWnd = 0x00030944; ClassName:


dow.


dow.


15:56:53 = hWnd = 0x00070318; ClassName:
dow.
15:57:26 = ## ERR ## Setevent


15:57:26 = hWnd = 0x00640162; ClassName:
dow.


dow.
17:19:33 = s1.
17:19:33 = s2.
17:19:35
17:19:35
17:20:13
17:20:13
17:20:14
17:20:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:32:55 = hWnd = 0x00060688; ClassName:
0:32:55 = s1.

0:32:55 = s2.
0:32:56
0:32:56
0:33:10
0:33:10
0:33:11
0:33:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


w.
1:2:55 = hWnd = 0x00040052; ClassName:


dow.

10:22:18 = s1.
10:22:18 = s2.
dow.
18:48:19 = hWnd = 0x00070558; ClassName:
18:48:35 = ## ERR ## Setevent


dow.
18:48:35 = hWnd = 0x00180088; ClassName:
18:48:35 = hWnd = 0x00640038; ClassName:



ow.
18:52:12 = s1.
18:52:12 = s2.
18:52:15
18:52:15
18:52:53
18:52:53
18:52:54
18:52:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:26:22 = hWnd = 0x00280536; ClassName:
1:26:41 = ## ERR ## Setevent


1:26:41 = hWnd = 0x00830088; ClassName:
ow.



11:6:54 = hWnd = 0x00010018; ClassName:
ow.
11:6:55 = hWnd = 0x00010022; ClassName:

11:6:59 = s1.
11:6:59 = s2.
ow.
1:27:26 = hWnd = 0x00120488; ClassName:
1:27:59 = ## ERR ## Setevent


1:27:59 = hWnd = 0x01250088; ClassName:
ow.
1:27:59 = hWnd = 0x00a601ba; ClassName:


9:58:2 = hWnd = 0x00010018; ClassName:
w.
9:58:2 = hWnd = 0x00010022; ClassName:

9:58:5 = s1.
9:58:5 = s2.
9:58:10
9:58:10
9:58:47
9:58:47
9:58:48
9:58:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
18:47:57 = s1.
18:47:57 = s2.
18:47:58
18:47:58
18:53:13
18:53:13
18:53:14
18:53:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



dow.


18:55:22 = hWnd = 0x00210614; ClassName:
dow.


.
1:5:0 = s1.
1:5:0 = s2.

1:5:0 =
1:5:0 =
1:10:32
1:10:32
1:10:33
1:10:33
Start show animate

= Terminate Process
= end close Process
= DLL_PROCESS_DETACH

w.
3:5:46 = hWnd = 0x00070948; ClassName:


.
3:6:5 = hWnd = 0x02040060; ClassName:
3:6:5 = hWnd = 0x00120074; ClassName:


12:33:45 = hWnd = 0x00010018; ClassName:
dow.
12:33:45 = hWnd = 0x00010022; ClassName:

12:33:48 = s1.
12:33:48 = s2.
12:33:51
12:33:51
12:34:32
12:34:32
12:34:33
12:34:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:33:38 = hWnd = 0x00090648; ClassName:
ow.


1:34:8 = hWnd = 0x00950190; ClassName:
w.


dow.

11:59:38 = s1.
11:59:38 = s2.
w.
0:42:9 = hWnd = 0x00070464; ClassName:
0:42:31 = ## ERR ## Setevent


0:42:31 = hWnd = 0x00910088; ClassName:
0:42:31 = hWnd = 0x00ef019a; ClassName:
ow.


ow.
x=0, y=0,
11:5:17 =
x=0, y=0,
11:5:17 =
x=0, y=0,
11:5:21 =
width=1, height=1
width=0, height=0
width=0, height=0
11:5:22 = s1.
11:5:22 = s2.
ow.
12:5:46 = ## ERR ## Setevent


ow.
12:5:46 = hWnd = 0x00090144; ClassName:


12:7:34 = hWnd = 0x00010018; ClassName:
ow.
12:7:34 = hWnd = 0x00010022; ClassName:

12:7:36 = s1.
12:7:36 = s2.
12:7:39
12:7:39
12:8:16
12:8:16
12:8:17
12:8:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
12:21:31 = ## ERR ## Setevent


dow.
12:25:1 = s1.
12:25:1 = s2.
12:32:43 = hWnd = 0x00060526; ClassName:
dow.
12:32:43 = hWnd = 0x00060576; ClassName:
12:32:43 = hWnd = 0x00060570; ClassName:
12:33:6 = ## ERR ## Setevent


12:33:6 = hWnd = 0x00060060; ClassName:
ow.


dow.
12:42:22 = s1.
12:42:22 = s2.
12:56:47 = hWnd = 0x000402be; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
12:56:52 = ## ERR ## Setevent
dow.
12:58:17 = s1.
12:58:17 = s2.
12:58:20
12:58:20
12:58:57
12:58:57
12:58:58
12:58:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
13:18:18 = hWnd = 0x00030374; ClassName:
13:18:22 = ## ERR ## Setevent


dow.
13:18:22 = hWnd = 0x000a01ae; ClassName:
13:18:22 = hWnd = 0x00040070; ClassName:



ow.
13:30:5 = s1.
13:30:5 = s2.
dow.
15:50:35 = hWnd = 0x00330498; ClassName:
15:50:40 = ## ERR ## Setevent


dow.
15:50:40 = hWnd = 0x000201c2; ClassName: IME; Title: Default IME.

dow.
15:54:27 = s1.
15:54:27 = s2.
dow.
16:17:40 = hWnd = 0x00080592; ClassName:
16:18:1 = ## ERR ## Setevent


ow.


16:21:46 = hWnd = 0x00010018; ClassName:
dow.
16:21:46 = hWnd = 0x00010022; ClassName:

16:21:50 = s1.
16:21:50 = s2.
16:21:53
16:21:53
16:22:31
16:22:31
16:22:32
16:22:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:1:2 = hWnd = 0x00090554; ClassName:
1:1:2 = hWnd = 0x00130470; ClassName:
.
1:1:2 = hWnd = 0x00110582; ClassName:


1:1:24 = hWnd = 0x00170082; ClassName:
w.


1:48:21 = hWnd = 0x00010018; ClassName:
ow.
1:48:22 = hWnd = 0x00010022; ClassName:

1:48:25 = s1.
1:48:25 = s2.
2:42:52 = hWnd = 0x00020464; ClassName:
ow.
2:42:52 = hWnd = 0x00020484; ClassName:
2:42:59 = ## ERR ## Setevent


ow.
x=0, y=0,
2:42:59 =
x=0, y=0,
10:16:5 =
10:16:5 =
width=0, height=0
width=0, height=0
Process Attach
end process attach

10:16:6 = hWnd = 0x00010018; ClassName:
ow.
10:16:6 = hWnd = 0x00010022; ClassName:

10:16:9 = s1.
10:16:9 = s2.
10:16:13
10:16:13
10:16:49
10:16:49
10:16:50
10:16:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:41:33 = hWnd = 0x00200ccc; ClassName:
0:42:14 = ## ERR ## Setevent


ow.
0:42:14 = hWnd = 0x008c00f4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:9:15 = hWnd = 0x00010018; ClassName:
w.
2:9:15 = hWnd = 0x00010022; ClassName:

2:9:18 = s1.
2:9:18 = s2.
2:9:22
2:9:22
2:10:1
2:10:1
2:10:2
2:10:2
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:15:30 = hWnd = 0x00020462; ClassName:
3:15:30 = hWnd = 0x00020498; ClassName:
ow.
3:15:30 = hWnd = 0x00030352; ClassName:
3:15:40 = ## ERR ## Setevent



ow.
3:15:40 = hWnd = 0x00040106; ClassName:


10:28:58 = hWnd = 0x00010018; ClassName:
dow.
10:28:58 = hWnd = 0x00010022; ClassName:

10:29:2 = s1.
10:29:2 = s2.
10:47:43 = hWnd = 0x00060484; ClassName:
dow.


10:48:10 = ## ERR ## Setevent
dow.
10:48:10 = hWnd = 0x00030058; ClassName:


ow.
10:52:4 = s1.
10:52:4 = s2.
dow.
10:58:56 = ## ERR ## Setevent
dow.


11:0:33 = hWnd = 0x00010018; ClassName:
ow.
11:0:33 = hWnd = 0x00010022; ClassName:

11:0:37 = s1.
11:0:37 = s2.
11:0:40
11:0:40
11:1:14
11:1:14
11:1:15
11:1:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


11:7:44 = hWnd = 0x00050580; ClassName:
11:7:44 = hWnd = 0x00070584; ClassName:
ow.
11:7:44 = hWnd = 0x00050502; ClassName:
11:7:57 = ## ERR ## Setevent


ow.


11:11:29 = hWnd = 0x00010018; ClassName:
dow.
11:11:29 = hWnd = 0x00010022; ClassName:
11:11:33 = s1.
11:11:33 = s2.
11:11:36
11:11:36
11:12:13
11:12:13
11:12:14
11:12:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


11:22:4 = hWnd = 0x00050500; ClassName:
ow.
11:22:4 = hWnd = 0x00100528; ClassName:
11:22:8 = ## ERR ## Setevent


ow.


11:23:31 = hWnd = 0x00010018; ClassName:
dow.
11:23:31 = hWnd = 0x00010022; ClassName:
11:23:33 = s1.
11:23:33 = s2.

11:23:36
11:24:12
11:24:12
11:24:13
11:24:13
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
11:33:11 = hWnd = 0x00020498; ClassName:
11:33:26 = ## ERR ## Setevent


11:33:26 = hWnd = 0x00030048; ClassName:
dow.


11:37:12 = hWnd = 0x00010018; ClassName:
dow.
11:37:12 = hWnd = 0x00010022; ClassName:
11:37:15 = s1.

11:37:15 = s2.
11:37:18
11:37:18
11:37:56
11:37:56
11:37:57
11:37:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
12:4:13 = ## ERR ## Setevent


ow.
12:4:13 = hWnd = 0x00030094; ClassName:


12:5:49 =
ow.
x=0, y=0,
12:5:50 =
x=0, y=0,
12:5:50 =
x=0, y=0,
12:5:54 =
width=1, height=1
width=0, height=0
width=0, height=0
12:5:54 = s1.
12:5:54 = s2.
12:5:58
12:5:58
12:6:35
12:6:35
12:6:36
12:6:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
0:38:42 = ## ERR ## Setevent
ow.
0:38:42 = hWnd = 0x018c01ee; ClassName:


dow.

11:21:48 = s1.
11:21:48 = s2.
11:21:51
11:21:51
11:22:26
11:22:26
11:22:27
11:22:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:39:38 = hWnd = 0x00470136; ClassName:

0:39:38 = s1.
0:39:38 = s2.
0:39:38
0:39:38
0:43:52
0:43:52
0:43:53
0:43:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:53:17 = hWnd = 0x0005057e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
0:53:17 =
x=0, y=0,
0:53:36 =
0:53:36 =

width=0, height=0
Process Attach
## ERR ## Setevent

0:53:36 = hWnd = 0x008f00bc; ClassName:
ow.
0:53:36 = hWnd = 0x00930058; ClassName:


14:23:13 = hWnd = 0x00010018; ClassName:
dow.
14:23:13 = hWnd = 0x00010022; ClassName:

14:23:17 = s1.
14:23:17 = s2.
14:23:20
14:23:20
14:23:57
14:23:57
14:23:58
14:23:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

21:21:54 = ## ERR ## Setevent
dow.


21:25:57 = hWnd = 0x00010018; ClassName:
dow.
21:25:57 = hWnd = 0x00010022; ClassName:

21:26:0 = s1.
21:26:0 = s2.
ow.
4:23:58 =
x=0, y=0,
4:23:58 =
x=0, y=0,
4:24:18 =
4:24:18 =

width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


9:39:27 = hWnd = 0x00010018; ClassName:
ow.
9:39:27 = hWnd = 0x00010022; ClassName:

9:39:30 = s1.
9:39:30 = s2.
9:39:34
9:39:34
9:40:13
9:40:13
9:40:14
9:40:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
9:53:14 = hWnd = 0x00040488; ClassName:
9:53:14 = hWnd = 0x00030458; ClassName:
9:53:18 = ## ERR ## Setevent


ow.


11:9:48 = hWnd = 0x00010018; ClassName:
ow.
11:9:49 = hWnd = 0x00010022; ClassName:
11:9:51 = s1.
11:9:51 = s2.


w.
0:54:4 = hWnd = 0x00080dee; ClassName:
0:54:52 = ## ERR ## Setevent


ow.
0:54:52 = hWnd = 0x02cb01ec; ClassName:


11:23:25 = hWnd = 0x00010018; ClassName:
dow.
11:23:25 = hWnd = 0x00010022; ClassName:
11:23:30 = s1.
11:23:30 = s2.
11:23:34
11:23:34
11:24:11
11:24:11
11:24:12
11:24:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
1:7:39 = hWnd = 0x00550682; ClassName:


w.


9:28:9 = hWnd = 0x00010018; ClassName:
w.
9:28:9 = hWnd = 0x00010022; ClassName:
9:28:10 = s1.
9:28:10 = s2.
9:28:14
9:28:14
9:28:52
9:28:52
=
=
=
=
Start show animate

begin close Process
Terminate Process


dow.

12:37:26 = s1.
12:37:26 = s2.
12:37:26
12:37:26
12:38:32
12:38:32
12:38:33
12:38:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:10:3 = hWnd = 0x001205da; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:10:3 = hWnd = 0x00100ae0; ClassName: IME; Title: Default IME.
1:10:26 = ## ERR ## Setevent
1:10:26 = hWnd = 0x00fb01b8; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:10:26 =
x=0, y=0,
1:10:26 =
x=0, y=0,
11:2:26 =
11:2:26 =

width=0, height=0
hWnd = 0x026e004e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

11:2:26 = hWnd = 0x00010018; ClassName:
ow.
11:2:27 = hWnd = 0x00010022; ClassName:

11:2:35 = s1.
11:2:35 = s2.
11:2:38
11:2:38
11:3:15
11:3:15
11:3:16
11:3:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:32:8 = hWnd = 0x00eb004e; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

0:32:8 = hWnd = 0x00c8005a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
dow.
10:34:13 = s1.
10:34:13 = s2.
10:34:16
10:34:16
10:34:53
10:34:53
10:34:54
10:34:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:21:33 = hWnd = 0x00450516; ClassName:
ow.
0:21:33 = s1.
0:21:33 = s2.

0:30:3
0:30:3
0:30:4
0:30:4
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:1:19 = hWnd = 0x00060bde; ClassName:

1:1:19 = s1.
1:1:19 = s2.
1:1:19
1:1:19
1:1:34
1:1:34
1:1:35
1:1:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:11:12 = ## ERR ## Setevent


ow.
1:11:12 = hWnd = 0x00bc0088; ClassName: IME; Title: Default IME.
11:17:33 = hWnd = 0x00010018; ClassName:
dow.
11:17:33 = hWnd = 0x00010022; ClassName:

11:17:36 = s1.
11:17:36 = s2.
11:17:40
11:17:40
11:18:17
11:18:17
11:18:18
11:18:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:10:45 = hWnd = 0x00060754; ClassName:
0:10:45 = s1.
0:10:45 = s2.

0:10:45
0:14:19
0:14:19
0:14:20
0:14:20
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:40:49 = hWnd = 0x00060772; ClassName:
0:40:49 = hWnd = 0x00060adc; ClassName:
ow.


w.
0:41:9 = hWnd = 0x00880054; ClassName:


13:1:12 =
ow.
x=0, y=0,
13:1:12 =
x=0, y=0,
13:1:12 =
x=0, y=0,
13:1:15 =
width=1, height=1
width=0, height=0
width=0, height=0
13:1:15 = s1.
13:1:15 = s2.
13:1:18
13:1:18
13:1:56
13:1:56
13:1:57
13:1:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:4:55 = hWnd = 0x00010018; ClassName:
w.
1:4:55 = hWnd = 0x00010022; ClassName:

1:4:59 = s1.
1:4:59 = s2.
1:39:37 = hWnd = 0x00020426; ClassName:
ow.
1:39:37 = hWnd = 0x00040470; ClassName:
1:39:42 = ## ERR ## Setevent



ow.


9:49:47 = hWnd = 0x00010018; ClassName:
ow.
9:49:47 = hWnd = 0x00010022; ClassName:

9:49:49 = s1.
9:49:49 = s2.
9:49:53
9:49:53
9:50:31
9:50:31
9:50:32
9:50:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

10:51:12 = hWnd = 0x00040306; ClassName:
dow.
10:51:12 = hWnd = 0x00040302; ClassName:

10:51:12 = s1.
10:51:12 = s2.
10:51:13
10:51:13
10:51:30
10:51:30
10:51:31
10:51:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:31:44 = hWnd = 0x00050640; ClassName:
21:31:44 = hWnd = 0x00050656; ClassName:

21:31:44 = s1.
21:31:44 = s2.
ow.
1:39:45 = hWnd = 0x00030442; ClassName:

1:40:14 = ## ERR ## Setevent

1:40:14 = hWnd = 0x00be01d6; ClassName:
1:40:14 = hWnd = 0x00fd01e4; ClassName:
ow.
1:40:14 = hWnd = 0x00630038; ClassName:
1:40:14 = hWnd = 0x00880058; ClassName:


8:44:53 = hWnd = 0x00010018; ClassName:
ow.
8:44:54 = hWnd = 0x00010022; ClassName:

8:44:56 = s1.
8:44:56 = s2.
12:57:16 = ## ERR ## Setevent

12:57:16 = hWnd = 0x004d01ee; ClassName:
dow.


w.
13:3:2 = s1.
13:3:2 = s2.
1:24:34 =
ow.
x=0, y=0,
1:24:34 =
x=0, y=0,
width=1, height=1
hWnd = 0x000a03bc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
1:24:34 =
x=0, y=0,
1:24:57 =
1:24:57 =

width=0, height=0
Process Attach
## ERR ## Setevent

ow.


9:32:57 = hWnd = 0x00010018; ClassName:
ow.
9:32:58 = hWnd = 0x00010022; ClassName:

9:33:1 = s1.
9:33:1 = s2.
1:29:32 = hWnd = 0x00c814b4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:29:32 = hWnd = 0x001e09c0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:29:32 =
x=0, y=0,
1:29:32 =
x=0, y=0,
1:30:27 =
1:30:27 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


8:43:30 = hWnd = 0x00010018; ClassName:
ow.
8:43:31 = hWnd = 0x00010022; ClassName:

8:43:34 = s1.
8:43:34 = s2.
8:43:37
8:43:37
8:44:15
8:44:15
8:44:16
8:44:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:14:30 = hWnd = 0x000a0d8e; ClassName:

1:14:31 = s1.
1:14:31 = s2.
1:14:31
1:14:31
1:15:30
1:15:30
1:15:31
1:15:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:53:18 = ## ERR ## Setevent


1:53:18 =
1:53:18 =
ow.
x=0, y=0,
1:53:18 =
x=0, y=0,
1:53:18 =
x=0, y=0,
9:27:22 =
9:27:22 =
begin close Process

hWnd = 0x005301cc; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x007601ac; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

ow.
x=0, y=0,
9:27:23 =
x=0, y=0,
9:27:23 =
x=0, y=0,
9:27:26 =
width=1, height=1
width=0, height=0
width=0, height=0
9:27:27 = s1.
9:27:27 = s2.
w.
w.
2:4:50 = hWnd = 0x01520070; ClassName:



w.
11:6:10 = s1.
11:6:10 = s2.
11:6:14
11:6:14
11:6:52
11:6:52
11:6:53
11:6:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:5:28 = hWnd = 0x00190842; ClassName:
w.


.


8:34:8 = hWnd = 0x00010018; ClassName:
w.
8:34:8 = hWnd = 0x00010022; ClassName:

8:34:13 = s1.
8:34:13 = s2.
8:34:16
8:34:16
8:34:54
8:34:54
8:34:55
8:34:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:2:58 = hWnd = 0x00280612; ClassName:
ow.
13:2:58 = hWnd = 0x000e04da; ClassName:
13:2:58 = hWnd = 0x00370420; ClassName:


3:6:0 = hWnd = 0x005a057e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
3:6:0 = hWnd = 0x000206fc; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.

3:7:9 = hWnd = 0x015a00de; ClassName:
.
3:7:9 = hWnd = 0x00fd004a; ClassName:


8:38:56 = hWnd = 0x00010018; ClassName:
ow.
8:38:56 = hWnd = 0x00010022; ClassName:

8:38:58 = s1.
8:38:58 = s2.
2:23:8 = hWnd = 0x000203ac; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
2:23:8 = hWnd = 0x000203ae; ClassName: IME; Title: Default IME.
2:23:51 = ## ERR ## Setevent
ow.


9:36:13 = hWnd = 0x00010018; ClassName:
ow.
9:36:14 = hWnd = 0x00010022; ClassName:

9:36:18 = s1.
9:36:18 = s2.
9:36:21
9:36:21
9:36:58
9:36:58
9:36:59
9:36:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


15:51:56 = hWnd = 0x00110538; ClassName:
dow.
15:51:56 = hWnd = 0x00070516; ClassName:

15:51:57 = s1.
15:51:57 = s2.
15:51:58
15:51:58
15:59:53
15:59:53
15:59:54
15:59:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:32:5 = hWnd = 0x00150554; ClassName:
ow.
16:32:5 = hWnd = 0x00080628; ClassName:

16:32:5 = s1.
16:32:5 = s2.

1:16:29 = hWnd = 0x003e07e2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:16:29 = hWnd = 0x003d05e0; ClassName: IME; Title: Default IME.
1:16:31 = s1.
1:16:31 = s2.
1:16:32
1:16:32
1:19:33
1:19:33
1:19:34
1:19:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


8:57:49 =
ow.
x=0, y=0,
8:57:49 =
x=0, y=0,
8:57:49 =
x=0, y=0,
8:57:51 =
width=1, height=1
width=0, height=0
width=0, height=0
8:57:51 = s1.
8:57:51 = s2.
8:57:55
8:57:55
8:58:35
8:58:35
8:58:36
8:58:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:34:4 = hWnd = 0x00330762; ClassName:
2:34:25 = ## ERR ## Setevent


2:34:25 = hWnd = 0x00870122; ClassName:
ow.



9:16:23 = hWnd = 0x00010018; ClassName:
ow.
9:16:23 = hWnd = 0x00010022; ClassName:

9:16:26 = s1.
9:16:26 = s2.
ow.
2:46:33 = ## ERR ## Setevent


2:46:33 = hWnd = 0x00ea00e0; ClassName:
ow.
2:46:33 = hWnd = 0x00a801fe; ClassName:


3:0:6 = hWnd = 0x00010018; ClassName:
.
3:0:7 = hWnd = 0x00010022; ClassName:

3:0:10 = s1.
3:0:10 = s2.
3:0:13
3:0:13
3:0:51
3:0:51
3:0:52
3:0:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:18:48 = s1.
3:18:48 = s2.


ow.
3:49:55 = hWnd = 0x00060414; ClassName:
3:49:58 = ## ERR ## Setevent


ow.


9:7:17 = hWnd = 0x00010018; ClassName:
w.
9:7:17 = hWnd = 0x00010022; ClassName:
9:7:19 = s1.
9:7:19 = s2.

9:8:0
9:8:0
9:8:1
9:8:1
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

10:3:53 = hWnd = 0x00020458; ClassName:
10:3:53 = hWnd = 0x00070428; ClassName:
ow.
10:3:53 = hWnd = 0x00020454; ClassName:
10:3:53 = hWnd = 0x00040412; ClassName:

10:3:53 = s1.
10:3:53 = s2.
dow.
11:29:37 = hWnd = 0x000d07de; ClassName:
11:29:37 = hWnd = 0x00030852; ClassName:



dow.


11:35:41 = hWnd = 0x00040442; ClassName:
dow.
11:35:41 = hWnd = 0x00170420; ClassName:


ow.
11:37:43 = ## ERR ## Setevent



11:42:5 = hWnd = 0x00010018; ClassName:
ow.
11:42:5 = hWnd = 0x00010022; ClassName:

11:42:8 = s1.
11:42:8 = s2.
11:42:12
11:42:12
11:42:50
11:42:50
11:42:51
11:42:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:45:48 = hWnd = 0x00010400; ClassName:
dow.
11:45:48 = hWnd = 0x00010406; ClassName:
11:45:48 = s1.
11:45:48 = s2.


13:48:56 = hWnd = 0x00040050; ClassName:
dow.
13:48:56 = hWnd = 0x00020428; ClassName:
13:48:56 = hWnd = 0x00050412; ClassName:

13:48:56 = s1.
13:48:56 = s2.
13:48:56
13:48:56
13:49:12
13:49:12
13:49:12
=
=
=
=
=
Start show animate

begin close Process
end close Process
DLL_PROCESS_DETACH

1:34:16 = hWnd = 0x00050458; ClassName:
1:34:16 = hWnd = 0x00110466; ClassName:
ow.
1:34:52 = ## ERR ## Setevent


1:34:52 = hWnd = 0x00b30124; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:34:52 = hWnd = 0x016f01d6; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
w.
9:37:14 = s1.
9:37:14 = s2.
9:37:18
9:37:18
9:37:57
9:37:57
9:37:58
9:37:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:49:14 = ## ERR ## Setevent


15:49:14
15:49:14
15:49:14
: Inicio

= end close Process
= hWnd = 0x002000e0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
de sesin en Windows.

dow.
15:49:14 = hWnd = 0x006e01f2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
15:49:14 = hWnd = 0x00b300e4; ClassName: IME; Title: Default IME.
17:50:28 = hWnd = 0x00010018; ClassName:
dow.
17:50:28 = hWnd = 0x00010022; ClassName:

17:50:31 = s1.
17:50:31 = s2.
17:50:34
17:50:34
17:51:12
17:51:12
17:51:13
17:51:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

20:34:5 = hWnd = 0x00030048; ClassName:
ow.


w.


w.


8:7:6 = hWnd = 0x00010018; ClassName:
.
8:7:6 = hWnd = 0x00010022; ClassName:
8:7:10 = s1.
8:7:10 = s2.
8:7:14
8:7:14
8:7:52
8:7:52
8:7:53
8:7:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
2:40:43 = ## ERR ## Setevent


2:40:43 = hWnd = 0x01490096; ClassName:
ow.


10:11:14 = hWnd = 0x00010018; ClassName:
dow.
10:11:15 = hWnd = 0x00010022; ClassName:
10:11:18 = s1.
10:11:18 = s2.
10:11:20
10:11:20
10:11:57
10:11:57
=
=
=
=
Start show animate

begin close Process
Terminate Process


20:19:25 = hWnd = 0x00aa0c7c; ClassName:
20:19:25 = hWnd = 0x00711170; ClassName:
dow.


ow.
1:26:50 = hWnd = 0x00760bee; ClassName:
1:26:50 = hWnd = 0x006b0c2c; ClassName:
1:27:34 = ## ERR ## Setevent


ow.


9:11:18 = hWnd = 0x00010018; ClassName:
ow.
9:11:19 = hWnd = 0x00010022; ClassName:

9:11:22 = s1.
9:11:22 = s2.
1:1:12 = hWnd = 0x00040416; ClassName:
w.
1:1:12 = hWnd = 0x00350596; ClassName:

1:1:12 = s1.
1:1:12 = s2.

ow.
1:48:34 = ## ERR ## Setevent
1:48:34 =
1:48:34 =
1:48:34 =
ow.
x=0, y=0,
1:48:34 =
x=0, y=0,
1:48:34 =
x=0, y=0,
18:46:6 =
18:46:6 =
begin close Process

end close Process
hWnd = 0x01ba00ec; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
hWnd = 0x004101ac; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

18:46:7 = hWnd = 0x00010018; ClassName:
ow.
18:46:8 = hWnd = 0x00010022; ClassName:

18:46:11 = s1.
18:46:11 = s2.
18:46:14
18:46:14
18:46:52
18:46:52
18:46:53
18:46:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:54:58 = hWnd = 0x00090514; ClassName:

dow.
18:54:58 = hWnd = 0x00030594; ClassName:

18:54:58 = s1.
18:54:58 = s2.
18:54:58
18:54:58
22:12:41
22:12:41
22:12:42
22:12:42
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:54:16 =
ow.
x=0, y=0,
2:54:16 =
x=0, y=0,
2:54:16 =
x=0, y=0,
2:54:47 =
2:54:47 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
2:54:47 = hWnd = 0x007e01be; ClassName:


18:1:55 = hWnd = 0x00010018; ClassName:
ow.
18:1:55 = hWnd = 0x00010022; ClassName:

18:1:58 = s1.
18:1:58 = s2.
2:31:58 = hWnd = 0x00040462; ClassName:
2:31:58 = hWnd = 0x00100474; ClassName:
ow.
2:32:21 = ## ERR ## Setevent


ow.


18:23:15 = hWnd = 0x00010018; ClassName:
dow.
18:23:15 = hWnd = 0x00010022; ClassName:

18:23:18 = s1.
18:23:18 = s2.
18:23:21
18:23:21
18:23:58
18:23:58
18:23:59
18:23:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:13:32 = hWnd = 0x00310894; ClassName:
ow.
2:13:33 = s1.
2:13:33 = s2.
2:13:34
2:13:34
2:18:34
2:18:34
2:18:35
2:18:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



2:38:14 = hWnd = 0x00130526; ClassName:
ow.
2:38:38 = ## ERR ## Setevent


ow.


19:2:1 = hWnd = 0x00010018; ClassName:
w.
19:2:1 = hWnd = 0x00010022; ClassName:
19:2:3 = s1.
19:2:3 = s2.

3:8:45 = hWnd = 0x00110854; ClassName:
3:8:45 = hWnd = 0x00050828; ClassName:
w.


w.


18:34:25 = hWnd = 0x00010018; ClassName:
dow.
18:34:26 = hWnd = 0x00010022; ClassName:
18:34:29 = s1.
18:34:29 = s2.


3:45:49 = hWnd = 0x00020462; ClassName:
3:45:49 = hWnd = 0x00070430; ClassName:
ow.
3:45:49 = hWnd = 0x00020460; ClassName:
3:45:49 = hWnd = 0x00030458; ClassName:
3:46:21 = ## ERR ## Setevent


ow.


10:56:57 = hWnd = 0x00010018; ClassName:
dow.
10:56:58 = hWnd = 0x00010022; ClassName:
10:57:1 = s1.
10:57:1 = s2.


0:19:13 = hWnd = 0x00180636; ClassName:
ow.
0:19:13 = hWnd = 0x00050442; ClassName:

0:19:16 = s1.
0:19:16 = s2.
0:19:17
0:19:17
0:23:29
0:23:29
0:23:30
0:23:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:40:59 = hWnd = 0x00130616; ClassName:
ow.
0:40:59 = hWnd = 0x00050750; ClassName:
0:40:59 = s1.
0:40:59 = s2.

0:40:59
0:40:59
0:43:19
0:43:19
0:43:20
0:43:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:1:24 = hWnd = 0x00160798; ClassName:
w.
1:1:24 = hWnd = 0x00360828; ClassName:


1:1:52 = hWnd = 0x01260112; ClassName:
w.
1:1:52 = hWnd = 0x00390070; ClassName:


11:46:47 = hWnd = 0x00010018; ClassName:
dow.
11:46:47 = hWnd = 0x00010022; ClassName:


11:46:52 = s1.
11:46:52 = s2.
11:46:56
11:46:56
11:47:34
11:47:34
11:47:35
11:47:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:52:17 = ## ERR ## Setevent


0:52:17 = hWnd = 0x018e01ac; ClassName:
ow.
0:52:17 = hWnd = 0x02030058; ClassName:
0:52:17 = hWnd = 0x01380080; ClassName:


ow.
x=0, y=0,
10:5:28 =
x=0, y=0,
10:5:34 =
width=0, height=0
width=0, height=0
10:5:34 = s1.
10:5:34 = s2.
10:5:36
10:5:36
10:6:14
10:6:14
10:6:15
10:6:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:18:51 = hWnd = 0x00200630; ClassName:
1:19:32 = ## ERR ## Setevent


1:19:32 = hWnd = 0x00730092; ClassName:
1:19:32 = hWnd = 0x012c01dc; ClassName:
ow.


10:12:8 = hWnd = 0x00010018;

ow.
10:12:9 = hWnd = 0x00010022;
10:12:9 = hWnd = 0x0001001a;
ClassName: GDI+ Hook Window Class; Title: GDI+ Wind

objects.
10:12:15 = s1.
10:12:15 = s2.
10:12:19
10:12:19
10:12:56
10:12:56
10:12:57
10:12:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:39:46 = hWnd = 0x00330388; ClassName:
ow.
1:40:36 = ## ERR ## Setevent


ow.
1:40:36 = hWnd = 0x00290036; ClassName:



ow.
8:55:27 = s1.
8:55:27 = s2.
dow.
15:58:27 = hWnd = 0x000d04be; ClassName:

15:58:28 = s1.
15:58:28 = s2.
15:58:31
15:58:31
15:58:49
15:58:49
15:58:50
15:58:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.

w.


10:0:26 = hWnd = 0x00010018; ClassName:
ow.
10:0:27 = hWnd = 0x00010022; ClassName:

10:0:31 = s1.
10:0:31 = s2.
10:0:34
10:0:34
10:1:13
10:1:13
10:1:14
10:1:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
0:58:36 =
x=0, y=0,
0:58:36 =
x=0, y=0,
0:59:21 =
0:59:21 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
0:59:21 = hWnd = 0x01320058; ClassName:


11:25:29 = hWnd = 0x00010018; ClassName:
dow.
11:25:30 = hWnd = 0x00010022; ClassName:

11:25:33 = s1.
11:25:33 = s2.
11:25:36
11:25:36
11:26:13
11:26:13
11:26:14
11:26:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
2:23:41 = ## ERR ## Setevent


ow.
2:23:41 = hWnd = 0x00e900ea; ClassName:


8:36:53 = hWnd = 0x00010018; ClassName:
ow.
8:36:53 = hWnd = 0x00010022; ClassName:
8:36:58 = s1.
8:36:58 = s2.


23:33:38 = hWnd = 0x00100804; ClassName:
dow.
23:34:12 = ## ERR ## Setevent


23:34:12 = hWnd = 0x01510056; ClassName:
dow.
23:34:12 = hWnd = 0x01cf002e; ClassName:


8:59:45 = hWnd = 0x00010018; ClassName:
ow.
8:59:46 = hWnd = 0x00010022; ClassName:
8:59:49 = s1.
8:59:49 = s2.


dow.
16:34:45 = hWnd = 0x00071278; ClassName:
16:35:14 = ## ERR ## Setevent


dow.


16:39:15 = hWnd = 0x00010018; ClassName:
dow.
16:39:15 = hWnd = 0x00010022; ClassName:
16:39:19 = s1.
16:39:19 = s2.


4:24:40 =
ow.
x=0, y=0,
4:24:40 =
x=0, y=0,
4:24:40 =
x=0, y=0,
4:25:16 =
4:25:16 =
width=1, height=1
hWnd = 0x000f0f8a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

4:25:16 = hWnd = 0x01540142; ClassName:
4:25:16 = hWnd = 0x01080052; ClassName:
ow.


10:18:32 = hWnd = 0x00010018; ClassName:
dow.
10:18:32 = hWnd = 0x00010022; ClassName:
10:18:35 = s1.
10:18:35 = s2.

10:18:39
10:18:39
10:19:17
10:19:17
10:19:18
10:19:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:12:28 = ## ERR ## Setevent


ow.


9:24:22 = hWnd = 0x00010018; ClassName:
ow.
9:24:23 = hWnd = 0x00010022; ClassName:

9:24:26 = s1.
9:24:26 = s2.
1:31:59 = hWnd = 0x00050662; ClassName:
ow.
1:31:59 = hWnd = 0x00020668; ClassName:
1:32:40 = ## ERR ## Setevent


1:32:40 = hWnd = 0x01db004c; ClassName:
ow.


9:53:43 = hWnd = 0x00010018; ClassName:
ow.
9:53:44 = hWnd = 0x00010022; ClassName:


9:53:46 = s1.
9:53:46 = s2.
9:53:49
9:53:49
9:54:26
9:54:26
9:54:27
9:54:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:5:55 = hWnd = 0x000d06da; ClassName:


w.


dow.

11:38:43 = s1.
11:38:43 = s2.
11:38:46
11:38:46
11:39:23
11:39:23
11:39:24
11:39:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.
0:46:2 = hWnd = 0x00630140; ClassName:


w.

9:40:10 = s1.
9:40:10 = s2.
9:40:14
9:40:14
9:40:51
9:40:51
9:40:52
9:40:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


1:7:21 = hWnd = 0x01460028; ClassName:
w.



ow.
9:48:31 = s1.
9:48:31 = s2.
9:48:33
9:48:33
9:49:10
9:49:10
9:49:11
9:49:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


2:3:5 = hWnd = 0x02180054; ClassName:
.


dow.
10:40:4 = s1.
10:40:4 = s2.
0:46:4 = hWnd = 0x00030428; ClassName:
0:46:4 = hWnd = 0x00040454; ClassName:
w.
0:46:4 = hWnd = 0x00020434; ClassName:
0:46:4 = hWnd = 0x00040468; ClassName:

0:46:7 = s1.
0:46:7 = s2.
0:46:12
0:46:12
0:50:26
0:50:26
0:50:27
0:50:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:20:14 = hWnd = 0x000603cc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

ow.
1:20:14 = hWnd = 0x001f05ba; ClassName: IME; Title: Default IME.
1:20:54 = ## ERR ## Setevent
1:20:54 = hWnd = 0x00de0052; ClassName:
ow.


10:11:21 = hWnd = 0x00010018; ClassName:
dow.
10:11:21 = hWnd = 0x00010022; ClassName:

10:11:25 = s1.
10:11:25 = s2.

1:5:12 = hWnd = 0x000e0434; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:5:12 = hWnd = 0x000806dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
w.
1:5:57 = hWnd = 0x00e201fc; ClassName:


1:9:16 = hWnd = 0x00010018; ClassName:
w.
1:9:16 = hWnd = 0x00010022; ClassName:
1:9:18 = s1.
1:9:18 = s2.
1:9:21
1:9:21
1:9:58
1:9:58
1:9:59
1:9:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


1:33:27 = hWnd = 0x00030460; ClassName:
ow.
1:33:27 = hWnd = 0x00030600; ClassName:

1:33:27 = s1.
1:33:27 = s2.
1:33:27
1:33:27
1:34:22
1:34:22
1:34:23
1:34:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:51:40 = hWnd = 0x00030424; ClassName:
1:51:45 = ## ERR ## Setevent


1:51:45 = hWnd = 0x000601ae; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
1:51:45 = hWnd = 0x000701ba; ClassName: IME; Title: Default IME.
7:58:8 = hWnd = 0x00010018; ClassName:
w.
7:58:8 = hWnd = 0x00010022; ClassName:

7:58:12 = s1.
7:58:12 = s2.
7:58:15
7:58:15
7:58:53
7:58:53
7:58:54
7:58:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:40:0 = hWnd = 0x00020314; ClassName:
8:40:0 = hWnd = 0x00020310; ClassName:
w.
8:40:0 = hWnd = 0x00030434; ClassName:
8:40:0 = hWnd = 0x00020312; ClassName:
8:40:1 = s1.
8:40:1 = s2.

23:53:49 = hWnd = 0x00090498; ClassName:
dow.
23:53:49 = hWnd = 0x00100424; ClassName:
23:54:50 = ## ERR ## Setevent


dow.
23:54:50 = hWnd = 0x00e201dc; ClassName:


10:57:15 = hWnd = 0x00010018; ClassName:
dow.
10:57:15 = hWnd = 0x00010022; ClassName:
10:57:18 = s1.
10:57:18 = s2.


ow.
0:45:55 = hWnd = 0x00060686; ClassName:
0:46:38 = ## ERR ## Setevent


ow.


11:1:29 = hWnd = 0x00010018; ClassName:
ow.
11:1:29 = hWnd = 0x00010022; ClassName:
11:1:31 = s1.
11:1:31 = s2.

11:1:35
11:2:13
11:2:13
11:2:14
11:2:14
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:37:58 = hWnd = 0x00040908; ClassName:
ow.
1:38:40 = ## ERR ## Setevent


ow.


9:53:54 = hWnd = 0x00010018; ClassName:
ow.
9:53:55 = hWnd = 0x00010022; ClassName:
9:53:57 = s1.

9:53:57 = s2.
1:7:1 = hWnd = 0x00130770; ClassName:
.


w.


10:22:45 = hWnd = 0x00010018; ClassName:
dow.
10:22:45 = hWnd = 0x00010022; ClassName:


10:22:48 = s1.
10:22:48 = s2.
10:22:50
10:22:50
10:23:27
10:23:27
10:23:28
10:23:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:59:56 = hWnd = 0x00080524; ClassName:
ow.


w.
2:0:41 = hWnd = 0x012a01bc; ClassName:


ow.
x=0, y=0,
9:25:44 =
x=0, y=0,
9:25:46 =
width=0, height=0
width=0, height=0
9:25:46 = s1.
9:25:46 = s2.
9:25:50
9:25:50
9:26:27
9:26:27
9:26:29
9:26:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:56:51 = hWnd = 0x00060524; ClassName:
dow.
23:56:51 = hWnd = 0x001e08aa; ClassName:
23:57:39 = ## ERR ## Setevent


23:57:39 = hWnd = 0x01740056; ClassName:
dow.


w.
9:2:39 = s1.
9:2:39 = s2.
9:2:42
9:2:42
9:3:20
9:3:20
9:3:21
9:3:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:3:12 = hWnd = 0x001f097e; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:4:51 = s1.
1:4:51 = s2.
1:4:53
1:4:53
1:10:8
1:10:8
1:10:9
1:10:9
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:45:6 = hWnd = 0x000b06f4; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:45:6 = hWnd = 0x000706dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

1:45:27 = ## ERR ## Setevent
ow.


10:25:38 = hWnd = 0x00010018; ClassName:
dow.
10:25:39 = hWnd = 0x00010022; ClassName:

10:25:41 = s1.
10:25:41 = s2.
10:25:43
10:25:43
10:26:21
10:26:21
10:26:22
10:26:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:18:46 = hWnd = 0x00090ed0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:18:46 =
ow.
x=0, y=0,
1:18:46 =
x=0, y=0,
1:18:46 =
x=0, y=0,
1:18:47 =
width=1, height=1
width=0, height=0
width=0, height=0
1:18:47 = s1.
1:18:47 = s2.
1:18:49
1:18:49
1:21:23
1:21:23
1:21:24
1:21:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:50:35 = hWnd = 0x00610904; ClassName:
ow.

1:50:35 = s1.
1:50:35 = s2.
1:50:35
1:50:35
1:53:40
1:53:40
1:53:41
1:53:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

1:54:41 = hWnd = 0x000f0ed0; ClassName: IME; Title: Default IME.
1:55:5 = hWnd = 0x00050196; ClassName:
w.


dow.
10:33:3 = s1.
10:33:3 = s2.
1:31:24 =
ow.
x=0, y=0,
1:31:24 =
x=0, y=0,
1:31:24 =
x=0, y=0,
1:32:19 =
1:32:19 =
width=1, height=1
hWnd = 0x00040a0a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00e70a38; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


10:31:33 = hWnd = 0x00010018; ClassName:
dow.
10:31:33 = hWnd = 0x00010022; ClassName:

10:31:36 = s1.
10:31:36 = s2.
10:31:41
10:31:41
10:32:19
10:32:19
10:32:20
10:32:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:31:55 = hWnd = 0x007c04f2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
1:32:44 = ## ERR ## Setevent
1:32:44 = hWnd = 0x00630054; ClassName:
ow.


10:2:27 = hWnd = 0x00010018; ClassName:
ow.
10:2:27 = hWnd = 0x00010022; ClassName:
10:2:31 = s1.
10:2:31 = s2.
10:2:34
10:2:34
10:3:11
10:3:11
10:3:12
10:3:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



w.
1:35:36 = ## ERR ## Setevent
ow.


10:46:59 = hWnd = 0x00010018; ClassName:
dow.
10:46:59 = hWnd = 0x00010022; ClassName:
10:47:4 = s1.
10:47:4 = s2.


w.
2:5:28 = hWnd = 0x00160626; ClassName:


.


10:33:3 = hWnd = 0x00010018; ClassName:
ow.
10:33:3 = hWnd = 0x00010022; ClassName:
10:33:8 = s1.
10:33:8 = s2.
10:33:11
10:33:11
10:33:47
10:33:47
10:33:48
10:33:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


1:33:3 = hWnd = 0x00030300; ClassName:
w.
1:35:42 = ## ERR ## Setevent


ow.


10:9:53 = hWnd = 0x00010018; ClassName:
ow.
10:9:53 = hWnd = 0x00010022; ClassName:
10:9:56 = s1.
10:9:56 = s2.


ow.

1:39:47 = s1.
1:39:47 = s2.
1:39:48
1:39:48
1:42:30
1:42:30
1:42:31
1:42:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:48:23 = hWnd = 0x001e00dc; ClassName:
1:48:42 = ## ERR ## Setevent



ow.


1:50:13 =
ow.
x=0, y=0,
1:50:14 =
x=0, y=0,
1:50:14 =
x=0, y=0,
1:50:16 =
width=1, height=1
width=0, height=0
width=0, height=0
1:50:17 = s1.
1:50:17 = s2.
1:50:20
1:50:20
1:50:57
1:50:57
1:50:58
1:50:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:18:12 = hWnd = 0x00040606; ClassName:
ow.
2:18:19 = ## ERR ## Setevent



ow.


11:5:30 = hWnd = 0x00010018; ClassName:
ow.
11:5:31 = hWnd = 0x00010022; ClassName:

11:5:34 = s1.
11:5:34 = s2.
11:5:37
11:5:37
11:6:15
11:6:15
11:6:16
11:6:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.

1:3:56 = hWnd = 0x00fd004e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
10:26:40 = hWnd = 0x00010018; ClassName:
dow.
10:26:40 = hWnd = 0x00010022; ClassName:

10:26:43 = s1.
10:26:43 = s2.
10:26:46
10:26:46
10:27:24
10:27:24
10:27:25
10:27:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:9:13 = s1.
1:9:13 = s2.


ow.
1:16:11 = hWnd = 0x000e09bc; ClassName:

1:16:11 = s1.
1:16:11 = s2.
1:16:11
1:16:11
1:16:34
1:16:34
1:16:35
1:16:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:30:40 = hWnd = 0x00040502; ClassName:
1:30:40 = hWnd = 0x00050546; ClassName:
ow.



w.


10:31:8 = hWnd = 0x00010018; ClassName:
ow.
10:31:8 = hWnd = 0x00010022; ClassName:

10:31:10 = s1.
10:31:10 = s2.
10:31:14
10:31:14
10:31:52
10:31:52
10:31:53
10:31:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:33:33 = hWnd = 0x00360670; ClassName:
dow.
14:33:33 = hWnd = 0x00070778; ClassName:

14:33:33 = s1.
14:33:33 = s2.
14:33:33
14:33:33
14:33:49
14:33:49
14:33:50
14:33:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:48:7 = hWnd = 0x000207ac; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:48:50 = ## ERR ## Setevent
ow.


ow.

11:0:32 = s1.
11:0:32 = s2.
11:0:36
11:0:36
11:1:13
11:1:13
11:1:14
11:1:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
4:11:22 = hWnd = 0x00110912; ClassName:
4:12:50 = ## ERR ## Setevent


ow.
4:12:50 = hWnd = 0x00030072; ClassName:


dow.
10:34:57 = s1.
10:34:57 = s2.
10:51:3 = hWnd = 0x00080578; ClassName:
ow.
10:51:3 = hWnd = 0x00120402; ClassName:
10:51:3 = hWnd = 0x00070460; ClassName:

10:51:3 = s1.
10:51:3 = s2.
dow.

14:12:47 = s1.
14:12:47 = s2.
14:12:47
14:12:47
16:52:19
16:52:19
16:52:19
=
=
=
=
=
Start show animate

begin close Process
end close Process
DLL_PROCESS_DETACH

1:22:3 = hWnd = 0x001005ce; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:22:3 = hWnd = 0x004606fc; ClassName: IME; Title: Default IME.
1:23:28 = ## ERR ## Setevent
ow.


dow.

11:52:27 = s1.
11:52:27 = s2.
2:56:19 = hWnd = 0x00aa078e; ClassName:
ow.
2:56:19 = hWnd = 0x00100384; ClassName:
2:57:22 = ## ERR ## Setevent


ow.



8:17:23 = hWnd = 0x00010018; ClassName:
ow.
8:17:23 = hWnd = 0x00010022; ClassName:

8:17:26 = s1.
8:17:26 = s2.
ow.
1:36:36 = hWnd = 0x00041292; ClassName:
1:37:52 = ## ERR ## Setevent


ow.
1:37:52 = hWnd = 0x001b01ce; ClassName:


6:21:34 = hWnd = 0x00010018; ClassName:
ow.
6:21:34 = hWnd = 0x00010022; ClassName:

6:21:38 = s1.
6:21:38 = s2.
6:21:42
6:21:42
6:22:18
6:22:18
6:22:19
6:22:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:39:58 = hWnd = 0x00620628; ClassName:
ow.
1:43:26 = ## ERR ## Setevent



12:34:20 = hWnd = 0x00010018; ClassName:
dow.
12:34:21 = hWnd = 0x00010022; ClassName:

12:34:22 = s1.
12:34:22 = s2.
16:46:45 = hWnd = 0x00070578; ClassName:
16:46:45 = hWnd = 0x00280688; ClassName:
dow.
16:46:45 = hWnd = 0x00050560; ClassName:
16:46:45 = hWnd = 0x00060494; ClassName:
16:47:53 = ## ERR ## Setevent


dow.

16:51:48 = hWnd = 0x00010018; ClassName:
dow.
16:51:48 = hWnd = 0x00010022; ClassName:

16:51:51 = s1.
16:51:51 = s2.
16:51:55
16:51:55
16:52:33
16:52:33
16:52:34
16:52:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:36:35 = hWnd = 0x00080498; ClassName:
1:36:35 = hWnd = 0x00080492; ClassName:
1:38:13 = ## ERR ## Setevent


1:38:13 =
x=0, y=0,
10:17:6 =
10:17:7 =

width=0, height=0
Process Attach
end process attach

10:17:7 = hWnd = 0x00010018; ClassName:
ow.
10:17:7 = hWnd = 0x00010022; ClassName:

10:17:10 = s1.
10:17:10 = s2.
10:17:13
10:17:13
10:17:53
10:17:53
10:17:54
10:17:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:18:27 = hWnd = 0x00040556; ClassName:
2:18:27 = hWnd = 0x00110548; ClassName:
2:19:23 = ## ERR ## Setevent


ow.


11:19:48 = hWnd = 0x00010018; ClassName:
dow.
11:19:49 = hWnd = 0x00010022; ClassName:

11:19:53 = s1.
11:19:53 = s2.
11:19:56
11:19:56
11:20:34
11:20:34
11:20:35
11:20:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:15:1 = hWnd = 0x00170126; ClassName:
ow.
17:15:42 = ## ERR ## Setevent


17:15:42 = hWnd = 0x000200aa; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

17:17:39 = hWnd = 0x00010018; ClassName:
dow.
17:17:40 = hWnd = 0x00010022; ClassName:

17:17:42 = s1.
17:17:42 = s2.
17:17:44
17:17:44
17:18:20
17:18:20
17:18:21
17:18:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:17:28 =
ow.
x=0, y=0,
1:17:28 =
x=0, y=0,
1:17:28 =
x=0, y=0,
1:18:51 =
1:18:51 =
hWnd = 0x00b60c5a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
hWnd = 0x001f086c; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
11:35:23 = hWnd = 0x00010018; ClassName:
dow.
11:35:23 = hWnd = 0x00010022; ClassName:

11:35:26 = s1.
11:35:26 = s2.
1:2:7 = hWnd = 0x00140876; ClassName:
.
1:2:7 = hWnd = 0x00170560; ClassName:
1:2:7 = hWnd = 0x001c06fe; ClassName:



w.
1:3:19 = hWnd = 0x008f00ea; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
11:6:51 = hWnd = 0x00010018; ClassName:
ow.
11:6:51 = hWnd = 0x00010022; ClassName:

11:6:54 = s1.
11:6:54 = s2.
11:6:58
11:6:58
11:7:36
11:7:36
11:7:37
11:7:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.

w.


11:7:1 = hWnd = 0x00010018; ClassName:
w.
11:7:2 = hWnd = 0x00010022; ClassName:

11:7:4 = s1.
11:7:4 = s2.
w.
2:33:24 = ## ERR ## Setevent

ow.


11:44:2 = hWnd = 0x00010018; ClassName:
ow.
11:44:3 = hWnd = 0x00010022; ClassName:

11:44:4 = s1.
11:44:4 = s2.
dow.
20:30:58 = hWnd = 0x00050370; ClassName:
20:32:15 = ## ERR ## Setevent


dow.


20:36:31 = hWnd = 0x00010018; ClassName:
dow.
20:36:31 = hWnd = 0x00010022; ClassName:

20:36:33 = s1.
20:36:33 = s2.
20:36:37
20:36:37
20:37:14
20:37:14
20:37:15
20:37:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:24:10 = hWnd = 0x00040628; ClassName:
ow.
2:24:10 = hWnd = 0x001e04ae; ClassName:


2:24:56 = ## ERR ## Setevent
2:24:56 = hWnd = 0x00030038; ClassName:
ow.


9:41:16 = hWnd = 0x00010018; ClassName:
ow.
9:41:16 = hWnd = 0x00010022; ClassName:

9:41:18 = s1.
9:41:18 = s2.
w.

.


11:11:53 = hWnd = 0x00010018; ClassName:
dow.
11:11:53 = hWnd = 0x00010022; ClassName:

11:11:56 = s1.
11:11:56 = s2.
11:11:59
11:11:59
11:12:37
11:12:37
11:12:38
11:12:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:34:24 = hWnd = 0x009a06d4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
2:34:24 =
x=0, y=0,
2:34:24 =
x=0, y=0,
2:35:49 =
2:35:49 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
2:35:49 = hWnd = 0x00030088; ClassName:


10:31:36 = hWnd = 0x00010018; ClassName:
dow.
10:31:37 = hWnd = 0x00010022; ClassName:

10:31:39 = s1.
10:31:39 = s2.
10:31:43
10:31:43
10:32:19
10:32:19
10:32:20
10:32:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
w.
10:56:8 = hWnd = 0x00010018; ClassName:
ow.
10:56:8 = hWnd = 0x00010022; ClassName:

10:56:11 = s1.
10:56:11 = s2.
10:56:15
10:56:15
10:56:52
10:56:52
10:56:53
10:56:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
3:26:19 = hWnd = 0x00270480; ClassName:
3:27:49 = ## ERR ## Setevent


ow.
3:27:49 = hWnd = 0x00030112; ClassName:


12:17:4 = hWnd = 0x00010018; ClassName:
ow.
12:17:4 = hWnd = 0x00010022; ClassName:
12:17:7 = s1.
12:17:7 = s2.
12:17:10
12:17:10
12:17:49
12:17:49
12:17:50
12:17:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



ow.
3:49:46 = ## ERR ## Setevent


ow.


12:41:5 = hWnd = 0x00010018; ClassName:
ow.
12:41:5 = hWnd = 0x00010022; ClassName:
12:41:8 = s1.
12:41:8 = s2.
12:41:11
12:41:11
12:41:50
12:41:50
12:41:51
12:41:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
2:23:53 = hWnd = 0x000904aa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
w.


12:16:57 = hWnd = 0x00010018; ClassName:
dow.
12:16:58 = hWnd = 0x00010022; ClassName:
12:17:2 = s1.
12:17:2 = s2.


w.
3:8:38 = hWnd = 0x00060874; ClassName:


w.
3:9:42 = hWnd = 0x00030036; ClassName:


14:1:48 = hWnd = 0x00010018; ClassName:
ow.
14:1:48 = hWnd = 0x00010022; ClassName:
14:1:51 = s1.
14:1:51 = s2.

14:2:32
14:2:32
14:2:33
14:2:33
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


4:8:3 = hWnd = 0x00040038; ClassName:
.


13:16:19 = hWnd = 0x00010018; ClassName:
dow.
13:16:19 = hWnd = 0x00010022; ClassName:
13:16:22 = s1.
13:16:22 = s2.


.
4:1:6 = hWnd = 0x00080718; ClassName:


4:2:24 = hWnd = 0x00060094; ClassName:
w.


12:11:58 = hWnd = 0x00010018; ClassName:
dow.
12:11:58 = hWnd = 0x00010022; ClassName:

12:12:1 = s1.
12:12:1 = s2.
4:6:24 = hWnd = 0x00050596; ClassName:
w.
4:6:24 = hWnd = 0x00050562; ClassName:


.
4:7:4 = hWnd = 0x00060128; ClassName:


dow.

12:39:29 = s1.
12:39:29 = s2.
12:39:33
12:39:33
12:40:11
12:40:11
12:40:12
12:40:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.


8:48:54 =
ow.
x=0, y=0,
8:48:54 =
x=0, y=0,
8:48:54 =
x=0, y=0,
8:48:57 =
width=1, height=1
width=0, height=0
width=0, height=0
8:48:57 = s1.
8:48:57 = s2.
ow.
2:34:13 = ## ERR ## Setevent


ow.

w.
14:8:3 = s1.
14:8:3 = s2.
ow.
3:38:38 = ## ERR ## Setevent


3:38:38 = hWnd = 0x01510112; ClassName:
ow.


14:30:50 = hWnd = 0x00010018; ClassName:
dow.
14:30:50 = hWnd = 0x00010022; ClassName:

14:30:53 = s1.
14:30:53 = s2.
14:30:56
14:30:56
14:31:34
14:31:34
14:31:35
14:31:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:38:26 = ## ERR ## Setevent
ow.


12:40:31 = hWnd = 0x00010018; ClassName:
dow.
12:40:32 = hWnd = 0x00010022; ClassName:

12:40:35 = s1.
12:40:35 = s2.
12:40:38
12:40:38
12:41:17
12:41:17
12:41:18
12:41:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:44:19 =
ow.
x=0, y=0,
1:44:19 =
x=0, y=0,
1:44:19 =
x=0, y=0,
1:45:19 =
1:45:19 =
hWnd = 0x0003049e; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000d0494; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:45:19 =
ow.
x=0, y=0,
1:45:19 =
x=0, y=0,
width=1, height=1
width=0, height=0
1:45:19 =
x=0, y=0,
8:44:37 =
8:44:37 =

width=0, height=0
Process Attach
end process attach

8:44:38 = hWnd = 0x00010018; ClassName:
ow.
8:44:39 = hWnd = 0x00010022; ClassName:

8:44:41 = s1.
8:44:41 = s2.
8:44:44
8:44:44
8:45:23
8:45:23
8:45:24
8:45:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

10:0:32 = hWnd = 0x000404cc; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
10:0:32 =
x=0, y=0,
10:0:32 =
x=0, y=0,
10:0:57 =
10:0:57 =
hWnd = 0x000204ca; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
10:0:57 =
x=0, y=0,
10:0:57 =
x=0, y=0,
16:9:25 =
16:9:25 =

width=0, height=0
width=0, height=0
Process Attach
end process attach

16:9:26 = hWnd = 0x00010018; ClassName:
ow.
16:9:27 = hWnd = 0x00010022; ClassName:

16:9:29 = s1.
16:9:29 = s2.
ow.
2:49:59 = hWnd = 0x00020474; ClassName:
2:50:56 = ## ERR ## Setevent



ow.
13:22:12 = hWnd = 0x00010018; ClassName:
dow.
13:22:12 = hWnd = 0x00010022; ClassName:

13:22:14 = s1.
13:22:14 = s2.
13:22:18
13:22:18
13:22:56
13:22:56
13:22:57
13:22:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:15:58 = ## ERR ## Setevent



ow.
3:15:58 = hWnd = 0x00de0126; ClassName:


12:30:36 = hWnd = 0x00010018; ClassName:
dow.
12:30:36 = hWnd = 0x00010022; ClassName:

12:30:39 = s1.
12:30:39 = s2.
12:30:42
12:30:42
12:31:19
12:31:19
12:31:20
12:31:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
3:45:46 = hWnd = 0x00050626; ClassName:
3:45:46 = hWnd = 0x00050656; ClassName:
3:46:54 = ## ERR ## Setevent


3:46:54 = hWnd = 0x00040052; ClassName:
ow.


11:47:8 = hWnd = 0x00010018; ClassName:
ow.
11:47:9 = hWnd = 0x00010022; ClassName:

11:47:10 = s1.
11:47:10 = s2.
11:47:13
11:47:13
11:47:51
11:47:51
11:47:52
11:47:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:2:38 = hWnd = 0x00080636; ClassName:
w.


w.
12:40:28 = hWnd = 0x00010018; ClassName:
dow.
12:40:29 = hWnd = 0x00010022; ClassName:

12:40:31 = s1.
12:40:31 = s2.
12:40:35
12:40:35
12:41:13
12:41:13
12:41:14
12:41:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
16:48:29 = hWnd = 0x00210546; ClassName:
16:48:29 = hWnd = 0x00020340; ClassName:


16:48:30 = s1.
16:48:30 = s2.
w.


w.


dow.
12:11:41 = s1.
12:11:41 = s2.
12:11:45
12:11:45
12:12:23
12:12:23
12:12:24
12:12:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
18:9:25 = hWnd = 0x00060610; ClassName:
18:10:35 = ## ERR ## Setevent


dow.
18:10:35 = hWnd = 0x00060120; ClassName:


18:12:51 = hWnd = 0x00010018; ClassName:
dow.
18:12:51 = hWnd = 0x00010022; ClassName:

18:12:54 = s1.
18:12:54 = s2.
18:12:57
18:12:57
18:13:36
18:13:36
18:13:37
18:13:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:29:43 =
ow.
x=0, y=0,
1:29:43 =
x=0, y=0,
1:29:43 =
x=0, y=0,
1:30:35 =
1:30:35 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.



dow.
12:46:50 = s1.
12:46:50 = s2.
12:46:53
12:46:53
12:47:31
12:47:31
12:47:32
12:47:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:50:57 = hWnd = 0x00040340; ClassName:
dow.

14:50:57 = s1.
14:50:57 = s2.

ow.
4:44:24 = ## ERR ## Setevent
4:44:24 = hWnd = 0x000500dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
4:44:24 = hWnd = 0x000f00ce; ClassName: IME; Title: Default IME.
12:27:54 = hWnd = 0x00010018; ClassName:
dow.
12:27:55 = hWnd = 0x00010022; ClassName:

12:27:57 = s1.
12:27:57 = s2.
18:9:59 = hWnd = 0x000e07cc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
18:11:53 = ## ERR ## Setevent
dow.
18:11:53 = hWnd = 0x00090116; ClassName:


18:16:19 = hWnd = 0x00010018; ClassName:
dow.
18:16:19 = hWnd = 0x00010022; ClassName:

18:16:21 = s1.
18:16:21 = s2.

ow.
2:52:20 = hWnd = 0x00040656; ClassName:
2:53:30 = ## ERR ## Setevent


ow.


10:58:44 = hWnd = 0x00010018; ClassName:
dow.
10:58:44 = hWnd = 0x00010022; ClassName:

10:58:46 = s1.
10:58:46 = s2.
10:58:49
10:58:49
10:59:27
10:59:27
10:59:29
10:59:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
3:6:30 = hWnd = 0x00030596; ClassName:
3:6:30 = hWnd = 0x00050692; ClassName:


3:8:31 = hWnd = 0x00050038; ClassName:
3:8:31 = hWnd = 0x02240144; ClassName:
w.


11:30:58 = hWnd = 0x00010018; ClassName:
dow.
11:30:58 = hWnd = 0x00010022; ClassName:
11:31:1 = s1.
11:31:1 = s2.


2:14:44 = hWnd = 0x00040440; ClassName:
ow.
2:16:20 = ## ERR ## Setevent


ow.
2:16:20 = hWnd = 0x00df0132; ClassName:


8:0:15 = hWnd = 0x00010018; ClassName:
w.
8:0:15 = hWnd = 0x00010022; ClassName:
8:0:18 = s1.
8:0:18 = s2.

3:14:0 = hWnd = 0x00040660; ClassName:
3:14:0 = hWnd = 0x00030636; ClassName:
w.
3:15:25 = ## ERR ## Setevent


3:15:25 = hWnd = 0x00ef00e0; ClassName:
ow.
3:15:25 = hWnd = 0x00a700ca; ClassName:
3:15:25 = hWnd = 0x00990122; ClassName:


10:50:21 = hWnd = 0x00010018; ClassName:
dow.
10:50:21 = hWnd = 0x00010022; ClassName:
10:50:24 = s1.
10:50:24 = s2.


ow.
2:13:50 = ## ERR ## Setevent


ow.


11:39:26 = hWnd = 0x00010018; ClassName:
dow.
11:39:27 = hWnd = 0x00010022; ClassName:
11:39:29 = s1.
11:39:29 = s2.

11:39:33
11:40:10
11:40:10
11:40:11
11:40:11
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:49:37 = hWnd = 0x00010018; ClassName:
dow.
14:49:38 = hWnd = 0x00010022; ClassName:

14:49:41 = s1.
14:49:41 = s2.
14:49:45
14:49:45
14:50:23
14:50:23
14:50:24
14:50:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.



w.


11:10:28 = hWnd = 0x00010018; ClassName:
dow.
11:10:29 = hWnd = 0x00010022; ClassName:

11:10:32 = s1.
11:10:32 = s2.
11:10:35
11:10:35
11:11:14
11:11:14
11:11:15
11:11:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:17:22 = hWnd = 0x00050470; ClassName:
ow.
2:17:22 = hWnd = 0x00020446; ClassName:
2:17:22 = hWnd = 0x00030466; ClassName:



w.


12:12:56 = hWnd = 0x00010018; ClassName:
dow.
12:12:56 = hWnd = 0x00010022; ClassName:

12:12:58 = s1.
12:12:58 = s2.
3:58:16 = hWnd = 0x00030450; ClassName:
ow.
3:59:59 = ## ERR ## Setevent


ow.
3:59:59 = hWnd = 0x01ae0056; ClassName:


9:42:24 = hWnd = 0x00010018; ClassName:
ow.
9:42:24 = hWnd = 0x00010022; ClassName:

9:42:30 = s1.
9:42:30 = s2.
9:42:33
9:42:33
9:43:24
9:43:24
9:43:25
9:43:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


2:38:54 = s1.
2:38:54 = s2.
2:38:55
2:38:55
2:40:58
2:40:58
2:40:59
2:40:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:5:34 = hWnd = 0x000a0bac; ClassName:
w.
3:5:34 = hWnd = 0x000c0b5c; ClassName:


13:3:27 = hWnd = 0x00010018; ClassName:
ow.
13:3:28 = hWnd = 0x00010022; ClassName:
13:3:30 = s1.

13:3:30 = s2.
13:3:34
13:3:34
13:4:12
13:4:12
13:4:14
13:4:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:38:47 = hWnd = 0x00560610; ClassName:
ow.
2:39:59 = ## ERR ## Setevent


ow.


12:5:16 = hWnd = 0x00010018; ClassName:
ow.
12:5:16 = hWnd = 0x00010022; ClassName:


12:5:16 = s1.
12:5:16 = s2.
dow.
23:0:57 = ## ERR ## Setevent
ow.
23:0:57 = hWnd = 0x00030126; ClassName:


ow.

9:12:39 = s1.
9:12:39 = s2.
9:12:43
9:12:43
9:13:20
9:13:20
9:13:21
9:13:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:4:3 = hWnd = 0x00050538; ClassName:
0:4:3 = hWnd = 0x00330506; ClassName:
.


0:5:21 = hWnd = 0x00050038; ClassName:
w.


ow.
x=0, y=0,
9:25:28 =
x=0, y=0,
9:25:28 =
x=0, y=0,
9:25:33 =
width=1, height=1
width=0, height=0
width=0, height=0
9:25:33 = s1.
9:25:33 = s2.
9:25:37
9:25:37
9:26:27
9:26:27
9:26:28
9:26:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:32:57 = hWnd = 0x00060ade; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
23:34:7 = ## ERR ## Setevent
23:34:7 = hWnd = 0x00080032; ClassName:
ow.
23:34:7 = hWnd = 0x00020118; ClassName:


x=0, y=0,
9:13:18 =
ow.
x=0, y=0,
9:13:18 =
x=0, y=0,
9:13:18 =
x=0, y=0,
9:13:22 =
width=1, height=1
width=0, height=0
width=0, height=0
9:13:22 = s1.
9:13:22 = s2.
11:54:17 = hWnd = 0x00030654; ClassName:
11:54:17 = hWnd = 0x00040698; ClassName:
dow.
11:54:17 = hWnd = 0x00360466; ClassName:
11:54:17 = hWnd = 0x00040696; ClassName:
11:54:36 = ## ERR ## Setevent


dow.


13:35:48 = hWnd = 0x00010018; ClassName:
dow.
13:35:48 = hWnd = 0x00010022; ClassName:

13:35:55 = s1.
13:35:55 = s2.
13:35:55
13:35:55
13:36:22
13:36:22
13:36:23
13:36:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
.


10:10:44 = hWnd = 0x00010018; ClassName:
dow.
10:10:44 = hWnd = 0x00010022; ClassName:

10:10:48 = s1.
10:10:48 = s2.
10:10:50
10:10:50
10:11:26
10:11:26
10:11:27
10:11:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:51:11 = hWnd = 0x00030452; ClassName:
ow.
2:51:11 = hWnd = 0x00020440; ClassName:
2:51:40 = ## ERR ## Setevent


ow.
2:51:40 = hWnd = 0x014c00cc; ClassName:


12:42:37 = hWnd = 0x00010018; ClassName:
dow.
12:42:37 = hWnd = 0x00010022; ClassName:

12:42:40 = s1.
12:42:40 = s2.
12:42:43
12:42:43
12:43:21
12:43:21
12:43:22
12:43:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:23:57 = hWnd = 0x00030492; ClassName:
ow.
2:23:57 = hWnd = 0x00030564; ClassName:
2:23:57 = hWnd = 0x00020494; ClassName:
2:24:56 = ## ERR ## Setevent


2:24:56 = hWnd = 0x000200ac; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.

11:48:32 = hWnd = 0x00010018; ClassName:
dow.
11:48:32 = hWnd = 0x00010022; ClassName:

11:48:39 = s1.
11:48:39 = s2.
11:48:42
11:48:42
11:49:25
11:49:25
11:49:26
11:49:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:24:22 = hWnd = 0x00190bae; ClassName:
ow.
2:25:31 = ## ERR ## Setevent



10:48:26 = hWnd = 0x00010018; ClassName:
dow.
10:48:27 = hWnd = 0x00010022; ClassName:

10:48:28 = s1.
10:48:28 = s2.
1:26:14 =
ow.
x=0, y=0,
1:26:14 =
x=0, y=0,
1:26:14 =
x=0, y=0,
1:27:54 =
1:27:54 =
hWnd = 0x004d047e; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:27:54 = hWnd = 0x00070050; ClassName:


10:29:20 = hWnd = 0x00010018; ClassName:
dow.
10:29:20 = hWnd = 0x00010022; ClassName:

10:29:22 = s1.
10:29:22 = s2.
2:16:19 = hWnd = 0x00040524; ClassName:
ow.
2:16:19 = hWnd = 0x00780470; ClassName:
2:16:19 = hWnd = 0x00070472; ClassName:
2:17:50 = ## ERR ## Setevent


ow.


10:51:34 = hWnd = 0x00010018; ClassName:
dow.
10:51:34 = hWnd = 0x00010022; ClassName:

10:51:37 = s1.
10:51:37 = s2.
10:51:39
10:51:39
10:52:17
10:52:17
10:52:19
10:52:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:21:39 = ## ERR ## Setevent


ow.
1:21:39 = hWnd = 0x01ae00c0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
dow.
10:51:3 = s1.
10:51:3 = s2.
ow.

w.


11:56:35 = hWnd = 0x00010018; ClassName:
dow.
11:56:35 = hWnd = 0x00010022; ClassName:

11:56:35 = s1.
11:56:35 = s2.
11:56:38
11:56:38
11:57:34
11:57:34
11:57:35
11:57:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:43:10 = ## ERR ## Setevent



ow.


12:36:35 = hWnd = 0x00010018; ClassName:
dow.
12:36:35 = hWnd = 0x00010022; ClassName:

12:36:37 = s1.
12:36:37 = s2.
12:36:41
12:36:41
12:37:19
12:37:19
12:37:20
12:37:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:49:29 = hWnd = 0x00050434; ClassName:
2:49:29 = hWnd = 0x00090bec; ClassName:
ow.
2:49:29 = hWnd = 0x00040bfc; ClassName:
2:50:43 = ## ERR ## Setevent


ow.


13:33:55 = hWnd = 0x00010018; ClassName:
dow.
13:33:55 = hWnd = 0x00010022; ClassName:

13:33:58 = s1.
13:33:58 = s2.
w.


w.


12:2:51 = hWnd = 0x00010018; ClassName:
ow.
12:2:52 = hWnd = 0x00010022; ClassName:

12:2:56 = s1.
12:2:56 = s2.
ow.
x=0, y=0,
1:38:28 =
x=0, y=0,
1:38:28 =
x=0, y=0,
1:39:55 =
1:39:55 =
width=1, height=1
width=0, height=0
hWnd = 0x00ae05a0; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


2:18:24 = hWnd = 0x00010018; ClassName:
ow.
2:18:24 = hWnd = 0x00010022; ClassName:

2:18:26 = s1.
2:18:26 = s2.

w.


w.


4:34:7 = hWnd = 0x00010018; ClassName:
w.
4:34:8 = hWnd = 0x00010022; ClassName:
4:34:10 = s1.
4:34:10 = s2.
4:34:14
4:34:14
4:34:53
4:34:53
4:34:54
4:34:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


6:23:12 = hWnd = 0x00080436; ClassName:
6:23:12 = hWnd = 0x00040450; ClassName:
ow.
6:23:18 = ## ERR ## Setevent


ow.


8:14:30 = hWnd = 0x00010018; ClassName:
ow.
8:14:30 = hWnd = 0x00010022; ClassName:
8:14:30 = s1.
8:14:30 = s2.


18:33:37 = hWnd = 0x00010018; ClassName:
dow.
18:33:38 = hWnd = 0x00010022; ClassName:

18:33:40 = s1.
18:33:40 = s2.
18:33:44
18:33:44
18:34:21
18:34:21
18:34:22
18:34:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
18:44:45 = ## ERR ## Setevent


18:44:45 = hWnd = 0x000200fc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
18:44:45 = hWnd = 0x000900fa; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
18:46:24 = hWnd = 0x00010018; ClassName:
dow.
18:46:24 = hWnd = 0x00010022; ClassName:

18:46:27 = s1.
18:46:27 = s2.
2:39:13 = hWnd = 0x00100838; ClassName:
ow.



w.
2:40:5 = hWnd = 0x001b00ca; ClassName:


11:50:53 = hWnd = 0x00010018; ClassName:
dow.
11:50:53 = hWnd = 0x00010022; ClassName:

11:50:53 = s1.
11:50:53 = s2.
11:50:57
11:50:57
11:51:12
11:51:12
11:51:13
11:51:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:27:58 = hWnd = 0x00010018; ClassName:
dow.
13:27:58 = hWnd = 0x00010022; ClassName:

13:28:1 = s1.
13:28:1 = s2.
15:2:53 = s1.
15:2:53 = s2.
23:1:50 = Bypass the object creation.
23:2:25
23:2:26
23:2:27
23:2:27
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
23:2:39 = hWnd = 0x00040446; ClassName:
23:2:39 = hWnd = 0x00020448; ClassName:
23:2:56 = ## ERR ## Setevent


23:2:56 =
x=0, y=0,
23:2:56 =
x=0, y=0,
23:3:59 =
23:3:59 =

width=0, height=0
width=0, height=0
Process Attach
end process attach

23:3:59 = hWnd = 0x00010018; ClassName:
ow.
23:3:59 = hWnd = 0x00010022; ClassName:

23:4:0 = s1.
23:4:0 = s2.
w.



1:15:0 = hWnd = 0x00020124; ClassName:
w.


7:58:27 = hWnd = 0x00010018; ClassName:
ow.
7:58:27 = hWnd = 0x00010022; ClassName:

7:58:32 = s1.
7:58:32 = s2.
7:58:32
7:58:32
7:59:56
7:59:56
7:59:57
7:59:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
18:17:34 = ## ERR ## Setevent


dow.


18:21:54 = hWnd = 0x00010018; ClassName:
dow.
18:21:55 = hWnd = 0x00010022; ClassName:

18:21:57 = s1.
18:21:57 = s2.
0:1:49 = hWnd = 0x00010018; ClassName:
w.
0:1:49 = hWnd = 0x00010022; ClassName:

0:2:7 = s1.
0:2:7 = s2.
0:2:15
0:2:15
0:3:17
0:3:17
0:3:17
=
=
=
=
=
Start show animate

begin close Process
end close Process
DLL_PROCESS_DETACH

ow.
2:19:46 = ## ERR ## Setevent


ow.


8:37:2 = hWnd = 0x00010018; ClassName:
w.
8:37:2 = hWnd = 0x00010022; ClassName:


8:37:11 = s1.
8:37:11 = s2.
8:37:13
8:37:13
8:37:42
8:37:42
8:37:43
8:37:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:25:18 = hWnd = 0x00100474; ClassName:
2:25:18 = hWnd = 0x00100648; ClassName:
2:26:29 = ## ERR ## Setevent


ow.


8:36:35 =
ow.
x=0, y=0,
8:36:36 =
x=0, y=0,
8:36:36 =
x=0, y=0,
8:36:39 =
width=1, height=1
width=0, height=0
width=0, height=0
8:36:39 = s1.
8:36:39 = s2.
8:36:43
8:36:43
8:37:22
8:37:22
8:37:23
8:37:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:45:50 = hWnd = 0x00070478; ClassName:


1:47:8 = hWnd = 0x000300c8; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
1:47:8 = hWnd = 0x000200ca; ClassName: IME; Title: Default IME.

12:56:24 = hWnd = 0x00010018; ClassName:
dow.
12:56:24 = hWnd = 0x00010022; ClassName:

12:56:28 = s1.
12:56:28 = s2.
ow.
13:7:24 = s1.
13:7:24 = s2.


ow.
1:50:35 = hWnd = 0x00190486; ClassName:
1:51:58 = ## ERR ## Setevent


1:51:58 =
ow.
x=0, y=0,
1:51:58 =
x=0, y=0,
1:51:58 =
x=0, y=0,
9:40:12 =
9:40:12 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

9:40:13 = hWnd = 0x00010018; ClassName:
ow.
9:40:13 = hWnd = 0x00010022; ClassName:
9:40:15 = s1.
9:40:15 = s2.
9:40:18
9:40:18
9:40:57
9:40:57
9:40:58
9:40:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


2:45:41 = hWnd = 0x00100bca; ClassName:
ow.
2:47:40 = ## ERR ## Setevent


ow.


10:18:41 = hWnd = 0x00010018; ClassName:
dow.
10:18:41 = hWnd = 0x00010022; ClassName:
10:18:43 = s1.
10:18:43 = s2.

10:19:23
10:19:23
10:19:25
10:19:25
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

10:29:41 = hWnd = 0x00020448; ClassName:
10:29:41 = hWnd = 0x00020440; ClassName:
dow.

10:29:41 = s1.
10:29:41 = s2.
10:29:41
10:29:41
13:13:17
13:13:17
13:13:18
13:13:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:34:46 = hWnd = 0x00150916; ClassName:
ow.



w.
9:53:41 = hWnd = 0x00010018; ClassName:
ow.
9:53:41 = hWnd = 0x00010022; ClassName:

9:53:44 = s1.
9:53:44 = s2.
9:53:48
9:53:48
9:54:26
9:54:26
9:54:27
9:54:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:56:42 = hWnd = 0x00020446; ClassName:
2:57:43 = ## ERR ## Setevent


2:57:43 =
x=0, y=0,
13:9:44 =
13:9:44 =
hWnd = 0x000200dc; ClassName: IME; Title: Default IME.

width=0, height=0
Process Attach
end process attach

13:9:45 = hWnd = 0x00010018; ClassName:
ow.
13:9:45 = hWnd = 0x00010022; ClassName:

13:9:47 = s1.
13:9:47 = s2.
1:44:40 = hWnd = 0x00040452; ClassName:
1:44:40 = hWnd = 0x00060362; ClassName:
ow.
1:44:40 = hWnd = 0x00040442; ClassName:
1:45:56 = ## ERR ## Setevent


ow.

12:12:56 = hWnd = 0x00010018; ClassName:
dow.
12:12:56 = hWnd = 0x00010022; ClassName:

12:13:1 = s1.
12:13:1 = s2.
2:56:37 = hWnd = 0x00060464; ClassName:
ow.
2:56:37 = hWnd = 0x00020484; ClassName:
2:57:53 = ## ERR ## Setevent


ow.
11:46:10 = hWnd = 0x00010018; ClassName:
dow.
11:46:10 = hWnd = 0x00010022; ClassName:

11:46:11 = s1.
11:46:11 = s2.
11:46:13
11:46:13
11:46:49
11:46:49
11:46:50
11:46:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
3:5:11 = hWnd = 0x00190fd8; ClassName:



w.
13:21:37 = hWnd = 0x00010018; ClassName:
dow.
13:21:38 = hWnd = 0x00010022; ClassName:

13:21:41 = s1.
13:21:41 = s2.
13:21:44
13:21:44
13:22:20
13:22:20
13:22:21
13:22:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:25:55 = hWnd = 0x00040484; ClassName:
ow.
1:25:55 = hWnd = 0x00060494; ClassName:



w.


dow.
12:34:15 = s1.
12:34:15 = s2.
12:34:20
12:34:20
12:34:55
12:34:55
12:34:57
12:34:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

3:8:49 = hWnd = 0x00190778; ClassName:
w.
3:8:49 = hWnd = 0x00300674; ClassName:
3:11:21 = ## ERR ## Setevent


ow.


12:11:23 = hWnd = 0x00010018; ClassName:
dow.
12:11:23 = hWnd = 0x00010022; ClassName:

12:11:31 = s1.
12:11:31 = s2.
12:11:36
12:11:36
12:12:12
12:12:12
12:12:13
12:12:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


w.


4:45:41 = hWnd = 0x00010018; ClassName:
ow.
4:45:41 = hWnd = 0x00010022; ClassName:

4:45:45 = s1.
4:45:45 = s2.
4:45:48
4:45:48
4:46:25
4:46:25
4:46:26
4:46:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

4:58:8 = hWnd = 0x00040084; ClassName:
w.


5:7:16 = hWnd = 0x00010018; ClassName:
w.
5:7:16 = hWnd = 0x00010022; ClassName:

5:7:17 = s1.
5:7:17 = s2.
5:7:17
5:7:17
5:7:37
5:7:37
5:7:38
5:7:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:37:23 = hWnd = 0x002109ea; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
1:37:23 =
x=0, y=0,
1:37:23 =
x=0, y=0,
1:37:58 =
1:37:58 =
width=1, height=1
width=0, height=0
hWnd = 0x001a09ce; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


9:48:42 = hWnd = 0x00010018; ClassName:
ow.
9:48:43 = hWnd = 0x00010022; ClassName:

9:48:46 = s1.
9:48:46 = s2.
9:48:49
9:48:49
9:49:27
9:49:27
9:49:28
9:49:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:56:23 =
x=0, y=0,
1:56:23 =
x=0, y=0,
1:57:55 =
1:57:55 =

width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:57:55 = hWnd = 0x00030036; ClassName:
ow.
1:57:55 = hWnd = 0x00040118; ClassName:


2:52:56 = hWnd = 0x00010018; ClassName:
ow.
2:52:56 = hWnd = 0x00010022; ClassName:

2:52:57 = s1.
2:52:57 = s2.
2:52:59
2:52:59
2:53:37
2:53:37
2:53:38
2:53:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
3:32:58 = hWnd = 0x000303ee; ClassName: IME; Title: Default IME.
w.


14:52:4 = hWnd = 0x00010018; ClassName:
ow.
14:52:4 = hWnd = 0x00010022; ClassName:
14:52:7 = s1.
14:52:7 = s2.


2:37:8 = hWnd = 0x000a0ade; ClassName:
w.
2:37:8 = hWnd = 0x00030922; ClassName:
2:38:18 = ## ERR ## Setevent


ow.


8:23:34 = hWnd = 0x00010018; ClassName:
ow.
8:23:34 = hWnd = 0x00010022; ClassName:
8:23:35 = s1.
8:23:35 = s2.
8:23:35
8:23:35
8:24:19
8:24:19
8:24:20
8:24:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
1:46:22 = ## ERR ## Setevent


ow.


13:49:14 = hWnd = 0x00010018; ClassName:
dow.
13:49:15 = hWnd = 0x00010022; ClassName:
13:49:17 = s1.
13:49:17 = s2.
13:49:19
13:49:19
13:49:57
13:49:57
13:49:58
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

3:20:41 = hWnd = 0x00650564; ClassName:
3:20:41 = hWnd = 0x00090728; ClassName:
ow.
3:21:19 = ## ERR ## Setevent


ow.
3:21:19 = hWnd = 0x00ba0126; ClassName:


9:56:43 = hWnd = 0x00010018; ClassName:
ow.
9:56:43 = hWnd = 0x00010022; ClassName:
9:56:44 = s1.
9:56:44 = s2.


1:29:30 =
ow.
x=0, y=0,
1:29:30 =
x=0, y=0,
1:29:30 =
x=0, y=0,
1:30:20 =
1:30:20 =
hWnd = 0x000f060a; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000f075a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:30:20 = hWnd = 0x01a400ea; ClassName:
1:30:20 = hWnd = 0x00900138; ClassName:


13:4:19 = hWnd = 0x00010018; ClassName:
ow.
13:4:20 = hWnd = 0x00010022; ClassName:
13:4:23 = s1.

13:4:23 = s2.
2:6:7 = hWnd = 0x00240aea; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
2:6:7 = hWnd = 0x000e05c2; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.
2:6:7 = hWnd = 0x007f057c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
2:6:7 = hWnd = 0x001204bc; ClassName: IME; Title: Default IME.
w.


11:12:21 = hWnd = 0x00010018; ClassName:
dow.
11:12:21 = hWnd = 0x00010022; ClassName:


11:12:45 = s1.
11:12:45 = s2.
11:12:45
11:12:45
11:13:19
11:13:19
11:13:20
11:13:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:11:23 = ## ERR ## Setevent


ow.


w.

9:4:51 = s1.
9:4:51 = s2.
9:4:55
9:4:55
9:5:31
9:5:31
9:5:32
9:5:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


.
1:9:6 = hWnd = 0x00020122; ClassName:
1:9:6 = hWnd = 0x00100118; ClassName:



ow.
10:2:20 = s1.
10:2:20 = s2.
1:1:15 = hWnd = 0x00040888; ClassName:
w.
1:1:15 = hWnd = 0x00050810; ClassName:


w.


8:34:32 = hWnd = 0x00010018; ClassName:
ow.
8:34:32 = hWnd = 0x00010022; ClassName:

8:34:33 = s1.
8:34:33 = s2.
8:34:33
8:34:33
8:35:16
8:35:16
8:35:17
8:35:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:47:33 = ## ERR ## Setevent


2:47:33 = hWnd = 0x00c500ee; ClassName:
2:47:33 = hWnd = 0x00050068; ClassName:
ow.


12:34:50 = hWnd = 0x00010018; ClassName:
dow.
12:34:51 = hWnd = 0x00010022; ClassName:

12:34:54 = s1.
12:34:54 = s2.
12:34:58
12:34:58
12:35:35
12:35:35
12:35:36
12:35:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
1:31:19 = hWnd = 0x00110438; ClassName:


w.
1:32:6 = hWnd = 0x00f600fa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

1:32:6 = hWnd = 0x008f010c; ClassName: IME; Title: Default IME.
10:54:22 = hWnd = 0x00010018; ClassName:
dow.
10:54:23 = hWnd = 0x00010022; ClassName:

10:54:25 = s1.
10:54:25 = s2.
dow.
15:48:24 = hWnd = 0x00040742; ClassName:
15:48:24 = s1.
15:48:24 = s2.
15:48:25
15:48:25
16:43:56
16:43:56
16:43:57
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

ow.
18:37:27 = ## ERR ## Setevent


18:41:34 = hWnd = 0x00010018; ClassName:
dow.
18:41:34 = hWnd = 0x00010022; ClassName:
18:41:37 = s1.
18:41:37 = s2.
18:41:40
18:41:40
18:42:17
18:42:17
18:42:18
18:42:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.


w.


11:36:38 = hWnd = 0x00010018; ClassName:
dow.
11:36:39 = hWnd = 0x00010022; ClassName:
11:36:41 = s1.
11:36:41 = s2.

11:37:20
11:37:20
11:37:21
11:37:21
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:8:39 = hWnd = 0x000e0b6e; ClassName:


w.


7:34:16 = hWnd = 0x00010018; ClassName:
ow.
7:34:16 = hWnd = 0x00010022; ClassName:

7:34:17 = s1.
7:34:17 = s2.
7:34:17
7:34:17
7:34:31
7:34:31
7:34:32
7:34:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:0:0 = hWnd = 0x01180040; ClassName:
.


7:46:42 = hWnd = 0x00010018; ClassName:
ow.
7:46:42 = hWnd = 0x00010022; ClassName:

7:46:45 = s1.
7:46:45 = s2.
7:46:48
7:46:48
7:47:25
7:47:25
7:47:26
7:47:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:10:55 = hWnd = 0x00140474; ClassName:
ow.
8:10:55 = hWnd = 0x00230448; ClassName:

8:10:55 = s1.
8:10:55 = s2.
0:35:52 =
ow.
x=0, y=0,
0:35:52 =
x=0, y=0,
0:35:52 =
x=0, y=0,
0:36:37 =
0:36:37 =
hWnd = 0x00c205d0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent


0:36:37 =
x=0, y=0,
0:45:11 =
0:45:11 =

width=0, height=0
Process Attach
end process attach

0:45:12 = hWnd = 0x00010018; ClassName:
ow.
0:45:12 = hWnd = 0x00010022; ClassName:

0:45:14 = s1.
0:45:14 = s2.
0:45:17
0:45:17
0:45:55
0:45:55
0:45:56
0:45:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:58:41 = hWnd = 0x00030468; ClassName:
ow.
1:58:49 = ## ERR ## Setevent



ow.
1:58:49 = hWnd = 0x000d004a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
9:10:9 = hWnd = 0x00010018; ClassName:
w.
9:10:9 = hWnd = 0x00010022; ClassName:

9:10:13 = s1.
9:10:13 = s2.
9:10:15
9:10:15
9:10:29
9:10:29
9:10:30
9:10:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:57:57 = hWnd = 0x00190580; ClassName:
0:58:29 = ## ERR ## Setevent


0:58:29 = hWnd = 0x010b003a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

ow.
0:58:29 = hWnd = 0x01c6011e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
10:42:27 = hWnd = 0x00010018; ClassName:
dow.
10:42:28 = hWnd = 0x00010022; ClassName:

10:42:31 = s1.
10:42:31 = s2.
10:42:34
10:42:34
10:43:10
10:43:10
10:43:11
10:43:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
2:32:33 = hWnd = 0x00060446; ClassName:
2:32:33 = hWnd = 0x00030526; ClassName:
2:33:43 = ## ERR ## Setevent



ow.


11:45:56 = hWnd = 0x00010018; ClassName:
dow.
11:45:56 = hWnd = 0x00010022; ClassName:

11:45:58 = s1.
11:45:58 = s2.
w.
1:29:2 = hWnd = 0x00040462; ClassName:
1:29:28 = ## ERR ## Setevent


1:29:28 = hWnd = 0x00060098; ClassName:
ow.
1:29:28 = hWnd = 0x00020108; ClassName:
1:29:28 = hWnd = 0x00030038; ClassName:


6:40:35 = hWnd = 0x00010018; ClassName:
ow.
6:40:35 = hWnd = 0x00010022; ClassName:

6:40:38 = s1.
6:40:38 = s2.
6:40:42
6:40:42
6:41:20
6:41:20
6:41:21
6:41:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:14:42 = hWnd = 0x00020348; ClassName:
dow.


14:14:42 = s1.
14:14:42 = s2.
14:14:44
14:14:44
14:19:43
14:19:43
14:19:44
14:19:44
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:59:3 = ## ERR ## Setevent


14:59:3 = hWnd = 0x001b00c4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
14:59:3 = hWnd = 0x008100ea; ClassName: IME; Title: Default IME.
w.

15:1:6 = s1.
15:1:6 = s2.
15:1:11
15:1:11
15:1:47
15:1:47
15:1:48
15:1:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
16:51:39 = hWnd = 0x00030344; ClassName:

16:51:39 = s1.
16:51:39 = s2.
20:37:50 = hWnd = 0x000a05d2; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

20:37:50 = s1.
20:37:50 = s2.
dow.

21:47:41 = s1.
21:47:41 = s2.
dow.


21:50:18 = ## ERR ## Setevent
dow.


20:28:51 = hWnd = 0x00010018; ClassName:
dow.
20:28:51 = hWnd = 0x00010022; ClassName:

20:28:57 = s1.
20:28:57 = s2.
20:28:57
20:28:57
20:29:24
20:29:24
20:29:25
20:29:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:17:0 = hWnd = 0x001a00dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.

21:17:0 = hWnd = 0x000a00ec; ClassName: IME; Title: Default IME.
21:17:12 = ## ERR ## Setevent
dow.
21:17:12 = hWnd = 0x00030086; ClassName:
21:17:12 = hWnd = 0x00030108; ClassName:


21:18:10 = hWnd = 0x00010018; ClassName:
dow.
21:18:10 = hWnd = 0x00010022; ClassName:

21:18:11 = s1.
21:18:11 = s2.
21:18:13
21:18:13
21:18:45
21:18:45
21:18:46
21:18:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:20:38 = ## ERR ## Setevent
21:20:38 = hWnd = 0x00030084; ClassName:
dow.


14:58:46 = hWnd = 0x00010018; ClassName:
dow.
14:58:46 = hWnd = 0x00010022; ClassName:

14:58:48 = s1.
14:58:48 = s2.
14:58:52
14:58:52
14:59:29
14:59:29
14:59:30
14:59:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:23:16 = hWnd = 0x000a059c; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
15:23:34 = ## ERR ## Setevent
15:23:34 = hWnd = 0x00030054; ClassName:
dow.


15:24:30 = hWnd = 0x00010018; ClassName:
dow.
15:24:30 = hWnd = 0x00010022; ClassName:
15:24:31 = s1.
15:24:31 = s2.


15:47:32 = hWnd = 0x00130524; ClassName:
dow.
15:47:32 = hWnd = 0x00110590; ClassName:
15:47:37 = ## ERR ## Setevent


dow.
17:33:17 = hWnd = 0x00010018; ClassName:
dow.
17:33:17 = hWnd = 0x00010022; ClassName:
17:33:17 = s1.
17:33:17 = s2.
17:33:17
17:33:17
17:33:38
17:33:38
17:33:39
17:33:39
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
19:21:57 = hWnd = 0x00020544; ClassName:
19:22:2 = ## ERR ## Setevent


19:22:2 = hWnd = 0x00020062; ClassName:
ow.


7:44:24 = hWnd = 0x00010018; ClassName:
ow.
7:44:24 = hWnd = 0x00010022; ClassName:
7:44:27 = s1.
7:44:27 = s2.


dow.
11:16:59 = hWnd = 0x00060544; ClassName:
11:16:59 = hWnd = 0x00120460; ClassName:
11:17:4 = ## ERR ## Setevent


ow.


dow.
15:34:32 = s1.
15:34:32 = s2.
15:35:13
15:35:13
15:35:14
15:35:14
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

17:19:35 = hWnd = 0x00050356; ClassName:
dow.
17:19:46 = ## ERR ## Setevent


dow.
17:19:46 = hWnd = 0x00070090; ClassName:


18:14:58 = hWnd = 0x00010018; ClassName:
dow.
18:14:58 = hWnd = 0x00010022; ClassName:

18:15:0 = s1.
18:15:0 = s2.
ow.
22:8:45 = hWnd = 0x00080748; ClassName:


w.


dow.
17:55:1 = s1.
17:55:1 = s2.
18:44:27 = hWnd = 0x00190570; ClassName:
dow.

18:44:27 = s1.
18:44:27 = s2.
18:44:27
18:44:27
19:21:11
19:21:11
19:21:12
19:21:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
20:49:10 = hWnd = 0x00071532; ClassName:
20:49:10 = hWnd = 0x00171900; ClassName:
20:49:10 = s1.

20:49:10 = s2.
20:49:10
20:49:10
21:34:22
21:34:22
21:34:23
21:34:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:4:35 = hWnd = 0x00260506; ClassName:
ow.
22:4:45 = ## ERR ## Setevent


22:4:45 =
ow.
x=0, y=0,
22:4:45 =
22:4:45 =
x=0, y=0,
14:1:24 =
14:1:24 =
width=1, height=1
end close Process
hWnd = 0x000900ac; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

14:1:24 = hWnd = 0x00010018; ClassName:
ow.
14:1:24 = hWnd = 0x00010022; ClassName:
14:1:26 = s1.
14:1:26 = s2.


ow.
14:4:52 = hWnd = 0x00020384; ClassName:
14:4:56 = ## ERR ## Setevent


ow.
14:4:56 = hWnd = 0x00020056; ClassName:


dow.
16:20:1 = s1.
16:20:1 = s2.
dow.
17:34:5 = ## ERR ## Setevent


17:34:5 = hWnd = 0x00380074; ClassName:
ow.


dow.

21:56:20 = s1.
21:56:20 = s2.
ow.
22:39:0 = hWnd = 0x00040484; ClassName:
22:39:0 = hWnd = 0x00070658; ClassName:
22:39:7 = ## ERR ## Setevent


22:39:7 = hWnd = 0x00180038; ClassName:
22:39:7 = hWnd = 0x00050056; ClassName:
ow.


dow.

22:52:33 = s1.
22:52:33 = s2.
dow.
22:55:17 = ## ERR ## Setevent


dow.


7:47:58 =
ow.
x=0, y=0,
7:47:58 =
x=0, y=0,
7:47:58 =
x=0, y=0,
7:47:58 =
width=1, height=1
width=0, height=0
width=0, height=0
7:47:58 = s1.
7:47:58 = s2.
7:47:58
7:47:58
7:48:23
7:48:23
7:48:24
7:48:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:23:54 = hWnd = 0x00020426; ClassName:
9:23:54 = hWnd = 0x00020418; ClassName:
ow.
9:23:54 = hWnd = 0x00070018; ClassName:


9:24:0 = hWnd = 0x00040092; ClassName:
w.
9:24:0 = hWnd = 0x00030094; ClassName:


12:3:44 = hWnd = 0x00010018; ClassName:
ow.
12:3:45 = hWnd = 0x00010022; ClassName:

12:3:48 = s1.
12:3:48 = s2.
12:3:54
12:3:54
12:4:30
12:4:30
12:4:31
12:4:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:50:0 = hWnd = 0x00080340; ClassName:
ow.
12:50:0 = hWnd = 0x00040374; ClassName:
12:50:0 = hWnd = 0x00040356; ClassName:
12:50:5 = ## ERR ## Setevent


ow.

15:12:15 = hWnd = 0x00010018; ClassName:
dow.
15:12:15 = hWnd = 0x00010022; ClassName:

15:12:15 = s1.
15:12:15 = s2.
15:12:15
15:12:15
15:12:49
15:12:49
15:12:50
15:12:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
16:2:46 = ## ERR ## Setevent


ow.
10:41:27 = hWnd = 0x00010018; ClassName:
dow.
10:41:27 = hWnd = 0x00010022; ClassName:

10:41:31 = s1.
10:41:31 = s2.
10:41:35
10:41:35
10:42:13
10:42:13
10:42:15
10:42:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:8:38 = hWnd = 0x00050436; ClassName:
ow.
12:8:38 = hWnd = 0x00040338; ClassName:
12:8:46 = ## ERR ## Setevent



12:8:46 =
x=0, y=0,
12:8:46 =
x=0, y=0,
8:18:47 =
8:18:47 =

width=0, height=0
width=0, height=0
Process Attach
end process attach

8:18:49 = hWnd = 0x00010018; ClassName:
ow.
8:18:50 = hWnd = 0x00010022; ClassName:

8:18:52 = s1.
8:18:52 = s2.
8:18:59
8:18:59
8:19:37
8:19:37
8:19:38
8:19:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:42:37 = ## ERR ## Setevent



9:42:37 = hWnd = 0x00100056; ClassName:
ow.


10:55:6 = hWnd = 0x00010018; ClassName:
ow.
10:55:7 = hWnd = 0x00010022; ClassName:

10:55:10 = s1.
10:55:10 = s2.
10:55:14
10:55:14
10:55:52
10:55:52
10:55:53
10:55:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
12:16:11 = hWnd = 0x00260540; ClassName:
12:16:11 = hWnd = 0x00200582; ClassName:
12:16:41 = ## ERR ## Setevent


dow.


13:44:44 = hWnd = 0x00010018; ClassName:
dow.
13:44:45 = hWnd = 0x00010022; ClassName:

13:44:48 = s1.
13:44:48 = s2.
13:44:51
13:44:51
13:45:30
13:45:30
13:45:31
13:45:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:21:39 = hWnd = 0x00020366; ClassName:
14:21:39 = hWnd = 0x00020334; ClassName:
dow.


14:21:48 = ## ERR ## Setevent
14:21:48 = hWnd = 0x00030036; ClassName:
dow.


18:42:18 = hWnd = 0x00010018; ClassName:
dow.
18:42:18 = hWnd = 0x00010022; ClassName:

18:42:20 = s1.
18:42:20 = s2.
19:28:10 = hWnd = 0x000c04c8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
19:28:15 = ## ERR ## Setevent
dow.


7:19:50 = hWnd = 0x00010018; ClassName:
ow.
7:19:50 = hWnd = 0x00010022; ClassName:

7:19:52 = s1.
7:19:52 = s2.
7:19:59
7:19:59
7:20:36
7:20:36
7:20:37
7:20:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:25:56 = hWnd = 0x00140628; ClassName:

ow.


w.


13:7:5 = hWnd = 0x00010018;
w.
13:7:6 = hWnd = 0x00010022;
13:7:6 = hWnd = 0x0001001a;
ClassName: GDI+ Hook Window Class; Title: GDI+ Windo

objects.
13:7:10 = s1.
13:7:10 = s2.
13:7:13
13:7:13
13:7:50
13:7:50
13:7:51
13:7:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
13:19:47 = hWnd = 0x00020758; ClassName:

13:19:47 = s1.
13:19:47 = s2.
13:19:47
13:19:47
13:52:48
13:52:48
13:52:49
13:52:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
15:55:3 = s1.
15:55:3 = s2.

ow.

16:5:38 = s1.
16:5:38 = s2.
dow.
16:54:25 = hWnd = 0x000b0df6; ClassName:
16:54:51 = ## ERR ## Setevent


dow.


9:24:16 = hWnd = 0x00010018; ClassName:
ow.
9:24:17 = hWnd = 0x00010022; ClassName:

9:24:18 = s1.
9:24:18 = s2.
9:24:18
9:24:18
9:24:37
9:24:37
9:24:38
9:24:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:33:23 = hWnd = 0x00050710; ClassName:
ow.
9:33:23 = s1.
9:33:23 = s2.
16:54:10 = Bypass the object creation.

18:11:4 = hWnd = 0x00060452; ClassName:
ow.
18:11:29 = ## ERR ## Setevent


dow.
18:14:12 = hWnd = 0x00010018; ClassName:
dow.
18:14:14 = hWnd = 0x00010022; ClassName:
18:14:15 = s1.
18:14:15 = s2.
18:14:15
18:14:15
18:14:40
18:14:40
18:14:41
18:14:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


18:56:37 = hWnd = 0x00020154; ClassName:
dow.
18:56:37 = hWnd = 0x00090452; ClassName:
18:56:41 = ## ERR ## Setevent


18:56:41 = hWnd = 0x00050060; ClassName:
dow.


9:20:22 = hWnd = 0x00010018; ClassName:
ow.
9:20:23 = hWnd = 0x00010022; ClassName:
9:20:26 = s1.
9:20:26 = s2.


ow.
12:30:19 = ## ERR ## Setevent


dow.


13:55:16 = hWnd = 0x00010018; ClassName:
dow.
13:55:16 = hWnd = 0x00010022; ClassName:
13:55:22 = s1.

13:55:22 = s2.
14:3:57 = hWnd = 0x00030300; ClassName:
ow.

14:3:57 = s1.
14:3:57 = s2.
15:46:22 = ## ERR ## Setevent
15:46:22 = hWnd = 0x00010018; ClassName:
dow.
15:46:22 = hWnd = 0x00010022; ClassName:
15:46:23 = s1.
15:46:23 = s2.


15:46:37
15:46:37
15:46:37
15:46:37
15:46:37
=
=
=
=
=
begin close Process

Terminate Process
begin close Process
end close Process
DLL_PROCESS_DETACH

dow.
15:46:48 = ## ERR ## Setevent


15:46:48 = hWnd = 0x00070052; ClassName:
dow.
15:46:48 = hWnd = 0x00030074; ClassName:


dow.

19:49:47 = s1.
19:49:47 = s2.
19:49:51
19:49:51
19:50:27
19:50:27
19:50:28
19:50:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:51:33 = hWnd = 0x00040530; ClassName:
dow.
21:51:37 = ## ERR ## Setevent


14:8:3 = hWnd = 0x00010018; ClassName:
w.
14:8:4 = hWnd = 0x00010022; ClassName:

14:8:7 = s1.
14:8:7 = s2.
14:8:12
14:8:12
14:8:49
14:8:49
14:8:50
14:8:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:16:56 = hWnd = 0x00380566; ClassName:

14:17:17 = s1.
14:17:17 = s2.
14:17:17
14:17:17
14:17:47
14:17:47
14:17:48
14:17:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:2:49 = hWnd = 0x00150904; ClassName:
17:2:49 = hWnd = 0x00170810; ClassName:
ow.
17:2:57 = ## ERR ## Setevent


17:2:57 = hWnd = 0x005e00c4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
20:55:16 = hWnd = 0x00010018; ClassName:
dow.
20:55:17 = hWnd = 0x00010022; ClassName:

20:55:19 = s1.
20:55:19 = s2.
21:39:9 = hWnd = 0x00030376; ClassName:
21:39:9 = hWnd = 0x00040372; ClassName:
ow.
21:39:9 = hWnd = 0x00030374; ClassName:
21:39:15 = ## ERR ## Setevent


dow.


8:37:37 = hWnd = 0x00010018; ClassName:
ow.
8:37:38 = hWnd = 0x00010022; ClassName:

8:37:40 = s1.
8:37:40 = s2.
8:37:43
8:37:43
8:38:20
8:38:20
8:38:21
8:38:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:17:0 = hWnd = 0x00080518; ClassName:
ow.
12:17:0 = hWnd = 0x00070514; ClassName:


12:17:7 = ## ERR ## Setevent
ow.
12:17:7 = hWnd = 0x00050048; ClassName:


20:26:50 = hWnd = 0x00010018; ClassName:
dow.
20:26:50 = hWnd = 0x00010022; ClassName:

20:26:54 = s1.
20:26:54 = s2.
20:26:59
20:26:59
20:27:37
20:27:37
20:27:38
20:27:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
23:5:58 =
x=0, y=0,
23:5:58 =
x=0, y=0,
23:6:12 =
23:6:12 =

width=0, height=0
hWnd = 0x000506ce; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

23:6:12 = hWnd = 0x00030036; ClassName:
ow.
23:6:12 = hWnd = 0x00060038; ClassName:


0:7:52 = hWnd = 0x00010018; ClassName:
w.
0:7:52 = hWnd = 0x00010022; ClassName:

0:7:52 = s1.
0:7:52 = s2.
0:7:53
0:7:53
0:8:25
0:8:25
0:8:26
0:8:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.


0:52:5 = hWnd = 0x00090096; ClassName:
w.
0:52:5 = hWnd = 0x00020076; ClassName:


8:6:37 = hWnd = 0x00010018; ClassName:
w.
8:6:37 = hWnd = 0x00010022; ClassName:
8:6:38 = s1.
8:6:38 = s2.
8:6:40
8:6:40
8:7:14
8:7:14
8:7:15
8:7:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


8:50:37 = hWnd = 0x00020462; ClassName:
ow.
8:50:37 = hWnd = 0x00020454; ClassName:
8:50:41 = ## ERR ## Setevent


8:50:41 = hWnd = 0x00030052; ClassName:
8:50:41 = hWnd = 0x00020076; ClassName:
ow.
8:50:41 = hWnd = 0x00040088; ClassName:


10:47:40 = hWnd = 0x00010018; ClassName:
dow.
10:47:40 = hWnd = 0x00010022; ClassName:
10:47:42 = s1.
10:47:42 = s2.
10:47:42
10:47:42
10:48:13
10:48:13
=
=
=
=
Start show animate

begin close Process
Terminate Process


11:21:14 = hWnd = 0x001c05aa; ClassName:
dow.
11:21:19 = ## ERR ## Setevent


11:21:19 = hWnd = 0x00170102; ClassName:
dow.
11:21:19 = hWnd = 0x00050062; ClassName:


21:38:59 = hWnd = 0x00010018; ClassName:
dow.
21:38:59 = hWnd = 0x00010022; ClassName:
21:39:0 = s1.
21:39:0 = s2.


dow.
21:58:1 = ## ERR ## Setevent


ow.
21:58:1 = hWnd = 0x00090086; ClassName:


11:21:43 = hWnd = 0x00010018; ClassName:
dow.
11:21:43 = hWnd = 0x00010022; ClassName:

11:21:44 = s1.
11:21:44 = s2.
11:21:46
11:21:46
11:22:23
11:22:23
11:22:24
11:22:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:27:20 = hWnd = 0x00b306d4; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
18:27:30 = ## ERR ## Setevent
dow.


20:33:14 = hWnd = 0x00010018; ClassName:
dow.
20:33:14 = hWnd = 0x00010022; ClassName:

20:33:17 = s1.
20:33:17 = s2.
dow.
23:39:21 = hWnd = 0x000c0d3e; ClassName:
23:39:47 = ## ERR ## Setevent


dow.


dow.

13:22:50 = s1.
13:22:50 = s2.
13:22:55
13:22:55
13:23:31
13:23:31
13:23:32
13:23:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:33:43 = ## ERR ## Setevent


dow.



ow.
12:48:11 = s1.
12:48:11 = s2.
12:48:11
12:48:11
12:48:35
12:48:35
12:48:36
12:48:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:37:31 = hWnd = 0x00120614; ClassName:
dow.
14:37:37 = ## ERR ## Setevent


dow.
22:37:56 = s1.
22:37:56 = s2.
22:37:56
22:37:56
22:38:31
22:38:31
22:38:32
22:38:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:51:58 = ## ERR ## Setevent


22:51:58 = hWnd = 0x00030066; ClassName:
dow.
22:51:58 = hWnd = 0x00030096; ClassName:


15:52:19 = hWnd = 0x00010018; ClassName:
dow.
15:52:23 = hWnd = 0x00010022; ClassName:

15:52:25 = s1.
15:52:25 = s2.
15:52:34
15:52:34
15:53:13
15:53:13
15:53:14
15:53:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:16:14 = hWnd = 0x00090106; ClassName:
dow.
16:16:14 = hWnd = 0x00120582; ClassName:
16:16:27 = ## ERR ## Setevent


dow.

13:49:0 = hWnd = 0x00010018; ClassName:
ow.
13:49:0 = hWnd = 0x00010022; ClassName:

13:49:4 = s1.
13:49:4 = s2.
14:12:56 = hWnd = 0x00080380; ClassName:
dow.
14:13:0 = ## ERR ## Setevent


14:13:0 = hWnd = 0x00020076; ClassName:

14:13:0 = hWnd = 0x00040074; ClassName:
ow.
14:13:0 = hWnd = 0x00020084; ClassName:


22:19:20 = hWnd = 0x00010018; ClassName:
dow.
22:19:20 = hWnd = 0x00010022; ClassName:

22:19:22 = s1.
22:19:22 = s2.
22:19:22
22:19:22
22:19:58
22:19:58
22:19:59
22:19:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:25:55 = hWnd = 0x00040476; ClassName:
dow.
22:25:55 = hWnd = 0x00030446; ClassName:
22:25:55 = hWnd = 0x00030444; ClassName:
22:26:0 = ## ERR ## Setevent


ow.
22:26:0 = hWnd = 0x00050092; ClassName:


8:47:50 = hWnd = 0x00010018; ClassName:
ow.
8:47:50 = hWnd = 0x00010022; ClassName:

8:47:54 = s1.
8:47:54 = s2.
8:47:59
8:47:59
8:48:31
8:48:31
8:48:32
8:48:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:23:24 = hWnd = 0x00390476; ClassName:
dow.

13:23:29 = ## ERR ## Setevent

dow.


9:0:0 = hWnd = 0x00010018; ClassName:
.
9:0:0 = hWnd = 0x00010022; ClassName:

9:0:6 = s1.
9:0:6 = s2.
w.

w.
9:14:8 = hWnd = 0x00120094; ClassName:
9:14:8 = hWnd = 0x00050058; ClassName:


9:15:1 = hWnd = 0x00010018; ClassName:
w.
9:15:1 = hWnd = 0x00010022; ClassName:

9:15:20 = s1.
9:15:20 = s2.
9:15:20
9:15:20
9:16:22
9:16:22
9:16:23
9:16:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
13:39:16 = hWnd = 0x00080630; ClassName:
13:39:22 = ## ERR ## Setevent


dow.


13:40:52 = hWnd = 0x00010018; ClassName:
dow.
13:40:53 = hWnd = 0x00010022; ClassName:
13:40:55 = s1.
13:40:55 = s2.
13:40:58
13:40:58
13:41:37
13:41:37
13:41:38
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

ow.
16:6:38 = hWnd = 0x00020616; ClassName:
16:6:49 = ## ERR ## Setevent


16:6:49 = hWnd = 0x00360054; ClassName:
ow.
16:6:49 = hWnd = 0x00030096; ClassName:


16:8:7 = hWnd = 0x00010018; ClassName:
w.
16:8:8 = hWnd = 0x00010022; ClassName:
16:8:11 = s1.
16:8:11 = s2.

16:8:13
16:8:13
16:8:51
16:8:51
16:8:53
16:8:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:15:41 = hWnd = 0x00020308; ClassName:
ow.
0:15:41 = hWnd = 0x00170412; ClassName:
0:15:48 = ## ERR ## Setevent


0:15:48 = hWnd = 0x000f00ee; ClassName:
0:15:48 = hWnd = 0x000d00ac; ClassName:
ow.


14:19:7 = hWnd = 0x00010018; ClassName:
ow.
14:19:8 = hWnd = 0x00010022; ClassName:


14:19:10 = s1.
14:19:10 = s2.
14:19:13
14:19:13
14:19:51
14:19:51
14:19:52
14:19:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:35:37 = hWnd = 0x00050742; ClassName:
21:35:45 = ## ERR ## Setevent


dow.
21:35:45 = hWnd = 0x00060090; ClassName:


w.
7:2:32 = s1.
7:2:32 = s2.
7:2:36
7:2:36
7:3:15
7:3:15
7:3:16
7:3:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

7:8:30 = hWnd = 0x00040476; ClassName:
w.


w.
7:8:36 = hWnd = 0x00010122; ClassName:


7:47:0 = hWnd = 0x00010018; ClassName:
w.
7:47:1 = hWnd = 0x00010022; ClassName:

7:47:4 = s1.
7:47:4 = s2.
8:1:16 = hWnd = 0x00020502; ClassName:
w.


w.

15:28:51 = hWnd = 0x00010018; ClassName:
dow.
15:28:51 = hWnd = 0x00010022; ClassName:

15:28:58 = s1.
15:28:58 = s2.
15:28:58
15:28:58
15:29:25
15:29:25
15:29:26
15:29:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
21:30:9 = ## ERR ## Setevent


21:30:9 = hWnd = 0x000300aa; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
x=0, y=0,
21:30:9 =
ow.
x=0, y=0,
21:30:9 =
x=0, y=0,
21:30:9 =
x=0, y=0,
7:52:13 =
7:52:13 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

7:52:14 = hWnd = 0x00010018; ClassName:
ow.
7:52:15 = hWnd = 0x00010022; ClassName:

7:52:17 = s1.
7:52:17 = s2.
12:35:26 = hWnd = 0x00340448; ClassName:
dow.
12:35:26 = hWnd = 0x00bc05fc; ClassName:
12:35:32 = ## ERR ## Setevent



dow.


13:7:43 = hWnd = 0x00010018; ClassName:
ow.
13:7:43 = hWnd = 0x00010022; ClassName:

13:7:45 = s1.
13:7:45 = s2.
13:7:49
13:7:49
13:8:27
13:8:27
13:8:28
13:8:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:43:27 = ## ERR ## Setevent


dow.
16:19:2 = s1.
16:19:2 = s2.
16:27:44 = hWnd = 0x00030536; ClassName:
dow.
16:27:59 = ## ERR ## Setevent



16:27:59 = hWnd = 0x00040108; ClassName:
dow.


16:29:19 = hWnd = 0x00010018; ClassName:
dow.
16:29:20 = hWnd = 0x00010022; ClassName:

16:29:22 = s1.
16:29:22 = s2.
dow.
21:15:2 = ## ERR ## Setevent


ow.


21:17:8 = hWnd = 0x00010018; ClassName:
ow.
21:17:9 = hWnd = 0x00010022; ClassName:

21:17:11 = s1.
21:17:11 = s2.
21:17:14
21:17:14
21:17:52
21:17:52
21:17:53
21:17:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.


22:0:55 = ## ERR ## Setevent
22:0:55 = hWnd = 0x00060072; ClassName:
22:0:55 = hWnd = 0x00260090; ClassName:
ow.
22:0:55 = hWnd = 0x00020058; ClassName:


10:38:11 = hWnd = 0x00010018; ClassName:
dow.
10:38:11 = hWnd = 0x00010022; ClassName:

10:38:14 = s1.
10:38:14 = s2.
10:38:16
10:38:16
10:38:54
10:38:54
10:38:56
10:38:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:0:16 = hWnd = 0x000a03a4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
12:0:16 =
ow.
x=0, y=0,
12:0:16 =
x=0, y=0,
12:0:16 =
x=0, y=0,
12:0:26 =
12:0:26 =
hWnd = 0x000c038c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000d04bc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

12:0:26 = hWnd = 0x00030038; ClassName:
ow.


15:12:46 = hWnd = 0x00010018; ClassName:
dow.
15:12:47 = hWnd = 0x00010022; ClassName:

15:12:51 = s1.
15:12:51 = s2.
15:12:55
15:12:55
15:13:32
15:13:33
15:13:34
15:13:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
16:13:34 = ## ERR ## Setevent


dow.


21:16:15 = hWnd = 0x00010018; ClassName:
dow.
21:16:16 = hWnd = 0x00010022; ClassName:
21:16:19 = s1.
21:16:19 = s2.


23:12:33 = hWnd = 0x00050352; ClassName:
dow.
23:12:33 = hWnd = 0x00060494; ClassName:
23:12:37 = ## ERR ## Setevent


dow.


10:19:17 = hWnd = 0x00010018; ClassName:
dow.
10:19:17 = hWnd = 0x00010022; ClassName:
10:19:22 = s1.
10:19:22 = s2.


dow.
12:36:53 = hWnd = 0x00110678; ClassName:
12:36:59 = ## ERR ## Setevent


dow.
12:36:59 = hWnd = 0x00090118; ClassName:


20:40:35 = hWnd = 0x00010018; ClassName:
dow.
20:40:36 = hWnd = 0x00010022; ClassName:
20:40:41 = s1.

20:40:41 = s2.
20:40:45
20:40:45
20:41:22
20:41:22
20:41:23
20:41:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:57:42 = hWnd = 0x00060380; ClassName:
21:57:47 = ## ERR ## Setevent


21:57:47 = hWnd = 0x00030080; ClassName:
dow.
21:57:47 = hWnd = 0x00080090; ClassName:


23:4:55 = hWnd = 0x00010018; ClassName:
ow.
23:4:55 = hWnd = 0x00010022; ClassName:


23:4:58 = s1.
23:4:58 = s2.
23:4:58
23:4:58
23:5:32
23:5:32
23:5:33
23:5:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:22:48 = ## ERR ## Setevent


dow.
23:22:48 = hWnd = 0x00080088; ClassName:


ow.
x=0, y=0,
9:20:54 =
x=0, y=0,
9:20:54 =
x=0, y=0,
9:20:54 =
width=1, height=1
width=0, height=0
width=0, height=0
9:20:54 = s1.
9:20:54 = s2.
9:20:57
9:20:57
9:21:29
9:21:29
9:21:30
9:21:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:2:43 = hWnd = 0x00040490; ClassName:
ow.
11:2:43 = hWnd = 0x00040424; ClassName:
11:2:43 = hWnd = 0x00030444; ClassName:
11:2:52 = ## ERR ## Setevent


ow.



dow.
11:22:54 = s1.
11:22:54 = s2.
11:22:58
11:22:58
11:23:34
11:23:34
11:23:35
11:23:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
12:38:53 = ## ERR ## Setevent


dow.
12:38:53 = hWnd = 0x00020104; ClassName:


13:3:39 = hWnd = 0x00010018; ClassName:
ow.
13:3:39 = hWnd = 0x00010022; ClassName:

13:3:39 = s1.
13:3:39 = s2.
13:52:34 = hWnd = 0x00040446; ClassName:
13:52:34 = hWnd = 0x00020368; ClassName:
dow.
13:52:34 = hWnd = 0x00030698; ClassName:

13:52:34 = s1.
13:52:34 = s2.
13:52:34
13:52:34
14:21:20
14:21:20
14:21:21
14:21:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
16:59:35 = ## ERR ## Setevent


dow.


22:51:5 = hWnd = 0x00010018; ClassName:
ow.
22:51:5 = hWnd = 0x00010022; ClassName:
22:51:8 = s1.
22:51:8 = s2.
22:51:13
22:51:13
22:51:50
22:51:50
22:51:51
22:51:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



0:39:42 = hWnd = 0x00070442; ClassName:
0:39:42 = hWnd = 0x00100530; ClassName:
ow.
0:39:42 = hWnd = 0x00060438; ClassName:
0:39:42 = hWnd = 0x00090460; ClassName:
0:39:47 = ## ERR ## Setevent


ow.


8:10:22 = hWnd = 0x00010018; ClassName:
ow.
8:10:22 = hWnd = 0x00010022; ClassName:
8:10:27 = s1.
8:10:27 = s2.
8:10:27
8:10:27
8:10:56
8:10:56
8:10:57
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

ow.
9:42:49 = hWnd = 0x00030466; ClassName:

9:42:49 = s1.
9:42:49 = s2.
19:5:10 = hWnd = 0x00040438; ClassName:
ow.
19:5:10 = s1.
19:5:10 = s2.
19:5:10
19:5:10
19:5:25
19:5:25
19:5:26
19:5:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


23:57:39 = hWnd = 0x004b05bc; ClassName:
dow.
23:57:39 = hWnd = 0x00220484; ClassName:


0:0:37 = hWnd = 0x000c00fe; ClassName:
w.
0:0:37 = hWnd = 0x00160074; ClassName:
0:0:37 = hWnd = 0x00050114; ClassName:


6:50:42 = hWnd = 0x00010018; ClassName:
ow.
6:50:43 = hWnd = 0x00010022; ClassName:
6:50:46 = s1.
6:50:46 = s2.
6:50:51
6:50:51
6:51:29
6:51:29
=
=
=
=
Start show animate

begin close Process
Terminate Process


7:11:12 = hWnd = 0x00070440; ClassName:
7:11:12 = hWnd = 0x00090458; ClassName:
ow.
7:11:42 = ## ERR ## Setevent


7:11:42 = hWnd = 0x00050096; ClassName:
ow.


17:44:16 = hWnd = 0x00010018; ClassName:
dow.
17:44:16 = hWnd = 0x00010022; ClassName:
17:44:20 = s1.
17:44:20 = s2.

17:44:46
17:44:46
17:44:47
17:44:47
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

18:36:21 = hWnd = 0x00020344; ClassName:
dow.
18:36:21 = hWnd = 0x00030458; ClassName:
18:36:21 = hWnd = 0x00030338; ClassName:
18:36:58 = ## ERR ## Setevent


18:36:58 = hWnd = 0x00090054; ClassName:
dow.
18:36:58 = hWnd = 0x00050034; ClassName:


20:19:56 = hWnd = 0x00010018; ClassName:
dow.
20:19:56 = hWnd = 0x00010022; ClassName:
20:20:19 = s1.
20:20:19 = s2.

20:20:54
20:20:55
20:20:56
20:20:56
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

0:13:17 = hWnd = 0x00040426; ClassName:
0:13:17 = hWnd = 0x00060482; ClassName:
ow.
0:13:17 = hWnd = 0x00050484; ClassName:
0:13:57 = ## ERR ## Setevent


ow.


7:36:15 = hWnd = 0x00010018; ClassName:
ow.
7:36:15 = hWnd = 0x00010022; ClassName:
7:36:17 = s1.

7:36:17 = s2.
7:36:17
7:36:17
7:36:51
7:36:51
7:36:52
7:36:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:50:47 =
ow.
x=0, y=0,
8:50:47 =
x=0, y=0,
8:50:47 =
x=0, y=0,
8:51:18 =
8:51:18 =
hWnd = 0x000f04b4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000b04ac; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


12:12:2 = hWnd = 0x00010018; ClassName:
ow.
12:12:2 = hWnd = 0x00010022; ClassName:

12:12:7 = s1.
12:12:7 = s2.
15:56:15 = hWnd = 0x00020488; ClassName:
dow.
15:56:15 = hWnd = 0x00040474; ClassName:
15:56:46 = ## ERR ## Setevent


15:56:46 = hWnd = 0x00100108; ClassName:
dow.
15:56:46 = hWnd = 0x00020158; ClassName:


17:32:35 = hWnd = 0x00010018; ClassName:
dow.
17:32:35 = hWnd = 0x00010022; ClassName:


17:32:39 = s1.
17:32:39 = s2.
17:32:41
17:32:41
17:33:13
17:33:13
17:33:15
17:33:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

20:38:33 = hWnd = 0x00200560; ClassName:
20:38:33 = hWnd = 0x00230724; ClassName:
dow.
20:38:33 = hWnd = 0x00060458; ClassName:
20:39:13 = ## ERR ## Setevent


dow.


dow.

20:43:20 = s1.
20:43:20 = s2.
20:43:20
20:43:20
20:43:42
20:43:42
20:43:43
20:43:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:20:23 =
ow.
x=0, y=0,
0:20:23 =
x=0, y=0,
0:20:23 =
x=0, y=0,
0:20:55 =
0:20:55 =
width=1, height=1
hWnd = 0x00090bf4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


ow.
x=0, y=0,
7:35:51 =
x=0, y=0,
7:35:51 =
x=0, y=0,
7:35:54 =
width=1, height=1
width=0, height=0
width=0, height=0
7:35:54 = s1.
7:35:54 = s2.
7:35:59
7:35:59
7:36:36
7:36:36
7:36:37
7:36:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
8:7:11 = hWnd = 0x000305da; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
.


dow.
15:28:22 = s1.
15:28:22 = s2.
dow.
16:42:12 = hWnd = 0x00130496; ClassName:
16:42:20 = ## ERR ## Setevent


dow.


20:11:20 = hWnd = 0x00010018; ClassName:
dow.
20:11:20 = hWnd = 0x00010022; ClassName:

20:11:21 = s1.
20:11:21 = s2.
20:11:27
20:11:27
20:12:11
20:12:11
20:12:12
20:12:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:35:43 = hWnd = 0x000204ae; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
23:36:26 = ## ERR ## Setevent
23:36:26 = hWnd = 0x00030064; ClassName:
dow.
23:36:26 = hWnd = 0x00210038; ClassName:


ow.
9:54:1 = s1.
9:54:1 = s2.
11:49:10 = hWnd = 0x00020464; ClassName:
dow.
11:49:10 = hWnd = 0x00020460; ClassName:
11:49:29 = ## ERR ## Setevent


dow.
11:49:29 = hWnd = 0x00110072; ClassName:


13:9:32 = hWnd = 0x00010018; ClassName:
ow.
13:9:32 = hWnd = 0x00010022; ClassName:

13:9:37 = s1.
13:9:37 = s2.
13:20:29 = hWnd = 0x00020354; ClassName:
dow.
13:20:29 = hWnd = 0x00020476; ClassName:
13:20:29 = hWnd = 0x00020348; ClassName:
13:20:29 = s1.
13:20:29 = s2.
13:20:29
13:20:29
13:29:12
13:29:12
13:29:13
13:29:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


16:32:5 = hWnd = 0x000a0ac4; ClassName:
16:32:5 = hWnd = 0x00130486; ClassName:
ow.
16:32:5 = hWnd = 0x00180646; ClassName:
16:33:14 = ## ERR ## Setevent


16:33:14 = hWnd = 0x00040080; ClassName:
dow.
16:33:14 = hWnd = 0x00040038; ClassName:


17:39:35 = hWnd = 0x00010018; ClassName:
dow.
17:39:43 = hWnd = 0x00010022; ClassName:
17:39:43 = s1.
17:39:43 = s2.

17:39:45
17:39:45
17:40:42
17:40:42
17:40:43
17:40:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:9:56 = hWnd = 0x00060574; ClassName:
21:9:56 = hWnd = 0x00050562; ClassName:
ow.
21:10:2 = ## ERR ## Setevent


21:10:2 = hWnd = 0x00220114; ClassName:
ow.
21:10:2 = hWnd = 0x00040136; ClassName:


22:22:38 = hWnd = 0x00010018; ClassName:
dow.
22:22:38 = hWnd = 0x00010022; ClassName:

22:22:39 = s1.
22:22:39 = s2.
22:22:44
22:22:44
22:23:17
22:23:17
22:23:18
22:23:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:1:20 = hWnd = 0x00040532; ClassName:
w.
0:1:20 = hWnd = 0x00090528; ClassName:


.


ow.
4:27:56 =
x=0, y=0,
4:27:56 =
x=0, y=0,
4:27:56 =

width=0, height=0
width=0, height=0
4:27:56 = s1.
4:27:56 = s2.
4:27:57
4:27:57
4:28:31
4:28:31
4:28:32
4:28:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
7:46:1 = hWnd = 0x06be053a; ClassName:
7:47:11 = ## ERR ## Setevent


7:47:11 = hWnd = 0x00140086; ClassName:
ow.


x=0, y=0,
9:42:27 =
ow.
x=0, y=0,
9:42:28 =
x=0, y=0,
9:42:28 =
x=0, y=0,
9:42:35 =
width=1, height=1
width=0, height=0
width=0, height=0
9:42:35 = s1.
9:42:35 = s2.
9:42:37
9:42:37
9:43:12
9:43:12
9:43:13
9:43:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:31:22 = hWnd = 0x0017025c; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
18:31:22 = hWnd = 0x000e07c0; ClassName: IME; Title: Default IME.
18:32:18 = ## ERR ## Setevent
dow.



dow.
20:38:54 = s1.
20:38:54 = s2.
20:38:57
20:38:57
20:39:35
20:39:35
20:39:36
20:39:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:24:41 = hWnd = 0x004a04a8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
21:24:41 = hWnd = 0x002a04ba; ClassName: IME; Title: Default IME.
21:24:51 = ## ERR ## Setevent
dow.
21:24:51 = hWnd = 0x00160126; ClassName:


6:17:12 = hWnd = 0x00010018; ClassName:
ow.
6:17:12 = hWnd = 0x00010022; ClassName:

6:17:15 = s1.
6:17:15 = s2.
6:17:19
6:17:19
6:17:56
6:17:56
6:17:57
6:17:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

6:32:9 = hWnd = 0x00020584; ClassName:
w.
6:32:13 = ## ERR ## Setevent


ow.
6:32:13 =
x=0, y=0,
6:32:13 =
x=0, y=0,
13:5:35 =
13:5:35 =

width=0, height=0
hWnd = 0x000200be; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

13:5:35 = hWnd = 0x00010018; ClassName:
ow.
13:5:35 = hWnd = 0x00010022; ClassName:

13:5:36 = s1.
13:5:36 = s2.
dow.
14:20:42 = hWnd = 0x00040494; ClassName:
14:21:13 = ## ERR ## Setevent


14:21:13 = hWnd = 0x000500c0; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
19:18:25 = hWnd = 0x00010018; ClassName:
dow.
19:18:25 = hWnd = 0x00010022; ClassName:

19:18:28 = s1.
19:18:28 = s2.
19:18:32
19:18:32
19:19:10
19:19:10
19:19:11
19:19:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:49:24 = hWnd = 0x00050504; ClassName:
22:50:1 = ## ERR ## Setevent



22:50:1 = hWnd = 0x00060028; ClassName:
22:50:1 = hWnd = 0x00030042; ClassName:
ow.


13:20:16 = hWnd = 0x00010018; ClassName:
dow.
13:20:16 = hWnd = 0x00010022; ClassName:

13:20:17 = s1.
13:20:17 = s2.
13:20:22
13:20:22
13:20:48
13:20:48
13:20:49
13:20:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:6:51 = hWnd = 0x00010476; ClassName:
14:6:51 = hWnd = 0x00010472; ClassName:
ow.
14:6:51 = hWnd = 0x00010474; ClassName:
14:6:57 = ## ERR ## Setevent


ow.


17:51:8 = hWnd = 0x00010018; ClassName:
ow.
17:51:8 = hWnd = 0x00010022; ClassName:

17:51:8 = s1.
17:51:8 = s2.
ow.
23:4:59 = hWnd = 0x00070350; ClassName:


23:6:15 = ## ERR ## Setevent
23:6:15 = hWnd = 0x00030074; ClassName:
ow.
23:6:15 = hWnd = 0x00030100; ClassName:


7:11:54 = hWnd = 0x00010018; ClassName:
ow.
7:11:55 = hWnd = 0x00010022; ClassName:

7:11:59 = s1.
7:11:59 = s2.
7:25:55 = hWnd = 0x000604bc; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
7:25:55 =
x=0, y=0,
7:25:55 =
x=0, y=0,
7:28:42 =
7:28:42 =
width=1, height=1
width=0, height=0
hWnd = 0x000e04da; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

7:28:42 =
7:28:42 =
ow.
x=0, y=0,
7:28:42 =
begin close Process

7:28:42 =
x=0, y=0,
8:12:28 =
8:12:28 =

width=0, height=0
Process Attach
end process attach
width=1, height=1
##### Get event and release process end #####

8:12:29 = hWnd = 0x00010018; ClassName:
ow.
8:12:29 = hWnd = 0x00010022; ClassName:

8:12:31 = s1.
8:12:31 = s2.
8:12:33
8:12:33
8:13:10
8:13:10
8:13:11
8:13:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

12:44:48 = ## ERR ## Setevent
12:44:48 = hWnd = 0x00040086; ClassName:
dow.


13:26:29 = hWnd = 0x00010018; ClassName:
dow.
13:26:29 = hWnd = 0x00010022; ClassName:

13:26:32 = s1.
13:26:32 = s2.
13:26:35
13:26:35
13:27:14
13:27:14
13:27:15
13:27:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
13:55:38 = hWnd = 0x00040456; ClassName:
13:59:28 = ## ERR ## Setevent


dow.


21:55:46 = hWnd = 0x00010018; ClassName:
dow.
21:55:46 = hWnd = 0x00010022; ClassName:
21:55:52 = s1.
21:55:52 = s2.


0:26:22 =
ow.
x=0, y=0,
0:26:22 =
x=0, y=0,
0:26:22 =
x=0, y=0,
0:26:54 =
0:26:54 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

0:26:54 =
x=0, y=0,
0:26:54 =
x=0, y=0,
7:28:43 =
7:28:43 =
hWnd = 0x000b00ec; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
width=0, height=0
Process Attach
end process attach

7:28:43 = hWnd = 0x00010018; ClassName:
ow.
7:28:43 = hWnd = 0x00010022; ClassName:
7:28:43 = s1.
7:28:43 = s2.
7:28:44
7:28:44
7:29:21
7:29:21
7:29:22
7:29:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



7:30:1 = hWnd = 0x00030364; ClassName:
7:30:1 = hWnd = 0x00020362; ClassName:
w.
7:30:1 = hWnd = 0x00040358; ClassName:

7:30:1 = s1.
7:30:1 = s2.
11:54:58 = hWnd = 0x00030386; ClassName:
dow.
11:55:5 = ## ERR ## Setevent


ow.
11:55:5 =
x=0, y=0,
11:55:5 =
x=0, y=0,
12:56:8 =
12:56:8 =
hWnd = 0x000a006a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
width=0, height=0
Process Attach
end process attach

12:56:8 = hWnd = 0x00010018; ClassName:
ow.
12:56:8 = hWnd = 0x00010022; ClassName:

12:56:9 = s1.
12:56:9 = s2.
dow.
18:19:37 = hWnd = 0x00090500; ClassName:
18:20:2 = ## ERR ## Setevent


18:20:2 = hWnd = 0x000a00b4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

ow.
18:20:2 = hWnd = 0x000500ac; ClassName: IME; Title: Default IME.
20:55:32 = hWnd = 0x00010018; ClassName:
dow.
20:55:33 = hWnd = 0x00010022; ClassName:

20:55:35 = s1.
20:55:35 = s2.
20:55:38
20:55:38
20:56:18
20:56:18
20:56:19
20:56:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:56:44 = hWnd = 0x00090470; ClassName:
ow.
0:56:53 = ## ERR ## Setevent



ow.
7:26:3 = hWnd = 0x00010018; ClassName:
w.
7:26:3 = hWnd = 0x00010022; ClassName:

7:26:11 = s1.
7:26:11 = s2.
7:26:11
7:26:11
7:26:40
7:26:40
7:26:41
7:26:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:58:19 = hWnd = 0x00020550; ClassName:
9:58:25 = ## ERR ## Setevent



ow.


dow.
10:41:19 = s1.
10:41:19 = s2.
12:4:1 = hWnd = 0x00040592; ClassName:
w.


w.


18:18:17 = hWnd = 0x00010018; ClassName:
dow.
18:18:17 = hWnd = 0x00010022; ClassName:

18:18:25 = s1.
18:18:25 = s2.
18:18:25
18:18:25
18:18:49
18:18:49
18:18:50
18:18:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

18:46:31 = ## ERR ## Setevent
18:46:31 = hWnd = 0x00040070; ClassName:
dow.
18:46:31 = hWnd = 0x00030060; ClassName:
18:46:31 = hWnd = 0x00030076; ClassName:


21:45:13 = hWnd = 0x00010018; ClassName:
dow.
21:45:13 = hWnd = 0x00010022; ClassName:

21:45:17 = s1.
21:45:17 = s2.
21:45:23
21:45:23
21:45:56
21:45:56
21:45:57
21:45:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:58:9 = ## ERR ## Setevent
ow.


7:22:3 = hWnd = 0x00010018; ClassName:
w.
7:22:3 = hWnd = 0x00010022; ClassName:

7:22:5 = s1.
7:22:5 = s2.

ow.
7:34:26 = s1.
7:34:26 = s2.
7:34:26
7:34:26
7:46:44
7:46:44
7:46:45
7:46:45
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

7:57:19 = hWnd = 0x00040454; ClassName:
ow.
7:57:19 = hWnd = 0x00050440; ClassName:

7:57:19 = s1.
7:57:19 = s2.

.
8:5:5 = hWnd = 0x000f04ac; ClassName:


w.
8:5:10 = hWnd = 0x00030032; ClassName:


14:50:49 = hWnd = 0x00010018; ClassName:
dow.
14:50:49 = hWnd = 0x00010022; ClassName:
14:50:50 = s1.
14:50:50 = s2.
14:50:52
14:50:52
14:51:11
14:51:11
14:51:12
14:51:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


15:12:22 = hWnd = 0x00050536; ClassName:
dow.
15:12:26 = ## ERR ## Setevent


dow.


20:8:29 = hWnd = 0x00010018; ClassName:
ow.
20:8:30 = hWnd = 0x00010022; ClassName:
20:8:30 = s1.
20:8:30 = s2.

20:8:40
20:8:40
20:8:41
20:8:41
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

1:35:57 =
ow.
x=0, y=0,
1:35:57 =
x=0, y=0,
1:35:57 =
x=0, y=0,
1:36:46 =
1:36:46 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:36:46 = hWnd = 0x00040094; ClassName:
ow.
1:36:46 = hWnd = 0x00030096; ClassName:


8:9:26 = hWnd = 0x00010018; ClassName:
w.
8:9:26 = hWnd = 0x00010022; ClassName:
8:9:28 = s1.
8:9:28 = s2.

8:9:28
8:9:28
8:10:2
8:10:2
8:10:3
8:10:3
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
0:1:24 = hWnd = 0x00390802; ClassName:


.


7:27:8 = hWnd = 0x00010018; ClassName:
w.
7:27:9 = hWnd = 0x00010022; ClassName:

7:27:14 = s1.
7:27:14 = s2.
7:27:18
7:27:18
7:27:54
7:27:54
7:27:55
7:27:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
7:48:14 = ## ERR ## Setevent


7:48:14 = hWnd = 0x00050050; ClassName:
ow.
7:48:14 = hWnd = 0x00040058; ClassName:


dow.

22:22:3 = s1.
22:22:3 = s2.
22:42:8 = hWnd = 0x00060474; ClassName:
ow.
22:42:8 = hWnd = 0x00030532; ClassName:
22:42:12 = ## ERR ## Setevent


22:42:12 = hWnd = 0x00040050; ClassName:
dow.


6:2:7 = hWnd = 0x00010018; ClassName:
.
6:2:7 = hWnd = 0x00010022; ClassName:

6:2:12 = s1.
6:2:12 = s2.
6:2:13
6:2:13
6:2:49
6:2:49
6:2:50
6:2:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
7:46:11 = ## ERR ## Setevent


ow.


ow.
21:26:0 = s1.
21:26:0 = s2.
22:11:11 = hWnd = 0x00040592; ClassName:
dow.
22:11:17 = ## ERR ## Setevent


22:11:17 = hWnd = 0x000d0030; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

22:12:34 = hWnd = 0x00010018; ClassName:
dow.
22:12:35 = hWnd = 0x00010022; ClassName:

22:12:39 = s1.
22:12:39 = s2.
22:12:42
22:12:42
22:13:19
22:13:19
22:13:20
22:13:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:31:32 = hWnd = 0x00030600; ClassName:
22:31:35 = ## ERR ## Setevent



dow.


22:32:26 = hWnd = 0x00010018; ClassName:
dow.
22:32:26 = hWnd = 0x00010022; ClassName:

22:32:31 = s1.
22:32:31 = s2.
22:32:32
22:32:32
22:32:47
22:32:47
22:32:48
22:32:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:14:38 = hWnd = 0x00070516; ClassName:
ow.
0:14:38 = hWnd = 0x00140524; ClassName:


w.


7:23:58 = hWnd = 0x00010018; ClassName:
ow.
7:23:58 = hWnd = 0x00010022; ClassName:

7:23:58 = s1.
7:23:58 = s2.
7:23:58
7:23:58
7:24:33
7:24:33
7:24:34
7:24:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
7:46:54 =
x=0, y=0,
7:49:49 =
7:49:49 =

width=0, height=0
Process Attach
## ERR ## Setevent

ow.
7:49:49 = hWnd = 0x00060048; ClassName:


7:51:45 = hWnd = 0x00010018; ClassName:
ow.
7:51:45 = hWnd = 0x00010022; ClassName:

7:51:46 = s1.
7:51:46 = s2.
7:51:48
7:51:48
7:52:25
7:52:25
7:52:26
7:52:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
12:49:58 = hWnd = 0x000f05c6; ClassName: IME; Title: Default IME.
12:50:20 = ## ERR ## Setevent
12:50:20 = hWnd = 0x00040088; ClassName:
dow.


20:49:26 = hWnd = 0x00010018; ClassName:
dow.
20:49:27 = hWnd = 0x00010022; ClassName:
20:49:29 = s1.
20:49:29 = s2.
20:49:33
20:49:33
20:50:12
20:50:12
20:50:13
20:50:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


23:12:6 = hWnd = 0x00050542; ClassName:
ow.
23:12:6 = hWnd = 0x00030566; ClassName:
23:12:10 = ## ERR ## Setevent


dow.


23:31:11 = hWnd = 0x00010018; ClassName:
dow.
23:31:12 = hWnd = 0x00010022; ClassName:
23:31:14 = s1.
23:31:14 = s2.
23:31:17
23:31:17
23:31:56
23:31:56
23:31:57
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

23:50:37 = hWnd = 0x00020502; ClassName:
dow.
23:50:37 = hWnd = 0x00020522; ClassName:
23:50:37 = hWnd = 0x00020528; ClassName:
23:50:44 = ## ERR ## Setevent


dow.
23:50:44 = hWnd = 0x00040088; ClassName:


8:24:51 = hWnd = 0x00010018; ClassName:
ow.
8:24:51 = hWnd = 0x00010022; ClassName:
8:24:52 = s1.
8:24:52 = s2.


15:24:34 = hWnd = 0x00060452; ClassName:
dow.
15:24:34 = hWnd = 0x00070454; ClassName:
15:25:3 = ## ERR ## Setevent


ow.


17:0:27 = hWnd = 0x00010018; ClassName:
ow.
17:0:28 = hWnd = 0x00010022; ClassName:
17:0:32 = s1.
17:0:32 = s2.

17:0:36
17:0:36
17:1:12
17:1:12
17:1:13
17:1:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
18:35:6 = ## ERR ## Setevent
ow.
18:35:6 = hWnd = 0x00050092; ClassName:


18:43:37 = hWnd = 0x00010018; ClassName:
dow.
18:43:37 = hWnd = 0x00010022; ClassName:


18:43:40 = s1.
18:43:40 = s2.
18:43:43
18:43:43
18:44:22
18:44:22
18:44:23
18:44:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
20:54:44 = ## ERR ## Setevent


dow.


dow.
23:40:46 = s1.
23:40:46 = s2.
23:40:48
23:40:48
23:41:23
23:41:23
23:41:24
23:41:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:42:33 = ## ERR ## Setevent


ow.



7:11:44 = hWnd = 0x00010018; ClassName:
ow.
7:11:45 = hWnd = 0x00010022; ClassName:

7:11:45 = s1.
7:11:45 = s2.
7:11:46
7:11:46
7:12:18
7:12:18
7:12:19
7:12:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
7:54:47 = ## ERR ## Setevent


ow.


21:52:45 = hWnd = 0x00010018; ClassName:
dow.
21:52:45 = hWnd = 0x00010022; ClassName:

21:52:48 = s1.
21:52:48 = s2.
21:52:48
21:52:48
21:53:22
21:53:22
21:53:23
21:53:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
22:44:57 = ## ERR ## Setevent


dow.
13:33:54 = hWnd = 0x00010018; ClassName:
dow.
13:33:54 = hWnd = 0x00010022; ClassName:

13:33:55 = s1.
13:33:55 = s2.
13:33:56
13:33:56
13:34:35
13:34:35
13:34:36
13:34:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
13:44:29 = s1.
13:44:29 = s2.

13:44:30
13:47:17
13:47:17
13:47:18
13:47:18
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:8:28 = hWnd = 0x00060460; ClassName:
ow.
14:8:28 = hWnd = 0x00070470; ClassName:
14:8:38 = ## ERR ## Setevent


ow.


20:29:27 = hWnd = 0x00010018; ClassName:
dow.
20:29:27 = hWnd = 0x00010022; ClassName:

20:29:28 = s1.
20:29:28 = s2.
dow.
20:39:31 = hWnd = 0x00050354; ClassName:

20:39:31 = s1.
20:39:31 = s2.
20:39:31
20:39:32
20:52:17
20:52:17
20:52:18
20:52:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
21:10:9 = ## ERR ## Setevent


ow.
21:10:9 = hWnd = 0x00070062; ClassName:


21:12:29 = hWnd = 0x00020016; ClassName:
21:12:29 = hWnd = 0x00020018; ClassName:
dow.
21:12:29 = hWnd = 0x00010022; ClassName:

21:12:34 = s1.
21:12:34 = s2.
21:12:35
21:12:35
21:14:44
21:14:44
21:14:45
21:14:45
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:58:22 = hWnd = 0x000c04c4; ClassName: IME; Title: Default IME.

23:58:51 = ## ERR ## Setevent
dow.


7:5:51 = hWnd = 0x00010018; ClassName:
w.
7:5:51 = hWnd = 0x00010022; ClassName:

7:5:52 = s1.
7:5:52 = s2.
7:5:53
7:5:53
7:6:29
7:6:29
7:6:30
7:6:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
7:38:47 =
x=0, y=0,
7:38:47 =
x=0, y=0,
7:38:52 =
7:38:52 =
width=1, height=1
width=0, height=0
hWnd = 0x000404ec; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


14:4:12 = hWnd = 0x00010018; ClassName:
ow.
14:4:12 = hWnd = 0x00010022; ClassName:

14:4:12 = s1.
14:4:12 = s2.
14:4:13
14:4:13
14:4:34
14:4:34
14:4:35
14:4:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
14:21:59 = hWnd = 0x00070496; ClassName:
14:22:2 = ## ERR ## Setevent


ow.
14:22:2 = hWnd = 0x00040060; ClassName:


20:31:44 = hWnd = 0x00010018; ClassName:
dow.
20:31:44 = hWnd = 0x00010022; ClassName:
20:31:45 = s1.
20:31:45 = s2.


1:46:19 = hWnd = 0x00021314; ClassName:
ow.
1:46:19 = hWnd = 0x00031308; ClassName:
1:47:39 = ## ERR ## Setevent


ow.
1:47:39 = hWnd = 0x00090074; ClassName:


6:38:46 =
ow.
x=0, y=0,
6:38:46 =
x=0, y=0,
6:38:46 =
x=0, y=0,
6:38:47 =
width=1, height=1
width=0, height=0
width=0, height=0
6:38:47 = s1.
6:38:47 = s2.

7:54:26 = hWnd = 0x00040452; ClassName:
ow.
7:54:26 = hWnd = 0x00040466; ClassName:
7:54:59 = ## ERR ## Setevent


7:54:59 = hWnd = 0x00030094; ClassName:
ow.


14:11:26 = hWnd = 0x00010018; ClassName:
dow.
14:11:26 = hWnd = 0x00010022; ClassName:
14:11:27 = s1.

14:11:27 = s2.
14:27:34 = hWnd = 0x00040472; ClassName:
14:27:34 = hWnd = 0x00030494; ClassName:
dow.
14:27:34 = hWnd = 0x00070470; ClassName:
14:27:38 = ## ERR ## Setevent


14:27:38 = hWnd = 0x00070062; ClassName:
dow.
14:27:38 = hWnd = 0x00030064; ClassName:
14:27:38 = hWnd = 0x00030038; ClassName:


22:29:32 = hWnd = 0x00010018; ClassName:
dow.
22:29:32 = hWnd = 0x00010022; ClassName:


22:29:32 = s1.
22:29:32 = s2.
23:45:49 = hWnd = 0x00120450; ClassName:
dow.
23:45:49 = hWnd = 0x00180452; ClassName:
23:45:59 = ## ERR ## Setevent


dow.


ow.
x=0, y=0,
6:35:10 =
x=0, y=0,
6:35:10 =
x=0, y=0,
6:35:11 =
width=1, height=1
width=0, height=0
width=0, height=0
6:35:11 = s1.
6:35:11 = s2.
6:35:14
6:35:14
6:35:54
6:35:54
6:35:55
6:35:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
7:41:0 = hWnd = 0x00110476; ClassName:


7:41:7 = hWnd = 0x00070030; ClassName:
w.



20:34:59 = hWnd = 0x00010018; ClassName:
dow.
20:34:59 = hWnd = 0x00010022; ClassName:

20:34:59 = s1.
20:34:59 = s2.
20:52:42 = hWnd = 0x000d04be; ClassName:
20:52:42 = hWnd = 0x00020378; ClassName:
dow.
20:52:42 = hWnd = 0x00020318; ClassName:

20:52:43 = s1.
20:52:43 = s2.
20:52:45
20:52:45
21:12:58
21:12:58
21:12:59
21:12:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
0:50:52 = ## ERR ## Setevent
0:50:52 =
ow.
x=0, y=0,
0:50:52 =
0:50:52 =
x=0, y=0,
6:47:21 =
6:47:21 =
hWnd = 0x000a00b0; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
end close Process
hWnd = 0x000b00fa; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

6:47:21 = hWnd = 0x00010018; ClassName:
ow.
6:47:21 = hWnd = 0x00010022; ClassName:

6:47:33 = s1.
6:47:33 = s2.
ow.
x=0, y=0,
7:31:10 =
x=0, y=0,
7:31:10 =
x=0, y=0,
7:31:36 =
7:31:36 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


16:57:40 = hWnd = 0x00010018; ClassName:
dow.
16:57:40 = hWnd = 0x00010022; ClassName:

16:57:43 = s1.
16:57:43 = s2.
16:57:46
16:57:46
16:58:24
16:58:24
16:58:25
16:58:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


18:19:31 = hWnd = 0x00060444; ClassName:
dow.
18:19:31 = hWnd = 0x00050470; ClassName:
18:19:38 = ## ERR ## Setevent


dow.


18:21:34 = hWnd = 0x00010018; ClassName:
dow.
18:21:34 = hWnd = 0x00010022; ClassName:
18:21:40 = s1.
18:21:40 = s2.
18:21:42
18:21:42
18:22:14
18:22:14
18:22:15
18:22:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


.
1:0:1 = hWnd = 0x00030808; ClassName:


1:0:29 = hWnd = 0x00070052; ClassName:
w.


8:0:38 = hWnd = 0x00010018; ClassName:
w.
8:0:38 = hWnd = 0x00010022; ClassName:
8:0:40 = s1.
8:0:40 = s2.
8:0:43
8:0:43
8:1:24
8:1:24
=
=
=
=
Start show animate

begin close Process
Terminate Process


dow.
12:32:44 = hWnd = 0x000c18d8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
12:32:44 = s1.
12:32:44 = s2.
.


1:9:8 = hWnd = 0x002000ce; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
1:9:8 = hWnd = 0x000600a6; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.
6:26:5 = hWnd = 0x00010018; ClassName:
w.
6:26:5 = hWnd = 0x00010022; ClassName:

6:26:9 = s1.
6:26:9 = s2.
6:26:14
6:26:14
6:26:52
6:26:52
6:26:53
6:26:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
7:29:17 = ## ERR ## Setevent



ow.


dow.
20:57:2 = s1.
20:57:2 = s2.
w.
1:0:16 = hWnd = 0x00520494; ClassName:
1:0:16 = hWnd = 0x00020360; ClassName:
1:0:16 = s1.
1:0:16 = s2.

1:0:16
1:0:16
2:6:12
2:6:12
2:6:13
2:6:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:6:23 = hWnd = 0x00030360; ClassName:
w.


w.


13:40:17 = hWnd = 0x00010018; ClassName:
dow.
13:40:17 = hWnd = 0x00010022; ClassName:


13:40:19 = s1.
13:40:19 = s2.
13:40:19
13:40:19
13:40:54
13:40:54
13:40:55
13:40:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:22:39 = hWnd = 0x00060470; ClassName:
14:22:44 = ## ERR ## Setevent


14:22:44 = hWnd = 0x00020080; ClassName:
14:22:44 = hWnd = 0x00090034; ClassName:
dow.


w.

18:9:4 = s1.
18:9:4 = s2.
23:28:54 = hWnd = 0x00020ace; ClassName:
dow.
23:29:41 = ## ERR ## Setevent


dow.
23:29:41 = hWnd = 0x01620054; ClassName:



ow.
6:40:58 = s1.
6:40:58 = s2.
7:45:29 = hWnd = 0x00030462; ClassName:
ow.
7:45:29 = hWnd = 0x00020464; ClassName:
7:45:29 = hWnd = 0x00030460; ClassName:


w.


19:7:4 = hWnd = 0x00010018; ClassName:
w.
19:7:4 = hWnd = 0x00010022; ClassName:

19:7:6 = s1.
19:7:6 = s2.
dow.

19:18:12 = s1.
19:18:12 = s2.
19:18:12
19:18:13
20:28:34
20:28:34
20:28:35
20:28:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
23:6:3 = hWnd = 0x00070522; ClassName:
23:6:25 = ## ERR ## Setevent


23:6:25 = hWnd = 0x00a600d2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
6:40:5 = hWnd = 0x00010018; ClassName:
w.
6:40:6 = hWnd = 0x00010022; ClassName:

6:40:8 = s1.
6:40:8 = s2.
6:40:11
6:40:11
6:40:51
6:40:51
6:40:52
6:40:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
7:17:44 = ## ERR ## Setevent
ow.


21:46:25 = hWnd = 0x00010018; ClassName:
dow.
21:46:25 = hWnd = 0x00010022; ClassName:
21:46:28 = s1.
21:46:28 = s2.
21:46:32
21:46:32
21:47:11
21:47:11
21:47:12
21:47:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



22:35:9 = hWnd = 0x00050362; ClassName:
ow.
22:35:9 = hWnd = 0x00030374; ClassName:
22:35:9 = hWnd = 0x00060378; ClassName:
22:35:15 = ## ERR ## Setevent


dow.
22:39:56 = hWnd = 0x00010018; ClassName:
dow.
22:39:56 = hWnd = 0x00010022; ClassName:
22:40:1 = s1.
22:40:1 = s2.


23:1:23 = hWnd = 0x00060420; ClassName:
ow.
23:1:23 = hWnd = 0x00020500; ClassName:
23:1:31 = ## ERR ## Setevent


ow.


17:11:23 = hWnd = 0x00010018; ClassName:
dow.
17:11:23 = hWnd = 0x00010022; ClassName:
17:11:24 = s1.
17:11:24 = s2.

dow.
19:32:48 = ## ERR ## Setevent


dow.
19:32:48 = hWnd = 0x00070082; ClassName:
19:32:48 = hWnd = 0x00210050; ClassName:


dow.
23:18:40 = s1.
23:18:40 = s2.
23:19:18
23:19:18
23:19:19
23:19:19
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
0:47:57 = hWnd = 0x00100448; ClassName:


w.


13:41:40 = hWnd = 0x00010018; ClassName:
dow.
13:41:40 = hWnd = 0x00010022; ClassName:
13:41:43 = s1.

13:41:43 = s2.
13:41:47
13:41:47
13:42:26
13:42:26
13:42:27
13:42:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:29:36 = hWnd = 0x00060374; ClassName:
dow.
15:29:41 = ## ERR ## Setevent


dow.


dow.

16:54:43 = s1.
16:54:43 = s2.
16:54:47
16:54:47
16:55:24
16:55:24
16:55:25
16:55:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
17:49:40 = ## ERR ## Setevent


17:49:40 = hWnd = 0x00070110; ClassName:
dow.
17:49:40 = hWnd = 0x00070114; ClassName:


dow.
23:41:26 = s1.
23:41:26 = s2.
w.
0:9:37 = hWnd = 0x00040482; ClassName:
0:9:37 = hWnd = 0x00090628; ClassName:
0:12:14 = ## ERR ## Setevent


0:12:14 =
0:12:14 =
0:12:14 =
x=0, y=0,
0:12:14 =
x=0, y=0,
0:13:58 =
0:13:58 =
begin close Process

end close Process
width=0, height=0
width=0, height=0
Process Attach
end process attach

ow.

0:14:4 = s1.
0:14:4 = s2.
ow.
0:53:31 = hWnd = 0x00030610; ClassName:
0:54:58 = ## ERR ## Setevent


0:54:58 = hWnd = 0x00040042; ClassName:
ow.


ow.
x=0, y=0,
0:56:29 =
x=0, y=0,
0:56:29 =
x=0, y=0,
0:56:30 =
width=1, height=1
width=0, height=0
width=0, height=0
0:56:30 = s1.
0:56:30 = s2.
0:56:30
0:56:30
0:57:16
0:57:16
0:57:17
0:57:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
6:37:48 = hWnd = 0x00010018; ClassName:
ow.
6:37:48 = hWnd = 0x00010022; ClassName:


6:37:51 = s1.
6:37:51 = s2.
7:18:7 = hWnd = 0x001a01b8; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
7:18:7 = hWnd = 0x000c0fa8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
7:18:7 = hWnd = 0x00060eec; ClassName: IME; Title: Default IME.
7:18:25 = ## ERR ## Setevent
ow.


dow.
15:47:30 = s1.
15:47:30 = s2.
dow.
19:16:45 = ## ERR ## Setevent


19:16:45 = hWnd = 0x00090038; ClassName:
dow.



dow.
21:37:30 = s1.
21:37:30 = s2.
21:37:34
21:37:34
21:38:16
21:38:16
21:38:17
21:38:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:38:35 = hWnd = 0x00020470; ClassName:
dow.
22:38:40 = ## ERR ## Setevent


22:38:40 = hWnd = 0x00030082; ClassName:
22:38:40 = hWnd = 0x00070090; ClassName:
dow.


22:3:36 = hWnd = 0x00010018; ClassName:
ow.
22:3:36 = hWnd = 0x00010022; ClassName:

22:3:39 = s1.
22:3:39 = s2.
22:3:42
22:3:42
22:4:21
22:4:21
22:4:22
22:4:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:35:22 = hWnd = 0x00080376; ClassName:
23:36:21 = ## ERR ## Setevent


dow.


15:25:58 = hWnd = 0x00010018; ClassName:
dow.
15:25:58 = hWnd = 0x00010022; ClassName:

15:26:5 = s1.
15:26:5 = s2.
18:32:44 = hWnd = 0x00020366; ClassName:
dow.
18:32:44 = hWnd = 0x00020364; ClassName:
18:32:51 = ## ERR ## Setevent


dow.
7:39:13 = hWnd = 0x00010018; ClassName:
ow.
7:39:14 = hWnd = 0x00010022; ClassName:

7:39:16 = s1.
7:39:16 = s2.
12:3:35 =
ow.
x=0, y=0,
12:3:35 =
x=0, y=0,
12:3:35 =
x=0, y=0,
12:4:22 =
12:4:22 =
width=1, height=1
width=0, height=0
hWnd = 0x07cb043a; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.

16:10:56 = hWnd = 0x00010018; ClassName:
dow.
16:10:57 = hWnd = 0x00010022; ClassName:

16:11:2 = s1.
16:11:2 = s2.
w.
0:4:16 = hWnd = 0x00160618; ClassName:


0:4:22 = hWnd = 0x000f00dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

w.
0:4:22 = hWnd = 0x000c00ce; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
9:10:57 = hWnd = 0x00010018; ClassName:
ow.
9:10:57 = hWnd = 0x00010022; ClassName:

9:10:58 = s1.
9:10:58 = s2.
9:11:15
9:11:15
9:11:52
9:11:52
9:11:53
9:11:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:29:55 = ## ERR ## Setevent

dow.
w.
6:8:30 = s1.
6:8:30 = s2.
6:8:35
6:8:35
6:9:14
6:9:14
6:9:15
6:9:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
6:40:43 = ## ERR ## Setevent



6:40:43 = hWnd = 0x00050056; ClassName:
6:40:43 = hWnd = 0x00040096; ClassName:
ow.
6:40:43 = hWnd = 0x00060098; ClassName:


6:41:49 = hWnd = 0x00010018; ClassName:
ow.
6:41:49 = hWnd = 0x00010022; ClassName:

6:41:55 = s1.
6:41:55 = s2.
ow.
7:10:41 = hWnd = 0x00100594; ClassName:
7:10:46 = ## ERR ## Setevent


7:10:46 = hWnd = 0x00030068; ClassName:
ow.
7:10:46 = hWnd = 0x00040070; ClassName:


14:15:16 = hWnd = 0x00010018; ClassName:
dow.
14:15:16 = hWnd = 0x00010022; ClassName:

14:15:16 = s1.
14:15:16 = s2.
14:15:17
14:15:17
14:15:49
14:15:49
14:15:50
14:15:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.


17:14:52 = ## ERR ## Setevent
17:14:52 = hWnd = 0x00050054; ClassName:
dow.
17:14:52 = hWnd = 0x00060084; ClassName:
17:14:52 = hWnd = 0x00050034; ClassName:


18:41:45 = hWnd = 0x00010018; ClassName:
dow.
18:41:46 = hWnd = 0x00010022; ClassName:

18:41:47 = s1.
18:41:47 = s2.
18:41:49
18:41:49
18:42:27
18:42:27
18:42:28
18:42:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
5:13:22 =
x=0, y=0,
5:13:37 =
5:13:37 =

width=0, height=0
Process Attach
## ERR ## Setevent

5:13:37 = hWnd = 0x00250080; ClassName:
ow.


5:14:45 = hWnd = 0x00010018; ClassName:
ow.
5:14:49 = hWnd = 0x00010022; ClassName:

5:16:33 = s1.
5:16:33 = s2.
5:16:34
5:16:34
5:17:11
5:17:11
5:17:12
5:17:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.

w.


14:48:26 = hWnd = 0x00010018; ClassName:
dow.
14:48:27 = hWnd = 0x00010022; ClassName:

14:48:30 = s1.
14:48:30 = s2.
14:48:34
14:48:34
14:49:10
14:49:10
14:49:11
14:49:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:43:11 = hWnd = 0x000c05a8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
22:44:9 = ## ERR ## Setevent
ow.


5:59:17 =
ow.
x=0, y=0,
5:59:18 =
x=0, y=0,
5:59:18 =
x=0, y=0,
5:59:22 =
width=1, height=1
width=0, height=0
width=0, height=0
5:59:22 = s1.
5:59:22 = s2.
5:59:27
5:59:27
6:0:5 =
6:0:5 =
6:0:6 =
6:0:6 =
= Start show animate

= Shell Excutute VerifyHost
begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.


w.


12:58:8 = hWnd = 0x00010018; ClassName:
ow.
12:58:8 = hWnd = 0x00010022; ClassName:
12:58:10 = s1.
12:58:10 = s2.
12:58:13
12:58:13
12:58:45
12:58:45
12:58:46
12:58:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



ow.
14:5:27 = hWnd = 0x00020476; ClassName:
14:5:47 = ## ERR ## Setevent


ow.
14:5:47 = hWnd = 0x00100102; ClassName:


17:6:29 = hWnd = 0x00010018; ClassName:
ow.
17:6:29 = hWnd = 0x00010022; ClassName:
17:6:29 = s1.
17:6:29 = s2.
17:6:31
17:6:31
17:6:50
17:6:50
17:6:51
17:6:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


22:0:23 = hWnd = 0x00020020; ClassName:
22:0:23 = hWnd = 0x00020022; ClassName:
ow.

22:0:27 = s1.
22:0:27 = s2.
22:0:27
22:0:27
22:3:49
22:3:49
22:3:50
22:3:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:4:17 = hWnd = 0x00020446; ClassName:
22:4:17 = hWnd = 0x00020442; ClassName:
ow.
22:4:17 = hWnd = 0x00010452; ClassName:
22:4:17 = hWnd = 0x00020444; ClassName:
22:4:45 = ## ERR ## Setevent


22:4:45 = hWnd = 0x000600ce; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
22:4:45 =
x=0, y=0,
22:4:45 =
x=0, y=0,
22:5:48 =
22:5:48 =
hWnd = 0x000100ee; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
width=0, height=0
Process Attach
end process attach

22:5:49 = hWnd = 0x00010018; ClassName:
ow.
22:5:49 = hWnd = 0x00010022; ClassName:

22:6:5 = s1.
22:6:5 = s2.
23:43:6 = hWnd = 0x00020628; ClassName:
ow.
23:43:6 = hWnd = 0x00020630; ClassName:
23:43:11 = ## ERR ## Setevent



dow.
23:43:11 = hWnd = 0x000a00e8; ClassName: IME; Title: Default IME.
6:26:36 = hWnd = 0x00010018; ClassName:
ow.
6:26:36 = hWnd = 0x00010022; ClassName:

6:26:41 = s1.
6:26:41 = s2.
6:26:42
6:26:42
6:27:16
6:27:16
6:27:17
6:27:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
7:47:46 = ## ERR ## Setevent


ow.


17:23:6 = hWnd = 0x00010018; ClassName:
ow.
17:23:7 = hWnd = 0x00010022; ClassName:

17:23:10 = s1.
17:23:10 = s2.
17:23:13
17:23:13
17:23:50
17:23:50
17:23:51
17:23:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:0:59 = hWnd = 0x00020446; ClassName:
ow.
22:0:59 = hWnd = 0x00030314; ClassName:


22:1:12 = ## ERR ## Setevent
22:1:12 =
ow.
x=0, y=0,
22:1:12 =
x=0, y=0,
22:1:12 =
x=0, y=0,
6:28:25 =
6:28:25 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

6:28:26 = hWnd = 0x00010018; ClassName:
ow.
6:28:26 = hWnd = 0x00010022; ClassName:

6:28:29 = s1.
6:28:29 = s2.
6:28:33
6:28:33
6:29:12
6:29:12
6:29:13
6:29:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.

7:41:13 = ## ERR ## Setevent
ow.
7:41:13 = hWnd = 0x00070054; ClassName:


16:37:47 = hWnd = 0x00010018; ClassName:
dow.
16:37:48 = hWnd = 0x00010022; ClassName:

16:37:50 = s1.
16:37:50 = s2.
16:37:53
16:37:53
16:38:32
16:38:32
16:38:33
16:38:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
17:59:9 = ## ERR ## Setevent
ow.
17:59:9 = hWnd = 0x00050046; ClassName:
17:59:9 = hWnd = 0x00040086; ClassName:


19:10:39 = hWnd = 0x00010018; ClassName:
dow.
19:10:40 = hWnd = 0x00010022; ClassName:

19:10:42 = s1.
19:10:42 = s2.
19:10:46
19:10:46
19:11:24
19:11:24
19:11:25
19:11:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.
20:4:7 = hWnd = 0x00050514; ClassName:
20:4:7 = hWnd = 0x00730510; ClassName:
20:4:14 = ## ERR ## Setevent


ow.


22:10:27 = hWnd = 0x00010018; ClassName:
dow.
22:10:27 = hWnd = 0x00010022; ClassName:
22:10:27 = s1.
22:10:27 = s2.
22:10:27
22:10:27
22:10:52
22:10:52
22:10:53
22:10:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


0:24:52 = hWnd = 0x00060514; ClassName:
ow.
0:24:52 = hWnd = 0x00030542; ClassName:
0:24:56 = ## ERR ## Setevent


ow.
0:24:56 = hWnd = 0x00060034; ClassName:


6:17:24 = hWnd = 0x00010018; ClassName:
ow.
6:17:24 = hWnd = 0x00010022; ClassName:
6:17:25 = s1.
6:17:25 = s2.
6:17:52
6:17:52
6:18:30
6:18:30
=
=
=
=
Start show animate

begin close Process
Terminate Process


ow.
11:51:13 = ## ERR ## Setevent


dow.


14:22:36 = hWnd = 0x00010018; ClassName:
dow.
14:22:36 = hWnd = 0x00010022; ClassName:

14:22:38 = s1.
14:22:38 = s2.
14:22:38
14:22:38
14:23:13
14:23:13
14:23:14
14:23:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:8:22 = hWnd = 0x00240672; ClassName:
ow.
23:8:22 = hWnd = 0x00050692; ClassName:


23:9:7 = hWnd = 0x00140122; ClassName:
w.
23:9:7 = hWnd = 0x00650112; ClassName:


ow.

2:40:30 = s1.
2:40:30 = s2.
w.
4:8:58 = hWnd = 0x00020446; ClassName:


.


w.
7:18:2 = s1.
7:18:2 = s2.
21:41:16 = hWnd = 0x00050036; ClassName:
21:41:16 = hWnd = 0x00020422; ClassName:
dow.
21:41:35 = ## ERR ## Setevent


dow.
21:41:35 = hWnd = 0x00140092; ClassName:


dow.
23:24:47 = s1.
23:24:47 = s2.
23:24:48
23:24:48
23:25:21
23:25:21
23:25:22
23:25:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:23:57 = hWnd = 0x00050372; ClassName:
ow.
0:23:57 = hWnd = 0x00040368; ClassName:
0:23:57 = hWnd = 0x00050358; ClassName:


w.


6:11:49 = hWnd = 0x00010018; ClassName:
ow.
6:11:49 = hWnd = 0x00010022; ClassName:

6:11:52 = s1.
6:11:52 = s2.
6:11:56
6:11:56
6:12:34
6:12:34
6:12:35
6:12:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:13:4 = hWnd = 0x00290536; ClassName:
w.
8:13:4 = hWnd = 0x00190568; ClassName:
8:13:37 = ## ERR ## Setevent


ow.


8:14:56 = hWnd = 0x00010018; ClassName:
ow.
8:14:56 = hWnd = 0x00010022; ClassName:

8:14:57 = s1.
8:14:57 = s2.
ow.
8:20:49 = ## ERR ## Setevent


8:20:49 = hWnd = 0x000800bc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.

12:59:16 = hWnd = 0x00010018; ClassName:
dow.
12:59:16 = hWnd = 0x00010022; ClassName:

12:59:17 = s1.
12:59:17 = s2.
12:59:18
12:59:18
13:0:2 =
13:0:2 =
13:0:3 =
13:0:3 =
= Start show animate

= Shell Excutute VerifyHost
begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:33:38 = hWnd = 0x001504de; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
22:33:45 = ## ERR ## Setevent

dow.


6:37:4 = hWnd = 0x00010018; ClassName:
w.
6:37:4 = hWnd = 0x00010022; ClassName:

6:37:6 = s1.
6:37:6 = s2.
6:37:10
6:37:10
6:37:48
6:37:48
6:37:49
6:37:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
7:34:54 = ## ERR ## Setevent


7:34:54 = hWnd = 0x00060064; ClassName:
ow.


11:1:16 = hWnd = 0x00010018; ClassName:
ow.
11:1:17 = hWnd = 0x00010022; ClassName:

11:1:19 = s1.
11:1:19 = s2.
20:48:55 = hWnd = 0x003b04a2; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
20:48:55 = hWnd = 0x000804aa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
20:49:15 = ## ERR ## Setevent

20:49:15 = hWnd = 0x00030090; ClassName:
dow.


21:49:0 = hWnd = 0x00010018; ClassName:
ow.
21:49:0 = hWnd = 0x00010022; ClassName:

21:49:3 = s1.
21:49:3 = s2.
ow.
0:32:16 = ## ERR ## Setevent


ow.


7:47:22 = hWnd = 0x00010018; ClassName:
ow.
7:47:22 = hWnd = 0x00010022; ClassName:

7:47:23 = s1.
7:47:23 = s2.
7:47:23
7:47:23
7:47:44
7:47:44
7:47:46
7:47:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
14:8:33 = ## ERR ## Setevent

ow.
14:8:33 = hWnd = 0x00060062; ClassName:


16:39:21 = hWnd = 0x00010018; ClassName:
dow.
16:39:21 = hWnd = 0x00010022; ClassName:

16:39:22 = s1.
16:39:22 = s2.
16:39:22
16:39:22
16:39:41
16:39:41
16:39:42
16:39:42
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

21:34:53 = ## ERR ## Setevent
dow.


21:48:19 = hWnd = 0x00010018; ClassName:
dow.
21:48:20 = hWnd = 0x00010022; ClassName:

21:48:22 = s1.
21:48:22 = s2.

dow.
22:20:51 = ## ERR ## Setevent
dow.
22:20:51 = hWnd = 0x00040084; ClassName:


5:47:3 = hWnd = 0x00010018; ClassName:
w.
5:47:3 = hWnd = 0x00010022; ClassName:
5:47:11 = s1.
5:47:11 = s2.
5:47:11
5:47:11
5:47:44
5:47:44
5:47:45
5:47:45
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



6:49:0 = hWnd = 0x00030488; ClassName:
6:49:0 = hWnd = 0x00030480; ClassName:
w.
6:49:0 = hWnd = 0x00030042; ClassName:
6:49:0 = hWnd = 0x00070470; ClassName:


w.


7:0:8 = hWnd = 0x00010018; ClassName:
.
7:0:8 = hWnd = 0x00010022; ClassName:
7:0:9 = s1.
7:0:9 = s2.


7:41:34 = hWnd = 0x00020478; ClassName:
ow.
7:41:34 = hWnd = 0x00020464; ClassName:
7:41:42 = ## ERR ## Setevent


ow.
7:41:42 = hWnd = 0x00040092; ClassName:


ow.
7:51:6 = s1.
7:51:6 = s2.

7:54:4 = hWnd = 0x00030398; ClassName:
w.
7:54:4 = hWnd = 0x00050028; ClassName:
7:54:14 = ## ERR ## Setevent


ow.


14:21:31 = hWnd = 0x00010018; ClassName:
dow.
14:21:41 = hWnd = 0x00010022; ClassName:
14:21:47 = s1.

14:21:47 = s2.
14:21:49
14:21:49
14:22:36
14:22:36
14:22:37
14:22:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:19:38 = hWnd = 0x00050310; ClassName:
dow.
15:19:38 = hWnd = 0x00050448; ClassName:
15:19:38 = hWnd = 0x00070446; ClassName:
15:19:43 = ## ERR ## Setevent


dow.
15:19:43 = hWnd = 0x00040058; ClassName:


ow.
x=0, y=0,
7:40:29 =
x=0, y=0,
7:40:29 =
x=0, y=0,
7:40:46 =
width=1, height=1
width=0, height=0
width=0, height=0
7:40:46 = s1.
7:40:46 = s2.
w.
7:50:41 = ## ERR ## Setevent


7:50:41 = hWnd = 0x00030090; ClassName:
7:50:41 = hWnd = 0x00070084; ClassName:
ow.



11:27:58 = hWnd = 0x00010018; ClassName:
dow.
11:27:58 = hWnd = 0x00010022; ClassName:

11:27:59 = s1.
11:27:59 = s2.
14:55:28 = hWnd = 0x00060598; ClassName:
dow.
14:55:34 = ## ERR ## Setevent


14:55:34 = hWnd = 0x007000cc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

7:54:42 = hWnd = 0x00010018; ClassName:
ow.
7:54:42 = hWnd = 0x00010022; ClassName:

7:54:45 = s1.
7:54:45 = s2.
7:54:49
7:54:49
7:55:28
7:55:28
7:55:30
7:55:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:53:59 = hWnd = 0x00050342; ClassName:
ow.



16:41:57 = hWnd = 0x00010018; ClassName:
dow.
16:41:58 = hWnd = 0x00010022; ClassName:

16:42:1 = s1.
16:42:1 = s2.
dow.
16:57:20 = hWnd = 0x00020506; ClassName:
16:57:20 = s1.
16:57:20 = s2.
16:57:20
16:57:20
16:59:19
16:59:19
16:59:20
16:59:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



17:0:26 = hWnd = 0x00010018; ClassName:
ow.
17:0:26 = hWnd = 0x00010022; ClassName:

17:0:26 = s1.
17:0:26 = s2.
17:0:26
17:0:26
17:0:50
17:0:50
17:0:51
17:0:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
20:58:25 = ## ERR ## Setevent


20:58:25 = hWnd = 0x000b00c4; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

dow.
21:58:13 = s1.
21:58:13 = s2.
21:58:17
21:58:17
21:58:55
21:58:55
21:58:56
21:58:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:36:12 = ## ERR ## Setevent
dow.
23:36:12 = hWnd = 0x000500ac; ClassName: IME; Title: Default IME.

5:30:27 = hWnd = 0x00010018; ClassName:
ow.
5:30:27 = hWnd = 0x00010022; ClassName:

5:30:30 = s1.
5:30:30 = s2.
5:30:32
5:30:32
5:31:12
5:31:12
5:31:13
5:31:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
16:15:44 = ## ERR ## Setevent


dow.
16:18:49 = hWnd = 0x00010018; ClassName:
dow.
16:18:49 = hWnd = 0x00010022; ClassName:

16:18:53 = s1.
16:18:53 = s2.
16:18:57
16:18:57
16:19:35
16:19:35
16:19:36
16:19:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:8:17 = hWnd = 0x000e0dc6; ClassName:
ow.
23:8:17 = hWnd = 0x00030edc; ClassName:
23:8:17 = hWnd = 0x00800482; ClassName:
23:16:20 = ## ERR ## Setevent



23:16:20 = hWnd = 0x00030048; ClassName:
dow.


7:11:9 = hWnd = 0x00010018; ClassName:
w.
7:11:9 = hWnd = 0x00010022; ClassName:

7:11:17 = s1.
7:11:17 = s2.
7:11:17
7:11:17
7:11:50
7:11:50
7:11:52
7:11:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:41:53 = hWnd = 0x00040462; ClassName:
ow.
8:41:53 = hWnd = 0x00040444; ClassName:
8:41:53 = hWnd = 0x00050504; ClassName:
8:41:57 = ## ERR ## Setevent


ow.


13:5:55 = hWnd = 0x00010018; ClassName:
ow.
13:5:55 = hWnd = 0x00010022; ClassName:

13:5:59 = s1.
13:5:59 = s2.
13:5:59
13:5:59
13:6:32
13:6:32
13:6:33
13:6:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.

16:20:53 = ## ERR ## Setevent
dow.
16:20:53 = hWnd = 0x00080034; ClassName:


18:34:47 = hWnd = 0x00010018; ClassName:
dow.
18:34:47 = hWnd = 0x00010022; ClassName:

18:34:49 = s1.
18:34:49 = s2.
18:34:51
18:34:51
18:35:27
18:35:27
18:35:28
18:35:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:54:2 = hWnd = 0x00130ad6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

ow.
22:55:34 = ## ERR ## Setevent
dow.


6:13:57 = hWnd = 0x00010018; ClassName:
ow.
6:13:57 = hWnd = 0x00010022; ClassName:
6:13:59 = s1.
6:13:59 = s2.
6:13:59
6:13:59
6:14:31
6:14:31
6:14:32
6:14:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



dow.
10:25:50 = ## ERR ## Setevent


10:25:50 = hWnd = 0x00100106; ClassName:
dow.


10:27:23 = hWnd = 0x00010018; ClassName:
dow.
10:27:23 = hWnd = 0x00010022; ClassName:
10:27:23 = s1.
10:27:23 = s2.
10:27:25
10:27:25
10:27:57
10:27:57
10:27:58
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

16:7:10 =
ow.
x=0, y=0,
16:7:10 =
x=0, y=0,
16:7:10 =
x=0, y=0,
16:7:28 =
16:7:28 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


ow.
16:19:0 = s1.
16:19:0 = s2.
16:19:12
16:19:12
16:19:13
16:19:13
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
18:6:35 = hWnd = 0x00040304; ClassName:
18:6:35 = hWnd = 0x00050310; ClassName:
18:7:19 = ## ERR ## Setevent


18:7:19 = hWnd = 0x00050070; ClassName:
ow.


19:22:31 = hWnd = 0x00010018; ClassName:
dow.
19:22:32 = hWnd = 0x00010022; ClassName:
19:22:37 = s1.

19:22:37 = s2.
19:22:40
19:22:40
19:23:16
19:23:16
19:23:17
19:23:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:58:35 = ## ERR ## Setevent
dow.


0:59:57 = hWnd = 0x00010018; ClassName:
ow.
0:59:57 = hWnd = 0x00010022; ClassName:

1:0:3 = s1.
1:0:3 = s2.
1:26:4 = hWnd = 0x00020192; ClassName:
w.
1:26:4 = hWnd = 0x00020194; ClassName:


w.


ow.
x=0, y=0,
7:58:13 =
x=0, y=0,
7:58:13 =
x=0, y=0,
7:58:13 =
width=1, height=1
width=0, height=0
width=0, height=0
7:58:13 = s1.
7:58:13 = s2.
7:58:13
7:58:13
7:58:48
7:58:48
7:58:49
7:58:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:16:34 = hWnd = 0x00040462; ClassName:
ow.
8:16:34 = hWnd = 0x00040464; ClassName:
8:18:30 = ## ERR ## Setevent


8:18:30 =
ow.
x=0, y=0,
8:18:30 =
x=0, y=0,
8:18:30 =
x=0, y=0,
8:20:51 =
8:20:51 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

x=0, y=0,
8:20:51 =
ow.
x=0, y=0,
8:20:51 =
x=0, y=0,
8:20:51 =
x=0, y=0,
8:20:55 =
width=1, height=1
width=0, height=0
width=0, height=0
8:20:55 = s1.
8:20:55 = s2.
8:20:55
8:20:55
8:21:34
8:21:34
8:21:35
8:21:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:42:20 = hWnd = 0x00121216; ClassName:
9:42:20 = hWnd = 0x000e0ee8; ClassName:
9:45:39 = ## ERR ## Setevent


ow.
9:45:39 = hWnd = 0x00030060; ClassName:


9:50:53 = hWnd = 0x00010018; ClassName:
ow.
9:50:53 = hWnd = 0x00010022; ClassName:

9:50:54 = s1.
9:50:54 = s2.
9:50:54
9:50:54
9:51:29
9:51:29
9:51:30
9:51:30
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:22:41 = ## ERR ## Setevent


dow.

15:35:8 = hWnd = 0x00010018; ClassName:
ow.
15:35:9 = hWnd = 0x00010022; ClassName:

15:35:11 = s1.
15:35:11 = s2.
15:35:14
15:35:14
15:35:53
15:35:53
15:35:54
15:35:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
20:10:44 = hWnd = 0x00eb069e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
20:10:55 = ## ERR ## Setevent
dow.
20:10:55 = hWnd = 0x00070062; ClassName:


20:12:32 = hWnd = 0x00010018; ClassName:
dow.
20:12:32 = hWnd = 0x00010022; ClassName:

20:12:34 = s1.
20:12:34 = s2.
20:12:38
20:12:38
20:13:16
20:13:16
20:13:18
20:13:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:6:47 = hWnd = 0x00080552; ClassName:
ow.
22:6:47 = hWnd = 0x00070544; ClassName:
22:7:13 = ## ERR ## Setevent


ow.

22:10:37 = hWnd = 0x00010018; ClassName:
dow.
22:10:37 = hWnd = 0x00010022; ClassName:

22:10:40 = s1.
22:10:40 = s2.
22:10:44
22:10:44
22:11:23
22:11:23
22:11:24
22:11:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:45:49 = hWnd = 0x00030366; ClassName:
22:45:49 = hWnd = 0x00030352; ClassName:
dow.
22:45:53 = ## ERR ## Setevent



dow.


6:26:44 = hWnd = 0x00010018; ClassName:
ow.
6:26:44 = hWnd = 0x00010022; ClassName:

6:26:51 = s1.
6:26:51 = s2.
6:26:52
6:26:52
6:27:13
6:27:13
6:27:14
6:27:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:8:28 = hWnd = 0x00060154; ClassName:
w.
9:8:28 = hWnd = 0x00060532; ClassName:


9:9:5 = hWnd = 0x00030046; ClassName:
.


14:13:28 = hWnd = 0x00010018; ClassName:
dow.
14:13:28 = hWnd = 0x00010022; ClassName:

14:13:30 = s1.
14:13:30 = s2.
ow.
15:9:54 = hWnd = 0x00110502; ClassName:
15:9:59 = ## ERR ## Setevent


ow.
15:9:59 = hWnd = 0x00090084; ClassName:
15:9:59 = hWnd = 0x00080066; ClassName:


16:17:27 = hWnd = 0x00010018; ClassName:
dow.
16:17:28 = hWnd = 0x00010022; ClassName:

16:17:28 = s1.
16:17:28 = s2.
22:7:2 = hWnd = 0x000e053e; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
22:7:7 = hWnd = 0x00030072; ClassName:
w.


5:42:23 = hWnd = 0x00010018; ClassName:
ow.
5:42:23 = hWnd = 0x00010022; ClassName:

5:42:24 = s1.
5:42:24 = s2.
5:42:24
5:42:24
5:42:42
5:42:42
5:42:43
5:42:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
11:33:56 = ## ERR ## Setevent
dow.


12:2:43 = hWnd = 0x00010018; ClassName:
ow.
12:2:43 = hWnd = 0x00010022; ClassName:
12:2:43 = s1.
12:2:43 = s2.
12:2:44
12:2:44
12:3:18
12:3:18
12:3:19
12:3:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



23:54:44 = hWnd = 0x00040460; ClassName:
dow.
23:54:44 = hWnd = 0x00070482; ClassName:
23:54:55 = ## ERR ## Setevent


dow.


6:36:31 = hWnd = 0x00010018; ClassName:
ow.
6:36:31 = hWnd = 0x00010022; ClassName:
6:36:34 = s1.
6:36:34 = s2.
6:36:39
6:36:39
6:37:17
6:37:17
6:37:18
6:37:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
11:49:4 = ## ERR ## Setevent


ow.


12:30:42 = hWnd = 0x00010018; ClassName:
dow.
12:30:42 = hWnd = 0x00010022; ClassName:
12:30:42 = s1.
12:30:42 = s2.


ow.
18:0:42 = ## ERR ## Setevent


18:0:42 = hWnd = 0x000e00ee; ClassName:
ow.
18:0:42 = hWnd = 0x00050092; ClassName:


18:56:42 = hWnd = 0x00010018; ClassName:
dow.
18:56:42 = hWnd = 0x00010022; ClassName:
18:56:44 = s1.
18:56:44 = s2.

18:56:45
18:56:45
18:57:29
18:57:29
18:57:31
18:57:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
21:54:27 = ## ERR ## Setevent


dow.


6:48:0 = hWnd = 0x00010018; ClassName:
w.
6:48:0 = hWnd = 0x00010022; ClassName:


6:48:1 = s1.
6:48:1 = s2.
dow.
12:38:51 = ## ERR ## Setevent


dow.
12:38:51 = hWnd = 0x00170112; ClassName:


dow.

20:13:37 = s1.
20:13:37 = s2.
20:13:42
20:13:42
20:14:19
20:14:19
20:14:20
20:14:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:18:51 = hWnd = 0x00060490; ClassName:
22:18:56 = ## ERR ## Setevent


22:18:56 = hWnd = 0x00050060; ClassName:
dow.
22:18:56 = hWnd = 0x00030090; ClassName:



w.
5:3:31 = s1.
5:3:31 = s2.
5:3:31
5:3:31
5:3:50
5:3:50
5:3:51
5:3:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
w.
7:24:7 = hWnd = 0x00060064; ClassName:


ow.
17:47:24 = s1.
17:47:24 = s2.
19:20:7 = hWnd = 0x00060438; ClassName:
19:20:7 = hWnd = 0x00080446; ClassName:
ow.
19:20:7 = hWnd = 0x00060436; ClassName:
19:20:31 = ## ERR ## Setevent


dow.

20:13:12 = hWnd = 0x00010018; ClassName:
dow.
20:13:12 = hWnd = 0x00010022; ClassName:

20:13:13 = s1.
20:13:13 = s2.
20:13:13
20:13:13
20:13:36
20:13:36
20:13:37
20:13:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

20:24:27 = hWnd = 0x00020352; ClassName:
dow.
20:24:27 = hWnd = 0x00020426; ClassName:
20:24:27 = s1.
20:24:27 = s2.
20:24:27
20:24:27
20:35:11
20:35:11
=
=
=
=
Start show animate

Process Attach
## ERR ## Setevent


20:35:11 = hWnd = 0x00010018; ClassName:
dow.
20:35:11 = hWnd = 0x00010022; ClassName:

20:35:11 = s1.
20:35:11 = s2.
20:35:11
20:35:11
20:35:12
20:35:12
=
=
=
=
Start show animate

end close Process
20:35:18
20:35:18
20:35:19
20:35:19
20:35:19
=
=
=
=
=
begin close Process

Terminate Process
begin close Process
end close Process
DLL_PROCESS_DETACH

20:56:40 = hWnd = 0x00320392; ClassName:
20:56:40 = hWnd = 0x00130408; ClassName:
dow.
20:56:40 = hWnd = 0x00050352; ClassName:
20:56:46 = ## ERR ## Setevent



9:36:9 = hWnd = 0x00010018; ClassName:
w.
9:36:9 = hWnd = 0x00010022; ClassName:

9:36:10 = s1.
9:36:10 = s2.
9:36:10
9:36:10
9:36:42
9:36:42
9:36:43
9:36:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
12:35:11 = ## ERR ## Setevent



12:35:11 = hWnd = 0x000400bc; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
dow.
12:54:10 = s1.
12:54:10 = s2.
12:54:11
12:54:11
12:54:28
12:54:28
12:54:29
12:54:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:24:38 = hWnd = 0x00030300; ClassName:
15:24:41 = ## ERR ## Setevent



15:24:41 = hWnd = 0x00180096; ClassName:
dow.


15:45:6 = hWnd = 0x00010018; ClassName:
ow.
15:45:7 = hWnd = 0x00010022; ClassName:

15:45:8 = s1.
15:45:8 = s2.
dow.
17:26:33 = ## ERR ## Setevent



17:26:33 = hWnd = 0x00020060; ClassName:
dow.
17:26:33 = hWnd = 0x00050088; ClassName:


ow.
18:43:10 = s1.
18:43:10 = s2.
18:43:10
18:43:10
18:43:40
18:43:40
18:43:41
18:43:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

18:58:11 = hWnd = 0x00040430; ClassName:
dow.
18:58:11 = hWnd = 0x00020424; ClassName:
18:58:11 = hWnd = 0x00020336; ClassName:
18:59:19 = ## ERR ## Setevent


20:6:31 = hWnd = 0x00010018; ClassName:
ow.
20:6:31 = hWnd = 0x00010022; ClassName:

20:6:32 = s1.
20:6:32 = s2.
20:6:32
20:6:32
20:7:47
20:7:47
20:7:48
20:7:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.


w.


9:46:57 = hWnd = 0x00010018; ClassName:
ow.
9:46:57 = hWnd = 0x00010022; ClassName:

9:47:2 = s1.
9:47:2 = s2.
dow.
16:10:53 = hWnd = 0x00040522; ClassName:


16:11:1 = ## ERR ## Setevent
16:11:1 = hWnd = 0x00030096; ClassName:
ow.
16:11:1 = hWnd = 0x00170058; ClassName:


16:51:34 = hWnd = 0x00010018; ClassName:
dow.
16:51:34 = hWnd = 0x00010022; ClassName:

16:51:34 = s1.
16:51:34 = s2.
16:51:34
16:51:34
16:51:38
16:51:38
16:51:39
16:51:39
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

19:16:53 = hWnd = 0x001504bc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
19:16:57 = ## ERR ## Setevent
19:16:57 = hWnd = 0x00020048; ClassName:
dow.
19:16:57 = hWnd = 0x00030096; ClassName:


8:20:44 = hWnd = 0x00010018; ClassName:
ow.
8:20:44 = hWnd = 0x00010022; ClassName:
8:21:1 = s1.
8:21:1 = s2.


8:43:47 = hWnd = 0x00060504; ClassName:
ow.
8:43:56 = ## ERR ## Setevent


8:43:56 = hWnd = 0x001a00ce; ClassName:
ow.


9:56:59 = hWnd = 0x00010018; ClassName:
ow.
9:56:59 = hWnd = 0x00010022; ClassName:
9:57:0 = s1.
9:57:0 = s2.


11:14:55 = hWnd = 0x00020456; ClassName:
dow.
11:14:55 = hWnd = 0x00020434; ClassName:
11:14:55 = hWnd = 0x00020432; ClassName:
11:15:3 = ## ERR ## Setevent


ow.


13:23:15 = hWnd = 0x00010018; ClassName:
dow.
13:23:16 = hWnd = 0x00010022; ClassName:

13:23:16 = s1.
13:23:16 = s2.
13:23:16
13:23:16
13:23:38
13:23:38
13:23:39
13:23:39
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
16:52:23 = hWnd = 0x00050ddc; ClassName:
16:52:32 = ## ERR ## Setevent


dow.


dow.

21:51:49 = s1.
21:51:49 = s2.
21:51:49
21:51:49
21:52:13
21:52:13
21:52:14
21:52:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:58:22 = hWnd = 0x00070344; ClassName:
21:58:22 = hWnd = 0x00060332; ClassName:
dow.
21:58:26 = ## ERR ## Setevent


dow.



dow.
21:59:49 = s1.
21:59:49 = s2.
23:4:47 = hWnd = 0x00060520; ClassName:
ow.
23:4:53 = ## ERR ## Setevent


ow.


11:6:16 = hWnd = 0x00010018; ClassName:
ow.
11:6:17 = hWnd = 0x00010022; ClassName:

11:6:19 = s1.
11:6:19 = s2.
23:1:53 = hWnd = 0x00760552; ClassName:
ow.
23:2:17 = ## ERR ## Setevent


23:2:17 = hWnd = 0x00060076; ClassName:
ow.


9:20:45 = hWnd = 0x00010018; ClassName:
ow.
9:20:46 = hWnd = 0x00010022; ClassName:

9:20:49 = s1.
9:20:49 = s2.
9:20:52
9:20:52
9:21:31
9:21:31
9:21:32
9:21:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:33:59 = hWnd = 0x005f055a; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
16:33:59 = hWnd = 0x014e053c; ClassName: IME; Title: Default IME.
16:34:44 = ## ERR ## Setevent
16:34:44 = hWnd = 0x000a002e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

dow.
16:34:44 = hWnd = 0x000d00ec; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
17:22:31 = hWnd = 0x00010018; ClassName:
dow.
17:22:31 = hWnd = 0x00010022; ClassName:

17:22:37 = s1.
17:22:37 = s2.
dow.
23:11:6 = ## ERR ## Setevent

ow.
7:39:14 = hWnd = 0x00010018; ClassName:
ow.
7:39:14 = hWnd = 0x00010022; ClassName:

7:39:14 = s1.
7:39:14 = s2.
7:39:14
7:39:14
7:40:15
7:40:15
7:40:16
7:40:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:7:48 = hWnd = 0x00020606; ClassName:
w.
9:7:48 = hWnd = 0x00030602; ClassName:



9:8:14 = hWnd = 0x00030090; ClassName:
w.


11:24:23 = hWnd = 0x00010018; ClassName:
dow.
11:24:23 = hWnd = 0x00010022; ClassName:

11:24:23 = s1.
11:24:23 = s2.
11:24:24
11:24:24
11:25:28
11:25:28
11:25:29
11:25:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:46:51 = hWnd = 0x00030286; ClassName:
11:46:51 = hWnd = 0x00020272; ClassName:
dow.
11:46:51 = hWnd = 0x00020278; ClassName:


11:46:57 = ## ERR ## Setevent
dow.


15:11:4 = hWnd = 0x00010018; ClassName:
ow.
15:11:4 = hWnd = 0x00010022; ClassName:

15:11:4 = s1.
15:11:4 = s2.
16:42:58 = hWnd = 0x000904fc; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

16:42:58 = hWnd = 0x002a12ae; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
16:43:30 = ## ERR ## Setevent
16:43:30 = hWnd = 0x00180088; ClassName:
dow.


16:44:51 = hWnd = 0x00010018; ClassName:
dow.
16:44:51 = hWnd = 0x00010022; ClassName:

16:44:52 = s1.
16:44:52 = s2.
19:15:18 = hWnd = 0x00130422; ClassName:

dow.
19:15:18 = hWnd = 0x00200434; ClassName:
19:15:18 = hWnd = 0x00150548; ClassName:
19:15:23 = ## ERR ## Setevent


dow.
19:15:23 = hWnd = 0x00060048; ClassName:


21:9:54 =
ow.
x=0, y=0,
21:9:54 =
x=0, y=0,
21:9:54 =
x=0, y=0,
21:10:7 =
width=1, height=1
width=0, height=0
width=0, height=0
21:10:7 = s1.
21:10:7 = s2.
21:10:12
21:10:12
21:11:13
21:11:13
21:11:14
21:11:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


23:5:40 = hWnd = 0x00020486; ClassName:
ow.
23:5:40 = hWnd = 0x00020488; ClassName:
23:6:41 = ## ERR ## Setevent


23:6:41 = hWnd = 0x00030078; ClassName:
ow.


7:47:58 = hWnd = 0x00010018; ClassName:
ow.
7:47:58 = hWnd = 0x00010022; ClassName:
7:47:59 = s1.
7:47:59 = s2.


9:19:6 = hWnd = 0x00080048; ClassName:
w.
9:19:23 = ## ERR ## Setevent


ow.


13:29:34 = hWnd = 0x00010018; ClassName:
dow.
13:29:34 = hWnd = 0x00010022; ClassName:
13:29:34 = s1.
13:29:34 = s2.


dow.
13:32:35 = ## ERR ## Setevent


dow.


15:48:4 = hWnd = 0x00010018; ClassName:
ow.
15:48:4 = hWnd = 0x00010022; ClassName:
15:48:4 = s1.
15:48:4 = s2.

15:48:39
15:48:39
15:48:40
15:48:40
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:53:1 = ## ERR ## Setevent


23:53:1 = hWnd = 0x00070058; ClassName:
ow.


8:15:32 = hWnd = 0x00010018; ClassName:
ow.
8:15:41 = hWnd = 0x00010022; ClassName:

8:16:30 = s1.
8:16:30 = s2.
ow.
9:19:44 = ## ERR ## Setevent


ow.
9:19:44 = hWnd = 0x00040088; ClassName:
9:19:44 = hWnd = 0x00040036; ClassName:


ow.

9:42:16 = s1.
9:42:16 = s2.
9:42:20
9:42:20
9:42:57
9:42:57
9:42:58
9:42:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
10:22:43 = ## ERR ## Setevent
dow.



12:47:5 = hWnd = 0x00010018; ClassName:
ow.
12:47:5 = hWnd = 0x00010022; ClassName:

12:47:6 = s1.
12:47:6 = s2.
w.
0:24:6 = hWnd = 0x00191348; ClassName:
0:24:6 = hWnd = 0x00180578; ClassName:
0:24:41 = ## ERR ## Setevent


0:24:41 = hWnd = 0x00050088; ClassName:
ow.


8:11:14 = hWnd = 0x00010018; ClassName:
ow.
8:11:14 = hWnd = 0x00010022; ClassName:

8:11:18 = s1.
8:11:18 = s2.
9:24:41 = hWnd = 0x00020336; ClassName:
9:24:41 = hWnd = 0x00030316; ClassName:
ow.
9:24:41 = hWnd = 0x00030318; ClassName:
9:24:49 = ## ERR ## Setevent


ow.


12:49:13 = hWnd = 0x00010018; ClassName:
dow.
12:49:13 = hWnd = 0x00010022; ClassName:

12:49:13 = s1.
12:49:13 = s2.
12:49:17
12:49:17
12:49:49
12:49:49
12:49:50
12:49:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:15:43 = hWnd = 0x00030496; ClassName:
14:16:27 = ## ERR ## Setevent


14:16:27 = hWnd = 0x000500ee; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

15:50:19 = hWnd = 0x00010018; ClassName:
dow.
15:50:19 = hWnd = 0x00010022; ClassName:

15:50:22 = s1.
15:50:22 = s2.
16:27:6 = hWnd = 0x00010018; ClassName:
ow.
16:27:6 = hWnd = 0x00010022; ClassName:
16:27:58 = s1.
16:27:58 = s2.


16:39:52 = hWnd = 0x00020434; ClassName:
16:39:52 = hWnd = 0x00020432; ClassName:
dow.
16:40:1 = ## ERR ## Setevent


17:24:25 = hWnd = 0x00010018; ClassName:
dow.
17:24:25 = hWnd = 0x00010022; ClassName:
17:24:26 = s1.
17:24:26 = s2.


ow.
0:38:57 = ## ERR ## Setevent


ow.


8:46:47 = hWnd = 0x00010018; ClassName:
ow.
8:46:48 = hWnd = 0x00010022; ClassName:
8:46:52 = s1.
8:46:52 = s2.
8:46:56
8:46:56
8:47:33
8:47:33
8:47:34
8:47:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


16:24:24 = hWnd = 0x00130682; ClassName:
dow.
16:26:3 = ## ERR ## Setevent


ow.


18:3:7 = hWnd = 0x00010018; ClassName:
w.
18:3:7 = hWnd = 0x00010022; ClassName:
18:3:10 = s1.
18:3:10 = s2.

18:3:53
18:3:53
18:3:54
18:3:54
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:11:17 = hWnd = 0x03950506; ClassName:
23:11:49 = ## ERR ## Setevent


23:11:49 = hWnd = 0x00030038; ClassName:
dow.


7:17:19 = hWnd = 0x00010018; ClassName:
ow.
7:17:20 = hWnd = 0x00010022; ClassName:

7:17:23 = s1.
7:17:23 = s2.
ow.
14:2:28 = hWnd = 0x00020430; ClassName:
14:2:51 = ## ERR ## Setevent


14:2:51 = hWnd = 0x00050038; ClassName:
ow.


ow.

14:47:11 = s1.
14:47:11 = s2.
14:47:12
14:47:12
14:47:39
14:47:39
14:47:41
14:47:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:57:57 =
ow.
x=0, y=0,
0:57:57 =
x=0, y=0,
0:57:57 =
x=0, y=0,
0:58:46 =
0:58:46 =
hWnd = 0x002e08f2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


ow.
x=0, y=0,
8:15:26 =
x=0, y=0,
8:16:26 =
width=0, height=0
width=0, height=0
8:16:26 = s1.
8:16:26 = s2.
8:16:26
8:16:26
8:17:40
8:17:40
8:17:41
8:17:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:22:47 = hWnd = 0x00090512; ClassName:
dow.
22:22:47 = hWnd = 0x00130616; ClassName:
22:23:48 = ## ERR ## Setevent


dow.
22:23:48 = hWnd = 0x01040114; ClassName:


dow.

22:44:57 = s1.
22:44:57 = s2.
22:44:58
22:44:58
22:45:31
22:45:31
22:45:32
22:45:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:1:34 = hWnd = 0x00020552; ClassName:
ow.
23:1:34 = hWnd = 0x00060336; ClassName:
23:1:38 = ## ERR ## Setevent


ow.


7:38:47 =
ow.
x=0, y=0,
7:38:47 =
x=0, y=0,
7:38:47 =
x=0, y=0,
7:38:52 =
width=1, height=1
width=0, height=0
width=0, height=0
7:38:52 = s1.
7:38:52 = s2.
7:38:52
7:38:52
7:39:33
7:39:33
7:39:34
7:39:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:42:9 = hWnd = 0x00070404; ClassName:
ow.
15:42:9 = hWnd = 0x00070422; ClassName:
15:43:0 = ## ERR ## Setevent


ow.


16:21:36 = hWnd = 0x00010018; ClassName:
dow.
16:21:38 = hWnd = 0x00010022; ClassName:

16:21:41 = s1.
16:21:41 = s2.
16:21:42
16:21:42
16:22:17
16:22:17
16:22:18
16:22:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:56:51 = ## ERR ## Setevent
23:56:51 = hWnd = 0x00080084; ClassName:
dow.
23:56:51 = hWnd = 0x00320124; ClassName:


7:51:41 = hWnd = 0x00010018; ClassName:
ow.
7:51:41 = hWnd = 0x00010022; ClassName:

7:51:43 = s1.
7:51:43 = s2.
7:51:45
7:51:45
7:52:23
7:52:23
7:52:24
7:52:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:23:16 = hWnd = 0x00180bb0; ClassName: IME; Title: Default IME.
23:24:13 = ## ERR ## Setevent
dow.


7:8:1 = hWnd = 0x00010018; ClassName:
.
7:8:1 = hWnd = 0x00010022; ClassName:

7:8:2 = s1.
7:8:2 = s2.
ow.
15:32:30 = ## ERR ## Setevent


15:32:30 = hWnd = 0x000200ac; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.

19:47:1 = hWnd = 0x00010018; ClassName:
ow.
19:47:1 = hWnd = 0x00010022; ClassName:

19:47:3 = s1.
19:47:3 = s2.
0:55:12 =
ow.
x=0, y=0,
0:55:12 =
x=0, y=0,
0:55:12 =
x=0, y=0,
0:55:53 =
0:55:53 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

0:55:53 =
ow.
x=0, y=0,
0:55:53 =
x=0, y=0,
0:55:53 =
x=0, y=0,
7:53:32 =
7:53:32 =
hWnd = 0x007600ea; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

7:53:33 = hWnd = 0x00010018; ClassName:
ow.
7:53:33 = hWnd = 0x00010022; ClassName:

7:53:36 = s1.
7:53:36 = s2.
7:53:41
7:53:41
7:54:19
7:54:19
7:54:20
7:54:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
20:40:10 = ## ERR ## Setevent
dow.
1:36:12 = hWnd = 0x00010018; ClassName:
ow.
1:36:12 = hWnd = 0x00010022; ClassName:

1:36:16 = s1.
1:36:16 = s2.
1:36:19
1:36:19
1:36:56
1:36:56
1:36:58
1:36:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:59:57 = hWnd = 0x00020314; ClassName:
2:59:57 = hWnd = 0x00020310; ClassName:
ow.
2:59:57 = hWnd = 0x00040376; ClassName:
2:59:57 = hWnd = 0x00020312; ClassName:


3:0:2 = hWnd = 0x0007009a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
3:0:2 = hWnd = 0x000600f2; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.
9:20:20 = hWnd = 0x00010018; ClassName:
ow.
9:20:20 = hWnd = 0x00010022; ClassName:

9:20:29 = s1.
9:20:29 = s2.
9:20:29
9:20:29
9:20:55
9:20:55
9:20:56
9:20:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:58:46 = hWnd = 0x00120580; ClassName:
dow.
17:58:46 = hWnd = 0x000f04de; ClassName:
17:59:55 = ## ERR ## Setevent


17:59:55 = hWnd = 0x00080086; ClassName:

dow.


20:8:13 = hWnd = 0x00010018; ClassName:
ow.
20:8:13 = hWnd = 0x00010022; ClassName:

20:8:15 = s1.
20:8:15 = s2.
20:8:32
20:8:32
20:9:12
20:9:12
20:9:13
20:9:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:28:28 = ## ERR ## Setevent


23:28:28 = hWnd = 0x00060074; ClassName:
dow.


7:51:10 = hWnd = 0x00010018; ClassName:
ow.
7:51:11 = hWnd = 0x00010022; ClassName:

7:51:13 = s1.
7:51:13 = s2.
7:51:17
7:51:17
7:51:55
7:51:55
7:51:56
7:51:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:32:9 = hWnd = 0x000e04fa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

1:33:20 = ## ERR ## Setevent
ow.


6:36:31 = hWnd = 0x00010018; ClassName:
ow.
6:36:31 = hWnd = 0x00010022; ClassName:

6:36:31 = s1.
6:36:31 = s2.

21:24:38 = hWnd = 0x00010032; ClassName:
dow.
21:24:38 = hWnd = 0x00020024; ClassName:
x=32, y=50, width=1025, height=556
21:24:38 = hWnd = 0x00020016; ClassName:
x=19, y=25, width=1025, height=556
21:24:38 = hWnd = 0x00010042; ClassName:
21:24:38 = hWnd = 0x00010034; ClassName:
21:24:38 = hWnd = 0x00010018; ClassName:

NVSVC64.DLL; Title: NvSvc.
UxdService; Title: UxdService.
21:24:39 = s1.
21:24:39 = s2.
21:24:41
21:24:41
21:25:19
21:25:19
21:25:20
21:25:20
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
3:11:27 = ## ERR ## Setevent


3:11:27 =
x=0, y=0,
3:11:27 =
x=0, y=0,
7:45:49 =
7:45:49 =

width=0, height=0
hWnd = 0x00ce0114; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

7:45:50 = hWnd = 0x00010018; ClassName:
ow.
7:45:50 = hWnd = 0x00010022; ClassName:

7:45:57 = s1.
7:45:57 = s2.
7:45:58
7:45:58
7:46:35
7:46:35
7:46:36
7:46:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:7:4 = hWnd = 0x00060404; ClassName:
1:7:4 = hWnd = 0x00190508; ClassName:
.
1:7:4 = hWnd = 0x00160624; ClassName:


w.
1:7:35 = hWnd = 0x005d009c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

w.
7:48:2 = s1.
7:48:2 = s2.
13:24:12 = hWnd = 0x00090554; ClassName:
dow.
13:24:12 = hWnd = 0x00270680; ClassName:
13:24:12 = hWnd = 0x00240548; ClassName:
13:27:41 = ## ERR ## Setevent


13:27:41 = hWnd = 0x000c011e; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
13:30:47 = hWnd = 0x00010018; ClassName:
dow.
13:30:47 = hWnd = 0x00010022; ClassName:

13:30:51 = s1.
13:30:51 = s2.
13:30:54
13:30:54
13:31:26
13:31:26
13:31:27
13:31:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:27:49 = hWnd = 0x00050440; ClassName:
dow.
16:28:28 = ## ERR ## Setevent



16:28:28 = hWnd = 0x00030036; ClassName:
dow.
16:28:28 = hWnd = 0x00030048; ClassName:
16:28:28 = hWnd = 0x00030038; ClassName:


17:22:34 = hWnd = 0x00010018; ClassName:
dow.
17:22:35 = hWnd = 0x00010022; ClassName:

17:22:38 = s1.
17:22:38 = s2.
17:22:41
17:22:41
17:23:18
17:23:18
17:23:19
17:23:19
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
19:41:48 = hWnd = 0x001c046a; ClassName: IME; Title: Default IME.
19:42:21 = ## ERR ## Setevent

dow.


20:9:21 = hWnd = 0x00010018; ClassName:
ow.
20:9:21 = hWnd = 0x00010022; ClassName:

20:9:27 = s1.
20:9:27 = s2.
20:9:29
20:9:29
20:10:1
20:10:1
20:10:2
20:10:2
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:52:36 = hWnd = 0x00060542; ClassName:
1:52:36 = hWnd = 0x00020620; ClassName:
ow.
1:52:36 = hWnd = 0x000c04ca; ClassName:


1:52:42 = ## ERR ## Setevent
ow.


8:36:22 = hWnd = 0x00010018; ClassName:
ow.
8:36:23 = hWnd = 0x00010022; ClassName:

8:36:23 = s1.
8:36:23 = s2.
8:36:24
8:36:24
8:36:58
8:36:58
8:36:59
8:36:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:20:20 = hWnd = 0x000b00f2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:20:20 =
x=0, y=0,
1:20:20 =
x=0, y=0,
1:21:16 =
1:21:16 =
hWnd = 0x003b04ec; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:21:16 = hWnd = 0x00570060; ClassName:


7:29:28 = hWnd = 0x00010018; ClassName:
ow.
7:29:28 = hWnd = 0x00010022; ClassName:

7:29:32 = s1.
7:29:32 = s2.
7:29:32
7:29:32
7:30:25
7:30:25
7:30:26
7:30:26
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:34:21 = hWnd = 0x000503fc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
16:34:45 = ## ERR ## Setevent
16:34:45 = hWnd = 0x00020116; ClassName:
dow.
16:34:45 = hWnd = 0x00020118; ClassName:


22:12:39 = hWnd = 0x00010018; ClassName:
dow.
22:12:39 = hWnd = 0x00010022; ClassName:

22:12:42 = s1.
22:12:42 = s2.
22:12:46
22:12:46
22:13:23
22:13:23
22:13:24
22:13:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
22:59:59 = ## ERR ## Setevent
dow.
23:25:57 = hWnd = 0x00010018; ClassName:
dow.
23:25:57 = hWnd = 0x00010022; ClassName:

23:25:59 = s1.
23:25:59 = s2.

ow.
14:37:0 = hWnd = 0x05fa04ae; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
14:37:38 = ## ERR ## Setevent
dow.


14:39:20 = hWnd = 0x00010018; ClassName:
dow.
14:39:20 = hWnd = 0x00010022; ClassName:
14:39:22 = s1.
14:39:22 = s2.


ow.
23:27:2 = hWnd = 0x00880510; ClassName:


23:45:16 = hWnd = 0x00010018; ClassName:
dow.
23:45:16 = hWnd = 0x00010022; ClassName:

23:45:44 = s1.
23:45:44 = s2.
23:46:15
23:46:15
23:46:52
23:46:52
23:46:53
23:46:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:47:36 = hWnd = 0x00030482; ClassName:
ow.
0:47:36 = hWnd = 0x00030492; ClassName:
0:47:36 = hWnd = 0x00050480; ClassName:

0:48:18 = ## ERR ## Setevent

ow.


8:38:7 = hWnd = 0x00010018; ClassName:
w.
8:38:8 = hWnd = 0x00010022; ClassName:

8:38:11 = s1.
8:38:11 = s2.
8:38:14
8:38:14
8:38:52
8:38:52
8:38:53
8:38:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:13:39 = hWnd = 0x000304ae; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

13:14:7 = ## ERR ## Setevent
ow.
13:14:7 = hWnd = 0x00070064; ClassName:


13:36:54 = hWnd = 0x00010018; ClassName:
dow.
13:36:54 = hWnd = 0x00010022; ClassName:

13:36:57 = s1.
13:36:57 = s2.
15:18:17 = hWnd = 0x000602a8; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

dow.
15:18:26 = ## ERR ## Setevent
15:18:26 = hWnd = 0x00050050; ClassName:
dow.


18:10:3 = hWnd = 0x00010018; ClassName:
ow.
18:10:4 = hWnd = 0x00010022; ClassName:

18:10:10 = s1.
18:10:10 = s2.
18:10:11
18:10:11
18:10:44
18:10:44
18:10:45
18:10:45
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


0:47:51 =
ow.
x=0, y=0,
0:47:51 =
x=0, y=0,
0:47:51 =
x=0, y=0,
0:48:45 =
0:48:45 =
hWnd = 0x025a051e; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x18be036e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x032f050e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

0:48:45 = hWnd = 0x00760124; ClassName:
0:48:45 = hWnd = 0x00040050; ClassName:
ow.
0:48:45 = hWnd = 0x00440128; ClassName:


7:25:27 = hWnd = 0x00010018; ClassName:
ow.
7:25:27 = hWnd = 0x00010022; ClassName:

7:25:30 = s1.
7:25:30 = s2.
7:25:34
7:25:34
7:26:11
7:26:11
7:26:12
7:26:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


0:35:27 = hWnd = 0x00080366; ClassName:
0:35:27 = hWnd = 0x00250472; ClassName:
ow.
0:35:27 = hWnd = 0x00260360; ClassName:
0:36:57 = ## ERR ## Setevent


ow.


8:48:45 = hWnd = 0x00010018; ClassName:
ow.
8:48:45 = hWnd = 0x00010022; ClassName:
8:48:50 = s1.
8:48:50 = s2.
8:48:52
8:48:52
8:49:24
8:49:24
8:49:25
8:49:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
9:41:39 = ## ERR ## Setevent


9:41:39 =
9:41:39 =
ow.
x=0, y=0,
9:41:39 =
begin close Process

9:41:39 =
x=0, y=0,
9:43:56 =
9:43:56 =

width=0, height=0
Process Attach
end process attach
width=1, height=1

9:43:58 = hWnd = 0x00010018; ClassName:
ow.
9:43:58 = hWnd = 0x00010022; ClassName:
9:43:59 = s1.
9:43:59 = s2.
9:43:59
9:43:59
9:44:45
9:44:45
9:44:46
9:44:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



w.


1:1:38 = hWnd = 0x00af00f6; ClassName:
w.


7:19:55 = hWnd = 0x00010018; ClassName:
ow.
7:19:55 = hWnd = 0x00010022; ClassName:
7:20:0 = s1.
7:20:0 = s2.

ow.
23:13:2 = hWnd = 0x00040398; ClassName:
23:13:46 = ## ERR ## Setevent


dow.
23:13:46 = hWnd = 0x00330134; ClassName:
23:13:46 = hWnd = 0x00810028; ClassName:


7:56:11 = hWnd = 0x00010018; ClassName:
ow.
7:56:12 = hWnd = 0x00010022; ClassName:
7:56:15 = s1.
7:56:15 = s2.

7:56:18
7:56:56
7:56:56
7:56:57
7:56:57
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:54:11 =
ow.
x=0, y=0,
9:54:11 =
x=0, y=0,
9:54:11 =
x=0, y=0,
9:54:31 =
9:54:31 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


14:54:56 = hWnd = 0x00010018; ClassName:
dow.
14:54:56 = hWnd = 0x00010022; ClassName:
14:54:56 = s1.
14:54:56 = s2.

14:54:57
14:54:57
14:55:23
14:55:23
14:55:24
14:55:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:27:47 =
ow.
x=0, y=0,
0:27:47 =
x=0, y=0,
0:27:47 =
x=0, y=0,
0:28:26 =
0:28:26 =
hWnd = 0x29c20740; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


8:40:58 = hWnd = 0x00010018; ClassName:
ow.
8:40:59 = hWnd = 0x00010022; ClassName:
8:41:1 = s1.
8:41:1 = s2.


0:55:59 = hWnd = 0x0dec06c0; ClassName:
ow.
0:55:59 = hWnd = 0x00640712; ClassName:
0:57:36 = ## ERR ## Setevent


ow.


7:18:12 = hWnd = 0x00010018; ClassName:
ow.
7:18:13 = hWnd = 0x00010022; ClassName:


7:18:18 = s1.
7:18:18 = s2.
7:18:22
7:18:22
7:19:15
7:19:15
7:19:16
7:19:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
9:49:57 = hWnd = 0x00030426; ClassName:
9:50:26 = ## ERR ## Setevent


ow.
9:50:26 = hWnd = 0x00050062; ClassName:


w.

9:52:6 = s1.
9:52:6 = s2.
23:28:22 = hWnd = 0x00010018; ClassName:
dow.
23:28:22 = hWnd = 0x00010022; ClassName:

23:28:25 = s1.
23:28:25 = s2.
dow.

23:50:39 = ## ERR ## Setevent
dow.
23:50:39 = hWnd = 0x00040064; ClassName:
23:50:39 = hWnd = 0x00020038; ClassName:


w.
7:29:2 = s1.
7:29:2 = s2.
w.
1:2:33 = hWnd = 0x154c05d0; ClassName: IME; Title: Default IME.
1:3:43 = hWnd = 0x00030038; ClassName:
w.


7:45:41 = hWnd = 0x00010018; ClassName:
ow.
7:45:41 = hWnd = 0x00010022; ClassName:

7:45:41 = s1.
7:45:41 = s2.
7:45:41
7:45:41
7:46:15
7:46:15
7:46:16
7:46:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:8:46 = hWnd = 0x000c045a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:

w.
0:8:46 = hWnd = 0x000e049a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
0:8:46 = hWnd = 0x06ca054e; ClassName: IME; Title: Default IME.
0:9:21 = hWnd = 0x01780048; ClassName:
0:9:21 = hWnd = 0x00030098; ClassName:
w.
0:9:21 = hWnd = 0x00060084; ClassName:


8:8:46 = hWnd = 0x00010018; ClassName:
w.
8:8:47 = hWnd = 0x00010022; ClassName:

8:8:51 = s1.
8:8:51 = s2.
8:8:57
8:8:57
8:9:33
8:9:33
8:9:34
8:9:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


12:28:6 = hWnd = 0x00080494; ClassName:
ow.
12:28:13 = ## ERR ## Setevent


dow.


13:2:11 = hWnd = 0x00010018; ClassName:
ow.
13:2:11 = hWnd = 0x00010022; ClassName:
13:2:18 = s1.
13:2:18 = s2.
13:2:18
13:2:18
13:2:34
13:2:34
13:2:35
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

ow.
13:13:5 = hWnd = 0x00030518; ClassName:
13:13:9 = ## ERR ## Setevent


ow.
13:13:9 = hWnd = 0x00040034; ClassName:


15:51:34 = hWnd = 0x00010018; ClassName:
dow.
15:51:34 = hWnd = 0x00010022; ClassName:
15:51:34 = s1.
15:51:34 = s2.


17:6:38 = hWnd = 0x00190586; ClassName:
ow.
17:6:44 = ## ERR ## Setevent


17:6:44 = hWnd = 0x00040064; ClassName:
ow.
17:6:44 = hWnd = 0x00760054; ClassName:


9:7:17 = hWnd = 0x00010018; ClassName:
w.
9:7:17 = hWnd = 0x00010022; ClassName:


9:7:17 = s1.
9:7:17 = s2.
9:7:17
9:7:17
9:7:50
9:7:50
9:7:51
9:7:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:18:19 = hWnd = 0x00060468; ClassName:
9:18:19 = hWnd = 0x00040018; ClassName:
ow.
9:18:19 = hWnd = 0x00060466; ClassName:
9:18:19 = hWnd = 0x00060328; ClassName:

9:18:19 = s1.
9:18:19 = s2.
12:52:24 = hWnd = 0x002a05ac; ClassName:
12:52:24 = hWnd = 0x00190034; ClassName:
dow.


12:52:28 = ## ERR ## Setevent
12:53:20 = hWnd = 0x00010018; ClassName:
dow.
12:53:20 = hWnd = 0x00010022; ClassName:

12:53:23 = s1.
12:53:23 = s2.
ow.
x=0, y=0,
14:12:0 =
x=0, y=0,
14:12:0 =
x=0, y=0,
14:12:6 =
14:12:6 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

14:12:6 = hWnd = 0x00040084; ClassName:
ow.


14:18:34 = hWnd = 0x00010018; ClassName:
dow.
14:18:34 = hWnd = 0x00010022; ClassName:

14:18:36 = s1.
14:18:36 = s2.

ow.
15:2:39 = ## ERR ## Setevent
ow.


10:17:35 = hWnd = 0x00010018; ClassName:
dow.
10:17:35 = hWnd = 0x00010022; ClassName:
10:17:38 = s1.
10:17:38 = s2.
10:17:38
10:17:38
10:18:33
10:18:33
10:18:34
10:18:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



dow.
16:52:37 = ## ERR ## Setevent


dow.


21:26:31 = hWnd = 0x00010018; ClassName:
dow.
21:26:31 = hWnd = 0x00010022; ClassName:
21:26:34 = s1.
21:26:34 = s2.
21:26:38
21:26:38
21:27:15
21:27:15
21:27:16
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process

22:49:36 = hWnd = 0x00070532; ClassName:
dow.
22:49:41 = ## ERR ## Setevent


dow.


9:37:25 = hWnd = 0x00010018; ClassName:
ow.
9:37:26 = hWnd = 0x00010022; ClassName:
9:37:29 = s1.
9:37:29 = s2.

9:37:33
9:37:33
9:38:10
9:38:10
9:38:11
9:38:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
12:0:21 = ## ERR ## Setevent


12:0:21 =
x=0, y=0,
12:0:21 =
x=0, y=0,
14:28:9 =
14:28:9 =

width=0, height=0
width=0, height=0
Process Attach
end process attach

14:28:10 = hWnd = 0x00010018; ClassName:
dow.
14:28:11 = hWnd = 0x00010022; ClassName:
14:28:14 = s1.
14:28:14 = s2.

14:28:55
14:28:55
14:28:56
14:28:56
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:52:33 = ## ERR ## Setevent


15:52:33 = hWnd = 0x00040050; ClassName:
dow.
15:52:33 = hWnd = 0x00030038; ClassName:


9:50:5 = hWnd = 0x00010018; ClassName:
w.
9:50:6 = hWnd = 0x00010022; ClassName:
9:50:8 = s1.

9:50:8 = s2.
9:50:13
9:50:13
9:50:49
9:50:49
9:50:50
9:50:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
10:22:30 = ## ERR ## Setevent


10:22:30 = hWnd = 0x00030074; ClassName:
dow.


dow.

10:24:35 = s1.
10:24:35 = s2.
10:24:37
10:24:37
10:24:57
10:24:57
10:24:58
10:24:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

12:21:20 = hWnd = 0x00080464; ClassName:
12:21:20 = hWnd = 0x00030542; ClassName:
dow.
12:21:20 = hWnd = 0x00050472; ClassName:
12:21:20 = hWnd = 0x00060474; ClassName:
12:21:26 = ## ERR ## Setevent


dow.
12:21:26 = hWnd = 0x00170046; ClassName:



10:29:45 = hWnd = 0x00010018; ClassName:
dow.
10:29:45 = hWnd = 0x00010022; ClassName:

10:29:45 = s1.
10:29:45 = s2.
10:29:47
10:29:47
10:30:10
10:30:10
10:30:11
10:30:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:59:57 = hWnd = 0x00030622; ClassName:


15:0:2 = hWnd = 0x00090036; ClassName:
w.
15:0:2 = hWnd = 0x000b00be; ClassName:
15:0:2 = hWnd = 0x00310074; ClassName:


10:25:4 = hWnd = 0x00010018; ClassName:
ow.
10:25:4 = hWnd = 0x00010022; ClassName:

10:25:9 = s1.
10:25:9 = s2.
10:25:10
10:25:10
10:25:47
10:25:47
10:25:48
10:25:48
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

23:5:37 = hWnd = 0x002b0abe; ClassName:
23:5:37 = hWnd = 0x00220618; ClassName:
ow.
23:5:37 = hWnd = 0x00490964; ClassName:
23:5:47 = ## ERR ## Setevent


ow.
23:5:47 = hWnd = 0x0cb900ee; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
23:5:47 =
x=0, y=0,
11:9:21 =
11:9:21 =

width=0, height=0
Process Attach
end process attach

11:9:22 = hWnd = 0x00010018; ClassName:
ow.
11:9:23 = hWnd = 0x00010022; ClassName:

11:9:25 = s1.
11:9:25 = s2.
11:9:28
11:9:28
11:10:6
11:10:6
11:10:7
11:10:7
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

14:48:17 = hWnd = 0x00100522; ClassName:
dow.
14:48:17 = hWnd = 0x00100538; ClassName:
14:48:17 = hWnd = 0x00160536; ClassName:
14:48:24 = ## ERR ## Setevent



15:32:3 = hWnd = 0x00010018; ClassName:
ow.
15:32:3 = hWnd = 0x00010022; ClassName:

15:32:3 = s1.
15:32:3 = s2.
15:54:15 = hWnd = 0x00050816; ClassName:
15:54:15 = hWnd = 0x00030382; ClassName:
dow.
15:54:15 = hWnd = 0x00050732; ClassName:
15:54:21 = ## ERR ## Setevent


dow.
18:8:22 = hWnd = 0x00010018; ClassName:
ow.
18:8:22 = hWnd = 0x00010022; ClassName:

18:8:26 = s1.
18:8:26 = s2.
19:32:31 = hWnd = 0x01aa04fa; ClassName:
dow.
19:32:31 = hWnd = 0x09ca04e4; ClassName:
19:32:37 = ## ERR ## Setevent


19:32:37 = hWnd = 0x01130050; ClassName:

19:32:37 = hWnd = 0x02770052; ClassName:
dow.


12:25:34 = hWnd = 0x00010018; ClassName:
dow.
12:25:34 = hWnd = 0x00010022; ClassName:

12:25:38 = s1.
12:25:38 = s2.
12:25:40
12:25:40
12:26:20
12:26:20
12:26:21
12:26:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
12:52:21 = hWnd = 0x00070038; ClassName:
12:52:26 = ## ERR ## Setevent


12:52:26 = hWnd = 0x00030096; ClassName:
12:52:26 = hWnd = 0x00030038; ClassName:
dow.
12:52:26 = hWnd = 0x00060056; ClassName:


18:37:21 = hWnd = 0x00010018; ClassName:
dow.
18:37:22 = hWnd = 0x00010022; ClassName:

18:37:24 = s1.
18:37:24 = s2.
ow.
21:18:7 = hWnd = 0x4f1504de; ClassName: IME; Title: Default IME.

21:18:14 = ## ERR ## Setevent
dow.


15:15:24 = hWnd = 0x00010018; ClassName:
dow.
15:15:25 = hWnd = 0x00010022; ClassName:

15:15:28 = s1.
15:15:28 = s2.
15:15:32
15:15:32
15:16:11
15:16:11
15:16:12
15:16:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:8:9 = hWnd = 0x002004b6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
1:8:9 = hWnd = 0x000c064c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.

1:8:9 = hWnd = 0x002104dc; ClassName: IME; Title: Default IME.
1:9:19 = hWnd = 0x00470092; ClassName:
w.


8:26:13 = hWnd = 0x00010018; ClassName:
ow.
8:26:13 = hWnd = 0x00010022; ClassName:

8:26:15 = s1.
8:26:15 = s2.
8:26:18
8:26:18
8:26:56
8:26:56
8:26:57
8:26:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
11:40:51 = hWnd = 0x000a04cc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
11:40:51 = hWnd = 0x000904ea; ClassName: IME; Title: Default IME.
11:40:56 = ## ERR ## Setevent
dow.
11:40:56 = hWnd = 0x00040102; ClassName:


11:41:56 = hWnd = 0x00010018; ClassName:
dow.
11:41:56 = hWnd = 0x00010022; ClassName:

11:41:56 = s1.
11:41:56 = s2.
11:41:58
11:41:58
11:42:21
11:42:21
11:42:22
11:42:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


16:54:8 = hWnd = 0x00050596; ClassName:
ow.
16:54:8 = hWnd = 0x00040500; ClassName:
16:58:21 = ## ERR ## Setevent


16:58:21 = hWnd = 0x00070050; ClassName:
dow.
16:58:21 = hWnd = 0x00030080; ClassName:


18:54:41 = hWnd = 0x00010018; ClassName:
dow.
18:54:41 = hWnd = 0x00010022; ClassName:

18:54:44 = s1.
18:54:44 = s2.
18:54:49
18:54:49
18:55:26
18:55:26
18:55:28
18:55:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


w.


0:6:55 = hWnd = 0x00030098; ClassName:
w.


10:6:17 = hWnd = 0x00010018; ClassName:
ow.
10:6:17 = hWnd = 0x00010022; ClassName:
10:6:21 = s1.
10:6:21 = s2.


23:18:45 = hWnd = 0x00100504; ClassName:
dow.
23:20:20 = ## ERR ## Setevent


dow.


23:22:33 = hWnd = 0x00010018; ClassName:
dow.
23:22:34 = hWnd = 0x00010022; ClassName:
23:22:36 = s1.
23:22:36 = s2.
23:22:39
23:22:39
23:23:23
23:23:23
23:23:25
23:23:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



ow.
0:48:28 = hWnd = 0x00290484; ClassName:
0:48:47 = ## ERR ## Setevent


ow.


9:1:22 = hWnd = 0x00010018; ClassName:
w.
9:1:22 = hWnd = 0x00010022; ClassName:
9:1:26 = s1.
9:1:26 = s2.

ow.
0:58:10 = hWnd = 0x00250b0a; ClassName: IME; Title: Default IME.
0:59:4 = hWnd = 0x00050036; ClassName:
w.


7:17:24 = hWnd = 0x00010018; ClassName:
ow.
7:17:24 = hWnd = 0x00010022; ClassName:
7:17:27 = s1.
7:17:27 = s2.

7:18:8
7:18:8
7:18:9
7:18:9
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
14:50:10 = hWnd = 0x00210732; ClassName:
14:50:50 = ## ERR ## Setevent


14:50:50 = hWnd = 0x00050082; ClassName:
dow.


16:36:21 = hWnd = 0x00010018; ClassName:
dow.
16:36:22 = hWnd = 0x00010022; ClassName:
16:36:24 = s1.

16:36:24 = s2.
16:36:24
16:36:24
16:36:53
16:36:53
16:36:54
16:36:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:5:50 = hWnd = 0x00250564; ClassName:
21:5:50 = hWnd = 0x003f04be; ClassName:
ow.
21:5:56 = ## ERR ## Setevent


ow.
21:5:56 = hWnd = 0x00030096; ClassName:


ow.

21:6:57 = s1.
21:6:57 = s2.
21:6:57
21:6:57
21:7:37
21:7:37
21:7:38
21:7:38
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
23:44:16 = ## ERR ## Setevent


dow.
23:44:16 = hWnd = 0x00030078; ClassName:


dow.
23:45:35 = s1.
23:45:35 = s2.
23:48:2 = hWnd = 0x00010018; ClassName:
ow.
23:48:2 = hWnd = 0x00010022; ClassName:

23:48:3 = s1.
23:48:3 = s2.
23:51:57 = hWnd = 0x00010456; ClassName:
23:51:57 = hWnd = 0x00010452; ClassName:
dow.
23:51:57 = hWnd = 0x00010454; ClassName:

23:52:7 = ## ERR ## Setevent

23:52:7 =
x=0, y=0,
6:39:43 =
6:39:43 =

width=0, height=0
Process Attach
end process attach

6:39:43 = hWnd = 0x00010018; ClassName:
ow.
6:39:48 = hWnd = 0x00010022; ClassName:

6:39:50 = s1.
6:39:50 = s2.
6:39:51
6:39:51
6:40:31
6:40:31
6:40:32
6:40:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

17:12:54 = hWnd = 0x00060518; ClassName:
dow.
17:12:54 = hWnd = 0x00080566; ClassName:
17:13:39 = ## ERR ## Setevent


dow.


17:35:12 = hWnd = 0x00010018; ClassName:
dow.
17:35:13 = hWnd = 0x00010022; ClassName:

17:35:17 = s1.
17:35:17 = s2.
17:35:20
17:35:20
17:35:58
17:35:58
17:35:59
17:35:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

19:45:26 = hWnd = 0x01aa04e0; ClassName:
dow.
19:45:26 = hWnd = 0x00ef05c6; ClassName:


dow.
19:56:51 = s1.
19:56:51 = s2.
19:56:56
19:56:56
19:57:32
19:57:32
19:57:33
19:57:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
20:6:35 = hWnd = 0x00050558; ClassName:
20:6:40 = ## ERR ## Setevent


20:6:40 = hWnd = 0x000b00d4; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
x=0, y=0,
20:6:40 =
x=0, y=0,
20:6:40 =
x=0, y=0,
20:7:46 =
20:7:46 =
width=1, height=1
hWnd = 0x000a00fa; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

20:7:46 = hWnd = 0x00010018; ClassName:
ow.
20:7:47 = hWnd = 0x00010022; ClassName:

20:7:50 = s1.
20:7:50 = s2.
20:7:53
20:7:53
20:8:31
20:8:31
20:8:32
20:8:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

21:9:23 = hWnd = 0x00090586; ClassName:
ow.
21:9:23 = hWnd = 0x00070570; ClassName:
21:9:36 = ## ERR ## Setevent



ow.


21:11:16 = hWnd = 0x00010018; ClassName:
dow.
21:11:16 = hWnd = 0x00010022; ClassName:

21:11:21 = s1.
21:11:21 = s2.
ow.
0:49:18 = ## ERR ## Setevent


0:49:18 = hWnd = 0x00090080; ClassName:
ow.


8:45:41 = hWnd = 0x00010018; ClassName:
ow.
8:45:41 = hWnd = 0x00010022; ClassName:

8:45:45 = s1.
8:45:45 = s2.
8:45:49
8:45:49
8:46:26
8:46:26
8:46:27
8:46:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:15:34 = hWnd = 0x00020484; ClassName:
dow.

16:16:11 = ## ERR ## Setevent

16:16:11 = hWnd = 0x00030048; ClassName:
dow.
16:16:11 = hWnd = 0x00130060; ClassName:


17:51:42 = hWnd = 0x00010018; ClassName:
dow.
17:51:43 = hWnd = 0x00010022; ClassName:

17:51:47 = s1.
17:51:47 = s2.
17:51:50
17:51:50
17:52:26
17:52:26
17:52:27
17:52:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:58:45 =
ow.
x=0, y=0,
0:58:45 =
x=0, y=0,
0:58:45 =
x=0, y=0,
width=1, height=1
hWnd = 0x287d04d6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0

0:59:21 = ## ERR ## Setevent
ow.
0:59:21 = hWnd = 0x00060088; ClassName:


6:44:22 = hWnd = 0x00010018; ClassName:
ow.
6:44:22 = hWnd = 0x00010022; ClassName:

6:44:26 = s1.
6:44:26 = s2.
9:21:26 = hWnd = 0x000304aa; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
9:21:26 =
x=0, y=0,
9:21:26 =
x=0, y=0,
9:21:41 =
9:21:41 =
hWnd = 0x000204ac; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


9:23:31 = hWnd = 0x00010018; ClassName:
ow.
9:23:31 = hWnd = 0x00010022; ClassName:

9:23:36 = s1.
9:23:36 = s2.
9:23:39
9:23:39
9:24:16
9:24:16
9:24:17
9:24:17
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
18:42:0 = ## ERR ## Setevent
ow.


19:31:56 = hWnd = 0x00010018; ClassName:
dow.
19:31:56 = hWnd = 0x00010022; ClassName:
19:32:0 = s1.
19:32:0 = s2.


23:10:19 = hWnd = 0x00050480; ClassName:
dow.
23:10:23 = ## ERR ## Setevent


dow.


8:43:46 = hWnd = 0x00010018; ClassName:
ow.
8:43:47 = hWnd = 0x00010022; ClassName:
8:43:51 = s1.
8:43:51 = s2.
8:43:54
8:43:54
8:44:31
8:44:31
8:44:32
8:44:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


8:48:20 = hWnd = 0x00030496; ClassName:
8:48:20 = hWnd = 0x00040470; ClassName:
ow.
8:48:20 = hWnd = 0x00050444; ClassName:
8:48:24 = ## ERR ## Setevent


ow.
8:48:24 = hWnd = 0x00020068; ClassName:


8:49:41 =
ow.
x=0, y=0,
8:49:41 =
x=0, y=0,
8:49:41 =
x=0, y=0,
8:49:46 =
width=1, height=1
width=0, height=0
width=0, height=0
8:49:46 = s1.
8:49:46 = s2.

1:22:55 = hWnd = 0x0f780c64; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:22:55 =
ow.
x=0, y=0,
1:22:55 =
x=0, y=0,
1:22:55 =
x=0, y=0,
1:23:33 =
1:23:33 =
hWnd = 0x00820ab8; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

1:23:33 = hWnd = 0x00040094; ClassName:
ow.
1:23:33 = hWnd = 0x00530124; ClassName:


1:35:13 = hWnd = 0x00010018; ClassName:
ow.
1:35:13 = hWnd = 0x00010022; ClassName:
1:35:16 = s1.
1:35:16 = s2.

1:35:20
1:35:20
1:35:58
1:35:58
1:35:59
1:35:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:44:47 = hWnd = 0x00030474; ClassName:
ow.
1:44:47 = hWnd = 0x00020158; ClassName:
1:45:10 = ## ERR ## Setevent


ow.
1:45:10 = hWnd = 0x00050064; ClassName:


2:23:5 = hWnd = 0x00010018; ClassName:
w.
2:23:5 = hWnd = 0x00010022; ClassName:


2:23:10 = s1.
2:23:10 = s2.
2:23:14
2:23:14
2:23:50
2:23:50
2:23:51
2:23:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:28:29 = hWnd = 0x00030364; ClassName:
ow.
2:28:34 = ## ERR ## Setevent


ow.


ow.
x=0, y=0,
8:16:17 =
x=0, y=0,
8:16:17 =
x=0, y=0,
8:16:21 =
width=1, height=1
width=0, height=0
width=0, height=0
8:16:22 = s1.
8:16:22 = s2.
12:54:38 = hWnd = 0x00090576; ClassName:
dow.
12:54:58 = ## ERR ## Setevent


12:54:58 = hWnd = 0x00040090; ClassName:
dow.
12:54:58 = hWnd = 0x00030092; ClassName:



dow.
12:59:41 = s1.
12:59:41 = s2.
13:17:40 = hWnd = 0x00060310; ClassName:
dow.
13:17:40 = hWnd = 0x000f04aa; ClassName:
13:18:22 = ## ERR ## Setevent


dow.


13:20:23 = hWnd = 0x00010018; ClassName:
dow.
13:20:23 = hWnd = 0x00010022; ClassName:

13:20:30 = s1.
13:20:30 = s2.
13:20:34
13:20:34
13:21:10
13:21:10
13:21:11
13:21:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:33:35 = hWnd = 0x00070576; ClassName:
13:33:35 = hWnd = 0x00060560; ClassName:
dow.
13:33:35 = hWnd = 0x00090550; ClassName:
13:33:35 = hWnd = 0x00070558; ClassName:
13:34:24 = ## ERR ## Setevent


dow.


13:37:57 = hWnd = 0x00010018; ClassName:
dow.
13:37:58 = hWnd = 0x00010022; ClassName:

13:38:3 = s1.
13:38:3 = s2.
14:2:10 =
ow.
x=0, y=0,
14:2:10 =
x=0, y=0,
14:2:10 =
x=0, y=0,
14:2:36 =
14:2:36 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
x=0, y=0,
14:2:37 =
x=0, y=0,
14:2:37 =
x=0, y=0,
14:4:23 =
14:4:23 =
width=1, height=1
width=0, height=0
hWnd = 0x000200bc; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

14:4:24 = hWnd = 0x00010018; ClassName:
ow.
14:4:24 = hWnd = 0x00010022; ClassName:

14:4:28 = s1.
14:4:28 = s2.
16:23:19 = hWnd = 0x00040578; ClassName:
dow.
16:23:19 = hWnd = 0x00040576; ClassName:
16:23:57 = ## ERR ## Setevent



dow.
16:31:21 = hWnd = 0x00010018; ClassName:
dow.
16:31:21 = hWnd = 0x00010022; ClassName:

16:31:27 = s1.
16:31:27 = s2.
16:31:27
16:31:27
16:31:42
16:31:42
16:31:43
16:31:43
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:1:31 = hWnd = 0x00140516; ClassName:
w.
1:1:31 = hWnd = 0x01020612; ClassName:


1:1:46 = hWnd = 0x00030048; ClassName:
w.


7:49:33 = hWnd = 0x00010018; ClassName:
ow.
7:49:33 = hWnd = 0x00010022; ClassName:

7:49:37 = s1.
7:49:37 = s2.
dow.

11:54:34 = ## ERR ## Setevent

11:54:34 = hWnd = 0x00040076; ClassName:
dow.
11:54:34 = hWnd = 0x00040052; ClassName:


11:58:56 = hWnd = 0x00010018; ClassName:
dow.
11:58:56 = hWnd = 0x00010022; ClassName:

11:59:2 = s1.
11:59:2 = s2.
dow.

16:50:44 = ## ERR ## Setevent
dow.


19:48:17 = hWnd = 0x00010018; ClassName:
dow.
19:48:18 = hWnd = 0x00010022; ClassName:

19:48:22 = s1.
19:48:22 = s2.

ow.
0:12:53 = ## ERR ## Setevent
0:12:53 =
ow.
x=0, y=0,
0:12:53 =
x=0, y=0,
0:12:53 =
x=0, y=0,
6:37:38 =
6:37:38 =
width=1, height=1
hWnd = 0x000400da; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x000e00c8; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
end process attach

6:37:39 = hWnd = 0x00010018; ClassName:
ow.
6:37:39 = hWnd = 0x00010022; ClassName:

6:37:42 = s1.
6:37:42 = s2.
6:37:47
6:37:47
6:38:24
6:38:24
6:38:25
6:38:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


4:2:49 = hWnd = 0x00140adc; ClassName:
w.


w.


6:13:10 = hWnd = 0x00010018; ClassName:
ow.
6:13:11 = hWnd = 0x00010022; ClassName:
6:13:14 = s1.
6:13:14 = s2.
6:13:18
6:13:18
6:13:55
6:13:55
6:13:56
6:13:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


0:56:41 = hWnd = 0x00080496; ClassName:
ow.


w.
0:57:0 = hWnd = 0x00050080; ClassName:


8:22:3 = hWnd = 0x00010018; ClassName:
w.
8:22:3 = hWnd = 0x00010022; ClassName:
8:22:6 = s1.
8:22:6 = s2.
8:22:10
8:22:10
8:22:48
8:22:48
=
=
=
=
Start show animate

begin close Process
Terminate Process


19:45:37 = hWnd = 0x00040674; ClassName:
dow.
19:45:55 = ## ERR ## Setevent


dow.


21:35:39 = hWnd = 0x00010018; ClassName:
dow.
21:35:40 = hWnd = 0x00010022; ClassName:
21:35:42 = s1.
21:35:42 = s2.
21:35:45
21:35:45
21:36:23
21:36:23
=
=
=
=
Start show animate

begin close Process
Terminate Process


dow.
21:57:31 = ## ERR ## Setevent


21:57:31 = hWnd = 0x00060066; ClassName:
dow.
21:57:31 = hWnd = 0x00040094; ClassName:


7:44:8 = hWnd = 0x00010018; ClassName:
w.
7:44:9 = hWnd = 0x00010022; ClassName:
7:44:12 = s1.
7:44:12 = s2.

7:44:15
7:44:15
7:44:52
7:44:52
7:44:54
7:44:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:37:55 = ## ERR ## Setevent


15:42:51 = hWnd = 0x00010018; ClassName:
dow.
15:42:51 = hWnd = 0x00010022; ClassName:
15:42:55 = s1.
15:42:55 = s2.

15:43:36
15:43:36
15:43:37
15:43:37
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
23:43:5 = hWnd = 0x00910700; ClassName:
23:43:31 = ## ERR ## Setevent


23:43:31 = hWnd = 0x00030098; ClassName:
dow.
23:43:31 = hWnd = 0x00040082; ClassName:


7:22:44 = hWnd = 0x00010018; ClassName:
ow.
7:22:44 = hWnd = 0x00010022; ClassName:
7:22:47 = s1.

7:22:47 = s2.
7:22:50
7:22:50
7:23:28
7:23:28
7:23:29
7:23:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
2:42:5 = hWnd = 0x00080504; ClassName:
2:42:16 = ## ERR ## Setevent


2:42:16 = hWnd = 0x00040050; ClassName:
ow.
2:42:16 = hWnd = 0x00040098; ClassName:


8:35:37 = hWnd = 0x00010018; ClassName:
ow.
8:35:37 = hWnd = 0x00010022; ClassName:


8:35:40 = s1.
8:35:40 = s2.
8:35:44
8:35:44
8:36:22
8:36:22
8:36:24
8:36:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:44:26 =
ow.
x=0, y=0,
0:44:26 =
x=0, y=0,
0:44:26 =
x=0, y=0,
0:44:57 =
0:44:57 =
width=1, height=1
hWnd = 0x1d0f04c6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x00b7049e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


w.

8:18:4 = s1.
8:18:4 = s2.
dow.
20:38:49 = ## ERR ## Setevent


dow.
20:38:49 = hWnd = 0x00180076; ClassName:



dow.
20:41:17 = s1.
20:41:17 = s2.
20:41:19
20:41:19
20:41:49
20:41:49
20:41:50
20:41:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

22:21:9 = hWnd = 0x00030508; ClassName:
ow.
22:21:25 = ## ERR ## Setevent


dow.


7:34:47 = hWnd = 0x00010018; ClassName:
ow.
7:34:48 = hWnd = 0x00010022; ClassName:

7:34:50 = s1.
7:34:50 = s2.
7:34:53
7:34:53
7:35:33
7:35:33
7:35:34
7:35:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:26:8 = hWnd = 0x00090492; ClassName:
8:26:8 = hWnd = 0x000b04ae; ClassName:
w.
8:27:47 = ## ERR ## Setevent


8:27:47 =
8:27:47 =
8:27:47 =
x=0, y=0,
8:27:47 =
x=0, y=0,
8:30:19 =
8:30:19 =
begin close Process

end close Process
width=0, height=0
width=0, height=0
Process Attach
end process attach


ow.
8:30:22 = s1.
8:30:22 = s2.
ow.
9:56:32 = hWnd = 0x00030480; ClassName:
9:56:49 = ## ERR ## Setevent


ow.

10:9:6 = hWnd = 0x00010018; ClassName:
w.
10:9:6 = hWnd = 0x00010022; ClassName:

10:9:7 = s1.
10:9:7 = s2.
dow.
22:52:15 = hWnd = 0x000d0bfe; ClassName:
22:52:50 = ## ERR ## Setevent


22:52:50 = hWnd = 0x009300da; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
22:52:50 = hWnd = 0x000200ae; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.

8:16:10 = hWnd = 0x00010018; ClassName:
ow.
8:16:10 = hWnd = 0x00010022; ClassName:

8:16:12 = s1.
8:16:12 = s2.
8:16:12
8:16:12
8:16:45
8:16:45
8:16:46
8:16:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:34:6 = hWnd = 0x002d054a; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
0:34:6 = hWnd = 0x000f052a; ClassName: IME; Title: Default IME.
0:35:46 = ## ERR ## Setevent

ow.


8:42:30 = hWnd = 0x00010018; ClassName:
ow.
8:42:30 = hWnd = 0x00010022; ClassName:

8:42:34 = s1.
8:42:34 = s2.
8:42:37
8:42:37
8:43:14
8:43:14
8:43:15
8:43:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:38:56 = ## ERR ## Setevent


dow.
22:38:56 = hWnd = 0x00040084; ClassName:


8:37:53 = hWnd = 0x00010018; ClassName:
ow.
8:37:53 = hWnd = 0x00010022; ClassName:

8:37:57 = s1.
8:37:57 = s2.
w.

.


9:15:44 = hWnd = 0x00010018; ClassName:
ow.
9:15:45 = hWnd = 0x00010022; ClassName:

9:15:50 = s1.
9:15:50 = s2.
9:15:54
9:15:54
9:16:30
9:16:30
9:16:32
9:16:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

.


8:6:9 = hWnd = 0x00010018; ClassName:
.
8:6:9 = hWnd = 0x00010022; ClassName:

8:6:12 = s1.
8:6:12 = s2.
8:6:15
8:6:15
8:6:54
8:6:54
8:6:55
8:6:55
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
8:28:41 = hWnd = 0x000804dc; ClassName: IME; Title: Default IME.
8:30:8 = hWnd = 0x00050086; ClassName:
w.


8:32:29 = hWnd = 0x00010018; ClassName:
ow.
8:32:29 = hWnd = 0x00010022; ClassName:

8:32:32 = s1.
8:32:32 = s2.
8:32:37
8:32:37
8:33:14
8:33:14
8:33:15
8:33:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


1:31:17 =
ow.
x=0, y=0,
1:31:17 =
x=0, y=0,
1:31:17 =
x=0, y=0,
1:31:47 =
1:31:47 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
1:31:47 = hWnd = 0x00030056; ClassName:
1:31:47 = hWnd = 0x00030084; ClassName:


8:59:8 = hWnd = 0x00010018; ClassName:
w.
8:59:8 = hWnd = 0x00010022; ClassName:
8:59:13 = s1.
8:59:13 = s2.
8:59:17
8:59:17
8:59:53
8:59:53
8:59:54
8:59:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH



0:57:22 = hWnd = 0xca0912a6; ClassName:
0:57:22 = hWnd = 0x6ed10b46; ClassName:
ow.
0:57:22 = hWnd = 0x5d350b4a; ClassName:
0:57:57 = ## ERR ## Setevent


ow.


6:6:46 = hWnd = 0x00010018; ClassName:
w.
6:6:46 = hWnd = 0x00010022; ClassName:
6:6:49 = s1.
6:6:49 = s2.
6:6:53
6:6:53
6:7:29
6:7:29
=
=
=
=
Start show animate

begin close Process
Terminate Process


14:44:20 = hWnd = 0x00840518; ClassName:
dow.
14:44:44 = ## ERR ## Setevent


dow.
14:44:44 = hWnd = 0x00070098; ClassName:


14:56:32 = hWnd = 0x00010018; ClassName:
dow.
14:56:32 = hWnd = 0x00010022; ClassName:
14:56:38 = s1.
14:56:38 = s2.

14:57:18
14:57:18
14:57:19
14:57:19
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

19:37:40 = hWnd = 0x00190596; ClassName:
dow.
19:37:52 = ## ERR ## Setevent


dow.


19:51:1 = hWnd = 0x00010018; ClassName:
ow.
19:51:1 = hWnd = 0x00010022; ClassName:
19:51:8 = s1.
19:51:8 = s2.

19:51:13
19:51:13
19:51:45
19:51:45
19:51:46
19:51:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
23:36:7 = hWnd = 0x000d04ca; ClassName:
23:36:16 = ## ERR ## Setevent


dow.


8:40:27 = hWnd = 0x00010018; ClassName:
ow.
8:40:28 = hWnd = 0x00010022; ClassName:
8:40:31 = s1.

8:40:31 = s2.
8:40:37
8:40:37
8:41:13
8:41:13
8:41:14
8:41:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
5:31:56 = ## ERR ## Setevent


ow.


8:57:52 = hWnd = 0x00010018; ClassName:
ow.
8:57:52 = hWnd = 0x00010022; ClassName:

8:57:55 = s1.
8:57:55 = s2.
8:57:57
8:57:57
8:58:36
8:58:36
8:58:37
8:58:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:57:9 = hWnd = 0x0a6f0a7a; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.
0:57:9 = hWnd = 0x013c0b0a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
0:57:43 = ## ERR ## Setevent
0:57:43 = hWnd = 0x01410062; ClassName:
ow.


ow.

8:50:32 = s1.
8:50:32 = s2.
8:50:35
8:50:35
8:51:13
8:51:13
8:51:15
8:51:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
9:13:48 = ## ERR ## Setevent
ow.


x=0, y=0,
9:15:38 =
ow.
x=0, y=0,
9:15:38 =
x=0, y=0,
9:15:38 =
x=0, y=0,
9:15:45 =
width=1, height=1
width=0, height=0
width=0, height=0
9:15:45 = s1.
9:15:45 = s2.
9:35:38 = hWnd = 0x00070140; ClassName:
ow.
9:35:38 = hWnd = 0x00040500; ClassName:
9:38:53 = ## ERR ## Setevent


9:38:53 = hWnd = 0x00060052; ClassName:
ow.


9:40:54 = hWnd = 0x00010018; ClassName:
ow.
9:40:55 = hWnd = 0x00010022; ClassName:

9:40:57 = s1.
9:40:57 = s2.
1:1:37 = hWnd = 0x00161168; ClassName:
w.
1:1:37 = hWnd = 0x000e0b8c; ClassName:


1:2:6 = hWnd = 0x002a00e6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: I
1:2:6 = hWnd = 0x000200b4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window
.

ow.
9:20:1 = s1.
9:20:1 = s2.
dow.
19:35:15 = ## ERR ## Setevent
19:35:15 = hWnd = 0x001900da; ClassName: GDI+ Hook Window Class; Title: GDI+ Win
dow.
19:35:15 = hWnd = 0x000b00cc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
19:48:58 = hWnd = 0x00010018; ClassName:
dow.
19:48:59 = hWnd = 0x00010022; ClassName:

19:49:1 = s1.
19:49:1 = s2.
ow.
0:11:16 = hWnd = 0x00080600; ClassName:
0:11:30 = ## ERR ## Setevent



0:11:30 = hWnd = 0x00040092; ClassName:
ow.
0:11:30 = hWnd = 0x00030094; ClassName:


7:56:48 = hWnd = 0x00010018; ClassName:
ow.
7:56:48 = hWnd = 0x00010022; ClassName:

7:56:53 = s1.
7:56:53 = s2.
7:56:54
7:56:54
7:57:24
7:57:24
7:57:25
7:57:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
20:26:58 = ## ERR ## Setevent

20:26:58 = hWnd = 0x00050086; ClassName:
dow.
20:26:58 = hWnd = 0x00040090; ClassName:


20:29:26 = hWnd = 0x00010018; ClassName:
dow.
20:29:27 = hWnd = 0x00010022; ClassName:

20:29:29 = s1.
20:29:29 = s2.
20:29:33
20:29:33
20:30:12
20:30:12
20:30:13
20:30:13
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
0:7:30 = hWnd = 0x00110518; ClassName:
0:7:30 = hWnd = 0x00420462; ClassName:


w.
0:7:49 = hWnd = 0x00080048; ClassName:


0:9:12 = hWnd = 0x00010018; ClassName:
w.
0:9:12 = hWnd = 0x00010022; ClassName:

0:9:15 = s1.
0:9:15 = s2.
0:9:19
0:9:19
0:9:57
0:9:57
0:9:58
0:9:58
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:18:40 = hWnd = 0x000404bc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
0:18:40 = hWnd = 0x002a052e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0,
0:18:40 =
x=0, y=0,
0:18:53 =
0:18:53 =
width=0, height=0
hWnd = 0x000404ba; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


0:20:4 = hWnd = 0x00010018; ClassName:
w.
0:20:5 = hWnd = 0x00010022; ClassName:

0:20:7 = s1.
0:20:7 = s2.
0:20:10
0:20:10
0:20:49
0:20:49
0:20:50
0:20:50
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

x=0, y=0,
1:17:36 =
ow.
x=0, y=0,
1:17:36 =
x=0, y=0,
1:17:36 =
x=0, y=0,
1:17:46 =
1:17:46 =
width=1, height=1
hWnd = 0x009f04e4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


ow.
8:23:12 = s1.
8:23:12 = s2.
8:23:18
8:23:18
8:23:55
8:23:55
8:23:56
8:23:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
9:28:13 = ## ERR ## Setevent


ow.
18:26:4 = s1.
18:26:4 = s2.

ow.
22:10:13 = ## ERR ## Setevent


dow.


ow.
22:37:13 = s1.
22:37:13 = s2.
22:37:16
22:37:16
22:37:54
22:37:54
=
=
=
=
Start show animate

begin close Process
Terminate Process

dow.
23:57:0 = ## ERR ## Setevent


ow.


9:43:45 = hWnd = 0x00010018; ClassName:
ow.
9:43:46 = hWnd = 0x00010022; ClassName:
9:43:48 = s1.

9:43:48 = s2.
9:43:52
9:43:52
9:44:30
9:44:30
9:44:31
9:44:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

19:47:47 = hWnd = 0x00020376; ClassName:
dow.

19:47:48 = s1.
19:47:48 = s2.
19:47:48
19:47:48
19:51:17
19:51:17
19:51:18
19:51:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
22:59:5 = ## ERR ## Setevent


ow.


21:23:13 = hWnd = 0x00010018; ClassName:
dow.
21:23:14 = hWnd = 0x00010022; ClassName:

21:23:16 = s1.
21:23:16 = s2.
21:23:20
21:23:20
21:23:57
21:23:57
21:23:59
21:23:59
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:31:43 = hWnd = 0x00020398; ClassName:
ow.
0:31:43 = hWnd = 0x00110520; ClassName:

0:31:54 = ## ERR ## Setevent

0:31:54 = hWnd = 0x00080090; ClassName:
ow.


7:55:49 =
ow.
x=0, y=0,
7:55:50 =
x=0, y=0,
7:55:50 =
x=0, y=0,
7:55:51 =
width=1, height=1
width=0, height=0
width=0, height=0
7:55:52 = s1.
7:55:52 = s2.
7:55:56
7:55:56
7:56:34
7:56:34
7:56:35
7:56:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

16:22:42 = hWnd = 0x001f04cc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
16:22:42 = hWnd = 0x000404fe; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

16:22:52 = ## ERR ## Setevent
16:22:52 = hWnd = 0x00120060; ClassName:
16:22:52 = hWnd = 0x00040054; ClassName:
dow.


22:16:18 = hWnd = 0x00010018; ClassName:
dow.
22:16:18 = hWnd = 0x00010022; ClassName:

22:16:21 = s1.
22:16:21 = s2.
x=0, y=0,
23:6:59 =
ow.
x=0, y=0,
23:6:59 =
x=0, y=0,
23:6:59 =
x=0, y=0,
23:7:10 =
23:7:10 =
hWnd = 0x000b053c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.
23:7:10 = hWnd = 0x00040054; ClassName:


11:0:0 = hWnd = 0x00010018; ClassName:
w.
11:0:1 = hWnd = 0x00010022; ClassName:

11:0:3 = s1.
11:0:3 = s2.

dow.
14:57:37 = ## ERR ## Setevent


dow.


20:3:44 = hWnd = 0x00010018; ClassName:
ow.
20:3:44 = hWnd = 0x00010022; ClassName:
20:3:50 = s1.
20:3:50 = s2.
20:3:54
20:3:54
20:4:31
20:4:31
20:4:32
20:4:32
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


dow.
23:24:1 = ## ERR ## Setevent


ow.
23:24:1 = hWnd = 0x00030038; ClassName:


9:34:16 = hWnd = 0x00010018; ClassName:
ow.
9:34:16 = hWnd = 0x00010022; ClassName:
9:34:20 = s1.
9:34:20 = s2.


ow.
10:3:23 = ## ERR ## Setevent


10:3:23 = hWnd = 0x00040098; ClassName:
ow.
10:3:23 = hWnd = 0x00030090; ClassName:


18:17:18 = hWnd = 0x00010018; ClassName:
dow.
18:17:19 = hWnd = 0x00010022; ClassName:
18:17:23 = s1.
18:17:23 = s2.

18:18:4
18:18:4
18:18:5
18:18:5
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

18:28:40 = hWnd = 0x00030374; ClassName:
dow.
18:28:40 = hWnd = 0x00060462; ClassName:
18:28:40 = hWnd = 0x00020388; ClassName:

18:28:40 = s1.
18:28:40 = s2.
18:28:40
18:28:40
22:44:51
22:44:51
22:44:52
22:44:52
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:35:40 = ## ERR ## Setevent


23:35:40 = hWnd = 0x008f00d6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title

9:45:42 = hWnd = 0x00010018; ClassName:
ow.
9:45:42 = hWnd = 0x00010022; ClassName:

9:45:45 = s1.
9:45:45 = s2.
9:45:50
9:45:50
9:46:28
9:46:28
9:46:29
9:46:29
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

15:51:48 = hWnd = 0x00050490; ClassName:
15:51:48 = hWnd = 0x00070492; ClassName:
dow.
15:51:48 = hWnd = 0x00060476; ClassName:
15:51:59 = ## ERR ## Setevent



dow.
15:51:59 = hWnd = 0x000f00d8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
23:14:37 = hWnd = 0x00010018; ClassName:
dow.
23:14:38 = hWnd = 0x00010022; ClassName:

23:14:40 = s1.
23:14:40 = s2.
23:14:46
23:14:46
23:15:23
23:15:23
23:15:24
23:15:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:38:40 = hWnd = 0x00020596; ClassName:
23:38:50 = ## ERR ## Setevent



dow.


23:16:53 = hWnd = 0x00010018; ClassName:
dow.
23:16:53 = hWnd = 0x00010022; ClassName:

23:16:57 = s1.
23:16:57 = s2.
23:47:54 = hWnd = 0x00020344; ClassName:
dow.


23:48:3 = ## ERR ## Setevent
ow.


ow.
9:29:5 = s1.
9:29:5 = s2.

dow.
15:21:43 = ## ERR ## Setevent
15:21:43 = hWnd = 0x00040052; ClassName:
dow.
15:21:43 = hWnd = 0x00060106; ClassName:


23:22:36 = hWnd = 0x00010018; ClassName:
dow.
23:22:36 = hWnd = 0x00010022; ClassName:

23:22:39 = s1.
23:22:39 = s2.
23:22:43
23:22:43
23:23:20
23:23:20
23:23:21
23:23:21
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


23:58:12 = hWnd = 0x00020506; ClassName:
23:58:12 = hWnd = 0x00020552; ClassName:
dow.
23:58:12 = hWnd = 0x00020550; ClassName:
23:58:12 = hWnd = 0x00030538; ClassName:
23:58:21 = ## ERR ## Setevent


23:58:21 = hWnd = 0x005b00ee; ClassName:
dow.


9:55:3 = hWnd = 0x00010018; ClassName:
w.
9:55:4 = hWnd = 0x00010022; ClassName:
9:55:6 = s1.
9:55:6 = s2.
9:55:11
9:55:11
9:55:50
9:55:50
9:55:51
9:55:51
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
10:9:14 = hWnd = 0x00020362; ClassName:

10:9:14 = s1.
10:9:14 = s2.
10:27:23 = hWnd = 0x00040388; ClassName:
dow.
10:27:23 = hWnd = 0x00040390; ClassName:
10:27:33 = ## ERR ## Setevent


dow.
21:42:34 = hWnd = 0x00010018; ClassName:
dow.
21:42:34 = hWnd = 0x00010022; ClassName:

21:42:41 = s1.
21:42:41 = s2.
22:4:51 = hWnd = 0x000d04ca; ClassName:
ow.



w.
22:5:1 = hWnd = 0x00050134; ClassName:
22:5:1 = hWnd = 0x00030150; ClassName:


22:4:26 = hWnd = 0x00010018; ClassName:
ow.
22:4:26 = hWnd = 0x00010022; ClassName:

22:4:32 = s1.
22:4:32 = s2.
dow.
23:57:52 = hWnd = 0x00190730; ClassName:
23:58:2 = ## ERR ## Setevent


23:58:2 = hWnd = 0x00050046; ClassName:
23:58:2 = hWnd = 0x00030086; ClassName:
ow.
23:58:2 = hWnd = 0x00030078; ClassName:


7:43:58 = hWnd = 0x00010018; ClassName:
ow.
7:43:58 = hWnd = 0x00010022; ClassName:

7:44:1 = s1.
7:44:1 = s2.
ow.

7:56:54 = s1.
7:56:54 = s2.
ow.
8:17:34 = hWnd = 0x00030526; ClassName:
8:17:49 = ## ERR ## Setevent


8:17:49 = hWnd = 0x00040038; ClassName:
ow.



9:25:30 = hWnd = 0x00010018; ClassName:
ow.
9:25:30 = hWnd = 0x00010022; ClassName:

9:25:33 = s1.
9:25:33 = s2.
9:25:38
9:25:38
9:26:17
9:26:17
9:26:18
9:26:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

9:52:57 = hWnd = 0x00020380; ClassName:
ow.
9:52:57 = hWnd = 0x00030352; ClassName:

9:52:57 = s1.
9:52:57 = s2.
11:29:45 = hWnd = 0x00050362; ClassName:

dow.

11:29:45 = s1.
11:29:45 = s2.
dow.
12:24:14 = hWnd = 0x00060480; ClassName:

12:24:14 = s1.
12:24:14 = s2.
18:3:54 = hWnd = 0x00cb05f4; ClassName:

18:3:54 = hWnd = 0x000c09ac; ClassName:
ow.

18:3:54 = s1.
18:3:54 = s2.
18:24:7 = hWnd = 0x00050962; ClassName:
ow.

18:24:8 = s1.
18:24:8 = s2.
19:24:30 = hWnd = 0x001b099c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title
dow.
19:24:39 = ## ERR ## Setevent
dow.
19:24:39 = hWnd = 0x000700da; ClassName: IME; Title: Default IME.
21:7:44 = hWnd = 0x00010018; ClassName:
ow.
21:7:44 = hWnd = 0x00010022; ClassName:

21:7:47 = s1.
21:7:47 = s2.
21:7:53
21:7:53
21:8:30
21:8:30
21:8:31
21:8:31
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:43:58 = ## ERR ## Setevent
dow.
23:43:58 = hWnd = 0x00110094; ClassName:


7:32:12 = hWnd = 0x00010018; ClassName:
ow.
7:32:12 = hWnd = 0x00010022; ClassName:

7:32:20 = s1.
7:32:20 = s2.
7:32:20
7:32:20
7:32:35
7:32:35
7:32:36
7:32:36
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

7:42:58 = hWnd = 0x000c03fc; ClassName:

ow.
7:42:58 = hWnd = 0x00080450; ClassName:

7:42:59 = s1.
7:42:59 = s2.
8:29:16 = hWnd = 0x00070762; ClassName:
ow.
8:29:26 = ## ERR ## Setevent


ow.


12:13:13 = hWnd = 0x00010018; ClassName:
dow.
12:13:13 = hWnd = 0x00010022; ClassName:

12:13:16 = s1.
12:13:16 = s2.
15:22:56 = hWnd = 0x00020604; ClassName:
dow.
15:23:6 = ## ERR ## Setevent


ow.
x=0, y=0,
15:23:6 =
x=0, y=0,
9:30:33 =
9:30:33 =
width=0, height=0
width=0, height=0
Process Attach
end process attach

9:30:33 = hWnd = 0x00010018; ClassName:
ow.
9:30:33 = hWnd = 0x00010022; ClassName:

9:30:39 = s1.
9:30:39 = s2.
dow.
11:19:24 = hWnd = 0x00060610; ClassName:
11:19:25 = s1.
11:19:25 = s2.


12:26:55 = hWnd = 0x00120594; ClassName:
dow.
12:28:6 = ## ERR ## Setevent


12:28:6 = hWnd = 0x00720124; ClassName:
ow.
12:28:6 = hWnd = 0x00050096; ClassName:


12:30:57 = hWnd = 0x00010018; ClassName:
dow.
12:30:58 = hWnd = 0x00010022; ClassName:
12:31:1 = s1.
12:31:1 = s2.

12:31:43
12:31:43
12:31:44
12:31:44
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
17:32:27 = hWnd = 0x00030252; ClassName:

17:32:31 = s1.
17:32:31 = s2.
17:46:11
17:46:11
17:46:28
17:46:28
17:46:28
=
=
=
=
=
Start show animate

begin close Process
end close Process
DLL_PROCESS_DETACH

17:48:37 = hWnd = 0x000b0a7e; ClassName:
dow.
17:48:37 = hWnd = 0x00110994; ClassName:
17:48:37 = s1.
17:48:37 = s2.

23:40:15 = hWnd = 0x00031218; ClassName:
dow.
23:40:15 = hWnd = 0x00040dfc; ClassName:
23:40:15 = hWnd = 0x00040ea8; ClassName:
23:41:55 = ## ERR ## Setevent


dow.


6:38:36 = hWnd = 0x00010018; ClassName:
ow.
6:38:36 = hWnd = 0x00010022; ClassName:
6:38:39 = s1.
6:38:39 = s2.

6:38:43
6:38:43
6:39:21
6:39:21
6:39:22
6:39:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

7:16:57 = s1.
7:16:57 = s2.
ow.
9:38:57 = s1.
9:38:57 = s2.

9:38:57
9:38:57
9:48:14
9:48:14
9:48:15
9:48:15
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

10:53:57 = hWnd = 0x00060468; ClassName:
dow.
10:53:57 = hWnd = 0x00040474; ClassName:
10:53:57 = hWnd = 0x00080588; ClassName:


11:5:44 = hWnd = 0x00010018; ClassName:
ow.
11:5:45 = hWnd = 0x00010022; ClassName:

11:5:47 = s1.
11:5:47 = s2.
11:5:52
11:5:52
11:6:32
11:6:32
11:6:33
11:6:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:59:55 = hWnd = 0x00030472; ClassName:

11:59:55 = hWnd = 0x00030434; ClassName:
dow.


w.


20:31:24 = hWnd = 0x00010018; ClassName:
dow.
20:31:24 = hWnd = 0x00010022; ClassName:
20:31:26 = s1.
20:31:26 = s2.


0:18:17 =
ow.
x=0, y=0,
0:18:17 =
x=0, y=0,
0:18:17 =
x=0, y=0,
0:19:27 =
0:19:27 =
width=1, height=1
width=0, height=0
hWnd = 0x00030b4e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


6:45:37 = hWnd = 0x00010018; ClassName:
ow.
6:45:37 = hWnd = 0x00010022; ClassName:
6:45:43 = s1.
6:45:43 = s2.
6:45:45
6:45:45
6:46:17
6:46:17
6:46:18
6:46:18
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


7:11:1 = hWnd = 0x00020482; ClassName:
7:11:1 = hWnd = 0x00020450; ClassName:
w.
7:11:1 = hWnd = 0x00020458; ClassName:
7:11:1 = hWnd = 0x00020456; ClassName:
7:13:13 = ## ERR ## Setevent


ow.


7:17:16 =
ow.
x=0, y=0,
7:17:16 =
x=0, y=0,
7:17:16 =
x=0, y=0,
7:17:18 =
width=1, height=1
width=0, height=0
width=0, height=0
7:17:18 = s1.
7:17:18 = s2.
ow.
7:38:33 = hWnd = 0x00030568; ClassName:

7:38:34 = s1.
7:38:34 = s2.
13:21:44 = hWnd = 0x00150490; ClassName:
dow.
13:21:47 = s1.
13:21:47 = s2.

ow.
1:19:26 = ## ERR ## Setevent


ow.


6:29:37 = hWnd = 0x00010018; ClassName:
ow.
6:29:37 = hWnd = 0x00010022; ClassName:
6:29:42 = s1.
6:29:42 = s2.

6:29:42
6:30:13
6:30:13
6:30:14
6:30:14
=
=
=
=
=

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

6:48:4 = hWnd = 0x000502ee; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
6:48:18 = s1.
6:48:18 = s2.
9:9:33 = hWnd = 0x00050456; ClassName:
w.
9:9:33 = hWnd = 0x00090794; ClassName:



w.
9:11:2 = hWnd = 0x00030060; ClassName:


9:13:42 = hWnd = 0x00010018; ClassName:
ow.
9:13:42 = hWnd = 0x00010022; ClassName:

9:13:44 = s1.
9:13:44 = s2.
9:13:48
9:13:48
9:14:26
9:14:26
9:14:27
9:14:27
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:13:45 = hWnd = 0x00030764; ClassName:
dow.
13:14:37 = ## ERR ## Setevent


dow.


16:36:41 = hWnd = 0x00010018; ClassName:
dow.
16:36:41 = hWnd = 0x00010022; ClassName:

16:36:41 = s1.
16:36:41 = s2.
16:36:41
16:36:41
16:37:13
16:37:13
16:37:14
16:37:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:10:10 = hWnd = 0x00050474; ClassName:
ow.


0:10:40 = ## ERR ## Setevent
ow.


7:8:48 = hWnd = 0x00010018; ClassName:
w.
7:8:48 = hWnd = 0x00010022; ClassName:

7:8:48 = s1.
7:8:48 = s2.
7:8:48
7:8:48
7:9:11
7:9:11
7:9:12
7:9:12
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

7:49:13 =
ow.
x=0, y=0,
7:49:13 =
x=0, y=0,
7:49:13 =
x=0, y=0,
7:49:13 =
width=1, height=1
hWnd = 0x000205ec; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
7:49:13 = s1.
7:49:13 = s2.
7:49:13
7:49:13
7:50:23
7:50:23
7:50:24
7:50:24
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

7:50:43 = hWnd = 0x00080570; ClassName:
ow.
7:50:43 = hWnd = 0x00060444; ClassName:

7:50:43 = s1.
7:50:43 = s2.
8:42:54 = s1.
8:42:54 = s2.
8:44:30 = ## ERR ## Setevent
ow.
8:44:32 = s1.
8:44:32 = s2.
8:44:33
8:44:33
8:44:53
8:44:53
8:44:54
8:44:54
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.

11:1:41 = s1.
11:1:41 = s2.
11:1:43
11:1:43
11:1:56
11:1:56
11:1:57
11:1:57
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:24:0 = hWnd = 0x00080442; ClassName:
ow.

13:24:2 = s1.
13:24:2 = s2.
dow.
19:18:34 = hWnd = 0x000b0be6; ClassName:

19:19:3 = ## ERR ## Setevent

19:19:3 = hWnd = 0x001d00fc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
19:19:3 =
ow.
x=0, y=0,
19:19:3 =
x=0, y=0,
19:19:3 =
x=0, y=0,
21:21:2 =
21:21:2 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
end process attach

21:21:2 = hWnd = 0x00010018; ClassName:
ow.
21:21:2 = hWnd = 0x00010022; ClassName:

21:21:10 = s1.
21:21:10 = s2.
21:21:12
21:21:12
21:22:33
21:22:33
21:22:34
21:22:34
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:21:28 = hWnd = 0x09e9048e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
1:21:28 = hWnd = 0x0c89049c; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:21:28 =
x=0, y=0,
1:21:28 =
x=0, y=0,
1:21:39 =
1:21:39 =
hWnd = 0x000a04d2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

width=0, height=0
hWnd = 0x045d04a0; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

1:21:39 = hWnd = 0x00080056; ClassName:
ow.


9:11:35 = hWnd = 0x00010018; ClassName:
ow.
9:11:36 = hWnd = 0x00010022; ClassName:

9:11:36 = s1.
9:11:36 = s2.
9:11:36
9:11:36
9:12:40
9:12:40
9:12:41
9:12:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


10:22:2 = hWnd = 0x000603ca; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
10:23:10 = ## ERR ## Setevent
10:23:10 = hWnd = 0x00050038; ClassName:
dow.


10:29:11 = hWnd = 0x00020016; ClassName:
10:29:11 = hWnd = 0x00020018; ClassName:
dow.
10:29:11 = hWnd = 0x00010022; ClassName:

10:29:11 = s1.
10:29:11 = s2.
10:29:11
10:29:11
10:31:24
10:31:24
10:31:25
10:31:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH


ow.
10:48:57 = ## ERR ## Setevent
dow.


10:50:37 = hWnd = 0x00010018; ClassName:
dow.
10:50:37 = hWnd = 0x00010024; ClassName:

10:50:37 = s1.
10:50:37 = s2.

dow.
12:47:20 = hWnd = 0x00091238; ClassName:
12:48:44 = ## ERR ## Setevent


12:48:44 = hWnd = 0x00040028; ClassName:
12:48:44 = hWnd = 0x00040094; ClassName:
dow.
12:48:44 = hWnd = 0x00030034; ClassName:


12:50:39 = hWnd = 0x00010018; ClassName:
dow.
12:50:39 = hWnd = 0x00010022; ClassName:

12:50:40 = s1.
12:50:40 = s2.

ow.
15:21:29 = ## ERR ## Setevent
dow.


dow.
20:45:6 = s1.
20:45:6 = s2.

w.
1:30:43 = ## ERR ## Setevent
1:30:43 = hWnd = 0x00060094; ClassName:
ow.


7:19:17 =
ow.
x=0, y=0,
7:19:21 =
x=0, y=0,
7:19:24 =
x=0, y=0,
7:19:26 =
width=1, height=1
width=0, height=0
width=0, height=0
7:19:26 = s1.
7:19:26 = s2.

ow.
7:51:26 = ## ERR ## Setevent


7:51:26 = hWnd = 0x00050038; ClassName:
ow.
7:51:26 = hWnd = 0x00020060; ClassName:


ow.
7:52:43 = hWnd = 0x00010024; ClassName:
7:52:43 = s1.
7:52:43 = s2.

7:52:43
7:52:43
7:53:15
7:53:15
7:53:16
7:53:16
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

8:5:9 = hWnd = 0x00050350; ClassName:
8:5:9 = hWnd = 0x00060352; ClassName:
.
8:5:9 = hWnd = 0x00060302; ClassName:
8:5:9 = hWnd = 0x00040314; ClassName:


8:5:18 = hWnd = 0x00040098; ClassName:
8:5:18 = hWnd = 0x00050042; ClassName:
w.
8:5:18 = hWnd = 0x00040068; ClassName:


8:51:20 = hWnd = 0x00010018; ClassName:
ow.
8:51:20 = hWnd = 0x00010022; ClassName:


8:51:23 = s1.
8:51:23 = s2.
8:51:27
8:51:27
8:52:24
8:52:24
8:52:25
8:52:25
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
13:38:10 = s1.
13:38:10 = s2.
13:38:12
13:38:12
18:10:32
18:10:32
18:10:33
18:10:33
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
19:26:46 = hWnd = 0x001e09ac; ClassName:
19:26:46 = hWnd = 0x00090ef6; ClassName:
19:27:11 = ## ERR ## Setevent


dow.


ow.
21:31:12 = s1.
21:31:12 = s2.
21:31:15
21:31:15
21:33:21
21:33:21
21:33:22
21:33:22
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:29:38 = hWnd = 0x00020a9a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
0:29:38 = hWnd = 0x00020aa2; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.

0:29:38 = hWnd = 0x00020a8e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
0:30:8 = hWnd = 0x00030088; ClassName:
w.
0:30:8 = hWnd = 0x00030032; ClassName:


7:41:15 = hWnd = 0x00010018; ClassName:
ow.
7:41:15 = hWnd = 0x00010024; ClassName:

7:41:22 = s1.
7:41:22 = s2.
7:41:22
7:41:22
7:42:48
7:42:48
7:42:49
7:42:49
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

10:7:19 =
ow.
x=0, y=0,
10:7:19 =
x=0, y=0,
10:7:19 =
x=0, y=0,
10:7:51 =
10:7:51 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


19:55:54 = hWnd = 0x00010018; ClassName:
dow.
19:55:54 = hWnd = 0x00010022; ClassName:
19:55:54 = s1.
19:55:54 = s2.


0:59:28 = hWnd = 0x00020462; ClassName:
ow.
0:59:28 = hWnd = 0x00020472; ClassName:


w.


8:15:7 = hWnd = 0x00010018; ClassName:
w.
8:15:7 = hWnd = 0x00010022; ClassName:
8:15:7 = s1.
8:15:7 = s2.

8:15:48
8:15:48
8:15:49
8:15:49
=
=
=
=
begin close Process

Terminate Process
end close Process
DLL_PROCESS_DETACH

8:28:54 = hWnd = 0x00050332; ClassName:
8:28:54 = hWnd = 0x00020330; ClassName:
ow.
8:28:54 = hWnd = 0x00090302; ClassName:

8:28:54 = s1.
8:28:54 = s2.
8:28:54
8:28:54
8:40:39
8:40:39
8:40:40
8:40:40
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:6:19 = hWnd = 0x00050616; ClassName:
ow.



13:7:6 = hWnd = 0x00040086; ClassName:
w.


13:13:45 = hWnd = 0x00010018; ClassName:
dow.
13:13:45 = hWnd = 0x00010022; ClassName:

13:13:45 = s1.
13:13:45 = s2.
13:13:49
13:13:49
13:14:36
13:14:36
13:14:37
13:14:37
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

13:17:57 = hWnd = 0x00060346; ClassName:
dow.
13:17:57 = hWnd = 0x00070366; ClassName:

13:17:57 = s1.
13:17:57 = s2.
13:17:57
13:17:57
15:27:40
15:27:40
15:27:41
15:27:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
4:11:37 = ## ERR ## Setevent


4:11:37 = hWnd = 0x000a00f2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
ow.
w.

9:3:29 = s1.
9:3:29 = s2.
13:7:29 =
ow.
x=0, y=0,
13:7:29 =
x=0, y=0,
13:7:29 =
x=0, y=0,
13:7:43 =
13:7:43 =
width=1, height=1
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


dow.

23:25:0 = s1.
23:25:0 = s2.
w.
3:3:49 = hWnd = 0x00080486; ClassName:


ow.
x=0, y=0,
9:44:32 =
x=0, y=0,
9:44:32 =
x=0, y=0,
9:44:33 =
width=1, height=1
width=0, height=0
width=0, height=0
9:44:33 = s1.
9:44:33 = s2.
9:44:34
9:44:34
9:45:21
9:45:21
9:45:23
9:45:23
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

1:55:48 =
ow.
x=0, y=0,
1:55:48 =
x=0, y=0,
1:55:48 =
x=0, y=0,
1:56:39 =
1:56:39 =
width=1, height=1
hWnd = 0x000e0a82; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
hWnd = 0x000f049e; ClassName: IME; Title: Default IME.
width=0, height=0
Process Attach
## ERR ## Setevent

1:56:39 = hWnd = 0x00040094; ClassName:
ow.



w.
9:1:12 = s1.
9:1:12 = s2.
10:27:27 = hWnd = 0x00050444; ClassName:
dow.
10:27:59 = ## ERR ## Setevent


dow.


19:36:17 = hWnd = 0x00010018; ClassName:
dow.
19:36:17 = hWnd = 0x00010022; ClassName:

19:36:24 = s1.
19:36:24 = s2.
19:36:25
19:36:25
19:37:10
19:37:10
19:37:11
19:37:11
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:21:50 = hWnd = 0x00030446; ClassName:
0:21:50 = hWnd = 0x00030450; ClassName:
ow.
0:21:50 = hWnd = 0x00030454; ClassName:


0:22:8 = hWnd = 0x000200be; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title:
0:22:8 = hWnd = 0x000200bc; ClassName: GDI+ Hook Window Class; Title: GDI+ Windo
w.

14:39:45 = hWnd = 0x00010018; ClassName:
dow.
14:39:45 = hWnd = 0x00010022; ClassName:

14:39:47 = s1.
14:39:47 = s2.
15:8:25 = hWnd = 0x00020440; ClassName:
ow.
15:8:25 = hWnd = 0x00020450; ClassName:
15:9:57 = ## ERR ## Setevent



ow.


15:11:31 = hWnd = 0x00010018; ClassName:
dow.
15:11:31 = hWnd = 0x00010022; ClassName:

15:11:34 = s1.
15:11:34 = s2.
15:11:38
15:11:38
16:37:52
16:37:52
16:37:53
16:37:53
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
23:31:27 = hWnd = 0x00060846; ClassName:
23:32:23 = ## ERR ## Setevent


dow.


8:41:49 = hWnd = 0x00010018; ClassName:
ow.
8:41:49 = hWnd = 0x00010022; ClassName:

8:41:51 = s1.
8:41:51 = s2.
8:41:54
8:41:54
8:42:34
8:42:34
8:42:35
8:42:35
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
x=0, y=0,
13:23:7 =
x=0, y=0,
13:23:7 =
x=0, y=0,
13:23:7 =
width=1, height=1
hWnd = 0x000c06b8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
13:23:7 = s1.
13:23:7 = s2.
dow.
18:57:39 = hWnd = 0x00230726; ClassName:

18:57:39 = s1.
18:57:39 = s2.
18:57:39
18:57:39
22:38:45
22:38:45
22:38:46
22:38:46
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

2:10:50 = ## ERR ## Setevent

ow.
2:10:50 = hWnd = 0x00060100; ClassName:


8:17:24 = hWnd = 0x00010018; ClassName:
ow.
8:17:24 = hWnd = 0x00010024; ClassName:

8:17:27 = s1.
8:17:27 = s2.
8:17:29
8:17:29
8:18:13
8:18:13
8:18:14
8:18:14
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

11:50:46 = hWnd = 0x00020106; ClassName:
11:50:46 = hWnd = 0x00050410; ClassName:
dow.
11:50:46 = hWnd = 0x00020104; ClassName:
11:50:46 = s1.

11:50:46 = s2.
11:50:48
11:50:48
15:20:44
15:20:44
15:20:45
15:20:45
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

w.
1:3:43 = hWnd = 0x00130120; ClassName:
1:3:43 = hWnd = 0x00110132; ClassName:
w.


8:50:48 = hWnd = 0x00010018; ClassName:
ow.
8:50:48 = hWnd = 0x00010022; ClassName:
8:50:51 = s1.

8:50:51 = s2.
8:50:54
8:50:54
8:52:55
8:52:55
8:52:56
8:52:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

dow.
15:58:55 = ## ERR ## Setevent


dow.
15:58:55 = hWnd = 0x00030040; ClassName:


dow.

21:25:45 = s1.
21:25:45 = s2.
0:30:45 = hWnd = 0x00080464; ClassName:
0:30:45 = hWnd = 0x00060462; ClassName:
ow.
0:30:53 = ## ERR ## Setevent


0:30:53 =
ow.
x=0, y=0,
0:30:53 =
x=0, y=0,
0:30:53 =
x=0, y=0,
7:11:39 =
7:11:39 =
width=1, height=1
hWnd = 0x000c005a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
end process attach

x=0, y=0,
7:11:40 =
ow.
x=0, y=0,
7:11:40 =
x=0, y=0,
7:11:40 =
x=0, y=0,
7:11:44 =
width=1, height=1
width=0, height=0
width=0, height=0
7:11:44 = s1.
7:11:44 = s2.
7:11:47
7:11:47
7:13:40
7:13:40
7:13:41
7:13:41
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

7:22:41 = hWnd = 0x00020418; ClassName:
7:22:41 = hWnd = 0x00020412; ClassName:
ow.
7:22:41 = hWnd = 0x00040414; ClassName:
7:22:45 = ## ERR ## Setevent


7:22:45 = hWnd = 0x00030068; ClassName:
ow.


17:43:48 = hWnd = 0x00010018; ClassName:
dow.
17:43:48 = hWnd = 0x00010024; ClassName:

17:43:48 = s1.
17:43:48 = s2.
17:43:51
17:43:51
17:44:55
17:44:55
17:44:56
17:44:56
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

0:41:59 =
ow.
x=0, y=0,
0:41:59 =
x=0, y=0,
0:41:59 =
x=0, y=0,
0:42:20 =
0:42:20 =
hWnd = 0x000604ce; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
width=1, height=1
hWnd = 0x000f058c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
width=0, height=0
width=0, height=0
Process Attach
## ERR ## Setevent

ow.


8:1:17 = hWnd = 0x00010018; ClassName:
w.
8:1:18 = hWnd = 0x00010022; ClassName:

8:1:20 = s1.
8:1:20 = s2.
1:15:17 = hWnd = 0x000404ac; ClassName: GDI+ Hook Window Class; Title: GDI+ Wind
ow.
1:15:17 = hWnd = 0x001b0a3c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
w.


9:11:51 = hWnd = 0x00010018; ClassName:
ow.
9:11:51 = hWnd = 0x00010022; ClassName:

9:11:54 = s1.
9:11:54 = s2.
9:11:57
9:11:57
9:15:27
9:15:27
9:15:28
9:15:28
=
=
=
=
=
=
Start show animate

begin close Process
Terminate Process
end close Process
DLL_PROCESS_DETACH

ow.
13:13:6 = hWnd = 0x00030440; ClassName:
13:13:6 = hWnd = 0x00030450; ClassName:
13:13:46 = ## ERR ## Setevent


dow.

13:55:54 = hWnd = 0x00010018; ClassName:
dow.
13:55:54 = hWnd = 0x00010022; ClassName:
13:56:2 = s1.
13:56:2 = s2.


Face Prov

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Face Prov

Transféré par

Droits d'auteur :

Formats disponibles

13:53:42 = Process Attach

13:53:42 = end process attach

AUTHUI.DLL: LogonUI Logon Window; Title

13:53:51 = ##### Get event and release process #####

AUTHUI.DLL: LogonUI Logon Window; Title

14:2:0 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title:

14:2:7 = Shell Excutute VerifyHost

AUTHUI.DLL: LogonUI Logon Window; Title

15:40:9 = ##### Get event and release process #####

AUTHUI.DLL: LogonUI Logon Window; Title:

15:46:1 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title:

15:48:44 = ## ERR ## Setevent

AUTHUI.DLL: LogonUI Logon Window; Title

15:52:40 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title

x=0, y=0, width=1, height=1

AUTHUI.DLL: LogonUI Logon Window; Title

16:43:59 = ***** NULL == SampleProvider *****

ClassName: GDI+ Hook Window Class; Title: GDI+ Wind

x=0, y=0, width=1366, height=768

AUTHUI.DLL: LogonUI Logon Window; Title

21:36:19 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title

22:45:29 = ##### Begin waiting Mutex to release process #####

AUTHUI.DLL: LogonUI Logon Window; Title

22:45:36 = ##### Get event and release process #####

AUTHUI.DLL: LogonUI Logon Window; Title

22:50:10 = ***** NULL == SampleProvider *****

Start show animate

AUTHUI.DLL: LogonUI Logon Window; Title

AUTHUI.DLL: LogonUI Logon Window; Title:

0:0:54 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title:

15:24:40 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title

Shell Excutute VerifyHost

2:11:34 = Process Attach

AUTHUI.DLL: LogonUI Logon Window; Title:

Start show animate

2:36:56 = Process Attach

AUTHUI.DLL: LogonUI Logon Window; Title:

2:37:52 = Terminate Process

AUTHUI.DLL: LogonUI Logon Window; Title:

2:38:23 = ##### Get event and release process #####

AUTHUI.DLL: LogonUI Logon Window; Title:

11:30:26 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title

AUTHUI.DLL: LogonUI Logon Window; Title

15:25:41 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title

15:27:17 = Process Attach

AUTHUI.DLL: LogonUI Logon Window; Title

15:29:1 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title:

hWnd = 0x000c055e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.

3:58:48 = ##### Get event and release process #####

AUTHUI.DLL: LogonUI Logon Window; Title:

12:39:36 = ***** NULL == SampleProvider *****

AUTHUI.DLL: LogonUI Logon Window; Title

Start show animate

22:43:56 = Process Attach

: Inicio de sesin en Windows.

14:2:0 = * NULL == SampleProvider *

15:46:1 = * NULL == SampleProvider *

15:52:40 = * NULL == SampleProvider *

16:43:59 = * NULL == SampleProvider *

21:36:19 = * NULL == SampleProvider *

22:50:10 = * NULL == SampleProvider *

0:0:54 = * NULL == SampleProvider *

15:24:40 = * NULL == SampleProvider *

11:30:26 = * NULL == SampleProvider *

15:25:41 = * NULL == SampleProvider *

15:29:1 = * NULL == SampleProvider *

12:39:36 = * NULL == SampleProvider *

22:48:2 = * NULL == SampleProvider *

2:42:8 = * NULL == SampleProvider *

12:2:7 = * NULL == SampleProvider *

9:16:15 = * NULL == SampleProvider *

13:12:46 = * NULL == SampleProvider *

2:26:30 = * NULL == SampleProvider *

10:48:0 = * NULL == SampleProvider *

15:50:5 = * NULL == SampleProvider *

12:2:20 = * NULL == SampleProvider *

13:22:55 = * NULL == SampleProvider *

8:53:9 = * NULL == SampleProvider *

0:28:20 = * NULL == SampleProvider *

9:21:21 = * NULL == SampleProvider *