# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 28.09.2021 12:04:11.839 Process: id = "1" image_name = "167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" page_root = "0x7100b000" os_pid = "0x132c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x664" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x437fff monitored = 1 entry_point = 0x40312a region_type = mapped_file name = "167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") Region: id = 128 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 271 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 272 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 273 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 274 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 275 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 276 start_va = 0x5e0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 277 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 279 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 280 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 281 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 282 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 283 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 284 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 285 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 286 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 287 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 288 start_va = 0x5e0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 289 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 290 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 291 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 292 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 293 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 294 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 295 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 296 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 297 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 298 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 299 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 300 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 301 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 303 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 304 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 305 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 306 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 307 start_va = 0x6ccd0000 end_va = 0x6cd61fff monitored = 0 entry_point = 0x6ccddd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 308 start_va = 0x840000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 309 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 310 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 311 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 312 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 313 start_va = 0x540000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 314 start_va = 0x9d0000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 315 start_va = 0xb60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 316 start_va = 0x1f60000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 317 start_va = 0x1f60000 end_va = 0x1ff0fff monitored = 0 entry_point = 0x1f98cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 318 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 319 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 320 start_va = 0x1f60000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 321 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 322 start_va = 0x74620000 end_va = 0x74a2afff monitored = 0 entry_point = 0x7464adf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 323 start_va = 0x71f20000 end_va = 0x7206afff monitored = 0 entry_point = 0x71f81660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 324 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 325 start_va = 0x6f920000 end_va = 0x6f93cfff monitored = 0 entry_point = 0x6f923b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 326 start_va = 0x6c480000 end_va = 0x6c4d3fff monitored = 0 entry_point = 0x6c49dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 327 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 328 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 329 start_va = 0x6f910000 end_va = 0x6f917fff monitored = 0 entry_point = 0x6f9117b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 330 start_va = 0x6f900000 end_va = 0x6f905fff monitored = 0 entry_point = 0x6f901570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 331 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 332 start_va = 0x2100000 end_va = 0x2436fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 333 start_va = 0x540000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 334 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 335 start_va = 0x1f60000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 336 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 337 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 338 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 339 start_va = 0x5b0000 end_va = 0x5b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 340 start_va = 0x6e0000 end_va = 0x6f2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 341 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 342 start_va = 0x700000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 343 start_va = 0x2440000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 344 start_va = 0x6c3f0000 end_va = 0x6c470fff monitored = 0 entry_point = 0x6c3f6310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 345 start_va = 0x6ccb0000 end_va = 0x6ccc5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 346 start_va = 0x6c3b0000 end_va = 0x6c3e0fff monitored = 0 entry_point = 0x6c3c22d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 347 start_va = 0x5b0000 end_va = 0x5b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 348 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 349 start_va = 0x2060000 end_va = 0x2060fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 350 start_va = 0x2540000 end_va = 0x25fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002540000" filename = "" Region: id = 351 start_va = 0x2060000 end_va = 0x2063fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 352 start_va = 0x2070000 end_va = 0x2071fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 353 start_va = 0x2080000 end_va = 0x2080fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 354 start_va = 0x2090000 end_va = 0x2094fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 355 start_va = 0x20b0000 end_va = 0x20bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020b0000" filename = "" Region: id = 356 start_va = 0x6cca0000 end_va = 0x6ccaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "agyko.dll" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nshefec.tmp\\agyko.dll") Region: id = 357 start_va = 0x20b0000 end_va = 0x20b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020b0000" filename = "" Region: id = 358 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 359 start_va = 0x6cc90000 end_va = 0x6cc97fff monitored = 0 entry_point = 0x6cc91740 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 360 start_va = 0x701a0000 end_va = 0x703acfff monitored = 0 entry_point = 0x7028acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 361 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 362 start_va = 0x2600000 end_va = 0xe4bcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 363 start_va = 0xe4c0000 end_va = 0xe507fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e4c0000" filename = "" Region: id = 380 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 381 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 383 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 384 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 385 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 386 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 387 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 388 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 389 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 390 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 391 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 392 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 393 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 394 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 395 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 396 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Region: id = 397 start_va = 0xe510000 end_va = 0xe688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e510000" filename = "" Region: id = 398 start_va = 0xe690000 end_va = 0xe80afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e690000" filename = "" Thread: id = 1 os_tid = 0x1318 [0091.940] SetErrorMode (uMode=0x8001) returned 0x0 [0091.952] GetVersion () returned 0x23f00206 [0091.952] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74530000 [0091.953] GetProcAddress (hModule=0x74530000, lpProcName="SetDefaultDllDirectories") returned 0x76d56270 [0091.953] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0091.953] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0091.953] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0091.953] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x70040000 [0092.767] lstrlenA (lpString="UXTHEME") returned 7 [0092.767] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0092.767] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\USERENV.dll") returned 12 [0092.767] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x70020000 [0093.091] lstrlenA (lpString="USERENV") returned 7 [0093.091] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0093.091] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0093.091] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x74620000 [0093.611] lstrlenA (lpString="SETUPAPI") returned 8 [0093.611] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0093.612] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\APPHELP.dll") returned 12 [0093.612] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x73ee0000 [0093.612] lstrlenA (lpString="APPHELP") returned 7 [0093.612] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0093.612] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0093.612] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x71f20000 [0094.080] lstrlenA (lpString="PROPSYS") returned 7 [0094.080] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0094.080] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0094.080] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x6f920000 [0094.380] lstrlenA (lpString="DWMAPI") returned 6 [0094.380] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0094.380] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0094.380] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x73f80000 [0094.380] lstrlenA (lpString="CRYPTBASE") returned 9 [0094.380] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0094.380] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\OLEACC.dll") returned 11 [0094.381] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6c480000 [0095.142] lstrlenA (lpString="OLEACC") returned 6 [0095.142] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0095.142] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0095.142] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x74360000 [0097.308] lstrlenA (lpString="CLBCATQ") returned 7 [0097.308] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0097.308] GetSystemDirectoryA (in: lpBuffer=0x19fcb4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0097.309] wsprintfA (in: param_1=0x19fcc7, param_2="%s%s.dll" | out: param_1="\\VERSION.dll") returned 12 [0097.309] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6f910000 [0097.526] GetProcAddress (hModule=0x6f910000, lpProcName="GetFileVersionInfoA") returned 0x6f911490 [0097.527] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0097.527] GetSystemDirectoryA (in: lpBuffer=0x19fcb4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0097.527] wsprintfA (in: param_1=0x19fcc7, param_2="%s%s.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0097.527] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6f900000 [0097.537] GetProcAddress (hModule=0x6f900000, lpProcName="SHGetFolderPathA") returned 0x6f901300 [0097.537] InitCommonControls () [0097.538] OleInitialize (pvReserved=0x0) returned 0x0 [0097.597] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fe24, cbFileInfo=0x160, uFlags=0x0 | out: psfi=0x19fe24) returned 0x1 [0097.677] lstrcpynA (in: lpString1=0x42e420, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0097.677] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " [0097.677] lstrcpynA (in: lpString1=0x434000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " [0097.678] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0097.681] GetTempPathA (in: nBufferLength=0x400, lpBuffer=0x435400 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0097.685] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0097.685] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0097.685] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0097.687] GetLastError () returned 0xb7 [0097.687] GetTickCount () returned 0x1eeea0f [0097.687] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsp", uUnique=0x0, lpTempFileName=0x435000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nspEA0F.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nspea0f.tmp")) returned 0xea0f [0097.689] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nspEA0F.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nspea0f.tmp")) returned 1 [0097.691] GetTickCount () returned 0x1eeea0f [0097.691] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x435c00, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0097.691] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x20 [0097.691] CreateFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x20c [0097.691] lstrcpynA (in: lpString1=0x434c00, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" [0097.691] lstrlenA (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 98 [0097.693] lstrcpynA (in: lpString1=0x436000, lpString2="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", iMaxLength=1024 | out: lpString1="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" [0097.693] GetFileSize (in: hFile=0x20c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4d830 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.694] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.701] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.706] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.706] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.706] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.706] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.706] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.706] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.707] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.708] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0097.709] SetFilePointer (in: hFile=0x20c, lDistanceToMove=34844, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x881c [0097.709] ReadFile (in: hFile=0x20c, lpBuffer=0x19fdac, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fd30, lpOverlapped=0x0 | out: lpBuffer=0x19fdac*, lpNumberOfBytesRead=0x19fd30*=0x4, lpOverlapped=0x0) returned 1 [0097.709] GetTickCount () returned 0x1eeea1e [0097.709] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x16cc, lpNumberOfBytesRead=0x19fd30, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19fd30*=0x16cc, lpOverlapped=0x0) returned 1 [0097.711] GetTickCount () returned 0x1eeea1e [0097.711] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9eec [0097.711] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74530000 [0097.711] GetProcAddress (hModule=0x74530000, lpProcName="GetUserDefaultUILanguage") returned 0x7454b0a0 [0097.711] GetUserDefaultUILanguage () returned 0x409 [0097.711] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0097.712] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0097.712] lstrlenA (lpString="jkjib") returned 5 [0097.712] lstrcpynA (in: lpString1=0x42e420, lpString2="jkjib Setup", iMaxLength=1024 | out: lpString1="jkjib Setup") returned="jkjib Setup" [0097.712] SetWindowTextA (hWnd=0x0, lpString="jkjib Setup") returned 0 [0097.712] lstrcpynA (in: lpString1=0x769164, lpString2="candwykmjhzwxx", iMaxLength=1024 | out: lpString1="candwykmjhzwxx") returned="candwykmjhzwxx" [0097.712] lstrcpynA (in: lpString1=0x76957c, lpString2="vdevhzaateyt", iMaxLength=1024 | out: lpString1="vdevhzaateyt") returned="vdevhzaateyt" [0097.712] lstrcpynA (in: lpString1=0x769994, lpString2="cojmngggdtim", iMaxLength=1024 | out: lpString1="cojmngggdtim") returned="cojmngggdtim" [0097.712] lstrcpynA (in: lpString1=0x769dac, lpString2="cremvnasdyf", iMaxLength=1024 | out: lpString1="cremvnasdyf") returned="cremvnasdyf" [0097.712] lstrcpynA (in: lpString1=0x42b4a8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0097.712] lstrcpynA (in: lpString1=0x42b4a8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0097.712] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0097.712] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0097.712] lstrcpynA (in: lpString1=0x434400, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0097.712] LoadImageA (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x402cf [0097.715] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0097.715] lstrlenA (lpString="jkjib") returned 5 [0097.716] lstrcpynA (in: lpString1=0x42e420, lpString2="jkjib Setup", iMaxLength=1024 | out: lpString1="jkjib Setup") returned="jkjib Setup" [0097.716] SetWindowTextA (hWnd=0x0, lpString="jkjib Setup") returned 0 [0097.716] lstrcpynA (in: lpString1=0x769164, lpString2="candwykmjhzwxx", iMaxLength=1024 | out: lpString1="candwykmjhzwxx") returned="candwykmjhzwxx" [0097.716] lstrcpynA (in: lpString1=0x76957c, lpString2="vdevhzaateyt", iMaxLength=1024 | out: lpString1="vdevhzaateyt") returned="vdevhzaateyt" [0097.716] lstrcpynA (in: lpString1=0x769994, lpString2="cojmngggdtim", iMaxLength=1024 | out: lpString1="cojmngggdtim") returned="cojmngggdtim" [0097.716] lstrcpynA (in: lpString1=0x769dac, lpString2="cremvnasdyf", iMaxLength=1024 | out: lpString1="cremvnasdyf") returned="cremvnasdyf" [0097.716] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0097.716] GetSystemDirectoryA (in: lpBuffer=0x19fc9c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0097.716] wsprintfA (in: param_1=0x19fcaf, param_2="%s%s.dll" | out: param_1="\\RichEd20.dll") returned 13 [0097.716] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6c3f0000 [0098.325] GetClassInfoA (in: hInstance=0x0, lpClassName="RichEdit20A", lpWndClass=0x42e3c0 | out: lpWndClass=0x42e3c0) returned 1 [0098.326] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x4039b0, dwInitParam=0x0) [0099.177] GetDlgItem (hDlg=0x501e2, nIDDlgItem=1) returned 0x2035a [0099.177] GetDlgItem (hDlg=0x501e2, nIDDlgItem=2) returned 0x50044 [0099.177] SetDlgItemTextA (hDlg=0x501e2, nIDDlgItem=1028, lpString="Nullsoft Install System v2.51") returned 1 [0099.178] SetClassLongA (hWnd=0x501e2, nIndex=-14, dwNewLong=262863) returned 0x0 [0099.182] lstrcpynA (in: lpString1=0x42dbc0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.182] lstrlenA (lpString="") returned 0 [0099.182] lstrcpynA (in: lpString1=0x40a440, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.182] lstrcpynA (in: lpString1=0x40a840, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.182] lstrcmpiA (lpString1="", lpString2="") returned 0 [0099.182] lstrcpynA (in: lpString1=0x42dbc0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.182] lstrlenA (lpString="") returned 0 [0099.182] lstrcpynA (in: lpString1=0x779d1c, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.182] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0099.183] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0099.183] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0099.183] GetTickCount () returned 0x1eeefeb [0099.183] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsh", uUnique=0x0, lpTempFileName=0x42f000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nshefec.tmp")) returned 0xefec [0099.185] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.185] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.185] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.185] lstrcpynA (in: lpString1=0x42b4a8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.185] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.185] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", lpFindFileData=0x42c0f0 | out: lpFindFileData=0x42c0f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2b2458, ftCreationTime.dwHighDateTime=0x1d7b461, ftLastAccessTime.dwLowDateTime=0x2d2b2458, ftLastAccessTime.dwHighDateTime=0x1d7b461, ftLastWriteTime.dwLowDateTime=0x2d2b2458, ftLastWriteTime.dwHighDateTime=0x1d7b461, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6f004c, dwReserved1=0x610063, cFileName="nshEFEC.tmp", cAlternateFileName="")) returned 0x755438 [0099.186] FindClose (in: hFindFile=0x755438 | out: hFindFile=0x755438) returned 1 [0099.186] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nshefec.tmp")) returned 1 [0099.186] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.186] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.186] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.186] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0099.186] GetLastError () returned 0xb7 [0099.186] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0099.187] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0099.187] GetLastError () returned 0xb7 [0099.187] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0099.187] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0099.187] GetLastError () returned 0xb7 [0099.187] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0099.187] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0099.187] GetLastError () returned 0xb7 [0099.187] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0099.187] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0099.187] GetLastError () returned 0xb7 [0099.187] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0099.188] GetModuleHandleA (lpModuleName="SHELL32") returned 0x74a90000 [0099.188] GetProcAddress (hModule=0x74a90000, lpProcName=0x2a8) returned 0x74d3db90 [0099.188] IsUserAnAdmin () returned 1 [0099.188] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nshefec.tmp"), lpSecurityAttributes=0x19f5c0) returned 1 [0099.189] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.189] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.189] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.189] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.189] lstrcpynA (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.189] lstrcpynA (in: lpString1=0x42f000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.189] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0099.189] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0099.189] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0099.190] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0099.190] GetLastError () returned 0xb7 [0099.190] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0099.190] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0099.190] GetLastError () returned 0xb7 [0099.190] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0099.190] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0099.190] GetLastError () returned 0xb7 [0099.190] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0099.190] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0099.190] GetLastError () returned 0xb7 [0099.190] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0099.191] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0099.191] GetLastError () returned 0xb7 [0099.191] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0099.191] lstrcpynA (in: lpString1=0x434800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0099.191] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0099.191] lstrcpynA (in: lpString1=0x40a840, lpString2="lwp4r7ldzqpo26xd", iMaxLength=1024 | out: lpString1="lwp4r7ldzqpo26xd") returned="lwp4r7ldzqpo26xd" [0099.191] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0099.191] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0099.191] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0099.191] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="lwp4r7ldzqpo26xd" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd" [0099.191] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\lwp4r7ldzqpo26xd")) returned 0xffffffff [0099.192] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\lwp4r7ldzqpo26xd")) returned 0xffffffff [0099.192] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\lwp4r7ldzqpo26xd"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0099.192] SetFilePointer (in: hFile=0x20c, lDistanceToMove=40684, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9eec [0099.192] ReadFile (in: hFile=0x20c, lpBuffer=0x19f798, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x19f798*, lpNumberOfBytesRead=0x19f71c*=0x4, lpOverlapped=0x0) returned 1 [0099.192] GetTickCount () returned 0x1eeefeb [0099.192] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.194] GetTickCount () returned 0x1eeefeb [0099.194] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4178, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4178, lpOverlapped=0x0) returned 1 [0099.195] GetTickCount () returned 0x1eeefeb [0099.195] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.195] GetTickCount () returned 0x1eeefeb [0099.195] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4166, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4166, lpOverlapped=0x0) returned 1 [0099.196] GetTickCount () returned 0x1eeeffa [0099.196] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.196] GetTickCount () returned 0x1eeeffa [0099.196] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x45e5, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x45e5, lpOverlapped=0x0) returned 1 [0099.197] GetTickCount () returned 0x1eeeffa [0099.197] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.197] GetTickCount () returned 0x1eeeffa [0099.197] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x550b, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x550b, lpOverlapped=0x0) returned 1 [0099.198] GetTickCount () returned 0x1eeeffa [0099.198] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.198] GetTickCount () returned 0x1eeeffa [0099.198] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x46eb, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x46eb, lpOverlapped=0x0) returned 1 [0099.198] GetTickCount () returned 0x1eeeffa [0099.198] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.199] GetTickCount () returned 0x1eeeffa [0099.199] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4696, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4696, lpOverlapped=0x0) returned 1 [0099.199] GetTickCount () returned 0x1eeeffa [0099.199] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.199] GetTickCount () returned 0x1eeeffa [0099.199] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x47c7, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x47c7, lpOverlapped=0x0) returned 1 [0099.200] GetTickCount () returned 0x1eeeffa [0099.200] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.200] GetTickCount () returned 0x1eeeffa [0099.200] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x488f, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x488f, lpOverlapped=0x0) returned 1 [0099.201] GetTickCount () returned 0x1eeeffa [0099.201] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.201] GetTickCount () returned 0x1eeeffa [0099.201] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x479a, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x479a, lpOverlapped=0x0) returned 1 [0099.202] GetTickCount () returned 0x1eeeffa [0099.202] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.202] GetTickCount () returned 0x1eeeffa [0099.202] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x44e2, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x44e2, lpOverlapped=0x0) returned 1 [0099.202] GetTickCount () returned 0x1eeeffa [0099.203] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.203] GetTickCount () returned 0x1eeeffa [0099.203] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4747, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4747, lpOverlapped=0x0) returned 1 [0099.204] GetTickCount () returned 0x1eeeffa [0099.204] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.204] GetTickCount () returned 0x1eeeffa [0099.204] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x59b4, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x59b4, lpOverlapped=0x0) returned 1 [0099.205] GetTickCount () returned 0x1eeeffa [0099.205] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.205] GetTickCount () returned 0x1eeeffa [0099.205] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4130, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4130, lpOverlapped=0x0) returned 1 [0099.206] GetTickCount () returned 0x1eeeffa [0099.206] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.206] GetTickCount () returned 0x1eeeffa [0099.206] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x527b, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x527b, lpOverlapped=0x0) returned 1 [0099.230] GetTickCount () returned 0x1eef01a [0099.230] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.230] GetTickCount () returned 0x1eef01a [0099.230] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4146, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4146, lpOverlapped=0x0) returned 1 [0099.231] GetTickCount () returned 0x1eef01a [0099.231] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x33af, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x33af, lpOverlapped=0x0) returned 1 [0099.232] GetTickCount () returned 0x1eef01a [0099.232] MulDiv (nNumber=258991, nNumerator=100, nDenominator=258991) returned 100 [0099.232] wsprintfA (in: param_1=0x19f72c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0099.232] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x39f2, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x39f2, lpOverlapped=0x0) returned 1 [0099.232] SetFileTime (hFile=0x28, lpCreationTime=0x19f928, lpLastAccessTime=0x0, lpLastWriteTime=0x19f928) returned 1 [0099.232] CloseHandle (hObject=0x28) returned 1 [0099.240] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.240] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.240] lstrcpynA (in: lpString1=0x40a440, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.240] lstrcpynA (in: lpString1=0x40a840, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0099.240] lstrcmpiA (lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", lpString2="") returned 1 [0099.240] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.240] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.240] lstrcpynA (in: lpString1=0x40a840, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll" [0099.241] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll" [0099.241] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nshefec.tmp\\agyko.dll")) returned 0xffffffff [0099.241] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nshefec.tmp\\agyko.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0099.241] SetFilePointer (in: hFile=0x20c, lDistanceToMove=299679, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4929f [0099.241] ReadFile (in: hFile=0x20c, lpBuffer=0x19f798, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x19f798*, lpNumberOfBytesRead=0x19f71c*=0x4, lpOverlapped=0x0) returned 1 [0099.242] GetTickCount () returned 0x1eef01a [0099.242] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0099.242] GetTickCount () returned 0x1eef029 [0099.242] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x8000, lpOverlapped=0x0) returned 1 [0099.244] GetTickCount () returned 0x1eef029 [0099.244] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x34e8, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x34e8, lpOverlapped=0x0) returned 1 [0099.245] GetTickCount () returned 0x1eef029 [0099.245] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x58d, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x58d, lpOverlapped=0x0) returned 1 [0099.245] GetTickCount () returned 0x1eef029 [0099.245] MulDiv (nNumber=17805, nNumerator=100, nDenominator=17805) returned 100 [0099.245] wsprintfA (in: param_1=0x19f72c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0099.245] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x718, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x718, lpOverlapped=0x0) returned 1 [0099.245] CloseHandle (hObject=0x28) returned 1 [0099.248] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp" [0099.248] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp") returned 48 [0099.248] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll" [0099.248] lstrcpynA (in: lpString1=0x409c40, lpString2="TclpOwkq", iMaxLength=1024 | out: lpString1="TclpOwkq") returned="TclpOwkq" [0099.248] GetModuleHandleA (lpModuleName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll") returned 0x0 [0099.250] LoadLibraryExA (lpLibFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nshEFEC.tmp\\agyko.dll", hFile=0x0, dwFlags=0x8) returned 0x6cca0000 [0099.656] GetProcAddress (hModule=0x6cca0000, lpProcName="TclpOwkq") returned 0x6cca7500 [0099.656] VirtualAlloc (lpAddress=0x0, dwSize=0xbebc200, flAllocationType=0x3000, flProtect=0x4) returned 0x2600000 [0104.744] EnumResourceTypesA (hModule=0x0, lpEnumFunc=0x6ccaa000, lParam=0x0) [0104.749] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x76f60000 [0104.750] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f1c4 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0104.764] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="lwp4r7ldzqpo26xd" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd") returned 1 [0104.765] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\lwp4r7ldzqpo26xd" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\lwp4r7ldzqpo26xd"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0104.772] GetFileSize (in: hFile=0x230, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x477ff [0104.772] VirtualAlloc (lpAddress=0x0, dwSize=0x477ff, flAllocationType=0x3000, flProtect=0x4) returned 0xe4c0000 [0104.773] ReadFile (in: hFile=0x230, lpBuffer=0xe4c0000, nNumberOfBytesToRead=0x477ff, lpNumberOfBytesRead=0x19f5d4, lpOverlapped=0x0 | out: lpBuffer=0xe4c0000*, lpNumberOfBytesRead=0x19f5d4*=0x477ff, lpOverlapped=0x0) returned 1 [0104.779] CloseHandle (hObject=0x230) returned 1 [0104.809] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77260000 [0104.810] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ecc8, nSize=0x103 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0104.810] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19e544, nSize=0x103 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0104.810] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " [0104.810] CreateProcessW (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec20*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec84 | out: lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" ", lpProcessInformation=0x19ec84*(hProcess=0x234, hThread=0x230, dwProcessId=0x658, dwThreadId=0x7f4)) returned 1 [0104.840] GetThreadContext (in: hThread=0x230, lpContext=0x19e954 | out: lpContext=0x19e954*(ContextFlags=0x10007, Dr0=0x19ea58, Dr1=0x0, Dr2=0x7729a1fe, Dr3=0x19e9bc, Dr6=0x19ea58, Dr7=0x7a0, FloatSave.ControlWord=0x1a1e44, FloatSave.StatusWord=0x40b193ab, FloatSave.TagWord=0x6106e848, FloatSave.ErrorOffset=0x19ec8c, FloatSave.ErrorSelector=0x57, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x1a1714, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x78, [5]=0xe9, [6]=0x19, [7]=0x0, [8]=0x7e, [9]=0xc4, [10]=0xc1, [11]=0xf5, [12]=0xac, [13]=0xee, [14]=0x19, [15]=0x0, [16]=0x30, [17]=0xee, [18]=0x2d, [19]=0x77, [20]=0x98, [21]=0x21, [22]=0x2a, [23]=0x16, [24]=0xfe, [25]=0xff, [26]=0xff, [27]=0xff, [28]=0x34, [29]=0xec, [30]=0x19, [31]=0x0, [32]=0x98, [33]=0x8d, [34]=0x29, [35]=0x77, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x25, [41]=0x2, [42]=0x0, [43]=0xc0, [44]=0x78, [45]=0xec, [46]=0x19, [47]=0x0, [48]=0x8, [49]=0x1c, [50]=0x77, [51]=0x0, [52]=0xad, [53]=0x8d, [54]=0x29, [55]=0x77, [56]=0x20, [57]=0xea, [58]=0x19, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x88, [73]=0x2e, [74]=0x74, [75]=0x0, [76]=0xfc, [77]=0xe9, [78]=0x19, [79]=0x0), FloatSave.Cr0NpxState=0x742ec4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2f3000, Edx=0x0, Ecx=0x0, Eax=0x40312a, Ebp=0x0, Eip=0x772d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x8, [1]=0xec, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x48, [17]=0xea, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x29, [23]=0x77, [24]=0xd0, [25]=0xea, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x98, [41]=0xea, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x29, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x29, [55]=0x77, [56]=0x78, [57]=0xeb, [58]=0x6, [59]=0x61, [60]=0x10, [61]=0xec, [62]=0x19, [63]=0x0, [64]=0xa0, [65]=0xec, [66]=0x19, [67]=0x0, [68]=0x8, [69]=0xec, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xac, [77]=0xeb, [78]=0x19, [79]=0x0, [80]=0xd0, [81]=0xea, [82]=0x19, [83]=0x0, [84]=0x10, [85]=0xec, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x58, [97]=0xea, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x1c, [105]=0xf7, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x2d, [111]=0x77, [112]=0xc8, [113]=0x20, [114]=0x2a, [115]=0x16, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x29, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x2a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x8, [145]=0xec, [146]=0x19, [147]=0x0, [148]=0xcc, [149]=0xea, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0xa0, [157]=0xec, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x2a, [163]=0x77, [164]=0x84, [165]=0xeb, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xd8, [181]=0xea, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x3, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xdc, [273]=0xeb, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0x24, [285]=0xf6, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xd8, [293]=0xeb, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0xfc, [305]=0xeb, [306]=0x19, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0xe8, [317]=0xf1, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x78, [325]=0xeb, [326]=0x19, [327]=0x0, [328]=0x78, [329]=0xeb, [330]=0x19, [331]=0x0, [332]=0x78, [333]=0xeb, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x64, [349]=0xea, [350]=0x6, [351]=0x61, [352]=0xfc, [353]=0xec, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x29, [363]=0x77, [364]=0x24, [365]=0xec, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x98, [377]=0xf1, [378]=0x19, [379]=0x0, [380]=0x24, [381]=0xf6, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x29, [387]=0x77, [388]=0xba, [389]=0xf9, [390]=0x29, [391]=0x77, [392]=0x44, [393]=0xb4, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0x24, [401]=0xf6, [402]=0x19, [403]=0x0, [404]=0x25, [405]=0x2, [406]=0x0, [407]=0xc0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x78, [425]=0xec, [426]=0x19, [427]=0x0, [428]=0x60, [429]=0xf1, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x29, [435]=0x77, [436]=0x10, [437]=0xec, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x24, [445]=0xeb, [446]=0x6, [447]=0x61, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x68, [453]=0xec, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x2a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x2a, [483]=0x77, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x88, [489]=0x2e, [490]=0x74, [491]=0x0, [492]=0x94, [493]=0xec, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x60, [509]=0xf1, [510]=0x19, [511]=0x0))) returned 1 [0104.845] ReadProcessMemory (in: hProcess=0x234, lpBaseAddress=0x2f3008, lpBuffer=0x19ec98, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19ec98*, lpNumberOfBytesRead=0x0) returned 1 [0104.845] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e50c | out: Wow64Process=0x19e50c*=1) returned 1 [0104.846] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0104.846] lstrlenW (lpString="ntdll.dll") returned 9 [0104.846] lstrlenW (lpString="ntdll.dll") returned 9 [0104.846] lstrlenW (lpString="ntdll.dll") returned 9 [0104.846] lstrlenW (lpString="ntdll.dll") returned 9 [0104.846] lstrlenW (lpString="tdll.dll") returned 8 [0104.846] lstrlenW (lpString="dll.dll") returned 7 [0104.846] lstrlenW (lpString="ll.dll") returned 6 [0104.846] lstrlenW (lpString="l.dll") returned 5 [0104.846] lstrlenW (lpString=".dll") returned 4 [0104.846] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0104.846] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0104.846] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0104.847] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4e0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4e0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.000] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.030] CloseHandle (hObject=0x23c) returned 1 [0105.030] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.037] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.043] NtUnmapViewOfSection (ProcessHandle=0x234, BaseAddress=0x400000) returned 0x0 [0105.048] VirtualAllocEx (hProcess=0x234, lpAddress=0x400000, dwSize=0x4c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0105.054] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.055] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.055] lstrlenW (lpString="ntdll.dll") returned 9 [0105.055] lstrlenW (lpString="ntdll.dll") returned 9 [0105.055] lstrlenW (lpString="ntdll.dll") returned 9 [0105.055] lstrlenW (lpString="ntdll.dll") returned 9 [0105.055] lstrlenW (lpString="tdll.dll") returned 8 [0105.055] lstrlenW (lpString="dll.dll") returned 7 [0105.055] lstrlenW (lpString="ll.dll") returned 6 [0105.055] lstrlenW (lpString="l.dll") returned 5 [0105.055] lstrlenW (lpString=".dll") returned 4 [0105.055] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.055] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.055] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.056] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.079] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.109] CloseHandle (hObject=0x23c) returned 1 [0105.109] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.115] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.122] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x400000, Buffer=0xe4c0000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4c0000*, NumberOfBytesWritten=0x19e510*=0x400) returned 0x0 [0105.135] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.136] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.136] lstrlenW (lpString="ntdll.dll") returned 9 [0105.136] lstrlenW (lpString="ntdll.dll") returned 9 [0105.136] lstrlenW (lpString="ntdll.dll") returned 9 [0105.136] lstrlenW (lpString="ntdll.dll") returned 9 [0105.136] lstrlenW (lpString="tdll.dll") returned 8 [0105.136] lstrlenW (lpString="dll.dll") returned 7 [0105.136] lstrlenW (lpString="ll.dll") returned 6 [0105.136] lstrlenW (lpString="l.dll") returned 5 [0105.136] lstrlenW (lpString=".dll") returned 4 [0105.136] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.136] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.136] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.137] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.171] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.221] CloseHandle (hObject=0x23c) returned 1 [0105.221] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.228] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.237] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x401000, Buffer=0xe4c0400*, NumberOfBytesToWrite=0xac00, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4c0400*, NumberOfBytesWritten=0x19e510*=0xac00) returned 0x0 [0105.259] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.259] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.259] lstrlenW (lpString="ntdll.dll") returned 9 [0105.259] lstrlenW (lpString="ntdll.dll") returned 9 [0105.259] lstrlenW (lpString="ntdll.dll") returned 9 [0105.259] lstrlenW (lpString="ntdll.dll") returned 9 [0105.259] lstrlenW (lpString="tdll.dll") returned 8 [0105.259] lstrlenW (lpString="dll.dll") returned 7 [0105.259] lstrlenW (lpString="ll.dll") returned 6 [0105.260] lstrlenW (lpString="l.dll") returned 5 [0105.260] lstrlenW (lpString=".dll") returned 4 [0105.260] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.260] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.260] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.261] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.283] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.311] CloseHandle (hObject=0x23c) returned 1 [0105.312] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.319] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.326] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x40c000, Buffer=0xe4cb000*, NumberOfBytesToWrite=0x5a00, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4cb000*, NumberOfBytesWritten=0x19e510*=0x5a00) returned 0x0 [0105.334] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.334] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.334] lstrlenW (lpString="ntdll.dll") returned 9 [0105.334] lstrlenW (lpString="ntdll.dll") returned 9 [0105.334] lstrlenW (lpString="ntdll.dll") returned 9 [0105.334] lstrlenW (lpString="ntdll.dll") returned 9 [0105.334] lstrlenW (lpString="tdll.dll") returned 8 [0105.334] lstrlenW (lpString="dll.dll") returned 7 [0105.335] lstrlenW (lpString="ll.dll") returned 6 [0105.335] lstrlenW (lpString="l.dll") returned 5 [0105.335] lstrlenW (lpString=".dll") returned 4 [0105.335] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.335] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.335] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.335] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.357] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.386] CloseHandle (hObject=0x23c) returned 1 [0105.386] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.393] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.514] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x412000, Buffer=0xe4d0a00*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4d0a00*, NumberOfBytesWritten=0x19e510*=0x800) returned 0x0 [0105.529] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.530] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.530] lstrlenW (lpString="ntdll.dll") returned 9 [0105.530] lstrlenW (lpString="ntdll.dll") returned 9 [0105.530] lstrlenW (lpString="ntdll.dll") returned 9 [0105.530] lstrlenW (lpString="ntdll.dll") returned 9 [0105.530] lstrlenW (lpString="tdll.dll") returned 8 [0105.530] lstrlenW (lpString="dll.dll") returned 7 [0105.530] lstrlenW (lpString="ll.dll") returned 6 [0105.530] lstrlenW (lpString="l.dll") returned 5 [0105.530] lstrlenW (lpString=".dll") returned 4 [0105.531] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.531] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.531] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.532] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.554] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.591] CloseHandle (hObject=0x23c) returned 1 [0105.592] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.598] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.604] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x414000, Buffer=0xe4d1200*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4d1200*, NumberOfBytesWritten=0x19e510*=0x200) returned 0x0 [0105.623] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.624] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.624] lstrlenW (lpString="ntdll.dll") returned 9 [0105.624] lstrlenW (lpString="ntdll.dll") returned 9 [0105.624] lstrlenW (lpString="ntdll.dll") returned 9 [0105.624] lstrlenW (lpString="ntdll.dll") returned 9 [0105.624] lstrlenW (lpString="tdll.dll") returned 8 [0105.624] lstrlenW (lpString="dll.dll") returned 7 [0105.624] lstrlenW (lpString="ll.dll") returned 6 [0105.624] lstrlenW (lpString="l.dll") returned 5 [0105.624] lstrlenW (lpString=".dll") returned 4 [0105.624] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.624] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.625] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.625] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.648] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.673] CloseHandle (hObject=0x23c) returned 1 [0105.673] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.684] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.690] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x415000, Buffer=0xe4d1400*, NumberOfBytesToWrite=0x36400, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4d1400*, NumberOfBytesWritten=0x19e510*=0x36400) returned 0x0 [0105.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0105.718] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.718] lstrlenW (lpString="ntdll.dll") returned 9 [0105.718] lstrlenW (lpString="ntdll.dll") returned 9 [0105.718] lstrlenW (lpString="ntdll.dll") returned 9 [0105.718] lstrlenW (lpString="ntdll.dll") returned 9 [0105.718] lstrlenW (lpString="tdll.dll") returned 8 [0105.718] lstrlenW (lpString="dll.dll") returned 7 [0105.718] lstrlenW (lpString="ll.dll") returned 6 [0105.718] lstrlenW (lpString="l.dll") returned 5 [0105.718] lstrlenW (lpString=".dll") returned 4 [0105.718] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.719] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.719] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.720] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.747] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.783] CloseHandle (hObject=0x23c) returned 1 [0105.783] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.792] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.802] NtWriteVirtualMemory (in: ProcessHandle=0x234, BaseAddress=0x2f3008, Buffer=0x19ecac*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19e510 | out: Buffer=0x19ecac*, NumberOfBytesWritten=0x19e510*=0x4) returned 0x0 [0105.811] SetThreadContext (hThread=0x230, lpContext=0x19e954*(ContextFlags=0x10007, Dr0=0x19ea58, Dr1=0x0, Dr2=0x7729a1fe, Dr3=0x19e9bc, Dr6=0x19ea58, Dr7=0x7a0, FloatSave.ControlWord=0x1a1e44, FloatSave.StatusWord=0x40b193ab, FloatSave.TagWord=0x6106e848, FloatSave.ErrorOffset=0x19ec8c, FloatSave.ErrorSelector=0x57, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x1a1714, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x78, [5]=0xe9, [6]=0x19, [7]=0x0, [8]=0x7e, [9]=0xc4, [10]=0xc1, [11]=0xf5, [12]=0xac, [13]=0xee, [14]=0x19, [15]=0x0, [16]=0x30, [17]=0xee, [18]=0x2d, [19]=0x77, [20]=0x98, [21]=0x21, [22]=0x2a, [23]=0x16, [24]=0xfe, [25]=0xff, [26]=0xff, [27]=0xff, [28]=0x34, [29]=0xec, [30]=0x19, [31]=0x0, [32]=0x98, [33]=0x8d, [34]=0x29, [35]=0x77, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x25, [41]=0x2, [42]=0x0, [43]=0xc0, [44]=0x78, [45]=0xec, [46]=0x19, [47]=0x0, [48]=0x8, [49]=0x1c, [50]=0x77, [51]=0x0, [52]=0xad, [53]=0x8d, [54]=0x29, [55]=0x77, [56]=0x20, [57]=0xea, [58]=0x19, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x88, [73]=0x2e, [74]=0x74, [75]=0x0, [76]=0xfc, [77]=0xe9, [78]=0x19, [79]=0x0), FloatSave.Cr0NpxState=0x742ec4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2f3000, Edx=0x0, Ecx=0x0, Eax=0x40188b, Ebp=0x0, Eip=0x772d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x8, [1]=0xec, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x48, [17]=0xea, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x29, [23]=0x77, [24]=0xd0, [25]=0xea, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x98, [41]=0xea, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x29, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x29, [55]=0x77, [56]=0x78, [57]=0xeb, [58]=0x6, [59]=0x61, [60]=0x10, [61]=0xec, [62]=0x19, [63]=0x0, [64]=0xa0, [65]=0xec, [66]=0x19, [67]=0x0, [68]=0x8, [69]=0xec, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xac, [77]=0xeb, [78]=0x19, [79]=0x0, [80]=0xd0, [81]=0xea, [82]=0x19, [83]=0x0, [84]=0x10, [85]=0xec, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x58, [97]=0xea, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x1c, [105]=0xf7, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x2d, [111]=0x77, [112]=0xc8, [113]=0x20, [114]=0x2a, [115]=0x16, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x29, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x2a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x8, [145]=0xec, [146]=0x19, [147]=0x0, [148]=0xcc, [149]=0xea, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0xa0, [157]=0xec, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x2a, [163]=0x77, [164]=0x84, [165]=0xeb, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xd8, [181]=0xea, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x3, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xdc, [273]=0xeb, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0x24, [285]=0xf6, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xd8, [293]=0xeb, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0xfc, [305]=0xeb, [306]=0x19, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0xe8, [317]=0xf1, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x78, [325]=0xeb, [326]=0x19, [327]=0x0, [328]=0x78, [329]=0xeb, [330]=0x19, [331]=0x0, [332]=0x78, [333]=0xeb, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x64, [349]=0xea, [350]=0x6, [351]=0x61, [352]=0xfc, [353]=0xec, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x29, [363]=0x77, [364]=0x24, [365]=0xec, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x98, [377]=0xf1, [378]=0x19, [379]=0x0, [380]=0x24, [381]=0xf6, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x29, [387]=0x77, [388]=0xba, [389]=0xf9, [390]=0x29, [391]=0x77, [392]=0x44, [393]=0xb4, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0x24, [401]=0xf6, [402]=0x19, [403]=0x0, [404]=0x25, [405]=0x2, [406]=0x0, [407]=0xc0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x78, [425]=0xec, [426]=0x19, [427]=0x0, [428]=0x60, [429]=0xf1, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x29, [435]=0x77, [436]=0x10, [437]=0xec, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x24, [445]=0xeb, [446]=0x6, [447]=0x61, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x68, [453]=0xec, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x2a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x2a, [483]=0x77, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x88, [489]=0x2e, [490]=0x74, [491]=0x0, [492]=0x94, [493]=0xec, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x60, [509]=0xf1, [510]=0x19, [511]=0x0))) returned 1 [0105.822] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e504 | out: Wow64Process=0x19e504*=1) returned 1 [0105.822] lstrlenW (lpString="167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") returned 68 [0105.822] lstrlenW (lpString="ntdll.dll") returned 9 [0105.822] lstrlenW (lpString="ntdll.dll") returned 9 [0105.823] lstrlenW (lpString="ntdll.dll") returned 9 [0105.823] lstrlenW (lpString="ntdll.dll") returned 9 [0105.823] lstrlenW (lpString="tdll.dll") returned 8 [0105.823] lstrlenW (lpString="dll.dll") returned 7 [0105.823] lstrlenW (lpString="ll.dll") returned 6 [0105.823] lstrlenW (lpString="l.dll") returned 5 [0105.823] lstrlenW (lpString=".dll") returned 4 [0105.823] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0105.823] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0105.824] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe510000 [0105.824] ReadFile (in: hFile=0x23c, lpBuffer=0xe510000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4d8, lpOverlapped=0x0 | out: lpBuffer=0xe510000*, lpNumberOfBytesRead=0x19e4d8*=0x1784a0, lpOverlapped=0x0) returned 1 [0105.861] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe690000 [0105.916] CloseHandle (hObject=0x23c) returned 1 [0105.916] VirtualFree (lpAddress=0xe510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.929] VirtualFree (lpAddress=0xe690000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0105.939] NtResumeThread (in: ThreadHandle=0x230, SuspendCount=0x19e520 | out: SuspendCount=0x19e520*=0x1) returned 0x0 [0106.038] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x135c Thread: id = 3 os_tid = 0x1340 Thread: id = 4 os_tid = 0x133c Process: id = "2" image_name = "167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" page_root = "0x20705000" os_pid = "0x658" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x132c" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 364 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 365 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 366 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 367 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 368 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 369 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 370 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 371 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 372 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 373 start_va = 0x400000 end_va = 0x437fff monitored = 1 entry_point = 0x40312a region_type = mapped_file name = "167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe") Region: id = 374 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 375 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 376 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 377 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 378 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 379 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 382 start_va = 0x400000 end_va = 0x44bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 399 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 400 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 401 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 402 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 403 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 404 start_va = 0x450000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 405 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 406 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 407 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 408 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 409 start_va = 0x5c0000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 410 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 411 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 412 start_va = 0x450000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 413 start_va = 0x4c0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 414 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 415 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 416 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 417 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 418 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 419 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 420 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 421 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 422 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 423 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 424 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 425 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 426 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 427 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 428 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 429 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 430 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 431 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 432 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 433 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 434 start_va = 0x6b160000 end_va = 0x6b1b8fff monitored = 1 entry_point = 0x6b170780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 435 start_va = 0x780000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 436 start_va = 0x490000 end_va = 0x4b9fff monitored = 0 entry_point = 0x495680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 437 start_va = 0x780000 end_va = 0x907fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 438 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 439 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 440 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 441 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 442 start_va = 0x970000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 443 start_va = 0xb00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 444 start_va = 0x910000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 445 start_va = 0x6ccf0000 end_va = 0x6cd68fff monitored = 1 entry_point = 0x6ccff82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 446 start_va = 0x6aaa0000 end_va = 0x6b150fff monitored = 1 entry_point = 0x6aab5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 447 start_va = 0x6c3e0000 end_va = 0x6c4d4fff monitored = 0 entry_point = 0x6c434160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 448 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 449 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 450 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 451 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 452 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 453 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 454 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 455 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 456 start_va = 0x950000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 457 start_va = 0x1f00000 end_va = 0x1f00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 458 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 459 start_va = 0x1f20000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 460 start_va = 0x1f20000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 461 start_va = 0x1fd0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 462 start_va = 0x1fe0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 463 start_va = 0x1f60000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 464 start_va = 0x20e0000 end_va = 0x40dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 465 start_va = 0x40e0000 end_va = 0x417ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 466 start_va = 0x1f60000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 467 start_va = 0x4180000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 468 start_va = 0x4280000 end_va = 0x45b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 469 start_va = 0x69870000 end_va = 0x6aa97fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 470 start_va = 0x45c0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045c0000" filename = "" Region: id = 471 start_va = 0x1fa0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 472 start_va = 0x1fb0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 473 start_va = 0x45c0000 end_va = 0x45f6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000045c0000" filename = "" Region: id = 474 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 475 start_va = 0x1fc0000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 476 start_va = 0x4600000 end_va = 0x463bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 477 start_va = 0x6c1e0000 end_va = 0x6c25dfff monitored = 1 entry_point = 0x6c1e1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 478 start_va = 0x4640000 end_va = 0x464ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004640000" filename = "" Region: id = 479 start_va = 0x6b830000 end_va = 0x6c1dbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 480 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 481 start_va = 0x6b6a0000 end_va = 0x6b82cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 482 start_va = 0x68c10000 end_va = 0x69868fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 483 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 484 start_va = 0x4660000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 485 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 486 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 487 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 488 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 489 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 490 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 491 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 492 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 493 start_va = 0x47c0000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 494 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 495 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 496 start_va = 0x4660000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 497 start_va = 0x4650000 end_va = 0x4650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004650000" filename = "" Region: id = 498 start_va = 0x4650000 end_va = 0x470bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004650000" filename = "" Region: id = 499 start_va = 0x4710000 end_va = 0x4713fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004710000" filename = "" Region: id = 500 start_va = 0x6f920000 end_va = 0x6f93cfff monitored = 0 entry_point = 0x6f923b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 501 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 502 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 503 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 504 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 505 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 506 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 507 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 508 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 509 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 510 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 511 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 512 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 513 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 514 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 515 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 516 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 517 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 518 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 519 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 520 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 521 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 522 start_va = 0x47c0000 end_va = 0x485bfff monitored = 1 entry_point = 0x484e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 523 start_va = 0x4940000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 524 start_va = 0x6cce0000 end_va = 0x6cce7fff monitored = 0 entry_point = 0x6cce17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 525 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 526 start_va = 0x4730000 end_va = 0x473ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 527 start_va = 0x4730000 end_va = 0x473ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 528 start_va = 0x4740000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 529 start_va = 0x4950000 end_va = 0x4a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 530 start_va = 0x684f0000 end_va = 0x68c01fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 531 start_va = 0x6c2f0000 end_va = 0x6c3defff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 532 start_va = 0x67dd0000 end_va = 0x684e5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 533 start_va = 0x4730000 end_va = 0x4730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004730000" filename = "" Region: id = 534 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 535 start_va = 0x6fe40000 end_va = 0x6fe52fff monitored = 0 entry_point = 0x6fe49950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 536 start_va = 0x6fe10000 end_va = 0x6fe3efff monitored = 0 entry_point = 0x6fe295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 537 start_va = 0x4740000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 538 start_va = 0x4860000 end_va = 0x489ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 539 start_va = 0x48a0000 end_va = 0x48dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 540 start_va = 0x4a50000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 541 start_va = 0x4b50000 end_va = 0x4c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 542 start_va = 0x4c50000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 543 start_va = 0x4780000 end_va = 0x4780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004780000" filename = "" Region: id = 544 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 545 start_va = 0x4790000 end_va = 0x4790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004790000" filename = "" Region: id = 546 start_va = 0x48e0000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 547 start_va = 0x4d50000 end_va = 0x4e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 548 start_va = 0x6cc90000 end_va = 0x6ccd1fff monitored = 1 entry_point = 0x6cc9f380 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 549 start_va = 0x6c280000 end_va = 0x6c2e6fff monitored = 0 entry_point = 0x6c29b610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 550 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 551 start_va = 0x4e50000 end_va = 0x4e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 552 start_va = 0x4e90000 end_va = 0x4f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 553 start_va = 0x6f910000 end_va = 0x6f91cfff monitored = 0 entry_point = 0x6f913520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 554 start_va = 0x6c260000 end_va = 0x6c27bfff monitored = 0 entry_point = 0x6c26aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 1090 start_va = 0x6b650000 end_va = 0x6b660fff monitored = 0 entry_point = 0x6b658fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1091 start_va = 0x6b590000 end_va = 0x6b64efff monitored = 0 entry_point = 0x6b5c1e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1092 start_va = 0x47a0000 end_va = 0x47a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 1093 start_va = 0x76a30000 end_va = 0x76a89fff monitored = 0 entry_point = 0x76a57e70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 1094 start_va = 0x6b500000 end_va = 0x6b580fff monitored = 0 entry_point = 0x6b51b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1095 start_va = 0x4920000 end_va = 0x492efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 1096 start_va = 0x4930000 end_va = 0x4931fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004930000" filename = "" Region: id = 1097 start_va = 0x4f90000 end_va = 0x4f90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f90000" filename = "" Region: id = 1098 start_va = 0x4fa0000 end_va = 0x507ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1099 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1100 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1101 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1102 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1103 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1104 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1105 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1106 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1107 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1108 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1109 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1110 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1111 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1112 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1113 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1114 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1115 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1116 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1117 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1118 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1119 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1120 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1121 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1211 start_va = 0x6b4e0000 end_va = 0x6b4f7fff monitored = 1 entry_point = 0x6b4e5480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1212 start_va = 0x5080000 end_va = 0x5097fff monitored = 1 entry_point = 0x5085480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1213 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 1214 start_va = 0x6b4e0000 end_va = 0x6b4f7fff monitored = 1 entry_point = 0x6b4e5480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1215 start_va = 0x50b0000 end_va = 0x50c7fff monitored = 1 entry_point = 0x50b5480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1216 start_va = 0x50b0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1217 start_va = 0x50c0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 1218 start_va = 0x50c0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 1219 start_va = 0x50c0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 1220 start_va = 0x50c0000 end_va = 0x50c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 1221 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1222 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1223 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1224 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1225 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1226 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1227 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1228 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1229 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1230 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1231 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1232 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1233 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1234 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1235 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1236 start_va = 0x6b3c0000 end_va = 0x6b4dbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll") Region: id = 1237 start_va = 0x6f900000 end_va = 0x6f909fff monitored = 1 entry_point = 0x6f9039f9 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 1238 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1239 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1240 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1241 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 1242 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1244 start_va = 0x50d0000 end_va = 0x50d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 1322 start_va = 0x50d0000 end_va = 0x50d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 1323 start_va = 0x50d0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1324 start_va = 0x51d0000 end_va = 0x51e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051d0000" filename = "" Region: id = 1332 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1333 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1334 start_va = 0x51d0000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1335 start_va = 0x5210000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1336 start_va = 0x5250000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1337 start_va = 0x5290000 end_va = 0x538ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 1338 start_va = 0x5390000 end_va = 0x53cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 1339 start_va = 0x53d0000 end_va = 0x540ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053d0000" filename = "" Region: id = 1406 start_va = 0x5390000 end_va = 0x5390fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1407 start_va = 0x5390000 end_va = 0x5398fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1408 start_va = 0x5390000 end_va = 0x5390fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1409 start_va = 0x5390000 end_va = 0x5398fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1410 start_va = 0x5390000 end_va = 0x5390fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1411 start_va = 0x5390000 end_va = 0x5398fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1412 start_va = 0x5390000 end_va = 0x539ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 1413 start_va = 0x5390000 end_va = 0x539ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 1415 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1416 start_va = 0x5410000 end_va = 0x544ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 1417 start_va = 0x5450000 end_va = 0x554ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005450000" filename = "" Region: id = 1418 start_va = 0x6c0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1419 start_va = 0x5250000 end_va = 0x534ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1421 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1422 start_va = 0x4e90000 end_va = 0x4ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 1423 start_va = 0x4ed0000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 1424 start_va = 0x5250000 end_va = 0x534ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1569 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1570 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1571 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1572 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1573 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1574 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1575 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1576 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1577 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1578 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1579 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1580 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1581 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1582 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1583 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1584 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1585 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1586 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1587 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1588 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1589 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1590 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1591 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1592 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1593 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1594 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1595 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1596 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1597 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1598 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1599 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1600 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1601 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1602 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1603 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1604 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1605 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1606 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1607 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1608 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1609 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1610 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1611 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1612 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1613 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1614 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1615 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1616 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1617 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1618 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1619 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1620 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1621 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1622 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1623 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1624 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1625 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1626 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1627 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1628 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1629 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1630 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1631 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1632 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1633 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1634 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1635 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1636 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1637 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1638 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1639 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1640 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1641 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1642 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1643 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1644 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1645 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1646 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1647 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1648 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1649 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1650 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1651 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1652 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1653 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1654 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1655 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1656 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1657 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1658 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1659 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1660 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1661 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1662 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1663 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1664 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1665 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1666 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1667 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1668 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1669 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1670 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1671 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1672 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1673 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1674 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1675 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1676 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1677 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1678 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1679 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1680 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1681 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1682 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1683 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1684 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1685 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1686 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1687 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1688 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1689 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1690 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1691 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1692 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1693 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1694 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1695 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1696 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1697 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1698 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1699 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1700 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1701 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1702 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1703 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1704 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1705 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1706 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1707 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1708 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1709 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1710 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1711 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1712 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1713 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1714 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1715 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1716 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1717 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1718 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1719 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1720 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1721 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1722 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1723 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1724 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1725 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1726 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1727 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1728 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1729 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1730 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1731 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1732 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1733 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1734 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1735 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1736 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1737 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1738 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1739 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1740 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1741 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1742 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1743 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1744 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1745 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1746 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1747 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1748 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1749 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1750 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1751 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1752 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1753 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1754 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1755 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1756 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1757 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1758 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1759 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1760 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1761 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1762 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1763 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1764 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1765 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1766 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1767 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1768 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1769 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1770 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1771 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1772 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1773 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1774 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1775 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1776 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1777 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1778 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1779 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1780 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1781 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1782 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1783 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1784 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1785 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1786 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1787 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1788 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1789 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1790 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1791 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1792 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1793 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1794 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1795 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1796 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1797 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1798 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1799 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1800 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1801 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1802 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1803 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1804 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1805 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1806 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1807 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1808 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1809 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1810 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1811 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1812 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1813 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1814 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1815 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1816 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1817 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1818 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1819 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1820 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1821 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1822 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1823 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1824 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1825 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1826 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1827 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1828 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1829 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1830 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1831 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1832 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1833 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1834 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1835 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1836 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1837 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1838 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1839 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1840 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1841 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1842 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1843 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1844 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1845 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1846 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1847 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1848 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1849 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1850 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1851 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1852 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1853 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1854 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1855 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1856 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1857 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1858 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1859 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1860 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1861 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1862 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1863 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1864 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1865 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1866 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1867 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1868 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1871 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1872 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1873 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1874 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1875 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1876 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1877 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1878 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1879 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1880 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1881 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1882 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1883 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1884 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1885 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1886 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1887 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1888 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1889 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1890 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1891 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1892 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1893 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1894 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1895 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1896 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1897 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1898 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1899 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1900 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1901 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1902 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1903 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1904 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1905 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1906 start_va = 0x6b300000 end_va = 0x6b3b5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\4e4cb6e2e651b6d243241e4edd14b3f3\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\4e4cb6e2e651b6d243241e4edd14b3f3\\system.security.ni.dll") Region: id = 1907 start_va = 0x76160000 end_va = 0x762d7fff monitored = 0 entry_point = 0x761b8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1908 start_va = 0x76c10000 end_va = 0x76c1dfff monitored = 0 entry_point = 0x76c15410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1909 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1910 start_va = 0x4e50000 end_va = 0x4f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 1911 start_va = 0x6fe60000 end_va = 0x6fe67fff monitored = 0 entry_point = 0x6fe61d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1912 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1913 start_va = 0x6b670000 end_va = 0x6b692fff monitored = 0 entry_point = 0x6b677b50 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 1914 start_va = 0x6b2e0000 end_va = 0x6b2f5fff monitored = 0 entry_point = 0x6b2e21d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 1915 start_va = 0x6b2b0000 end_va = 0x6b2dafff monitored = 0 entry_point = 0x6b2b9a70 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 1916 start_va = 0x460000 end_va = 0x46cfff monitored = 0 entry_point = 0x467b50 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 1917 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1918 start_va = 0x5250000 end_va = 0x564afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005250000" filename = "" Region: id = 1919 start_va = 0x6c0000 end_va = 0x721fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 1920 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1921 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1922 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1923 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1924 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1925 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1926 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1927 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1928 start_va = 0x4920000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 1929 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1930 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1931 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1932 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1933 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1934 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1935 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1936 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1937 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1938 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1939 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1940 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1941 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1942 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1943 start_va = 0x4920000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 1944 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1945 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1946 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1947 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1948 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1949 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1950 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1951 start_va = 0x6c530000 end_va = 0x6c569fff monitored = 0 entry_point = 0x6c549be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 1952 start_va = 0x73b60000 end_va = 0x73c27fff monitored = 0 entry_point = 0x73bcae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1953 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1954 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1955 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1956 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1957 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1958 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1959 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1963 start_va = 0x4f50000 end_va = 0x4f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 1964 start_va = 0x5650000 end_va = 0x574ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005650000" filename = "" Region: id = 1965 start_va = 0x5750000 end_va = 0x578ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005750000" filename = "" Region: id = 1966 start_va = 0x5790000 end_va = 0x57cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005790000" filename = "" Region: id = 1967 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1968 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1969 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1972 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1973 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1974 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1975 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1976 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1977 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1978 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1979 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1980 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1981 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1982 start_va = 0x718f0000 end_va = 0x71902fff monitored = 0 entry_point = 0x718f25d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1983 start_va = 0x718d0000 end_va = 0x718e3fff monitored = 0 entry_point = 0x718d3c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1984 start_va = 0x700c0000 end_va = 0x700c7fff monitored = 0 entry_point = 0x700c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1985 start_va = 0x57d0000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057d0000" filename = "" Region: id = 1986 start_va = 0x5810000 end_va = 0x590ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005810000" filename = "" Region: id = 1987 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1988 start_va = 0x71960000 end_va = 0x71967fff monitored = 0 entry_point = 0x71961920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1989 start_va = 0x71910000 end_va = 0x71956fff monitored = 0 entry_point = 0x719258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1990 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1991 start_va = 0x5910000 end_va = 0x599efff monitored = 0 entry_point = 0x591dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1992 start_va = 0x6b210000 end_va = 0x6b2a1fff monitored = 0 entry_point = 0x6b21dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1993 start_va = 0x5910000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 1994 start_va = 0x750000 end_va = 0x753fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1996 start_va = 0x5750000 end_va = 0x578ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005750000" filename = "" Region: id = 1997 start_va = 0x5790000 end_va = 0x57cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005790000" filename = "" Region: id = 1998 start_va = 0x4e50000 end_va = 0x4e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 1999 start_va = 0x5910000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 2000 start_va = 0x59f0000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059f0000" filename = "" Region: id = 2001 start_va = 0x5a00000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 2002 start_va = 0x4e90000 end_va = 0x4ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 2003 start_va = 0x5650000 end_va = 0x574ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005650000" filename = "" Thread: id = 5 os_tid = 0x7f4 [0107.124] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0107.124] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0107.124] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76cdd740 [0107.124] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0107.124] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76ce4490 [0107.124] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76cdd7a0 [0107.143] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0107.143] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76cdd740 [0107.144] GetProcessHeap () returned 0x4c0000 [0107.144] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0107.144] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76ce4490 [0107.144] GetLastError () returned 0x0 [0107.144] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76ccf350 [0107.144] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x364) returned 0x4d1d40 [0107.145] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76cdd7a0 [0107.145] SetLastError (dwErrCode=0x0) [0107.145] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xc00) returned 0x4d20b0 [0107.147] GetStartupInfoW (in: lpStartupInfo=0x19fe98 | out: lpStartupInfo=0x19fe98*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4022f0, hStdOutput=0x461ed644, hStdError=0xfffffffe)) [0107.147] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0107.147] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0107.147] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.147] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " [0107.147] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe\" " [0107.147] GetLastError () returned 0x0 [0107.147] SetLastError (dwErrCode=0x0) [0107.147] GetLastError () returned 0x0 [0107.147] SetLastError (dwErrCode=0x0) [0107.147] GetACP () returned 0x4e4 [0107.147] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x220) returned 0x4d2cb8 [0107.147] IsValidCodePage (CodePage=0x4e4) returned 1 [0107.147] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec8 | out: lpCPInfo=0x19fec8) returned 1 [0107.147] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f790 | out: lpCPInfo=0x19f790) returned 1 [0107.147] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0107.147] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0107.147] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19f7a4 | out: lpCharType=0x19f7a4) returned 1 [0107.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0107.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0107.160] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0107.160] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cc95f0 [0107.160] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0107.160] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0107.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fca4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÌ8FFàþ\x19", lpUsedDefaultChar=0x0) returned 256 [0107.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0107.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0107.161] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0107.161] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0107.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fba4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÌ8FFàþ\x19", lpUsedDefaultChar=0x0) returned 256 [0107.170] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x80) returned 0x4c7760 [0107.170] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x412bf8, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0107.170] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xce) returned 0x4ca5d0 [0107.170] RtlInitializeSListHead (in: ListHead=0x4127f0 | out: ListHead=0x4127f0) [0107.170] GetLastError () returned 0x0 [0107.170] SetLastError (dwErrCode=0x0) [0107.170] GetEnvironmentStringsW () returned 0x4d2ee0* [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0xa1a) returned 0x4d3908 [0107.171] FreeEnvironmentStringsW (penv=0x4d2ee0) returned 1 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x90) returned 0x4c3fc0 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x3e) returned 0x4cca60 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x5c) returned 0x4c3a40 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x6e) returned 0x4cb700 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x78) returned 0x4caad0 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x62) returned 0x4c7180 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x28) returned 0x4c7500 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x48) returned 0x4c37f0 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1a) returned 0x4c7530 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x3a) returned 0x4cd168 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x62) returned 0x4c3650 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2a) returned 0x4c9670 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2e) returned 0x4c97c0 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4c7720 [0107.171] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xd2) returned 0x4c9d58 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x7c) returned 0x4c3df8 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x36) returned 0x4cf3d0 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x3a) returned 0x4ccfb8 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x90) returned 0x4c81d0 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x24) returned 0x4c2850 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x30) returned 0x4c9600 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x36) returned 0x4cf0d0 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x48) returned 0x4c7570 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x52) returned 0x4c7b48 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x3c) returned 0x4ccb38 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xd6) returned 0x4c9a88 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2e) returned 0x4c96e0 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1e) returned 0x4c75c0 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2c) returned 0x4c9788 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x54) returned 0x4c3868 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x52) returned 0x4c3ac8 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x24) returned 0x4c38c8 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x42) returned 0x4c3b28 [0107.172] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2c) returned 0x4c9868 [0107.173] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x44) returned 0x4c9e88 [0107.173] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x24) returned 0x4c2880 [0107.173] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d3908 | out: hHeap=0x4c0000) returned 1 [0107.173] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x800) returned 0x4d2ee0 [0107.173] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0107.173] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401e29) returned 0x0 [0107.173] GetStartupInfoW (in: lpStartupInfo=0x19ff00 | out: lpStartupInfo=0x19ff00*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0107.173] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0107.173] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0xa) returned 0x415048 [0107.177] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0107.177] LoadResource (hModule=0x400000, hResInfo=0x415048) returned 0x415058 [0107.177] LockResource (hResData=0x415058) returned 0x415058 [0107.177] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0107.177] SizeofResource (hModule=0x400000, hResInfo=0x415048) returned 0x36200 [0110.627] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0110.633] RoInitialize () returned 0x1 [0110.634] RoUninitialize () returned 0x0 [0110.918] SafeArrayAccessData (in: psa=0x4fd5f8, ppvData=0x19fed8 | out: ppvData=0x19fed8) returned 0x0 [0110.921] SafeArrayUnaccessData (psa=0x4fd5f8) returned 0x0 [0110.944] SafeArrayGetDim (psa=0x4fd5f8) returned 0x1 [0110.944] SafeArrayGetDim (psa=0x4fd5f8) returned 0x1 [0110.944] SafeArrayGetLBound (in: psa=0x4fd5f8, nDim=0x1, plLbound=0x19fc54 | out: plLbound=0x19fc54) returned 0x0 [0110.944] SafeArrayGetVartype (in: psa=0x4fd5f8, pvt=0x19fbc4 | out: pvt=0x19fbc4) returned 0x0 [0111.194] SafeArrayAllocDescriptorEx (in: vt=0x19000d, cDims=0x1, ppsaOut=0x19fcbc | out: ppsaOut=0x19fcbc) returned 0x0 [0111.195] SafeArrayAllocData (psa=0x4fd7d8) returned 0x0 [0111.195] CoInitialize (pvReserved=0x0) returned 0x80010106 [0111.195] VirtualAlloc (lpAddress=0x0, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x4600000 [0111.206] SafeArrayGetDim (psa=0x4fd5c8) returned 0x1 [0111.206] SafeArrayGetDim (psa=0x4fd5c8) returned 0x1 [0111.206] SafeArrayGetLBound (in: psa=0x4fd5c8, nDim=0x1, plLbound=0x19fc24 | out: plLbound=0x19fc24) returned 0x0 [0113.667] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000 [0113.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19e078, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWàh¥\x1e7E «ªjpã\x19", lpUsedDefaultChar=0x0) returned 14 [0113.668] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0 [0113.669] GetStockObject (i=5) returned 0x1900015 [0113.698] GetModuleHandleW (lpModuleName=0x0) returned 0x4600000 [0113.703] CoTaskMemAlloc (cb=0x5c) returned 0x5035b0 [0113.703] RegisterClassW (lpWndClass=0x19e068) returned 0xc1d6 [0113.705] CoTaskMemFree (pv=0x5035b0) [0113.705] GetModuleHandleW (lpModuleName=0x0) returned 0x4600000 [0113.706] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.378734a_r32_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x4600000, lpParam=0x0) returned 0x601e2 [0113.729] SetWindowLongW (hWnd=0x601e2, nIndex=-4, dwNewLong=1999548128) returned 75186438 [0113.731] GetWindowLongW (hWnd=0x601e2, nIndex=-4) returned 1999548128 [0113.732] GetCurrentProcess () returned 0xffffffff [0113.732] GetCurrentThread () returned 0xfffffffe [0113.732] GetCurrentProcess () returned 0xffffffff [0113.732] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d940, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d940*=0x2a8) returned 1 [0113.736] GetCurrentThreadId () returned 0x7f4 [0113.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d8c4 | out: phkResult=0x19d8c4*=0x2ac) returned 0x0 [0113.743] RegQueryValueExW (in: hKey=0x2ac, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19d8e4, lpData=0x0, lpcbData=0x19d8e0*=0x0 | out: lpType=0x19d8e4*=0x0, lpData=0x0, lpcbData=0x19d8e0*=0x0) returned 0x2 [0113.743] RegQueryValueExW (in: hKey=0x2ac, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19d8e4, lpData=0x0, lpcbData=0x19d8e0*=0x0 | out: lpType=0x19d8e4*=0x0, lpData=0x0, lpcbData=0x19d8e0*=0x0) returned 0x2 [0113.743] RegCloseKey (hKey=0x2ac) returned 0x0 [0113.753] SetWindowLongW (hWnd=0x601e2, nIndex=-4, dwNewLong=75186478) returned 1999548128 [0113.753] GetWindowLongW (hWnd=0x601e2, nIndex=-4) returned 75186478 [0113.753] GetWindowLongW (hWnd=0x601e2, nIndex=-16) returned 79691776 [0113.869] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x601e2, Msg=0x24, wParam=0x0, lParam=0x19dbdc) returned 0x0 [0113.870] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d7 [0113.870] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x601e2, Msg=0x81, wParam=0x0, lParam=0x19dbd0) returned 0x1 [0113.877] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x601e2, Msg=0x83, wParam=0x0, lParam=0x19dbbc) returned 0x0 [0113.887] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x601e2, Msg=0x1, wParam=0x0, lParam=0x19dbd0) returned 0x0 [0114.400] GetCurrentProcessId () returned 0x658 [0114.405] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19f19c | out: lpLuid=0x19f19c*(LowPart=0x14, HighPart=0)) returned 1 [0114.407] GetCurrentProcess () returned 0xffffffff [0114.407] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19f198 | out: TokenHandle=0x19f198*=0x2cc) returned 1 [0114.407] AdjustTokenPrivileges (in: TokenHandle=0x2cc, DisableAllPrivileges=0, NewState=0x20e8fbc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0114.408] CloseHandle (hObject=0x2cc) returned 1 [0114.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x311f6d0, Length=0x20000, ResultLength=0x19f878 | out: SystemInformation=0x311f6d0, ResultLength=0x19f878*=0x17420) returned 0x0 [0114.456] GetCurrentProcessId () returned 0x658 [0114.461] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x311f6d0, Length=0x20000, ResultLength=0x19f868 | out: SystemInformation=0x311f6d0, ResultLength=0x19f868*=0x17420) returned 0x0 [0120.615] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2cc [0120.615] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2d0 [0120.630] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea2c | out: phkResult=0x19ea2c*=0x2d4) returned 0x0 [0120.633] RegQueryValueExW (in: hKey=0x2d4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19ea4c, lpData=0x0, lpcbData=0x19ea48*=0x0 | out: lpType=0x19ea4c*=0x1, lpData=0x0, lpcbData=0x19ea48*=0xe) returned 0x0 [0120.634] RegQueryValueExW (in: hKey=0x2d4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19ea4c, lpData=0x2139980, lpcbData=0x19ea48*=0xe | out: lpType=0x19ea4c*=0x1, lpData="Client", lpcbData=0x19ea48*=0xe) returned 0x0 [0120.635] RegCloseKey (hKey=0x2d4) returned 0x0 [0121.200] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19e3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0121.201] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0121.224] CoTaskMemAlloc (cb=0x20c) returned 0x555aa0 [0121.224] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x555aa0, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0121.225] CoTaskMemFree (pv=0x555aa0) [0121.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", nBufferLength=0x105, lpBuffer=0x19e434, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpFilePart=0x0) returned 0x62 [0121.618] GetCurrentProcess () returned 0xffffffff [0121.619] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e748 | out: TokenHandle=0x19e748*=0x2d4) returned 1 [0121.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0121.626] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e748 | out: lpFileInformation=0x19e748*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0121.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19e1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0121.628] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e748 | out: lpFileInformation=0x19e748*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0121.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19e180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0121.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e674) returned 1 [0121.630] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0121.630] GetFileType (hFile=0x2d8) returned 0x1 [0121.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e670) returned 1 [0121.630] GetFileType (hFile=0x2d8) returned 0x1 [0121.659] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x19e73c | out: lpFileSizeHigh=0x19e73c*=0x0) returned 0x8c8f [0121.660] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e6f8, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e6f8*=0x1000, lpOverlapped=0x0) returned 1 [0121.677] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e594, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e594*=0x1000, lpOverlapped=0x0) returned 1 [0121.681] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e448, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e448*=0x1000, lpOverlapped=0x0) returned 1 [0121.682] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e448, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e448*=0x1000, lpOverlapped=0x0) returned 1 [0121.682] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e448, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e448*=0x1000, lpOverlapped=0x0) returned 1 [0121.682] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e380, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e380*=0x1000, lpOverlapped=0x0) returned 1 [0121.687] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e4fc, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e4fc*=0x1000, lpOverlapped=0x0) returned 1 [0121.690] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e410, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e410*=0x1000, lpOverlapped=0x0) returned 1 [0121.690] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e410, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e410*=0xc8f, lpOverlapped=0x0) returned 1 [0121.691] ReadFile (in: hFile=0x2d8, lpBuffer=0x213d808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e4d0, lpOverlapped=0x0 | out: lpBuffer=0x213d808*, lpNumberOfBytesRead=0x19e4d0*=0x0, lpOverlapped=0x0) returned 1 [0121.691] CloseHandle (hObject=0x2d8) returned 1 [0121.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0121.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19e394, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0121.692] CoTaskMemAlloc (cb=0x20c) returned 0x555aa0 [0121.692] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x555aa0, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0121.693] CoTaskMemFree (pv=0x555aa0) [0121.693] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", nBufferLength=0x105, lpBuffer=0x19e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpFilePart=0x0) returned 0x62 [0121.693] GetCurrentProcess () returned 0xffffffff [0121.693] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e870 | out: TokenHandle=0x19e870*=0x2d8) returned 1 [0121.694] GetCurrentProcess () returned 0xffffffff [0121.694] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e870 | out: TokenHandle=0x19e870*=0x2dc) returned 1 [0121.697] GetCurrentProcess () returned 0xffffffff [0121.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e748 | out: TokenHandle=0x19e748*=0x2e0) returned 1 [0121.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e748 | out: lpFileInformation=0x19e748*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19e1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0121.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e748 | out: lpFileInformation=0x19e748*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.698] GetCurrentProcess () returned 0xffffffff [0121.698] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e870 | out: TokenHandle=0x19e870*=0x2e4) returned 1 [0121.698] GetCurrentProcess () returned 0xffffffff [0121.698] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e870 | out: TokenHandle=0x19e870*=0x2e8) returned 1 [0121.724] GetCurrentProcess () returned 0xffffffff [0121.725] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e634 | out: TokenHandle=0x19e634*=0x2ec) returned 1 [0121.761] GetCurrentProcess () returned 0xffffffff [0121.761] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e648 | out: TokenHandle=0x19e648*=0x2f0) returned 1 [0121.782] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e310 | out: phkResult=0x19e310*=0x0) returned 0x2 [0121.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f82c | out: phkResult=0x19f82c*=0x2f4) returned 0x0 [0121.794] RegQueryValueExW (in: hKey=0x2f4, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f848, lpData=0x0, lpcbData=0x19f844*=0x0 | out: lpType=0x19f848*=0x0, lpData=0x0, lpcbData=0x19f844*=0x0) returned 0x2 [0121.794] RegCloseKey (hKey=0x2f4) returned 0x0 [0121.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19f260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0121.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19f2c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0121.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f728) returned 1 [0121.857] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f7a4 | out: lpFileInformation=0x19f7a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0121.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f724) returned 1 [0122.149] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f4ac | out: pfEnabled=0x19f4ac) returned 0x0 [0122.631] CreateBindCtx (in: reserved=0x0, ppbc=0x19f854 | out: ppbc=0x19f854*=0x50d848) returned 0x0 [0122.632] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f310 | out: ppvObject=0x19f310*=0x50d848) returned 0x0 [0122.632] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f2cc | out: ppvObject=0x19f2cc*=0x0) returned 0x80004002 [0122.632] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0ec | out: ppvObject=0x19f0ec*=0x0) returned 0x80004002 [0122.632] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eec4 | out: ppvObject=0x19eec4*=0x0) returned 0x80004002 [0122.632] IUnknown:AddRef (This=0x50d848) returned 0x3 [0122.632] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19ec2c | out: ppvObject=0x19ec2c*=0x0) returned 0x80004002 [0122.632] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ebdc | out: ppvObject=0x19ebdc*=0x0) returned 0x80004002 [0122.633] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebe8 | out: ppvObject=0x19ebe8*=0x0) returned 0x80004002 [0122.633] CoGetContextToken (in: pToken=0x19ec48 | out: pToken=0x19ec48) returned 0x0 [0122.633] CoGetObjectContext (in: riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5624b4 | out: ppv=0x5624b4*=0x508aa0) returned 0x0 [0122.666] CoGetContextToken (in: pToken=0x19f050 | out: pToken=0x19f050) returned 0x0 [0122.666] IUnknown:QueryInterface (in: This=0x50d848, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0e0 | out: ppvObject=0x19f0e0*=0x0) returned 0x80004002 [0122.666] IUnknown:Release (This=0x50d848) returned 0x2 [0122.666] CoGetContextToken (in: pToken=0x19f620 | out: pToken=0x19f620) returned 0x0 [0122.666] CoGetContextToken (in: pToken=0x19f580 | out: pToken=0x19f580) returned 0x0 [0122.666] IUnknown:QueryInterface (in: This=0x50d848, riid=0x19f650*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f64c | out: ppvObject=0x19f64c*=0x50d848) returned 0x0 [0122.667] IUnknown:AddRef (This=0x50d848) returned 0x4 [0122.667] IUnknown:Release (This=0x50d848) returned 0x3 [0122.667] IUnknown:Release (This=0x50d848) returned 0x2 [0122.667] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0122.667] IUnknown:AddRef (This=0x50d848) returned 0x3 [0122.667] MkParseDisplayName (in: pbc=0x50d848, szUserName="WinMgmts:", pchEaten=0x19f888, ppmk=0x19f840 | out: pchEaten=0x19f888, ppmk=0x19f840*=0x57e250) returned 0x0 [0127.457] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f304 | out: ppvObject=0x19f304*=0x57e250) returned 0x0 [0127.457] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f2c0 | out: ppvObject=0x19f2c0*=0x0) returned 0x80004002 [0127.457] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0dc | out: ppvObject=0x19f0dc*=0x0) returned 0x80004002 [0127.457] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x0) returned 0x80004002 [0127.458] IUnknown:AddRef (This=0x57e250) returned 0x3 [0127.458] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19ec1c | out: ppvObject=0x19ec1c*=0x0) returned 0x80004002 [0127.458] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ebcc | out: ppvObject=0x19ebcc*=0x0) returned 0x80004002 [0127.458] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebd8 | out: ppvObject=0x19ebd8*=0x57e264) returned 0x0 [0127.458] IMarshal:GetUnmarshalClass (in: This=0x57e264, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19ebe0 | out: pCid=0x19ebe0*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0127.458] IUnknown:Release (This=0x57e264) returned 0x3 [0127.458] CoGetContextToken (in: pToken=0x19ec38 | out: pToken=0x19ec38) returned 0x0 [0127.458] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0 [0127.458] IUnknown:QueryInterface (in: This=0x57e250, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0d0 | out: ppvObject=0x19f0d0*=0x0) returned 0x80004002 [0127.458] IUnknown:Release (This=0x57e250) returned 0x2 [0127.458] CoGetContextToken (in: pToken=0x19f618 | out: pToken=0x19f618) returned 0x0 [0127.458] CoGetContextToken (in: pToken=0x19f578 | out: pToken=0x19f578) returned 0x0 [0127.458] IUnknown:QueryInterface (in: This=0x57e250, riid=0x19f648*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f644 | out: ppvObject=0x19f644*=0x57e250) returned 0x0 [0127.459] IUnknown:AddRef (This=0x57e250) returned 0x4 [0127.459] IUnknown:Release (This=0x57e250) returned 0x3 [0127.459] IUnknown:Release (This=0x50d848) returned 0x2 [0127.459] IUnknown:Release (This=0x57e250) returned 0x2 [0127.459] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0127.459] IUnknown:AddRef (This=0x57e250) returned 0x3 [0127.459] BindMoniker (in: pmk=0x57e250, grfOpt=0x0, iidResult=0x20e66e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f844 | out: ppvResult=0x19f844*=0x5570c8) returned 0x0 [0127.459] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f308 | out: ppvObject=0x19f308*=0x5570c8) returned 0x0 [0127.460] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f2c4 | out: ppvObject=0x19f2c4*=0x0) returned 0x80004002 [0127.460] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0e4 | out: ppvObject=0x19f0e4*=0x56ecc4) returned 0x0 [0127.465] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x56ecc4, ppTI=0x19f0ec | out: ppTI=0x19f0ec*=0x56f0b4) returned 0x0 [0127.828] ITypeInfo:RemoteGetTypeAttr (in: This=0x56f0b4, ppTypeAttr=0x19f0e0, pDummy=0x44c1f826 | out: ppTypeAttr=0x19f0e0, pDummy=0x44c1f826) returned 0x0 [0127.983] ITypeInfo:LocalReleaseTypeAttr (This=0x56f0b4) returned 0x1 [0127.984] WbemLocator:IUnknown:Release (This=0x56ecc4) returned 0x3 [0127.984] WbemLocator:IUnknown:Release (This=0x56f0b4) returned 0x0 [0127.985] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eebc | out: ppvObject=0x19eebc*=0x0) returned 0x80004002 [0127.986] WbemLocator:IUnknown:AddRef (This=0x5570c8) returned 0x4 [0127.986] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19ec24 | out: ppvObject=0x19ec24*=0x0) returned 0x80004002 [0127.986] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x0) returned 0x80004002 [0127.986] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebe0 | out: ppvObject=0x19ebe0*=0x557024) returned 0x0 [0127.986] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x557024, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19ebe8 | out: pCid=0x19ebe8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0127.986] WbemLocator:IUnknown:Release (This=0x557024) returned 0x4 [0127.986] CoGetContextToken (in: pToken=0x19ec40 | out: pToken=0x19ec40) returned 0x0 [0127.986] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0127.986] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0d8 | out: ppvObject=0x19f0d8*=0x5570ac) returned 0x0 [0128.012] WbemLocator:IRpcOptions:Query (in: This=0x5570ac, pPrx=0x5570c8, dwProperty=2, pdwValue=0x19f100 | out: pdwValue=0x19f100) returned 0x0 [0128.013] WbemLocator:IUnknown:Release (This=0x5570ac) returned 0x4 [0128.013] WbemLocator:IUnknown:Release (This=0x5570c8) returned 0x3 [0128.013] IUnknown:Release (This=0x57e250) returned 0x2 [0128.013] WbemLocator:IUnknown:Release (This=0x5570c8) returned 0x2 [0128.267] CoGetContextToken (in: pToken=0x19f320 | out: pToken=0x19f320) returned 0x0 [0128.267] WbemLocator:IUnknown:QueryInterface (in: This=0x5570c8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f394 | out: ppvObject=0x19f394*=0x56f1d4) returned 0x0 [0128.270] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x56f1d4, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19f390*="InstancesOf", cNames=0x1, lcid=0x409, rgDispId=0x19f380 | out: rgDispId=0x19f380*=5) returned 0x0 [0128.274] WbemLocator:IDispatch:Invoke (in: This=0x56f1d4, dispIdMember=5, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f514*(rgvarg=([0]=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_BaseBoard", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19f4a4, pExcepInfo=0x19f27c, puArgErr=0x19f2b0 | out: pDispParams=0x19f514*(rgvarg=([0]=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_BaseBoard", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19f4a4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x56f69c, varVal2=0x0), pExcepInfo=0x19f27c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x19f2b0*=0x0) returned 0x0 [0128.494] WbemLocator:IUnknown:QueryInterface (in: This=0x56f69c, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edcc | out: ppvObject=0x19edcc*=0x557dc8) returned 0x0 [0128.494] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed88 | out: ppvObject=0x19ed88*=0x0) returned 0x80004002 [0128.494] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eba4 | out: ppvObject=0x19eba4*=0x56f84c) returned 0x0 [0128.495] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x56f84c, ppTI=0x19ebac | out: ppTI=0x19ebac*=0x56fa44) returned 0x0 [0128.496] ITypeInfo:RemoteGetTypeAttr (in: This=0x56fa44, ppTypeAttr=0x19eba0, pDummy=0x44c1e2e6 | out: ppTypeAttr=0x19eba0, pDummy=0x44c1e2e6) returned 0x0 [0128.497] ITypeInfo:LocalReleaseTypeAttr (This=0x56fa44) returned 0x1 [0128.497] WbemLocator:IUnknown:Release (This=0x56f84c) returned 0x2 [0128.497] WbemLocator:IUnknown:Release (This=0x56fa44) returned 0x0 [0128.498] WbemLocator:IUnknown:QueryInterface (in: This=0x56f69c, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e97c | out: ppvObject=0x19e97c*=0x0) returned 0x80004002 [0128.498] WbemLocator:IUnknown:AddRef (This=0x557dc8) returned 0x3 [0128.498] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e6e4 | out: ppvObject=0x19e6e4*=0x0) returned 0x80004002 [0128.498] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e694 | out: ppvObject=0x19e694*=0x0) returned 0x80004002 [0128.498] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6a0 | out: ppvObject=0x19e6a0*=0x557d24) returned 0x0 [0128.498] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x557d24, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6a8 | out: pCid=0x19e6a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0128.498] WbemLocator:IUnknown:Release (This=0x557d24) returned 0x3 [0128.498] CoGetContextToken (in: pToken=0x19e700 | out: pToken=0x19e700) returned 0x0 [0128.498] CoGetContextToken (in: pToken=0x19eb08 | out: pToken=0x19eb08) returned 0x0 [0128.498] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb98 | out: ppvObject=0x19eb98*=0x557dac) returned 0x0 [0128.499] WbemLocator:IRpcOptions:Query (in: This=0x557dac, pPrx=0x557dc8, dwProperty=2, pdwValue=0x19ebc0 | out: pdwValue=0x19ebc0) returned 0x80004002 [0128.499] WbemLocator:IUnknown:Release (This=0x557dac) returned 0x3 [0128.499] WbemLocator:IUnknown:Release (This=0x557dc8) returned 0x2 [0128.500] WbemLocator:IUnknown:Release (This=0x56f1d4) returned 0x2 [0128.500] CoGetContextToken (in: pToken=0x19f6e8 | out: pToken=0x19f6e8) returned 0x0 [0128.500] CoGetContextToken (in: pToken=0x19f648 | out: pToken=0x19f648) returned 0x0 [0128.500] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x19f718*(Data1=0x496b0abe, Data2=0xcdee, Data3=0x11d3, Data4=([0]=0x88, [1]=0xe8, [2]=0x0, [3]=0x90, [4]=0x27, [5]=0x54, [6]=0xc4, [7]=0x3a)), ppvObject=0x19f714 | out: ppvObject=0x19f714*=0x0) returned 0x80004002 [0128.501] CoGetContextToken (in: pToken=0x19f668 | out: pToken=0x19f668) returned 0x0 [0128.501] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6e0 | out: ppvObject=0x19f6e0*=0x56f69c) returned 0x0 [0128.502] WbemLocator:IDispatch:Invoke (in: This=0x56f69c, dispIdMember=-4, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x400, wFlags=0x3, pDispParams=0x19f710*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x19f6fc, pExcepInfo=0x0, puArgErr=0x0 | out: pDispParams=0x19f710*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x19f6fc*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x557fc8, varVal2=0x0), pExcepInfo=0x0, puArgErr=0x0) returned 0x0 [0128.505] WbemLocator:IUnknown:Release (This=0x56f69c) returned 0x1 [0128.858] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x549ee0 [0128.867] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x54aa08 [0128.926] CoGetContextToken (in: pToken=0x19f394 | out: pToken=0x19f394) returned 0x0 [0128.926] WbemLocator:IUnknown:AddRef (This=0x557dc8) returned 0x2 [0128.926] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x576678*(Data1=0x496b0abe, Data2=0xcdee, Data3=0x11d3, Data4=([0]=0x88, [1]=0xe8, [2]=0x0, [3]=0x90, [4]=0x27, [5]=0x54, [6]=0xc4, [7]=0x3a)), ppvObject=0x19f5f4 | out: ppvObject=0x19f5f4*=0x0) returned 0x80004002 [0128.927] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x576688*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f600 | out: ppvObject=0x19f600*=0x56f69c) returned 0x0 [0128.946] WbemLocator:IUnknown:QueryInterface (in: This=0x56f69c, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eddc | out: ppvObject=0x19eddc*=0x557dc8) returned 0x0 [0128.947] WbemLocator:IUnknown:Release (This=0x557dc8) returned 0x3 [0128.947] WbemLocator:IUnknown:Release (This=0x56f69c) returned 0x2 [0128.992] CoGetContextToken (in: pToken=0x19ee90 | out: pToken=0x19ee90) returned 0x0 [0128.992] WbemLocator:IUnknown:QueryInterface (in: This=0x557dc8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef08 | out: ppvObject=0x19ef08*=0x56f69c) returned 0x0 [0128.993] WbemLocator:IDispatch:Invoke (in: This=0x56f69c, dispIdMember=-4, riid=0x6b4e60e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x400, wFlags=0x3, pDispParams=0x19f2a0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x19f2b0, pExcepInfo=0x0, puArgErr=0x0 | out: pDispParams=0x19f2a0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x19f2b0*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5913e8, varVal2=0x0), pExcepInfo=0x0, puArgErr=0x0) returned 0x0 [0129.116] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6b4e6100*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2c0 | out: ppvObject=0x19f2c0*=0x56f8dc) returned 0x0 [0129.147] WbemLocator:IUnknown:QueryInterface (in: This=0x56f8dc, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed44 | out: ppvObject=0x19ed44*=0x5913e8) returned 0x0 [0129.148] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed00 | out: ppvObject=0x19ed00*=0x0) returned 0x80004002 [0129.148] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb1c | out: ppvObject=0x19eb1c*=0x0) returned 0x80004002 [0129.148] WbemLocator:IUnknown:QueryInterface (in: This=0x56f8dc, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0129.149] WbemLocator:IUnknown:AddRef (This=0x5913e8) returned 0x4 [0129.149] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e65c | out: ppvObject=0x19e65c*=0x0) returned 0x80004002 [0129.149] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e60c | out: ppvObject=0x19e60c*=0x0) returned 0x80004002 [0129.149] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e618 | out: ppvObject=0x19e618*=0x591344) returned 0x0 [0129.149] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591344, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e620 | out: pCid=0x19e620*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0129.149] WbemLocator:IUnknown:Release (This=0x591344) returned 0x4 [0129.149] CoGetContextToken (in: pToken=0x19e678 | out: pToken=0x19e678) returned 0x0 [0129.149] CoGetContextToken (in: pToken=0x19ea80 | out: pToken=0x19ea80) returned 0x0 [0129.149] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb10 | out: ppvObject=0x19eb10*=0x5913cc) returned 0x0 [0129.149] WbemLocator:IRpcOptions:Query (in: This=0x5913cc, pPrx=0x5913e8, dwProperty=2, pdwValue=0x19eb38 | out: pdwValue=0x19eb38) returned 0x0 [0129.149] WbemLocator:IUnknown:Release (This=0x5913cc) returned 0x4 [0129.149] WbemLocator:IUnknown:Release (This=0x5913e8) returned 0x3 [0129.149] WbemLocator:IUnknown:QueryInterface (in: This=0x56f8dc, riid=0x6b4e6100*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f264 | out: ppvObject=0x19f264*=0x56f8dc) returned 0x0 [0129.149] WbemLocator:IUnknown:Release (This=0x56f8dc) returned 0x3 [0129.160] WbemLocator:IUnknown:Release (This=0x56f69c) returned 0x2 [0129.160] WbemLocator:IUnknown:Release (This=0x56f8dc) returned 0x2 [0129.166] WbemLocator:IUnknown:Release (This=0x557dc8) returned 0x1 [0129.186] CoGetContextToken (in: pToken=0x19f478 | out: pToken=0x19f478) returned 0x0 [0129.186] WbemLocator:IUnknown:AddRef (This=0x5913e8) returned 0x2 [0129.186] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6b4e6100*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f830 | out: ppvObject=0x19f830*=0x56f8dc) returned 0x0 [0129.186] WbemLocator:IUnknown:Release (This=0x5913e8) returned 0x2 [0129.186] WbemLocator:IEnumVARIANT:Next (in: This=0x56f8dc, celt=0x1, rgvar=0x19f884*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x19f894 | out: pceltFetched=0x19f894*=0x1) returned 0x0 [0129.203] WbemLocator:IUnknown:QueryInterface (in: This=0x5998b4, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f234 | out: ppvObject=0x19f234*=0x5924e8) returned 0x0 [0129.203] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x0) returned 0x80004002 [0129.204] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f00c | out: ppvObject=0x19f00c*=0x5996bc) returned 0x0 [0129.204] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x5996bc, ppTI=0x19f014 | out: ppTI=0x19f014*=0x59935c) returned 0x0 [0129.206] ITypeInfo:RemoteGetTypeAttr (in: This=0x59935c, ppTypeAttr=0x19f008, pDummy=0x44c1f90e | out: ppTypeAttr=0x19f008, pDummy=0x44c1f90e) returned 0x0 [0129.207] ITypeInfo:LocalReleaseTypeAttr (This=0x59935c) returned 0x1 [0129.207] WbemLocator:IUnknown:Release (This=0x5996bc) returned 0x2 [0129.207] WbemLocator:IUnknown:Release (This=0x59935c) returned 0x0 [0129.208] WbemLocator:IUnknown:QueryInterface (in: This=0x5998b4, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ede4 | out: ppvObject=0x19ede4*=0x0) returned 0x80004002 [0129.208] WbemLocator:IUnknown:AddRef (This=0x5924e8) returned 0x3 [0129.208] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eb4c | out: ppvObject=0x19eb4c*=0x0) returned 0x80004002 [0129.208] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eafc | out: ppvObject=0x19eafc*=0x0) returned 0x80004002 [0129.208] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb08 | out: ppvObject=0x19eb08*=0x592444) returned 0x0 [0129.208] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x592444, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19eb10 | out: pCid=0x19eb10*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0129.208] WbemLocator:IUnknown:Release (This=0x592444) returned 0x3 [0129.208] CoGetContextToken (in: pToken=0x19eb68 | out: pToken=0x19eb68) returned 0x0 [0129.208] CoGetContextToken (in: pToken=0x19ef70 | out: pToken=0x19ef70) returned 0x0 [0129.208] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x5924cc) returned 0x0 [0129.208] WbemLocator:IRpcOptions:Query (in: This=0x5924cc, pPrx=0x5924e8, dwProperty=2, pdwValue=0x19f028 | out: pdwValue=0x19f028) returned 0x80004002 [0129.209] WbemLocator:IUnknown:Release (This=0x5924cc) returned 0x3 [0129.209] WbemLocator:IUnknown:Release (This=0x5924e8) returned 0x2 [0129.209] WbemLocator:IUnknown:Release (This=0x56f8dc) returned 0x1 [0129.213] CoGetContextToken (in: pToken=0x19f330 | out: pToken=0x19f330) returned 0x0 [0129.213] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3a8 | out: ppvObject=0x19f3a8*=0x5998b4) returned 0x0 [0129.214] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x5998b4, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19f3b0*="SerialNumber", cNames=0x1, lcid=0x409, rgDispId=0x19f3a0 | out: rgDispId=0x19f3a0*=25165825) returned 0x0 [0129.237] WbemLocator:IDispatch:Invoke (in: This=0x5998b4, dispIdMember=25165825, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f514*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x19f4a4, pExcepInfo=0x19f2bc, puArgErr=0x19f2f0 | out: pDispParams=0x19f514*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x19f4a4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pExcepInfo=0x19f2bc*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x19f2f0*=0x0) returned 0x0 [0129.239] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0129.239] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0129.239] WbemLocator:IUnknown:Release (This=0x5998b4) returned 0x1 [0129.326] CoGetContextToken (in: pToken=0x19f478 | out: pToken=0x19f478) returned 0x0 [0129.326] WbemLocator:IUnknown:AddRef (This=0x5913e8) returned 0x2 [0129.326] WbemLocator:IUnknown:QueryInterface (in: This=0x5913e8, riid=0x6b4e6100*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f830 | out: ppvObject=0x19f830*=0x56f8dc) returned 0x0 [0129.326] WbemLocator:IUnknown:Release (This=0x5913e8) returned 0x2 [0129.326] WbemLocator:IEnumVARIANT:Next (in: This=0x56f8dc, celt=0x1, rgvar=0x19f884*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pceltFetched=0x19f894 | out: pceltFetched=0x19f894*=0x0) returned 0x1 [0129.328] WbemLocator:IUnknown:Release (This=0x56f8dc) returned 0x1 [0129.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x404 [0129.561] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f84c | out: ppv=0x19f84c*=0x508aac) returned 0x0 [0129.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19eadc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0129.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x19efe0, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x04ò\x18Hk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 63 [0129.569] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6f900000 [0129.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x19f014, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 13 [0129.723] GetProcAddress (hModule=0x6f900000, lpProcName="ResetSecurity") returned 0x6f9026fe [0129.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x19f014, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 11 [0129.734] GetProcAddress (hModule=0x6f900000, lpProcName="SetSecurity") returned 0x6f902740 [0129.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x19f010, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 18 [0129.744] GetProcAddress (hModule=0x6f900000, lpProcName="BlessIWbemServices") returned 0x6f901e89 [0129.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x19f008, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 24 [0129.780] GetProcAddress (hModule=0x6f900000, lpProcName="BlessIWbemServicesObject") returned 0x6f901edb [0129.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x19f010, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 17 [0129.834] GetProcAddress (hModule=0x6f900000, lpProcName="GetPropertyHandle") returned 0x6f9023d4 [0129.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x19f010, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 18 [0129.850] GetProcAddress (hModule=0x6f900000, lpProcName="WritePropertyValue") returned 0x6f902837 [0129.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x19f01c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 5 [0129.867] GetProcAddress (hModule=0x6f900000, lpProcName="Clone") returned 0x6f901f2d [0129.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x19f010, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 15 [0129.877] GetProcAddress (hModule=0x6f900000, lpProcName="VerifyClientKey") returned 0x6f9027d4 [0129.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x19f010, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 15 [0129.883] GetProcAddress (hModule=0x6f900000, lpProcName="GetQualifierSet") returned 0x6f902435 [0129.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x19f01c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 3 [0129.885] GetProcAddress (hModule=0x6f900000, lpProcName="Get") returned 0x6f9022f4 [0129.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x19f01c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 3 [0129.921] GetProcAddress (hModule=0x6f900000, lpProcName="Put") returned 0x6f9024de [0129.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x19f01c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 6 [0129.940] GetProcAddress (hModule=0x6f900000, lpProcName="Delete") returned 0x6f902151 [0129.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x19f018, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 8 [0129.953] GetProcAddress (hModule=0x6f900000, lpProcName="GetNames") returned 0x6f9023a2 [0129.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x19f010, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 16 [0129.990] GetProcAddress (hModule=0x6f900000, lpProcName="BeginEnumeration") returned 0x6f901e63 [0129.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x19f01c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 4 [0130.000] GetProcAddress (hModule=0x6f900000, lpProcName="Next") returned 0x6f9024a3 [0130.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x19f014, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 14 [0130.021] GetProcAddress (hModule=0x6f900000, lpProcName="EndEnumeration") returned 0x6f9021e2 [0130.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x19f008, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 23 [0130.031] GetProcAddress (hModule=0x6f900000, lpProcName="GetPropertyQualifierSet") returned 0x6f90241f [0130.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x19f01c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 5 [0130.044] GetProcAddress (hModule=0x6f900000, lpProcName="Clone") returned 0x6f901f2d [0130.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x19f014, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 13 [0130.045] GetProcAddress (hModule=0x6f900000, lpProcName="GetObjectText") returned 0x6f9023be [0130.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x19f010, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 17 [0130.057] GetProcAddress (hModule=0x6f900000, lpProcName="SpawnDerivedClass") returned 0x6f902786 [0130.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x19f014, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 13 [0130.071] GetProcAddress (hModule=0x6f900000, lpProcName="SpawnInstance") returned 0x6f90279c [0130.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x19f018, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 9 [0130.073] GetProcAddress (hModule=0x6f900000, lpProcName="CompareTo") returned 0x6f901fad [0130.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x19f010, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 17 [0130.084] GetProcAddress (hModule=0x6f900000, lpProcName="GetPropertyOrigin") returned 0x6f902409 [0130.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x19f014, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 12 [0130.099] GetProcAddress (hModule=0x6f900000, lpProcName="InheritsFrom") returned 0x6f902448 [0130.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x19f018, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 9 [0130.101] GetProcAddress (hModule=0x6f900000, lpProcName="GetMethod") returned 0x6f90235a [0130.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x19f018, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 9 [0130.119] GetProcAddress (hModule=0x6f900000, lpProcName="PutMethod") returned 0x6f9025fa [0130.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x19f014, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 12 [0130.189] GetProcAddress (hModule=0x6f900000, lpProcName="DeleteMethod") returned 0x6f902164 [0130.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x19f00c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 22 [0130.191] GetProcAddress (hModule=0x6f900000, lpProcName="BeginMethodEnumeration") returned 0x6f901e76 [0130.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x19f018, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 10 [0130.192] GetProcAddress (hModule=0x6f900000, lpProcName="NextMethod") returned 0x6f9024c2 [0130.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x19f00c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 20 [0130.204] GetProcAddress (hModule=0x6f900000, lpProcName="EndMethodEnumeration") returned 0x6f9021f2 [0130.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x19f00c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 21 [0130.206] GetProcAddress (hModule=0x6f900000, lpProcName="GetMethodQualifierSet") returned 0x6f90238c [0130.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x19f010, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 15 [0130.208] GetProcAddress (hModule=0x6f900000, lpProcName="GetMethodOrigin") returned 0x6f902376 [0130.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x19f010, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 16 [0130.209] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_Get") returned 0x6f90264c [0130.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x19f010, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 16 [0130.217] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_Put") returned 0x6f90269a [0130.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x19f00c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 19 [0130.234] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_Delete") returned 0x6f902629 [0130.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x19f00c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 21 [0130.236] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_GetNames") returned 0x6f902668 [0130.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x19f004, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 29 [0130.243] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6f902616 [0130.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x19f010, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 17 [0130.244] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_Next") returned 0x6f90267e [0130.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x19f004, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 27 [0130.250] GetProcAddress (hModule=0x6f900000, lpProcName="QualifierSet_EndEnumeration") returned 0x6f90263c [0130.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x19f008, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 23 [0130.250] GetProcAddress (hModule=0x6f900000, lpProcName="GetCurrentApartmentType") returned 0x6f902435 [0130.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x19f00c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 20 [0130.254] GetProcAddress (hModule=0x6f900000, lpProcName="GetDemultiplexedStub") returned 0x6f902313 [0130.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x19f00c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 21 [0130.259] GetProcAddress (hModule=0x6f900000, lpProcName="CreateInstanceEnumWmi") returned 0x6f9020db [0130.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x19f010, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 18 [0130.280] GetProcAddress (hModule=0x6f900000, lpProcName="CreateClassEnumWmi") returned 0x6f902065 [0130.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x19f014, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 12 [0130.281] GetProcAddress (hModule=0x6f900000, lpProcName="ExecQueryWmi") returned 0x6f90227b [0130.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x19f008, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 24 [0130.287] GetProcAddress (hModule=0x6f900000, lpProcName="ExecNotificationQueryWmi") returned 0x6f902202 [0130.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x19f014, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 14 [0130.288] GetProcAddress (hModule=0x6f900000, lpProcName="PutInstanceWmi") returned 0x6f90257a [0130.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x19f014, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x04D\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 11 [0130.291] GetProcAddress (hModule=0x6f900000, lpProcName="PutClassWmi") returned 0x6f9024fa [0130.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x19f008, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 24 [0130.291] GetProcAddress (hModule=0x6f900000, lpProcName="CloneEnumWbemClassObject") returned 0x6f901f40 [0130.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x19f010, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1aHk¥\x1e7E «ªjÔò\x19", lpUsedDefaultChar=0x0) returned 16 [0130.293] GetProcAddress (hModule=0x6f900000, lpProcName="ConnectServerWmi") returned 0x6f901fc3 [0130.308] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f844 | out: pAptType=0x19f844*=1) returned 0x0 [0130.309] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f848 | out: ppvObject=0x19f848*=0x0) returned 0x80004002 [0130.309] IUnknown:Release (This=0x508aac) returned 0x1 [0130.341] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x19f4a4 | out: lpiid=0x19f4a4) returned 0x0 [0130.342] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1b8 | out: ppv=0x19f1b8*=0x59f6d0) returned 0x0 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f6d0, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3d0 | out: ppvObject=0x19f3d0*=0x0) returned 0x80004002 [0130.343] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f6d0, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3e4 | out: ppvObject=0x19f3e4*=0x580bf0) returned 0x0 [0130.343] WbemDefPath:IUnknown:Release (This=0x59f6d0) returned 0x0 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f004 | out: ppvObject=0x19f004*=0x580bf0) returned 0x0 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19efc0 | out: ppvObject=0x19efc0*=0x0) returned 0x80004002 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ebb4 | out: ppvObject=0x19ebb4*=0x0) returned 0x80004002 [0130.343] WbemDefPath:IUnknown:AddRef (This=0x580bf0) returned 0x3 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x0) returned 0x80004002 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8cc | out: ppvObject=0x19e8cc*=0x0) returned 0x80004002 [0130.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8d8 | out: ppvObject=0x19e8d8*=0x594708) returned 0x0 [0130.344] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x594708, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8e0 | out: pCid=0x19e8e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.344] WbemDefPath:IUnknown:Release (This=0x594708) returned 0x3 [0130.344] CoGetContextToken (in: pToken=0x19e938 | out: pToken=0x19e938) returned 0x0 [0130.344] CoGetContextToken (in: pToken=0x19ed40 | out: pToken=0x19ed40) returned 0x0 [0130.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edd0 | out: ppvObject=0x19edd0*=0x0) returned 0x80004002 [0130.344] WbemDefPath:IUnknown:Release (This=0x580bf0) returned 0x2 [0130.344] WbemDefPath:IUnknown:Release (This=0x580bf0) returned 0x1 [0130.344] CoGetContextToken (in: pToken=0x19f6c8 | out: pToken=0x19f6c8) returned 0x0 [0130.344] CoGetContextToken (in: pToken=0x19f628 | out: pToken=0x19f628) returned 0x0 [0130.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x580bf0, riid=0x19f6f8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6f4 | out: ppvObject=0x19f6f4*=0x580bf0) returned 0x0 [0130.344] WbemDefPath:IUnknown:AddRef (This=0x580bf0) returned 0x3 [0130.344] WbemDefPath:IUnknown:Release (This=0x580bf0) returned 0x2 [0130.346] WbemDefPath:IWbemPath:SetText (This=0x580bf0, uMode=0x4, pszPath="win32_processor") returned 0x0 [0130.349] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580bf0, puCount=0x19f878 | out: puCount=0x19f878*=0x0) returned 0x0 [0130.349] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f874*=0x0, pszText=0x0 | out: puBuffLength=0x19f874*=0x10, pszText=0x0) returned 0x0 [0130.349] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f874*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f874*=0x10, pszText="win32_processor") returned 0x0 [0130.350] WbemDefPath:IWbemPath:GetInfo (in: This=0x580bf0, uRequestedInfo=0x0, puResponse=0x19f880 | out: puResponse=0x19f880*=0xc15) returned 0x0 [0130.350] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580bf0, puCount=0x19f878 | out: puCount=0x19f878*=0x0) returned 0x0 [0130.350] WbemDefPath:IWbemPath:GetInfo (in: This=0x580bf0, uRequestedInfo=0x0, puResponse=0x19f880 | out: puResponse=0x19f880*=0xc15) returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580bf0, puCount=0x19f868 | out: puCount=0x19f868*=0x0) returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f864*=0x0, pszText=0x0 | out: puBuffLength=0x19f864*=0x10, pszText=0x0) returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f864*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f864*=0x10, pszText="win32_processor") returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580bf0, puCount=0x19f868 | out: puCount=0x19f868*=0x0) returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f864*=0x0, pszText=0x0 | out: puBuffLength=0x19f864*=0x10, pszText=0x0) returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f864*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f864*=0x10, pszText="win32_processor") returned 0x0 [0130.351] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580bf0, puCount=0x19f7f8 | out: puCount=0x19f7f8*=0x0) returned 0x0 [0130.352] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f0b0 | out: ppv=0x19f0b0*=0x508aac) returned 0x0 [0130.352] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f0a8 | out: pAptType=0x19f0a8*=1) returned 0x0 [0130.352] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f0ac | out: ppvObject=0x19f0ac*=0x0) returned 0x80004002 [0130.352] IUnknown:Release (This=0x508aac) returned 0x1 [0130.352] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ea18 | out: ppv=0x19ea18*=0x59f660) returned 0x0 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec30 | out: ppvObject=0x19ec30*=0x0) returned 0x80004002 [0130.353] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f660, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec44 | out: ppvObject=0x19ec44*=0x580720) returned 0x0 [0130.353] WbemDefPath:IUnknown:Release (This=0x59f660) returned 0x0 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e864 | out: ppvObject=0x19e864*=0x580720) returned 0x0 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e820 | out: ppvObject=0x19e820*=0x0) returned 0x80004002 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e414 | out: ppvObject=0x19e414*=0x0) returned 0x80004002 [0130.353] WbemDefPath:IUnknown:AddRef (This=0x580720) returned 0x3 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e17c | out: ppvObject=0x19e17c*=0x0) returned 0x80004002 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e12c | out: ppvObject=0x19e12c*=0x0) returned 0x80004002 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e138 | out: ppvObject=0x19e138*=0x594ac8) returned 0x0 [0130.353] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x594ac8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e140 | out: pCid=0x19e140*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.353] WbemDefPath:IUnknown:Release (This=0x594ac8) returned 0x3 [0130.353] CoGetContextToken (in: pToken=0x19e198 | out: pToken=0x19e198) returned 0x0 [0130.353] CoGetContextToken (in: pToken=0x19e5a0 | out: pToken=0x19e5a0) returned 0x0 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e630 | out: ppvObject=0x19e630*=0x0) returned 0x80004002 [0130.353] WbemDefPath:IUnknown:Release (This=0x580720) returned 0x2 [0130.353] WbemDefPath:IUnknown:Release (This=0x580720) returned 0x1 [0130.353] CoGetContextToken (in: pToken=0x19ef28 | out: pToken=0x19ef28) returned 0x0 [0130.353] CoGetContextToken (in: pToken=0x19ee88 | out: pToken=0x19ee88) returned 0x0 [0130.353] WbemDefPath:IUnknown:QueryInterface (in: This=0x580720, riid=0x19ef58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19ef54 | out: ppvObject=0x19ef54*=0x580720) returned 0x0 [0130.353] WbemDefPath:IUnknown:AddRef (This=0x580720) returned 0x3 [0130.353] WbemDefPath:IUnknown:Release (This=0x580720) returned 0x2 [0130.354] WbemDefPath:IWbemPath:SetText (This=0x580720, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0130.354] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f7e4 | out: puCount=0x19f7e4*=0x2) returned 0x0 [0130.354] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f7e0*=0x0, pszText=0x0 | out: puBuffLength=0x19f7e0*=0xf, pszText=0x0) returned 0x0 [0130.354] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f7e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f7e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0130.354] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f794 | out: ppv=0x19f794*=0x508aac) returned 0x0 [0130.354] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f78c | out: pAptType=0x19f78c*=1) returned 0x0 [0130.354] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f790 | out: ppvObject=0x19f790*=0x0) returned 0x80004002 [0130.354] IUnknown:Release (This=0x508aac) returned 0x1 [0130.354] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f100 | out: ppv=0x19f100*=0x59f750) returned 0x0 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f750, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f318 | out: ppvObject=0x19f318*=0x0) returned 0x80004002 [0130.355] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f750, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f32c | out: ppvObject=0x19f32c*=0x580a30) returned 0x0 [0130.355] WbemDefPath:IUnknown:Release (This=0x59f750) returned 0x0 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef4c | out: ppvObject=0x19ef4c*=0x580a30) returned 0x0 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef08 | out: ppvObject=0x19ef08*=0x0) returned 0x80004002 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eafc | out: ppvObject=0x19eafc*=0x0) returned 0x80004002 [0130.355] WbemDefPath:IUnknown:AddRef (This=0x580a30) returned 0x3 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e864 | out: ppvObject=0x19e864*=0x0) returned 0x80004002 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e820 | out: ppvObject=0x19e820*=0x594918) returned 0x0 [0130.355] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x594918, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e828 | out: pCid=0x19e828*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.355] WbemDefPath:IUnknown:Release (This=0x594918) returned 0x3 [0130.355] CoGetContextToken (in: pToken=0x19e880 | out: pToken=0x19e880) returned 0x0 [0130.355] CoGetContextToken (in: pToken=0x19ec88 | out: pToken=0x19ec88) returned 0x0 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed18 | out: ppvObject=0x19ed18*=0x0) returned 0x80004002 [0130.355] WbemDefPath:IUnknown:Release (This=0x580a30) returned 0x2 [0130.355] WbemDefPath:IUnknown:Release (This=0x580a30) returned 0x1 [0130.355] CoGetContextToken (in: pToken=0x19f610 | out: pToken=0x19f610) returned 0x0 [0130.355] CoGetContextToken (in: pToken=0x19f570 | out: pToken=0x19f570) returned 0x0 [0130.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x580a30, riid=0x19f640*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f63c | out: ppvObject=0x19f63c*=0x580a30) returned 0x0 [0130.355] WbemDefPath:IUnknown:AddRef (This=0x580a30) returned 0x3 [0130.355] WbemDefPath:IUnknown:Release (This=0x580a30) returned 0x2 [0130.356] WbemDefPath:IWbemPath:SetText (This=0x580a30, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0130.356] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580a30, puCount=0x19f7bc | out: puCount=0x19f7bc*=0x2) returned 0x0 [0130.356] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f7b8*=0x0, pszText=0x0 | out: puBuffLength=0x19f7b8*=0xf, pszText=0x0) returned 0x0 [0130.356] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f7b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f7b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0130.356] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f7bc | out: ppv=0x19f7bc*=0x508aac) returned 0x0 [0130.356] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f7b4 | out: pAptType=0x19f7b4*=1) returned 0x0 [0130.356] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f7b8 | out: ppvObject=0x19f7b8*=0x0) returned 0x80004002 [0130.356] IUnknown:Release (This=0x508aac) returned 0x1 [0130.356] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x19f6c4 | out: lpiid=0x19f6c4) returned 0x0 [0130.357] CoGetClassObject (in: rclsid=0x59a764*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f3d8 | out: ppv=0x19f3d8*=0x594840) returned 0x0 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x594840, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f5f0 | out: ppvObject=0x19f5f0*=0x0) returned 0x80004002 [0130.357] WbemLocator:IClassFactory:CreateInstance (in: This=0x594840, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f604 | out: ppvObject=0x19f604*=0x59f660) returned 0x0 [0130.357] WbemLocator:IUnknown:Release (This=0x594840) returned 0x0 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x59f660) returned 0x0 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f1e0 | out: ppvObject=0x19f1e0*=0x0) returned 0x80004002 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19edd4 | out: ppvObject=0x19edd4*=0x0) returned 0x80004002 [0130.357] WbemLocator:IUnknown:AddRef (This=0x59f660) returned 0x3 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eb3c | out: ppvObject=0x19eb3c*=0x0) returned 0x80004002 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eaec | out: ppvObject=0x19eaec*=0x0) returned 0x80004002 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaf8 | out: ppvObject=0x19eaf8*=0x0) returned 0x80004002 [0130.357] CoGetContextToken (in: pToken=0x19eb58 | out: pToken=0x19eb58) returned 0x0 [0130.357] CoGetContextToken (in: pToken=0x19ef60 | out: pToken=0x19ef60) returned 0x0 [0130.357] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x0) returned 0x80004002 [0130.358] WbemLocator:IUnknown:Release (This=0x59f660) returned 0x2 [0130.358] WbemLocator:IUnknown:Release (This=0x59f660) returned 0x1 [0130.358] CoGetContextToken (in: pToken=0x19f5d0 | out: pToken=0x19f5d0) returned 0x0 [0130.358] CoGetContextToken (in: pToken=0x19f530 | out: pToken=0x19f530) returned 0x0 [0130.358] WbemLocator:IUnknown:QueryInterface (in: This=0x59f660, riid=0x19f600*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f5fc | out: ppvObject=0x19f5fc*=0x59f660) returned 0x0 [0130.358] WbemLocator:IUnknown:AddRef (This=0x59f660) returned 0x3 [0130.358] WbemLocator:IUnknown:Release (This=0x59f660) returned 0x2 [0130.363] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580a30, puCount=0x19f798 | out: puCount=0x19f798*=0x2) returned 0x0 [0130.363] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=8, puBuffLength=0x19f794*=0x0, pszText=0x0 | out: puBuffLength=0x19f794*=0xf, pszText=0x0) returned 0x0 [0130.363] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=8, puBuffLength=0x19f794*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f794*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0130.363] CoCreateInstance (in: rclsid=0x6f901284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f9012e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f670 | out: ppv=0x19f670*=0x59f750) returned 0x0 [0130.363] WbemLocator:IWbemLocator:ConnectServer (in: This=0x59f750, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f704 | out: ppNamespace=0x19f704*=0x593c08) returned 0x0 [0130.387] WbemLocator:IUnknown:QueryInterface (in: This=0x593c08, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f5a0 | out: ppvObject=0x19f5a0*=0x591ec4) returned 0x0 [0130.387] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x591ec4, pProxy=0x593c08, pAuthnSvc=0x19f5f0, pAuthzSvc=0x19f5ec, pServerPrincName=0x19f5e4, pAuthnLevel=0x19f5e8, pImpLevel=0x19f5d8, pAuthInfo=0x19f5dc, pCapabilites=0x19f5e0 | out: pAuthnSvc=0x19f5f0*=0xa, pAuthzSvc=0x19f5ec*=0x0, pServerPrincName=0x19f5e4, pAuthnLevel=0x19f5e8*=0x6, pImpLevel=0x19f5d8*=0x2, pAuthInfo=0x19f5dc, pCapabilites=0x19f5e0*=0x1) returned 0x0 [0130.387] WbemLocator:IUnknown:Release (This=0x591ec4) returned 0x1 [0130.387] WbemLocator:IUnknown:QueryInterface (in: This=0x593c08, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f594 | out: ppvObject=0x19f594*=0x591ee8) returned 0x0 [0130.387] WbemLocator:IUnknown:QueryInterface (in: This=0x593c08, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f590 | out: ppvObject=0x19f590*=0x591ec4) returned 0x0 [0130.387] WbemLocator:IClientSecurity:SetBlanket (This=0x591ec4, pProxy=0x593c08, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0130.388] WbemLocator:IUnknown:Release (This=0x591ec4) returned 0x2 [0130.388] WbemLocator:IUnknown:Release (This=0x591ee8) returned 0x1 [0130.388] CoTaskMemFree (pv=0x59a668) [0130.388] WbemLocator:IUnknown:Release (This=0x59f750) returned 0x0 [0130.388] WbemLocator:IUnknown:QueryInterface (in: This=0x593c08, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f190 | out: ppvObject=0x19f190*=0x591ee8) returned 0x0 [0130.388] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f14c | out: ppvObject=0x19f14c*=0x0) returned 0x80004002 [0130.388] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ef6c | out: ppvObject=0x19ef6c*=0x0) returned 0x80004002 [0130.389] WbemLocator:IUnknown:QueryInterface (in: This=0x593c08, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ed44 | out: ppvObject=0x19ed44*=0x0) returned 0x80004002 [0130.389] WbemLocator:IUnknown:AddRef (This=0x591ee8) returned 0x3 [0130.389] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eaac | out: ppvObject=0x19eaac*=0x0) returned 0x80004002 [0130.389] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ea5c | out: ppvObject=0x19ea5c*=0x0) returned 0x80004002 [0130.389] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x591e44) returned 0x0 [0130.389] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591e44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19ea70 | out: pCid=0x19ea70*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.389] WbemLocator:IUnknown:Release (This=0x591e44) returned 0x3 [0130.389] CoGetContextToken (in: pToken=0x19eac8 | out: pToken=0x19eac8) returned 0x0 [0130.389] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0130.389] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef60 | out: ppvObject=0x19ef60*=0x591ecc) returned 0x0 [0130.389] WbemLocator:IRpcOptions:Query (in: This=0x591ecc, pPrx=0x591ee8, dwProperty=2, pdwValue=0x19ef88 | out: pdwValue=0x19ef88) returned 0x80004002 [0130.390] WbemLocator:IUnknown:Release (This=0x591ecc) returned 0x3 [0130.390] WbemLocator:IUnknown:Release (This=0x591ee8) returned 0x2 [0130.390] CoGetContextToken (in: pToken=0x19f4a0 | out: pToken=0x19f4a0) returned 0x0 [0130.390] CoGetContextToken (in: pToken=0x19f400 | out: pToken=0x19f400) returned 0x0 [0130.390] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x19f4d0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f4cc | out: ppvObject=0x19f4cc*=0x593c08) returned 0x0 [0130.390] WbemLocator:IUnknown:AddRef (This=0x593c08) returned 0x4 [0130.390] WbemLocator:IUnknown:Release (This=0x593c08) returned 0x3 [0130.390] WbemLocator:IUnknown:Release (This=0x593c08) returned 0x2 [0130.394] SysStringLen (param_1=0x0) returned 0x0 [0130.395] CoGetContextToken (in: pToken=0x19f4d8 | out: pToken=0x19f4d8) returned 0x0 [0130.395] WbemLocator:IUnknown:AddRef (This=0x591ee8) returned 0x3 [0130.395] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f36c | out: ppvObject=0x19f36c*=0x591ee8) returned 0x0 [0130.395] WbemLocator:IUnknown:Release (This=0x591ee8) returned 0x3 [0130.395] WbemLocator:IUnknown:Release (This=0x591ee8) returned 0x2 [0130.395] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580a30, puCount=0x19f7e0 | out: puCount=0x19f7e0*=0x2) returned 0x0 [0130.395] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f7dc*=0x0, pszText=0x0 | out: puBuffLength=0x19f7dc*=0xf, pszText=0x0) returned 0x0 [0130.395] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f7dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f7dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0130.395] CoGetContextToken (in: pToken=0x19f450 | out: pToken=0x19f450) returned 0x0 [0130.396] WbemLocator:IUnknown:AddRef (This=0x591ee8) returned 0x3 [0130.396] WbemLocator:IUnknown:QueryInterface (in: This=0x591ee8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2e4 | out: ppvObject=0x19f2e4*=0x591ee8) returned 0x0 [0130.396] WbemLocator:IUnknown:Release (This=0x591ee8) returned 0x3 [0130.396] WbemLocator:IUnknown:Release (This=0x591ee8) returned 0x2 [0130.396] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f7e4*=0x0, pszText=0x0 | out: puBuffLength=0x19f7e4*=0x10, pszText=0x0) returned 0x0 [0130.396] WbemDefPath:IWbemPath:GetText (in: This=0x580bf0, lFlags=2, puBuffLength=0x19f7e4*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f7e4*=0x10, pszText="win32_processor") returned 0x0 [0130.401] IWbemServices:GetObject (in: This=0x593c08, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f798*=0x0, ppCallResult=0x0 | out: ppObject=0x19f798*=0x5b6f38, ppCallResult=0x0) returned 0x0 [0130.423] IWbemClassObject:Get (in: This=0x5b6f38, wszName="__PATH", lFlags=0, pVal=0x19f780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f828*=0, plFlavor=0x19f824*=0 | out: pVal=0x19f780*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f828*=8, plFlavor=0x19f824*=64) returned 0x0 [0130.487] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0130.487] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0130.487] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f790 | out: ppv=0x19f790*=0x508aac) returned 0x0 [0130.487] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f788 | out: pAptType=0x19f788*=1) returned 0x0 [0130.487] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f78c | out: ppvObject=0x19f78c*=0x0) returned 0x80004002 [0130.487] IUnknown:Release (This=0x508aac) returned 0x1 [0130.488] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f0f8 | out: ppv=0x19f0f8*=0x59f600) returned 0x0 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f600, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f310 | out: ppvObject=0x19f310*=0x0) returned 0x80004002 [0130.489] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f600, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f324 | out: ppvObject=0x19f324*=0x580b10) returned 0x0 [0130.489] WbemDefPath:IUnknown:Release (This=0x59f600) returned 0x0 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef44 | out: ppvObject=0x19ef44*=0x580b10) returned 0x0 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef00 | out: ppvObject=0x19ef00*=0x0) returned 0x80004002 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eaf4 | out: ppvObject=0x19eaf4*=0x0) returned 0x80004002 [0130.489] WbemDefPath:IUnknown:AddRef (This=0x580b10) returned 0x3 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e85c | out: ppvObject=0x19e85c*=0x0) returned 0x80004002 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e80c | out: ppvObject=0x19e80c*=0x0) returned 0x80004002 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e818 | out: ppvObject=0x19e818*=0x5948e8) returned 0x0 [0130.489] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5948e8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e820 | out: pCid=0x19e820*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.489] WbemDefPath:IUnknown:Release (This=0x5948e8) returned 0x3 [0130.489] CoGetContextToken (in: pToken=0x19e878 | out: pToken=0x19e878) returned 0x0 [0130.489] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0130.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed10 | out: ppvObject=0x19ed10*=0x0) returned 0x80004002 [0130.489] WbemDefPath:IUnknown:Release (This=0x580b10) returned 0x2 [0130.489] WbemDefPath:IUnknown:Release (This=0x580b10) returned 0x1 [0130.490] CoGetContextToken (in: pToken=0x19f608 | out: pToken=0x19f608) returned 0x0 [0130.490] CoGetContextToken (in: pToken=0x19f568 | out: pToken=0x19f568) returned 0x0 [0130.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x580b10, riid=0x19f638*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f634 | out: ppvObject=0x19f634*=0x580b10) returned 0x0 [0130.490] WbemDefPath:IUnknown:AddRef (This=0x580b10) returned 0x3 [0130.490] WbemDefPath:IUnknown:Release (This=0x580b10) returned 0x2 [0130.490] WbemDefPath:IWbemPath:SetText (This=0x580b10, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0130.490] IWbemClassObject:Get (in: This=0x5b6f38, wszName="__CLASS", lFlags=0, pVal=0x19f7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f870*=0, plFlavor=0x19f86c*=0 | out: pVal=0x19f7f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f870*=8, plFlavor=0x19f86c*=64) returned 0x0 [0130.490] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0130.490] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0130.490] CoGetContextToken (in: pToken=0x19f608 | out: pToken=0x19f608) returned 0x0 [0130.490] WbemLocator:IUnknown:AddRef (This=0x593c08) returned 0x3 [0130.490] IWbemServices:CreateInstanceEnum (in: This=0x593c08, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f7ec | out: ppEnum=0x19f7ec*=0x5957a8) returned 0x0 [0130.496] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f680 | out: ppvObject=0x19f680*=0x5957ac) returned 0x0 [0130.496] IClientSecurity:QueryBlanket (in: This=0x5957ac, pProxy=0x5957a8, pAuthnSvc=0x19f6d0, pAuthzSvc=0x19f6cc, pServerPrincName=0x19f6c4, pAuthnLevel=0x19f6c8, pImpLevel=0x19f6b8, pAuthInfo=0x19f6bc, pCapabilites=0x19f6c0 | out: pAuthnSvc=0x19f6d0*=0xa, pAuthzSvc=0x19f6cc*=0x0, pServerPrincName=0x19f6c4, pAuthnLevel=0x19f6c8*=0x6, pImpLevel=0x19f6b8*=0x2, pAuthInfo=0x19f6bc, pCapabilites=0x19f6c0*=0x1) returned 0x0 [0130.496] IUnknown:Release (This=0x5957ac) returned 0x1 [0130.496] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f674 | out: ppvObject=0x19f674*=0x590ce8) returned 0x0 [0130.496] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f670 | out: ppvObject=0x19f670*=0x5957ac) returned 0x0 [0130.496] IClientSecurity:SetBlanket (This=0x5957ac, pProxy=0x5957a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0130.506] IUnknown:Release (This=0x5957ac) returned 0x2 [0130.506] WbemLocator:IUnknown:Release (This=0x590ce8) returned 0x1 [0130.506] CoTaskMemFree (pv=0x59a4e8) [0130.506] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f268 | out: ppvObject=0x19f268*=0x590ce8) returned 0x0 [0130.506] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x0) returned 0x80004002 [0130.512] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f044 | out: ppvObject=0x19f044*=0x0) returned 0x80004002 [0130.515] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x0) returned 0x80004002 [0130.530] WbemLocator:IUnknown:AddRef (This=0x590ce8) returned 0x3 [0130.530] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eb84 | out: ppvObject=0x19eb84*=0x0) returned 0x80004002 [0130.530] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eb34 | out: ppvObject=0x19eb34*=0x0) returned 0x80004002 [0130.530] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb40 | out: ppvObject=0x19eb40*=0x590c44) returned 0x0 [0130.530] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x590c44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19eb48 | out: pCid=0x19eb48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.530] WbemLocator:IUnknown:Release (This=0x590c44) returned 0x3 [0130.530] CoGetContextToken (in: pToken=0x19eba0 | out: pToken=0x19eba0) returned 0x0 [0130.530] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0130.530] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x590ccc) returned 0x0 [0130.530] WbemLocator:IRpcOptions:Query (in: This=0x590ccc, pPrx=0x590ce8, dwProperty=2, pdwValue=0x19f060 | out: pdwValue=0x19f060) returned 0x80004002 [0130.530] WbemLocator:IUnknown:Release (This=0x590ccc) returned 0x3 [0130.530] WbemLocator:IUnknown:Release (This=0x590ce8) returned 0x2 [0130.530] CoGetContextToken (in: pToken=0x19f578 | out: pToken=0x19f578) returned 0x0 [0130.530] CoGetContextToken (in: pToken=0x19f4d8 | out: pToken=0x19f4d8) returned 0x0 [0130.530] WbemLocator:IUnknown:QueryInterface (in: This=0x590ce8, riid=0x19f5a8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f5a4 | out: ppvObject=0x19f5a4*=0x5957a8) returned 0x0 [0130.531] IUnknown:AddRef (This=0x5957a8) returned 0x4 [0130.531] IUnknown:Release (This=0x5957a8) returned 0x3 [0130.531] IUnknown:Release (This=0x5957a8) returned 0x2 [0130.531] WbemLocator:IUnknown:Release (This=0x593c08) returned 0x2 [0130.531] SysStringLen (param_1=0x0) returned 0x0 [0130.531] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580a30, puCount=0x19f828 | out: puCount=0x19f828*=0x2) returned 0x0 [0130.531] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f824*=0x0, pszText=0x0 | out: puBuffLength=0x19f824*=0xf, pszText=0x0) returned 0x0 [0130.531] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f824*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0130.531] CoGetContextToken (in: pToken=0x19f668 | out: pToken=0x19f668) returned 0x0 [0130.531] IUnknown:AddRef (This=0x5957a8) returned 0x3 [0130.531] IEnumWbemClassObject:Clone (in: This=0x5957a8, ppEnum=0x19f828 | out: ppEnum=0x19f828*=0x595488) returned 0x0 [0130.534] IUnknown:QueryInterface (in: This=0x595488, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6ec | out: ppvObject=0x19f6ec*=0x59548c) returned 0x0 [0130.534] IClientSecurity:QueryBlanket (in: This=0x59548c, pProxy=0x595488, pAuthnSvc=0x19f73c, pAuthzSvc=0x19f738, pServerPrincName=0x19f730, pAuthnLevel=0x19f734, pImpLevel=0x19f724, pAuthInfo=0x19f728, pCapabilites=0x19f72c | out: pAuthnSvc=0x19f73c*=0xa, pAuthzSvc=0x19f738*=0x0, pServerPrincName=0x19f730, pAuthnLevel=0x19f734*=0x6, pImpLevel=0x19f724*=0x2, pAuthInfo=0x19f728, pCapabilites=0x19f72c*=0x1) returned 0x0 [0130.534] IUnknown:Release (This=0x59548c) returned 0x1 [0130.534] IUnknown:QueryInterface (in: This=0x595488, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6e0 | out: ppvObject=0x19f6e0*=0x591fe8) returned 0x0 [0130.534] IUnknown:QueryInterface (in: This=0x595488, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6dc | out: ppvObject=0x19f6dc*=0x59548c) returned 0x0 [0130.534] IClientSecurity:SetBlanket (This=0x59548c, pProxy=0x595488, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0130.535] IUnknown:Release (This=0x59548c) returned 0x2 [0130.535] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x1 [0130.535] CoTaskMemFree (pv=0x59a578) [0130.536] IUnknown:QueryInterface (in: This=0x595488, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2c8 | out: ppvObject=0x19f2c8*=0x591fe8) returned 0x0 [0130.536] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0130.536] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a4 | out: ppvObject=0x19f0a4*=0x0) returned 0x80004002 [0130.538] IUnknown:QueryInterface (in: This=0x595488, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ee7c | out: ppvObject=0x19ee7c*=0x0) returned 0x80004002 [0130.547] WbemLocator:IUnknown:AddRef (This=0x591fe8) returned 0x3 [0130.547] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19ebe4 | out: ppvObject=0x19ebe4*=0x0) returned 0x80004002 [0130.547] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eb94 | out: ppvObject=0x19eb94*=0x0) returned 0x80004002 [0130.547] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eba0 | out: ppvObject=0x19eba0*=0x591f44) returned 0x0 [0130.547] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591f44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19eba8 | out: pCid=0x19eba8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0130.547] WbemLocator:IUnknown:Release (This=0x591f44) returned 0x3 [0130.547] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0130.547] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0130.547] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f098 | out: ppvObject=0x19f098*=0x591fcc) returned 0x0 [0130.547] WbemLocator:IRpcOptions:Query (in: This=0x591fcc, pPrx=0x591fe8, dwProperty=2, pdwValue=0x19f0c0 | out: pdwValue=0x19f0c0) returned 0x80004002 [0130.547] WbemLocator:IUnknown:Release (This=0x591fcc) returned 0x3 [0130.547] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x2 [0130.547] CoGetContextToken (in: pToken=0x19f5d8 | out: pToken=0x19f5d8) returned 0x0 [0130.547] CoGetContextToken (in: pToken=0x19f538 | out: pToken=0x19f538) returned 0x0 [0130.547] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x19f608*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f604 | out: ppvObject=0x19f604*=0x595488) returned 0x0 [0130.547] IUnknown:AddRef (This=0x595488) returned 0x4 [0130.547] IUnknown:Release (This=0x595488) returned 0x3 [0130.547] IUnknown:Release (This=0x595488) returned 0x2 [0130.547] IUnknown:Release (This=0x5957a8) returned 0x2 [0130.547] SysStringLen (param_1=0x0) returned 0x0 [0130.599] IEnumWbemClassObject:Reset (This=0x595488) returned 0x0 [0130.601] CoTaskMemAlloc (cb=0x4) returned 0x59f600 [0130.601] IEnumWbemClassObject:Next (in: This=0x595488, lTimeout=-1, uCount=0x1, apObjects=0x59f600, puReturned=0x2186950 | out: apObjects=0x59f600*=0x55bdf8, puReturned=0x2186950*=0x1) returned 0x0 [0138.698] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee88 | out: ppvObject=0x19ee88*=0x55bdf8) returned 0x0 [0138.698] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee44 | out: ppvObject=0x19ee44*=0x0) returned 0x80004002 [0138.698] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0138.699] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0138.699] IUnknown:AddRef (This=0x55bdf8) returned 0x3 [0138.699] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0138.699] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0138.699] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x55bdfc) returned 0x0 [0138.700] IMarshal:GetUnmarshalClass (in: This=0x55bdfc, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0138.700] IUnknown:Release (This=0x55bdfc) returned 0x3 [0138.700] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0138.700] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0138.700] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0138.700] IUnknown:Release (This=0x55bdf8) returned 0x2 [0138.700] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0138.701] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0138.701] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x19f1c8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x55bdf8) returned 0x0 [0138.701] IUnknown:AddRef (This=0x55bdf8) returned 0x4 [0138.701] IUnknown:Release (This=0x55bdf8) returned 0x3 [0138.701] IUnknown:Release (This=0x55bdf8) returned 0x2 [0138.701] CoTaskMemFree (pv=0x59f600) [0138.702] CoGetContextToken (in: pToken=0x19f508 | out: pToken=0x19f508) returned 0x0 [0138.702] IUnknown:AddRef (This=0x55bdf8) returned 0x3 [0138.703] IWbemClassObject:Get (in: This=0x55bdf8, wszName="__GENUS", lFlags=0, pVal=0x19f818*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f898*=0, plFlavor=0x19f894*=0 | out: pVal=0x19f818*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f898*=3, plFlavor=0x19f894*=64) returned 0x0 [0138.704] IWbemClassObject:Get (in: This=0x55bdf8, wszName="__PATH", lFlags=0, pVal=0x19f7fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f880*=0, plFlavor=0x19f87c*=0 | out: pVal=0x19f7fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f880*=8, plFlavor=0x19f87c*=64) returned 0x0 [0138.704] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0138.705] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0138.705] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f828 | out: ppv=0x19f828*=0x508aac) returned 0x0 [0138.705] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f820 | out: pAptType=0x19f820*=1) returned 0x0 [0138.706] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f824 | out: ppvObject=0x19f824*=0x0) returned 0x80004002 [0138.706] IUnknown:Release (This=0x508aac) returned 0x1 [0138.709] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f190 | out: ppv=0x19f190*=0x59f6c0) returned 0x0 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f6c0, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3a8 | out: ppvObject=0x19f3a8*=0x0) returned 0x80004002 [0138.712] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f6c0, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3bc | out: ppvObject=0x19f3bc*=0x580cd0) returned 0x0 [0138.712] WbemDefPath:IUnknown:Release (This=0x59f6c0) returned 0x0 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efdc | out: ppvObject=0x19efdc*=0x580cd0) returned 0x0 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef98 | out: ppvObject=0x19ef98*=0x0) returned 0x80004002 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eb8c | out: ppvObject=0x19eb8c*=0x0) returned 0x80004002 [0138.712] WbemDefPath:IUnknown:AddRef (This=0x580cd0) returned 0x3 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x0) returned 0x80004002 [0138.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b0 | out: ppvObject=0x19e8b0*=0x594bd0) returned 0x0 [0138.712] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x594bd0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8b8 | out: pCid=0x19e8b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0138.713] WbemDefPath:IUnknown:Release (This=0x594bd0) returned 0x3 [0138.713] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0138.713] CoGetContextToken (in: pToken=0x19ed18 | out: pToken=0x19ed18) returned 0x0 [0138.713] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda8 | out: ppvObject=0x19eda8*=0x0) returned 0x80004002 [0138.713] WbemDefPath:IUnknown:Release (This=0x580cd0) returned 0x2 [0138.713] WbemDefPath:IUnknown:Release (This=0x580cd0) returned 0x1 [0138.713] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0138.713] CoGetContextToken (in: pToken=0x19f600 | out: pToken=0x19f600) returned 0x0 [0138.713] WbemDefPath:IUnknown:QueryInterface (in: This=0x580cd0, riid=0x19f6d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6cc | out: ppvObject=0x19f6cc*=0x580cd0) returned 0x0 [0138.713] WbemDefPath:IUnknown:AddRef (This=0x580cd0) returned 0x3 [0138.713] WbemDefPath:IUnknown:Release (This=0x580cd0) returned 0x2 [0138.713] WbemDefPath:IWbemPath:SetText (This=0x580cd0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0138.714] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580a30, puCount=0x19f854 | out: puCount=0x19f854*=0x2) returned 0x0 [0138.714] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f850*=0x0, pszText=0x0 | out: puBuffLength=0x19f850*=0xf, pszText=0x0) returned 0x0 [0138.714] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f850*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f850*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0138.714] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580a30, puCount=0x19f834 | out: puCount=0x19f834*=0x2) returned 0x0 [0138.714] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f830*=0x0, pszText=0x0 | out: puBuffLength=0x19f830*=0xf, pszText=0x0) returned 0x0 [0138.714] WbemDefPath:IWbemPath:GetText (in: This=0x580a30, lFlags=4, puBuffLength=0x19f830*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f830*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0138.720] IWbemClassObject:Get (in: This=0x55bdf8, wszName="processorID", lFlags=0, pVal=0x19f830*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x21871bc*=0, plFlavor=0x21871c0*=0 | out: pVal=0x19f830*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050657", varVal2=0x0), pType=0x21871bc*=8, plFlavor=0x21871c0*=0) returned 0x0 [0138.720] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0138.720] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0138.720] IWbemClassObject:Get (in: This=0x55bdf8, wszName="processorID", lFlags=0, pVal=0x19f838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x21871bc*=8, plFlavor=0x21871c0*=0 | out: pVal=0x19f838*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050657", varVal2=0x0), pType=0x21871bc*=8, plFlavor=0x21871c0*=0) returned 0x0 [0138.720] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0138.720] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0138.722] CoTaskMemAlloc (cb=0x4) returned 0x59f6c0 [0138.722] IEnumWbemClassObject:Next (in: This=0x595488, lTimeout=-1, uCount=0x1, apObjects=0x59f6c0, puReturned=0x2186950 | out: apObjects=0x59f6c0*=0x0, puReturned=0x2186950*=0x0) returned 0x1 [0138.731] CoTaskMemFree (pv=0x59f6c0) [0138.731] CoGetContextToken (in: pToken=0x19f750 | out: pToken=0x19f750) returned 0x0 [0138.731] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x1 [0138.732] IUnknown:Release (This=0x595488) returned 0x0 [0138.808] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f84c | out: ppv=0x19f84c*=0x508aac) returned 0x0 [0138.808] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f844 | out: pAptType=0x19f844*=1) returned 0x0 [0138.808] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f848 | out: ppvObject=0x19f848*=0x0) returned 0x80004002 [0138.808] IUnknown:Release (This=0x508aac) returned 0x1 [0138.809] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1b8 | out: ppv=0x19f1b8*=0x59f6c0) returned 0x0 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f6c0, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3d0 | out: ppvObject=0x19f3d0*=0x0) returned 0x80004002 [0138.810] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f6c0, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3e4 | out: ppvObject=0x19f3e4*=0x580db0) returned 0x0 [0138.810] WbemDefPath:IUnknown:Release (This=0x59f6c0) returned 0x0 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f004 | out: ppvObject=0x19f004*=0x580db0) returned 0x0 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19efc0 | out: ppvObject=0x19efc0*=0x0) returned 0x80004002 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ebb4 | out: ppvObject=0x19ebb4*=0x0) returned 0x80004002 [0138.810] WbemDefPath:IUnknown:AddRef (This=0x580db0) returned 0x3 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x0) returned 0x80004002 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8cc | out: ppvObject=0x19e8cc*=0x0) returned 0x80004002 [0138.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8d8 | out: ppvObject=0x19e8d8*=0x50d3008) returned 0x0 [0138.811] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d3008, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8e0 | out: pCid=0x19e8e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0138.811] WbemDefPath:IUnknown:Release (This=0x50d3008) returned 0x3 [0138.811] CoGetContextToken (in: pToken=0x19e938 | out: pToken=0x19e938) returned 0x0 [0138.811] CoGetContextToken (in: pToken=0x19ed40 | out: pToken=0x19ed40) returned 0x0 [0138.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edd0 | out: ppvObject=0x19edd0*=0x0) returned 0x80004002 [0138.811] WbemDefPath:IUnknown:Release (This=0x580db0) returned 0x2 [0138.811] WbemDefPath:IUnknown:Release (This=0x580db0) returned 0x1 [0138.811] CoGetContextToken (in: pToken=0x19f6c8 | out: pToken=0x19f6c8) returned 0x0 [0138.811] CoGetContextToken (in: pToken=0x19f628 | out: pToken=0x19f628) returned 0x0 [0138.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x580db0, riid=0x19f6f8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6f4 | out: ppvObject=0x19f6f4*=0x580db0) returned 0x0 [0138.811] WbemDefPath:IUnknown:AddRef (This=0x580db0) returned 0x3 [0138.811] WbemDefPath:IUnknown:Release (This=0x580db0) returned 0x2 [0138.811] WbemDefPath:IWbemPath:SetText (This=0x580db0, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0138.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580db0, puCount=0x19f878 | out: puCount=0x19f878*=0x0) returned 0x0 [0138.811] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f874*=0x0, pszText=0x0 | out: puBuffLength=0x19f874*=0x22, pszText=0x0) returned 0x0 [0138.811] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f874*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f874*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0138.811] WbemDefPath:IWbemPath:GetInfo (in: This=0x580db0, uRequestedInfo=0x0, puResponse=0x19f880 | out: puResponse=0x19f880*=0xc15) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580db0, puCount=0x19f878 | out: puCount=0x19f878*=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetInfo (in: This=0x580db0, uRequestedInfo=0x0, puResponse=0x19f880 | out: puResponse=0x19f880*=0xc15) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580db0, puCount=0x19f868 | out: puCount=0x19f868*=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f864*=0x0, pszText=0x0 | out: puBuffLength=0x19f864*=0x22, pszText=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f864*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f864*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580db0, puCount=0x19f868 | out: puCount=0x19f868*=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f864*=0x0, pszText=0x0 | out: puBuffLength=0x19f864*=0x22, pszText=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f864*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f864*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580db0, puCount=0x19f7f8 | out: puCount=0x19f7f8*=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f7e4 | out: puCount=0x19f7e4*=0x2) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f7e0*=0x0, pszText=0x0 | out: puBuffLength=0x19f7e0*=0xf, pszText=0x0) returned 0x0 [0138.812] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f7e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f7e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0138.812] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f794 | out: ppv=0x19f794*=0x508aac) returned 0x0 [0138.812] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f78c | out: pAptType=0x19f78c*=1) returned 0x0 [0138.812] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f790 | out: ppvObject=0x19f790*=0x0) returned 0x80004002 [0138.812] IUnknown:Release (This=0x508aac) returned 0x1 [0138.813] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f100 | out: ppv=0x19f100*=0x59f6d0) returned 0x0 [0138.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f6d0, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f318 | out: ppvObject=0x19f318*=0x0) returned 0x80004002 [0138.813] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f6d0, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f32c | out: ppvObject=0x19f32c*=0x580790) returned 0x0 [0138.814] WbemDefPath:IUnknown:Release (This=0x59f6d0) returned 0x0 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef4c | out: ppvObject=0x19ef4c*=0x580790) returned 0x0 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef08 | out: ppvObject=0x19ef08*=0x0) returned 0x80004002 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eafc | out: ppvObject=0x19eafc*=0x0) returned 0x80004002 [0138.814] WbemDefPath:IUnknown:AddRef (This=0x580790) returned 0x3 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e864 | out: ppvObject=0x19e864*=0x0) returned 0x80004002 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e820 | out: ppvObject=0x19e820*=0x50d3218) returned 0x0 [0138.814] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d3218, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e828 | out: pCid=0x19e828*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0138.814] WbemDefPath:IUnknown:Release (This=0x50d3218) returned 0x3 [0138.814] CoGetContextToken (in: pToken=0x19e880 | out: pToken=0x19e880) returned 0x0 [0138.814] CoGetContextToken (in: pToken=0x19ec88 | out: pToken=0x19ec88) returned 0x0 [0138.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed18 | out: ppvObject=0x19ed18*=0x0) returned 0x80004002 [0138.815] WbemDefPath:IUnknown:Release (This=0x580790) returned 0x2 [0138.815] WbemDefPath:IUnknown:Release (This=0x580790) returned 0x1 [0138.815] CoGetContextToken (in: pToken=0x19f610 | out: pToken=0x19f610) returned 0x0 [0138.815] CoGetContextToken (in: pToken=0x19f570 | out: pToken=0x19f570) returned 0x0 [0138.815] WbemDefPath:IUnknown:QueryInterface (in: This=0x580790, riid=0x19f640*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f63c | out: ppvObject=0x19f63c*=0x580790) returned 0x0 [0138.815] WbemDefPath:IUnknown:AddRef (This=0x580790) returned 0x3 [0138.815] WbemDefPath:IUnknown:Release (This=0x580790) returned 0x2 [0138.815] WbemDefPath:IWbemPath:SetText (This=0x580790, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0138.815] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f7bc | out: puCount=0x19f7bc*=0x2) returned 0x0 [0138.815] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f7b8*=0x0, pszText=0x0 | out: puBuffLength=0x19f7b8*=0xf, pszText=0x0) returned 0x0 [0138.815] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f7b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f7b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0138.815] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f7bc | out: ppv=0x19f7bc*=0x508aac) returned 0x0 [0138.815] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f7b4 | out: pAptType=0x19f7b4*=1) returned 0x0 [0138.815] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f7b8 | out: ppvObject=0x19f7b8*=0x0) returned 0x80004002 [0138.816] IUnknown:Release (This=0x508aac) returned 0x1 [0138.816] CoGetClassObject (in: rclsid=0x59a764*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f3d8 | out: ppv=0x19f3d8*=0x50d2f78) returned 0x0 [0138.816] WbemLocator:IUnknown:QueryInterface (in: This=0x50d2f78, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f5f0 | out: ppvObject=0x19f5f0*=0x0) returned 0x80004002 [0138.816] WbemLocator:IClassFactory:CreateInstance (in: This=0x50d2f78, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f604 | out: ppvObject=0x19f604*=0x59f5d0) returned 0x0 [0138.816] WbemLocator:IUnknown:Release (This=0x50d2f78) returned 0x0 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x59f5d0) returned 0x0 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f1e0 | out: ppvObject=0x19f1e0*=0x0) returned 0x80004002 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19edd4 | out: ppvObject=0x19edd4*=0x0) returned 0x80004002 [0138.817] WbemLocator:IUnknown:AddRef (This=0x59f5d0) returned 0x3 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eb3c | out: ppvObject=0x19eb3c*=0x0) returned 0x80004002 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eaec | out: ppvObject=0x19eaec*=0x0) returned 0x80004002 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaf8 | out: ppvObject=0x19eaf8*=0x0) returned 0x80004002 [0138.817] CoGetContextToken (in: pToken=0x19eb58 | out: pToken=0x19eb58) returned 0x0 [0138.817] CoGetContextToken (in: pToken=0x19ef60 | out: pToken=0x19ef60) returned 0x0 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x0) returned 0x80004002 [0138.817] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x2 [0138.817] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x1 [0138.817] CoGetContextToken (in: pToken=0x19f5d0 | out: pToken=0x19f5d0) returned 0x0 [0138.817] CoGetContextToken (in: pToken=0x19f530 | out: pToken=0x19f530) returned 0x0 [0138.817] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x19f600*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f5fc | out: ppvObject=0x19f5fc*=0x59f5d0) returned 0x0 [0138.817] WbemLocator:IUnknown:AddRef (This=0x59f5d0) returned 0x3 [0138.817] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x2 [0138.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f798 | out: puCount=0x19f798*=0x2) returned 0x0 [0138.818] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=8, puBuffLength=0x19f794*=0x0, pszText=0x0 | out: puBuffLength=0x19f794*=0xf, pszText=0x0) returned 0x0 [0138.818] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=8, puBuffLength=0x19f794*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f794*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0138.818] CoCreateInstance (in: rclsid=0x6f901284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f9012e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f670 | out: ppv=0x19f670*=0x59f700) returned 0x0 [0138.818] WbemLocator:IWbemLocator:ConnectServer (in: This=0x59f700, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f704 | out: ppNamespace=0x19f704*=0x593de8) returned 0x0 [0138.853] WbemLocator:IUnknown:QueryInterface (in: This=0x593de8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f5a0 | out: ppvObject=0x19f5a0*=0x591fc4) returned 0x0 [0138.853] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x591fc4, pProxy=0x593de8, pAuthnSvc=0x19f5f0, pAuthzSvc=0x19f5ec, pServerPrincName=0x19f5e4, pAuthnLevel=0x19f5e8, pImpLevel=0x19f5d8, pAuthInfo=0x19f5dc, pCapabilites=0x19f5e0 | out: pAuthnSvc=0x19f5f0*=0xa, pAuthzSvc=0x19f5ec*=0x0, pServerPrincName=0x19f5e4, pAuthnLevel=0x19f5e8*=0x6, pImpLevel=0x19f5d8*=0x2, pAuthInfo=0x19f5dc, pCapabilites=0x19f5e0*=0x1) returned 0x0 [0138.854] WbemLocator:IUnknown:Release (This=0x591fc4) returned 0x1 [0138.854] WbemLocator:IUnknown:QueryInterface (in: This=0x593de8, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f594 | out: ppvObject=0x19f594*=0x591fe8) returned 0x0 [0138.854] WbemLocator:IUnknown:QueryInterface (in: This=0x593de8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f590 | out: ppvObject=0x19f590*=0x591fc4) returned 0x0 [0138.854] WbemLocator:IClientSecurity:SetBlanket (This=0x591fc4, pProxy=0x593de8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0138.854] WbemLocator:IUnknown:Release (This=0x591fc4) returned 0x2 [0138.854] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x1 [0138.854] CoTaskMemFree (pv=0x59a3f8) [0138.854] WbemLocator:IUnknown:Release (This=0x59f700) returned 0x0 [0138.855] WbemLocator:IUnknown:QueryInterface (in: This=0x593de8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f190 | out: ppvObject=0x19f190*=0x591fe8) returned 0x0 [0138.855] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f14c | out: ppvObject=0x19f14c*=0x0) returned 0x80004002 [0138.858] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ef6c | out: ppvObject=0x19ef6c*=0x0) returned 0x80004002 [0138.863] WbemLocator:IUnknown:QueryInterface (in: This=0x593de8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ed44 | out: ppvObject=0x19ed44*=0x0) returned 0x80004002 [0138.866] WbemLocator:IUnknown:AddRef (This=0x591fe8) returned 0x3 [0138.866] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eaac | out: ppvObject=0x19eaac*=0x0) returned 0x80004002 [0138.866] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ea5c | out: ppvObject=0x19ea5c*=0x0) returned 0x80004002 [0138.866] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x591f44) returned 0x0 [0138.866] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591f44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19ea70 | out: pCid=0x19ea70*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0138.867] WbemLocator:IUnknown:Release (This=0x591f44) returned 0x3 [0138.867] CoGetContextToken (in: pToken=0x19eac8 | out: pToken=0x19eac8) returned 0x0 [0138.867] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0138.867] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef60 | out: ppvObject=0x19ef60*=0x591fcc) returned 0x0 [0138.867] WbemLocator:IRpcOptions:Query (in: This=0x591fcc, pPrx=0x591fe8, dwProperty=2, pdwValue=0x19ef88 | out: pdwValue=0x19ef88) returned 0x80004002 [0138.867] WbemLocator:IUnknown:Release (This=0x591fcc) returned 0x3 [0138.867] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x2 [0138.867] CoGetContextToken (in: pToken=0x19f4a0 | out: pToken=0x19f4a0) returned 0x0 [0138.867] CoGetContextToken (in: pToken=0x19f400 | out: pToken=0x19f400) returned 0x0 [0138.867] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x19f4d0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f4cc | out: ppvObject=0x19f4cc*=0x593de8) returned 0x0 [0138.867] WbemLocator:IUnknown:AddRef (This=0x593de8) returned 0x4 [0138.867] WbemLocator:IUnknown:Release (This=0x593de8) returned 0x3 [0138.867] WbemLocator:IUnknown:Release (This=0x593de8) returned 0x2 [0138.868] SysStringLen (param_1=0x0) returned 0x0 [0138.868] CoGetContextToken (in: pToken=0x19f4d8 | out: pToken=0x19f4d8) returned 0x0 [0138.868] WbemLocator:IUnknown:AddRef (This=0x591fe8) returned 0x3 [0138.868] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f36c | out: ppvObject=0x19f36c*=0x591fe8) returned 0x0 [0138.868] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x3 [0138.868] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x2 [0138.868] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f7e0 | out: puCount=0x19f7e0*=0x2) returned 0x0 [0138.868] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f7dc*=0x0, pszText=0x0 | out: puBuffLength=0x19f7dc*=0xf, pszText=0x0) returned 0x0 [0138.868] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f7dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f7dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0138.868] CoGetContextToken (in: pToken=0x19f450 | out: pToken=0x19f450) returned 0x0 [0138.868] WbemLocator:IUnknown:AddRef (This=0x591fe8) returned 0x3 [0138.868] WbemLocator:IUnknown:QueryInterface (in: This=0x591fe8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2e4 | out: ppvObject=0x19f2e4*=0x591fe8) returned 0x0 [0138.868] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x3 [0138.868] WbemLocator:IUnknown:Release (This=0x591fe8) returned 0x2 [0138.868] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f7e4*=0x0, pszText=0x0 | out: puBuffLength=0x19f7e4*=0x22, pszText=0x0) returned 0x0 [0138.868] WbemDefPath:IWbemPath:GetText (in: This=0x580db0, lFlags=2, puBuffLength=0x19f7e4*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f7e4*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0138.869] IWbemServices:GetObject (in: This=0x593de8, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x19f798*=0x0, ppCallResult=0x0 | out: ppObject=0x19f798*=0x50d2a40, ppCallResult=0x0) returned 0x0 [0138.973] IWbemClassObject:Get (in: This=0x50d2a40, wszName="__PATH", lFlags=0, pVal=0x19f780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f828*=0, plFlavor=0x19f824*=0 | out: pVal=0x19f780*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f828*=8, plFlavor=0x19f824*=64) returned 0x0 [0138.974] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0138.974] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0138.974] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f790 | out: ppv=0x19f790*=0x508aac) returned 0x0 [0138.974] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f788 | out: pAptType=0x19f788*=1) returned 0x0 [0138.974] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f78c | out: ppvObject=0x19f78c*=0x0) returned 0x80004002 [0138.974] IUnknown:Release (This=0x508aac) returned 0x1 [0138.975] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f0f8 | out: ppv=0x19f0f8*=0x59f600) returned 0x0 [0138.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f600, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f310 | out: ppvObject=0x19f310*=0x0) returned 0x80004002 [0138.975] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f600, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f324 | out: ppvObject=0x19f324*=0x580e20) returned 0x0 [0138.975] WbemDefPath:IUnknown:Release (This=0x59f600) returned 0x0 [0138.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef44 | out: ppvObject=0x19ef44*=0x580e20) returned 0x0 [0138.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef00 | out: ppvObject=0x19ef00*=0x0) returned 0x80004002 [0138.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eaf4 | out: ppvObject=0x19eaf4*=0x0) returned 0x80004002 [0138.975] WbemDefPath:IUnknown:AddRef (This=0x580e20) returned 0x3 [0138.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e85c | out: ppvObject=0x19e85c*=0x0) returned 0x80004002 [0138.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e80c | out: ppvObject=0x19e80c*=0x0) returned 0x80004002 [0138.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e818 | out: ppvObject=0x19e818*=0x50d3140) returned 0x0 [0138.976] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d3140, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e820 | out: pCid=0x19e820*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0138.976] WbemDefPath:IUnknown:Release (This=0x50d3140) returned 0x3 [0138.976] CoGetContextToken (in: pToken=0x19e878 | out: pToken=0x19e878) returned 0x0 [0138.976] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0138.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed10 | out: ppvObject=0x19ed10*=0x0) returned 0x80004002 [0138.976] WbemDefPath:IUnknown:Release (This=0x580e20) returned 0x2 [0138.976] WbemDefPath:IUnknown:Release (This=0x580e20) returned 0x1 [0138.976] CoGetContextToken (in: pToken=0x19f608 | out: pToken=0x19f608) returned 0x0 [0138.976] CoGetContextToken (in: pToken=0x19f568 | out: pToken=0x19f568) returned 0x0 [0138.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x580e20, riid=0x19f638*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f634 | out: ppvObject=0x19f634*=0x580e20) returned 0x0 [0138.976] WbemDefPath:IUnknown:AddRef (This=0x580e20) returned 0x3 [0138.976] WbemDefPath:IUnknown:Release (This=0x580e20) returned 0x2 [0138.976] WbemDefPath:IWbemPath:SetText (This=0x580e20, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0138.976] IWbemClassObject:Get (in: This=0x50d2a40, wszName="__CLASS", lFlags=0, pVal=0x19f7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f870*=0, plFlavor=0x19f86c*=0 | out: pVal=0x19f7f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f870*=8, plFlavor=0x19f86c*=64) returned 0x0 [0138.976] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0138.976] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0138.976] CoGetContextToken (in: pToken=0x19f5e8 | out: pToken=0x19f5e8) returned 0x0 [0138.977] WbemLocator:IUnknown:AddRef (This=0x593de8) returned 0x3 [0138.977] IWbemServices:CreateInstanceEnum (in: This=0x593de8, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x19f7ec | out: ppEnum=0x19f7ec*=0x595b90) returned 0x0 [0138.981] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f65c | out: ppvObject=0x19f65c*=0x595b94) returned 0x0 [0138.982] IClientSecurity:QueryBlanket (in: This=0x595b94, pProxy=0x595b90, pAuthnSvc=0x19f6ac, pAuthzSvc=0x19f6a8, pServerPrincName=0x19f6a0, pAuthnLevel=0x19f6a4, pImpLevel=0x19f694, pAuthInfo=0x19f698, pCapabilites=0x19f69c | out: pAuthnSvc=0x19f6ac*=0xa, pAuthzSvc=0x19f6a8*=0x0, pServerPrincName=0x19f6a0, pAuthnLevel=0x19f6a4*=0x6, pImpLevel=0x19f694*=0x2, pAuthInfo=0x19f698, pCapabilites=0x19f69c*=0x1) returned 0x0 [0138.982] IUnknown:Release (This=0x595b94) returned 0x1 [0138.982] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f650 | out: ppvObject=0x19f650*=0x5915e8) returned 0x0 [0138.982] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f64c | out: ppvObject=0x19f64c*=0x595b94) returned 0x0 [0138.982] IClientSecurity:SetBlanket (This=0x595b94, pProxy=0x595b90, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0138.997] IUnknown:Release (This=0x595b94) returned 0x2 [0138.997] WbemLocator:IUnknown:Release (This=0x5915e8) returned 0x1 [0138.997] CoTaskMemFree (pv=0x59a3f8) [0138.997] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f244 | out: ppvObject=0x19f244*=0x5915e8) returned 0x0 [0138.997] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x0) returned 0x80004002 [0139.015] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f01c | out: ppvObject=0x19f01c*=0x0) returned 0x80004002 [0139.020] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19edf4 | out: ppvObject=0x19edf4*=0x0) returned 0x80004002 [0139.045] WbemLocator:IUnknown:AddRef (This=0x5915e8) returned 0x3 [0139.045] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19eb5c | out: ppvObject=0x19eb5c*=0x0) returned 0x80004002 [0139.045] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eb0c | out: ppvObject=0x19eb0c*=0x0) returned 0x80004002 [0139.045] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb18 | out: ppvObject=0x19eb18*=0x591544) returned 0x0 [0139.045] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591544, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19eb20 | out: pCid=0x19eb20*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.045] WbemLocator:IUnknown:Release (This=0x591544) returned 0x3 [0139.045] CoGetContextToken (in: pToken=0x19eb78 | out: pToken=0x19eb78) returned 0x0 [0139.045] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0139.045] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f010 | out: ppvObject=0x19f010*=0x5915cc) returned 0x0 [0139.045] WbemLocator:IRpcOptions:Query (in: This=0x5915cc, pPrx=0x5915e8, dwProperty=2, pdwValue=0x19f038 | out: pdwValue=0x19f038) returned 0x80004002 [0139.045] WbemLocator:IUnknown:Release (This=0x5915cc) returned 0x3 [0139.045] WbemLocator:IUnknown:Release (This=0x5915e8) returned 0x2 [0139.045] CoGetContextToken (in: pToken=0x19f558 | out: pToken=0x19f558) returned 0x0 [0139.045] CoGetContextToken (in: pToken=0x19f4b8 | out: pToken=0x19f4b8) returned 0x0 [0139.045] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x19f588*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f584 | out: ppvObject=0x19f584*=0x595b90) returned 0x0 [0139.046] IUnknown:AddRef (This=0x595b90) returned 0x4 [0139.046] IUnknown:Release (This=0x595b90) returned 0x3 [0139.046] IUnknown:Release (This=0x595b90) returned 0x2 [0139.046] WbemLocator:IUnknown:Release (This=0x593de8) returned 0x2 [0139.046] SysStringLen (param_1=0x0) returned 0x0 [0139.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f828 | out: puCount=0x19f828*=0x2) returned 0x0 [0139.046] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f824*=0x0, pszText=0x0 | out: puBuffLength=0x19f824*=0xf, pszText=0x0) returned 0x0 [0139.046] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f824*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.046] CoGetContextToken (in: pToken=0x19f668 | out: pToken=0x19f668) returned 0x0 [0139.046] IUnknown:AddRef (This=0x595b90) returned 0x3 [0139.046] IEnumWbemClassObject:Clone (in: This=0x595b90, ppEnum=0x19f828 | out: ppEnum=0x19f828*=0x595618) returned 0x0 [0139.048] IUnknown:QueryInterface (in: This=0x595618, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6ec | out: ppvObject=0x19f6ec*=0x59561c) returned 0x0 [0139.048] IClientSecurity:QueryBlanket (in: This=0x59561c, pProxy=0x595618, pAuthnSvc=0x19f73c, pAuthzSvc=0x19f738, pServerPrincName=0x19f730, pAuthnLevel=0x19f734, pImpLevel=0x19f724, pAuthInfo=0x19f728, pCapabilites=0x19f72c | out: pAuthnSvc=0x19f73c*=0xa, pAuthzSvc=0x19f738*=0x0, pServerPrincName=0x19f730, pAuthnLevel=0x19f734*=0x6, pImpLevel=0x19f724*=0x2, pAuthInfo=0x19f728, pCapabilites=0x19f72c*=0x1) returned 0x0 [0139.048] IUnknown:Release (This=0x59561c) returned 0x1 [0139.048] IUnknown:QueryInterface (in: This=0x595618, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6e0 | out: ppvObject=0x19f6e0*=0x5927e8) returned 0x0 [0139.048] IUnknown:QueryInterface (in: This=0x595618, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f6dc | out: ppvObject=0x19f6dc*=0x59561c) returned 0x0 [0139.048] IClientSecurity:SetBlanket (This=0x59561c, pProxy=0x595618, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.053] IUnknown:Release (This=0x59561c) returned 0x2 [0139.053] WbemLocator:IUnknown:Release (This=0x5927e8) returned 0x1 [0139.053] CoTaskMemFree (pv=0x59a188) [0139.053] IUnknown:QueryInterface (in: This=0x595618, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2c8 | out: ppvObject=0x19f2c8*=0x5927e8) returned 0x0 [0139.053] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0139.054] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a4 | out: ppvObject=0x19f0a4*=0x0) returned 0x80004002 [0139.055] IUnknown:QueryInterface (in: This=0x595618, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ee7c | out: ppvObject=0x19ee7c*=0x0) returned 0x80004002 [0139.056] WbemLocator:IUnknown:AddRef (This=0x5927e8) returned 0x3 [0139.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19ebe4 | out: ppvObject=0x19ebe4*=0x0) returned 0x80004002 [0139.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19eb94 | out: ppvObject=0x19eb94*=0x0) returned 0x80004002 [0139.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eba0 | out: ppvObject=0x19eba0*=0x592744) returned 0x0 [0139.056] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x592744, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19eba8 | out: pCid=0x19eba8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.056] WbemLocator:IUnknown:Release (This=0x592744) returned 0x3 [0139.056] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0139.056] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0139.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f098 | out: ppvObject=0x19f098*=0x5927cc) returned 0x0 [0139.056] WbemLocator:IRpcOptions:Query (in: This=0x5927cc, pPrx=0x5927e8, dwProperty=2, pdwValue=0x19f0c0 | out: pdwValue=0x19f0c0) returned 0x80004002 [0139.056] WbemLocator:IUnknown:Release (This=0x5927cc) returned 0x3 [0139.056] WbemLocator:IUnknown:Release (This=0x5927e8) returned 0x2 [0139.056] CoGetContextToken (in: pToken=0x19f5d8 | out: pToken=0x19f5d8) returned 0x0 [0139.056] CoGetContextToken (in: pToken=0x19f538 | out: pToken=0x19f538) returned 0x0 [0139.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x19f608*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f604 | out: ppvObject=0x19f604*=0x595618) returned 0x0 [0139.056] IUnknown:AddRef (This=0x595618) returned 0x4 [0139.056] IUnknown:Release (This=0x595618) returned 0x3 [0139.056] IUnknown:Release (This=0x595618) returned 0x2 [0139.056] IUnknown:Release (This=0x595b90) returned 0x2 [0139.056] SysStringLen (param_1=0x0) returned 0x0 [0139.057] IEnumWbemClassObject:Reset (This=0x595618) returned 0x0 [0139.067] CoTaskMemAlloc (cb=0x4) returned 0x59f4c0 [0139.067] IEnumWbemClassObject:Next (in: This=0x595618, lTimeout=-1, uCount=0x1, apObjects=0x59f4c0, puReturned=0x2188c0c | out: apObjects=0x59f4c0*=0x55b600, puReturned=0x2188c0c*=0x1) returned 0x0 [0139.352] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee88 | out: ppvObject=0x19ee88*=0x55b600) returned 0x0 [0139.352] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee44 | out: ppvObject=0x19ee44*=0x0) returned 0x80004002 [0139.352] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0139.352] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0139.353] IUnknown:AddRef (This=0x55b600) returned 0x3 [0139.353] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0139.353] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0139.353] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x55b604) returned 0x0 [0139.353] IMarshal:GetUnmarshalClass (in: This=0x55b604, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.353] IUnknown:Release (This=0x55b604) returned 0x3 [0139.353] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0139.354] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0139.354] IUnknown:QueryInterface (in: This=0x55b600, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0139.354] IUnknown:Release (This=0x55b600) returned 0x2 [0139.354] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0139.354] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0139.354] IUnknown:QueryInterface (in: This=0x55b600, riid=0x19f1c8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x55b600) returned 0x0 [0139.354] IUnknown:AddRef (This=0x55b600) returned 0x4 [0139.354] IUnknown:Release (This=0x55b600) returned 0x3 [0139.354] IUnknown:Release (This=0x55b600) returned 0x2 [0139.354] CoTaskMemFree (pv=0x59f4c0) [0139.354] CoGetContextToken (in: pToken=0x19f508 | out: pToken=0x19f508) returned 0x0 [0139.354] IUnknown:AddRef (This=0x55b600) returned 0x3 [0139.355] IWbemClassObject:Get (in: This=0x55b600, wszName="__GENUS", lFlags=0, pVal=0x19f818*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f898*=0, plFlavor=0x19f894*=0 | out: pVal=0x19f818*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f898*=3, plFlavor=0x19f894*=64) returned 0x0 [0139.355] IWbemClassObject:Get (in: This=0x55b600, wszName="__PATH", lFlags=0, pVal=0x19f7fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f880*=0, plFlavor=0x19f87c*=0 | out: pVal=0x19f7fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x19f880*=8, plFlavor=0x19f87c*=64) returned 0x0 [0139.355] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0139.355] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0139.355] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f828 | out: ppv=0x19f828*=0x508aac) returned 0x0 [0139.355] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f820 | out: pAptType=0x19f820*=1) returned 0x0 [0139.355] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f824 | out: ppvObject=0x19f824*=0x0) returned 0x80004002 [0139.355] IUnknown:Release (This=0x508aac) returned 0x1 [0139.357] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f190 | out: ppv=0x19f190*=0x59f4b0) returned 0x0 [0139.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f4b0, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3a8 | out: ppvObject=0x19f3a8*=0x0) returned 0x80004002 [0139.357] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f4b0, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3bc | out: ppvObject=0x19f3bc*=0x5806b0) returned 0x0 [0139.357] WbemDefPath:IUnknown:Release (This=0x59f4b0) returned 0x0 [0139.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efdc | out: ppvObject=0x19efdc*=0x5806b0) returned 0x0 [0139.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef98 | out: ppvObject=0x19ef98*=0x0) returned 0x80004002 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eb8c | out: ppvObject=0x19eb8c*=0x0) returned 0x80004002 [0139.358] WbemDefPath:IUnknown:AddRef (This=0x5806b0) returned 0x3 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x0) returned 0x80004002 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b0 | out: ppvObject=0x19e8b0*=0x50d2d68) returned 0x0 [0139.358] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d2d68, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8b8 | out: pCid=0x19e8b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.358] WbemDefPath:IUnknown:Release (This=0x50d2d68) returned 0x3 [0139.358] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0139.358] CoGetContextToken (in: pToken=0x19ed18 | out: pToken=0x19ed18) returned 0x0 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda8 | out: ppvObject=0x19eda8*=0x0) returned 0x80004002 [0139.358] WbemDefPath:IUnknown:Release (This=0x5806b0) returned 0x2 [0139.358] WbemDefPath:IUnknown:Release (This=0x5806b0) returned 0x1 [0139.358] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0139.358] CoGetContextToken (in: pToken=0x19f600 | out: pToken=0x19f600) returned 0x0 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5806b0, riid=0x19f6d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6cc | out: ppvObject=0x19f6cc*=0x5806b0) returned 0x0 [0139.358] WbemDefPath:IUnknown:AddRef (This=0x5806b0) returned 0x3 [0139.358] WbemDefPath:IUnknown:Release (This=0x5806b0) returned 0x2 [0139.358] WbemDefPath:IWbemPath:SetText (This=0x5806b0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0139.359] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f854 | out: puCount=0x19f854*=0x2) returned 0x0 [0139.359] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0x0, pszText=0x0 | out: puBuffLength=0x19f850*=0xf, pszText=0x0) returned 0x0 [0139.359] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f850*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.362] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f820 | out: puCount=0x19f820*=0x2) returned 0x0 [0139.362] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f81c*=0x0, pszText=0x0 | out: puBuffLength=0x19f81c*=0xf, pszText=0x0) returned 0x0 [0139.362] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f81c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f81c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.363] IWbemClassObject:Get (in: This=0x55b600, wszName="IPEnabled", lFlags=0, pVal=0x19f81c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189460*=0, plFlavor=0x2189464*=0 | out: pVal=0x19f81c*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189460*=11, plFlavor=0x2189464*=0) returned 0x0 [0139.363] IWbemClassObject:Get (in: This=0x55b600, wszName="IPEnabled", lFlags=0, pVal=0x19f824*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189460*=11, plFlavor=0x2189464*=0 | out: pVal=0x19f824*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189460*=11, plFlavor=0x2189464*=0) returned 0x0 [0139.429] IUnknown:Release (This=0x55b600) returned 0x2 [0139.431] CoTaskMemAlloc (cb=0x4) returned 0x59f4c0 [0139.431] IEnumWbemClassObject:Next (in: This=0x595618, lTimeout=-1, uCount=0x1, apObjects=0x59f4c0, puReturned=0x2188c0c | out: apObjects=0x59f4c0*=0x55bc60, puReturned=0x2188c0c*=0x1) returned 0x0 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee88 | out: ppvObject=0x19ee88*=0x55bc60) returned 0x0 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee44 | out: ppvObject=0x19ee44*=0x0) returned 0x80004002 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0139.434] IUnknown:AddRef (This=0x55bc60) returned 0x3 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0139.434] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x55bc64) returned 0x0 [0139.434] IMarshal:GetUnmarshalClass (in: This=0x55bc64, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.434] IUnknown:Release (This=0x55bc64) returned 0x3 [0139.434] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0139.435] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0139.435] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0139.435] IUnknown:Release (This=0x55bc60) returned 0x2 [0139.435] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0139.435] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0139.435] IUnknown:QueryInterface (in: This=0x55bc60, riid=0x19f1c8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x55bc60) returned 0x0 [0139.435] IUnknown:AddRef (This=0x55bc60) returned 0x4 [0139.435] IUnknown:Release (This=0x55bc60) returned 0x3 [0139.435] IUnknown:Release (This=0x55bc60) returned 0x2 [0139.435] CoTaskMemFree (pv=0x59f4c0) [0139.435] CoGetContextToken (in: pToken=0x19f508 | out: pToken=0x19f508) returned 0x0 [0139.435] IUnknown:AddRef (This=0x55bc60) returned 0x3 [0139.435] IWbemClassObject:Get (in: This=0x55bc60, wszName="__GENUS", lFlags=0, pVal=0x19f818*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f898*=0, plFlavor=0x19f894*=0 | out: pVal=0x19f818*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f898*=3, plFlavor=0x19f894*=64) returned 0x0 [0139.435] IWbemClassObject:Get (in: This=0x55bc60, wszName="__PATH", lFlags=0, pVal=0x19f7fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f880*=0, plFlavor=0x19f87c*=0 | out: pVal=0x19f7fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x19f880*=8, plFlavor=0x19f87c*=64) returned 0x0 [0139.435] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0139.435] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0139.435] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f828 | out: ppv=0x19f828*=0x508aac) returned 0x0 [0139.436] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f820 | out: pAptType=0x19f820*=1) returned 0x0 [0139.436] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f824 | out: ppvObject=0x19f824*=0x0) returned 0x80004002 [0139.436] IUnknown:Release (This=0x508aac) returned 0x1 [0139.436] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f190 | out: ppv=0x19f190*=0x59f4e0) returned 0x0 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f4e0, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3a8 | out: ppvObject=0x19f3a8*=0x0) returned 0x80004002 [0139.437] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f4e0, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3bc | out: ppvObject=0x19f3bc*=0x580870) returned 0x0 [0139.437] WbemDefPath:IUnknown:Release (This=0x59f4e0) returned 0x0 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efdc | out: ppvObject=0x19efdc*=0x580870) returned 0x0 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef98 | out: ppvObject=0x19ef98*=0x0) returned 0x80004002 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eb8c | out: ppvObject=0x19eb8c*=0x0) returned 0x80004002 [0139.437] WbemDefPath:IUnknown:AddRef (This=0x580870) returned 0x3 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x0) returned 0x80004002 [0139.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b0 | out: ppvObject=0x19e8b0*=0x50d2d50) returned 0x0 [0139.437] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d2d50, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8b8 | out: pCid=0x19e8b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.438] WbemDefPath:IUnknown:Release (This=0x50d2d50) returned 0x3 [0139.438] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0139.438] CoGetContextToken (in: pToken=0x19ed18 | out: pToken=0x19ed18) returned 0x0 [0139.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda8 | out: ppvObject=0x19eda8*=0x0) returned 0x80004002 [0139.438] WbemDefPath:IUnknown:Release (This=0x580870) returned 0x2 [0139.438] WbemDefPath:IUnknown:Release (This=0x580870) returned 0x1 [0139.438] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0139.438] CoGetContextToken (in: pToken=0x19f600 | out: pToken=0x19f600) returned 0x0 [0139.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x580870, riid=0x19f6d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6cc | out: ppvObject=0x19f6cc*=0x580870) returned 0x0 [0139.438] WbemDefPath:IUnknown:AddRef (This=0x580870) returned 0x3 [0139.438] WbemDefPath:IUnknown:Release (This=0x580870) returned 0x2 [0139.438] WbemDefPath:IWbemPath:SetText (This=0x580870, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0139.438] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f854 | out: puCount=0x19f854*=0x2) returned 0x0 [0139.438] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0x0, pszText=0x0 | out: puBuffLength=0x19f850*=0xf, pszText=0x0) returned 0x0 [0139.438] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f850*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.438] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f820 | out: puCount=0x19f820*=0x2) returned 0x0 [0139.438] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f81c*=0x0, pszText=0x0 | out: puBuffLength=0x19f81c*=0xf, pszText=0x0) returned 0x0 [0139.438] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f81c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f81c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.438] IWbemClassObject:Get (in: This=0x55bc60, wszName="IPEnabled", lFlags=0, pVal=0x19f81c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189ed8*=0, plFlavor=0x2189edc*=0 | out: pVal=0x19f81c*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x2189ed8*=11, plFlavor=0x2189edc*=0) returned 0x0 [0139.438] IWbemClassObject:Get (in: This=0x55bc60, wszName="IPEnabled", lFlags=0, pVal=0x19f824*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189ed8*=11, plFlavor=0x2189edc*=0 | out: pVal=0x19f824*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x2189ed8*=11, plFlavor=0x2189edc*=0) returned 0x0 [0139.441] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f820 | out: puCount=0x19f820*=0x2) returned 0x0 [0139.441] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f81c*=0x0, pszText=0x0 | out: puBuffLength=0x19f81c*=0xf, pszText=0x0) returned 0x0 [0139.441] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f81c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f81c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.442] IWbemClassObject:Get (in: This=0x55bc60, wszName="MacAddress", lFlags=0, pVal=0x19f81c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189f74*=0, plFlavor=0x2189f78*=0 | out: pVal=0x19f81c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="40:30:04:FB:63:BD", varVal2=0x0), pType=0x2189f74*=8, plFlavor=0x2189f78*=0) returned 0x0 [0139.442] SysStringByteLen (bstr="40:30:04:FB:63:BD") returned 0x22 [0139.442] SysStringByteLen (bstr="40:30:04:FB:63:BD") returned 0x22 [0139.442] IWbemClassObject:Get (in: This=0x55bc60, wszName="MacAddress", lFlags=0, pVal=0x19f824*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2189f74*=8, plFlavor=0x2189f78*=0 | out: pVal=0x19f824*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="40:30:04:FB:63:BD", varVal2=0x0), pType=0x2189f74*=8, plFlavor=0x2189f78*=0) returned 0x0 [0139.442] SysStringByteLen (bstr="40:30:04:FB:63:BD") returned 0x22 [0139.442] SysStringByteLen (bstr="40:30:04:FB:63:BD") returned 0x22 [0139.442] IUnknown:Release (This=0x55bc60) returned 0x2 [0139.442] CoTaskMemAlloc (cb=0x4) returned 0x59f430 [0139.442] IEnumWbemClassObject:Next (in: This=0x595618, lTimeout=-1, uCount=0x1, apObjects=0x59f430, puReturned=0x2188c0c | out: apObjects=0x59f430*=0x5b18d8, puReturned=0x2188c0c*=0x1) returned 0x0 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee88 | out: ppvObject=0x19ee88*=0x5b18d8) returned 0x0 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee44 | out: ppvObject=0x19ee44*=0x0) returned 0x80004002 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0139.443] IUnknown:AddRef (This=0x5b18d8) returned 0x3 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0139.443] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x5b18dc) returned 0x0 [0139.444] IMarshal:GetUnmarshalClass (in: This=0x5b18dc, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.444] IUnknown:Release (This=0x5b18dc) returned 0x3 [0139.444] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0139.444] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0139.444] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0139.444] IUnknown:Release (This=0x5b18d8) returned 0x2 [0139.444] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0139.444] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0139.444] IUnknown:QueryInterface (in: This=0x5b18d8, riid=0x19f1c8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x5b18d8) returned 0x0 [0139.444] IUnknown:AddRef (This=0x5b18d8) returned 0x4 [0139.444] IUnknown:Release (This=0x5b18d8) returned 0x3 [0139.444] IUnknown:Release (This=0x5b18d8) returned 0x2 [0139.444] CoTaskMemFree (pv=0x59f430) [0139.444] CoGetContextToken (in: pToken=0x19f508 | out: pToken=0x19f508) returned 0x0 [0139.444] IUnknown:AddRef (This=0x5b18d8) returned 0x3 [0139.444] IWbemClassObject:Get (in: This=0x5b18d8, wszName="__GENUS", lFlags=0, pVal=0x19f818*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f898*=0, plFlavor=0x19f894*=0 | out: pVal=0x19f818*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f898*=3, plFlavor=0x19f894*=64) returned 0x0 [0139.444] IWbemClassObject:Get (in: This=0x5b18d8, wszName="__PATH", lFlags=0, pVal=0x19f7fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f880*=0, plFlavor=0x19f87c*=0 | out: pVal=0x19f7fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x19f880*=8, plFlavor=0x19f87c*=64) returned 0x0 [0139.444] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0139.444] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0139.444] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f828 | out: ppv=0x19f828*=0x508aac) returned 0x0 [0139.445] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f820 | out: pAptType=0x19f820*=1) returned 0x0 [0139.445] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f824 | out: ppvObject=0x19f824*=0x0) returned 0x80004002 [0139.445] IUnknown:Release (This=0x508aac) returned 0x1 [0139.445] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f190 | out: ppv=0x19f190*=0x59f550) returned 0x0 [0139.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f550, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3a8 | out: ppvObject=0x19f3a8*=0x0) returned 0x80004002 [0139.446] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f550, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3bc | out: ppvObject=0x19f3bc*=0x5baac0) returned 0x0 [0139.446] WbemDefPath:IUnknown:Release (This=0x59f550) returned 0x0 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efdc | out: ppvObject=0x19efdc*=0x5baac0) returned 0x0 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef98 | out: ppvObject=0x19ef98*=0x0) returned 0x80004002 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eb8c | out: ppvObject=0x19eb8c*=0x0) returned 0x80004002 [0139.446] WbemDefPath:IUnknown:AddRef (This=0x5baac0) returned 0x3 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x0) returned 0x80004002 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b0 | out: ppvObject=0x19e8b0*=0x5ba0d8) returned 0x0 [0139.446] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ba0d8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8b8 | out: pCid=0x19e8b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.446] WbemDefPath:IUnknown:Release (This=0x5ba0d8) returned 0x3 [0139.446] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0139.446] CoGetContextToken (in: pToken=0x19ed18 | out: pToken=0x19ed18) returned 0x0 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda8 | out: ppvObject=0x19eda8*=0x0) returned 0x80004002 [0139.446] WbemDefPath:IUnknown:Release (This=0x5baac0) returned 0x2 [0139.446] WbemDefPath:IUnknown:Release (This=0x5baac0) returned 0x1 [0139.446] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0139.446] CoGetContextToken (in: pToken=0x19f600 | out: pToken=0x19f600) returned 0x0 [0139.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baac0, riid=0x19f6d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6cc | out: ppvObject=0x19f6cc*=0x5baac0) returned 0x0 [0139.447] WbemDefPath:IUnknown:AddRef (This=0x5baac0) returned 0x3 [0139.447] WbemDefPath:IUnknown:Release (This=0x5baac0) returned 0x2 [0139.447] WbemDefPath:IWbemPath:SetText (This=0x5baac0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0139.447] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f854 | out: puCount=0x19f854*=0x2) returned 0x0 [0139.447] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0x0, pszText=0x0 | out: puBuffLength=0x19f850*=0xf, pszText=0x0) returned 0x0 [0139.447] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f850*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.447] CoTaskMemAlloc (cb=0x4) returned 0x59f510 [0139.447] IEnumWbemClassObject:Next (in: This=0x595618, lTimeout=-1, uCount=0x1, apObjects=0x59f510, puReturned=0x2188c0c | out: apObjects=0x59f510*=0x5b1c08, puReturned=0x2188c0c*=0x1) returned 0x0 [0139.516] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee88 | out: ppvObject=0x19ee88*=0x5b1c08) returned 0x0 [0139.516] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee44 | out: ppvObject=0x19ee44*=0x0) returned 0x80004002 [0139.516] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0139.516] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0139.516] IUnknown:AddRef (This=0x5b1c08) returned 0x3 [0139.516] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0139.516] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0139.517] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x5b1c0c) returned 0x0 [0139.517] IMarshal:GetUnmarshalClass (in: This=0x5b1c0c, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.517] IUnknown:Release (This=0x5b1c0c) returned 0x3 [0139.517] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0139.517] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0139.517] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0139.517] IUnknown:Release (This=0x5b1c08) returned 0x2 [0139.517] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0139.517] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0139.517] IUnknown:QueryInterface (in: This=0x5b1c08, riid=0x19f1c8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x5b1c08) returned 0x0 [0139.517] IUnknown:AddRef (This=0x5b1c08) returned 0x4 [0139.517] IUnknown:Release (This=0x5b1c08) returned 0x3 [0139.517] IUnknown:Release (This=0x5b1c08) returned 0x2 [0139.517] CoTaskMemFree (pv=0x59f510) [0139.517] CoGetContextToken (in: pToken=0x19f508 | out: pToken=0x19f508) returned 0x0 [0139.517] IUnknown:AddRef (This=0x5b1c08) returned 0x3 [0139.517] IWbemClassObject:Get (in: This=0x5b1c08, wszName="__GENUS", lFlags=0, pVal=0x19f818*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f898*=0, plFlavor=0x19f894*=0 | out: pVal=0x19f818*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f898*=3, plFlavor=0x19f894*=64) returned 0x0 [0139.517] IWbemClassObject:Get (in: This=0x5b1c08, wszName="__PATH", lFlags=0, pVal=0x19f7fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f880*=0, plFlavor=0x19f87c*=0 | out: pVal=0x19f7fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x19f880*=8, plFlavor=0x19f87c*=64) returned 0x0 [0139.518] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0139.518] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0139.518] CoGetObjectContext (in: riid=0x2182258*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f828 | out: ppv=0x19f828*=0x508aac) returned 0x0 [0139.518] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f820 | out: pAptType=0x19f820*=1) returned 0x0 [0139.518] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2182240*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f824 | out: ppvObject=0x19f824*=0x0) returned 0x80004002 [0139.518] IUnknown:Release (This=0x508aac) returned 0x1 [0139.518] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f190 | out: ppv=0x19f190*=0x59f530) returned 0x0 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f530, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f3a8 | out: ppvObject=0x19f3a8*=0x0) returned 0x80004002 [0139.519] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f530, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3bc | out: ppvObject=0x19f3bc*=0x5bb1c0) returned 0x0 [0139.519] WbemDefPath:IUnknown:Release (This=0x59f530) returned 0x0 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efdc | out: ppvObject=0x19efdc*=0x5bb1c0) returned 0x0 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ef98 | out: ppvObject=0x19ef98*=0x0) returned 0x80004002 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eb8c | out: ppvObject=0x19eb8c*=0x0) returned 0x80004002 [0139.519] WbemDefPath:IUnknown:AddRef (This=0x5bb1c0) returned 0x3 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x0) returned 0x80004002 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b0 | out: ppvObject=0x19e8b0*=0x5ba180) returned 0x0 [0139.519] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ba180, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e8b8 | out: pCid=0x19e8b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.519] WbemDefPath:IUnknown:Release (This=0x5ba180) returned 0x3 [0139.519] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0139.519] CoGetContextToken (in: pToken=0x19ed18 | out: pToken=0x19ed18) returned 0x0 [0139.519] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda8 | out: ppvObject=0x19eda8*=0x0) returned 0x80004002 [0139.519] WbemDefPath:IUnknown:Release (This=0x5bb1c0) returned 0x2 [0139.519] WbemDefPath:IUnknown:Release (This=0x5bb1c0) returned 0x1 [0139.519] CoGetContextToken (in: pToken=0x19f6a0 | out: pToken=0x19f6a0) returned 0x0 [0139.520] CoGetContextToken (in: pToken=0x19f600 | out: pToken=0x19f600) returned 0x0 [0139.520] WbemDefPath:IUnknown:QueryInterface (in: This=0x5bb1c0, riid=0x19f6d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f6cc | out: ppvObject=0x19f6cc*=0x5bb1c0) returned 0x0 [0139.520] WbemDefPath:IUnknown:AddRef (This=0x5bb1c0) returned 0x3 [0139.520] WbemDefPath:IUnknown:Release (This=0x5bb1c0) returned 0x2 [0139.520] WbemDefPath:IWbemPath:SetText (This=0x5bb1c0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0139.520] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580790, puCount=0x19f854 | out: puCount=0x19f854*=0x2) returned 0x0 [0139.520] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0x0, pszText=0x0 | out: puBuffLength=0x19f850*=0xf, pszText=0x0) returned 0x0 [0139.520] WbemDefPath:IWbemPath:GetText (in: This=0x580790, lFlags=4, puBuffLength=0x19f850*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f850*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.520] CoTaskMemAlloc (cb=0x4) returned 0x59f4b0 [0139.520] IEnumWbemClassObject:Next (in: This=0x595618, lTimeout=-1, uCount=0x1, apObjects=0x59f4b0, puReturned=0x2188c0c | out: apObjects=0x59f4b0*=0x0, puReturned=0x2188c0c*=0x0) returned 0x1 [0139.521] CoTaskMemFree (pv=0x59f4b0) [0139.521] CoGetContextToken (in: pToken=0x19f750 | out: pToken=0x19f750) returned 0x0 [0139.521] WbemLocator:IUnknown:Release (This=0x5927e8) returned 0x1 [0139.521] IUnknown:Release (This=0x595618) returned 0x0 [0139.623] GetEnvironmentVariableW (in: lpName="%startupfolder%", lpBuffer=0x19f788, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.829] GetUserNameW (in: lpBuffer=0x19f688, pcbBuffer=0x218ba04 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x218ba04) returned 1 [0139.840] GetComputerNameW (in: lpBuffer=0x19f688, nSize=0x218be80 | out: lpBuffer="XC64ZB", nSize=0x218be80) returned 1 [0139.931] EtwEventRegister (in: ProviderId=0x218c428, EnableCallback=0x47b47b6, CallbackContext=0x0, RegHandle=0x218c404 | out: RegHandle=0x218c404) returned 0x0 [0140.003] EtwEventSetInformation (RegHandle=0x566668, InformationClass=0x48, EventInformation=0x2, InformationLength=0x218c3c8) returned 0x0 [0140.004] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f84c | out: UnbiasedTime=0x19f84c) returned 1 [0140.021] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f83c | out: UnbiasedTime=0x19f83c) returned 1 [0140.047] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f86c | out: UnbiasedTime=0x19f86c) returned 1 [0140.047] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f85c | out: UnbiasedTime=0x19f85c) returned 1 [0149.495] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.495] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x56ddb0, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0149.495] CoTaskMemFree (pv=0x56ddb0) [0149.498] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", nBufferLength=0x105, lpBuffer=0x19f380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpFilePart=0x0) returned 0x62 [0149.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", nBufferLength=0x105, lpBuffer=0x19f32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpFilePart=0x0) returned 0x62 [0149.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", nBufferLength=0x105, lpBuffer=0x19f32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpFilePart=0x0) returned 0x62 [0149.529] CoTaskMemAlloc (cb=0x67) returned 0x5ba430 [0149.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", cchWideChar=98, lpMultiByteStr=0x218d0c4, cbMultiByte=99, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe", lpUsedDefaultChar=0x0) returned 98 [0149.529] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5ba434, nSize=0x100 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe")) returned 0x62 [0149.530] CoTaskMemFree (pv=0x5ba430) [0149.537] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.537] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x56ddb0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0149.537] CoTaskMemFree (pv=0x56ddb0) [0149.537] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19f3ac, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0149.539] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19f3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0149.543] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19f6d4 | out: lpTimeZoneInformation=0x19f6d4) returned 0x2 [0149.546] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19f528 | out: pTimeZoneInformation=0x19f528) returned 0x2 [0149.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f60c | out: phkResult=0x19f60c*=0x460) returned 0x0 [0149.550] RegQueryValueExW (in: hKey=0x460, lpValueName="TZI", lpReserved=0x0, lpType=0x19f628, lpData=0x0, lpcbData=0x19f624*=0x0 | out: lpType=0x19f628*=0x3, lpData=0x0, lpcbData=0x19f624*=0x2c) returned 0x0 [0149.550] RegQueryValueExW (in: hKey=0x460, lpValueName="TZI", lpReserved=0x0, lpType=0x19f628, lpData=0x218e0e0, lpcbData=0x19f624*=0x2c | out: lpType=0x19f628*=0x3, lpData=0x218e0e0*, lpcbData=0x19f624*=0x2c) returned 0x0 [0149.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f460 | out: phkResult=0x19f460*=0x0) returned 0x2 [0149.552] RegQueryValueExW (in: hKey=0x460, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f600, lpData=0x0, lpcbData=0x19f5fc*=0x0 | out: lpType=0x19f600*=0x1, lpData=0x0, lpcbData=0x19f5fc*=0x20) returned 0x0 [0149.552] RegQueryValueExW (in: hKey=0x460, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f600, lpData=0x218e504, lpcbData=0x19f5fc*=0x20 | out: lpType=0x19f600*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19f5fc*=0x20) returned 0x0 [0149.553] RegQueryValueExW (in: hKey=0x460, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f600, lpData=0x0, lpcbData=0x19f5fc*=0x0 | out: lpType=0x19f600*=0x1, lpData=0x0, lpcbData=0x19f5fc*=0x20) returned 0x0 [0149.553] RegQueryValueExW (in: hKey=0x460, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f600, lpData=0x218e55c, lpcbData=0x19f5fc*=0x20 | out: lpType=0x19f600*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19f5fc*=0x20) returned 0x0 [0149.553] RegQueryValueExW (in: hKey=0x460, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f600, lpData=0x0, lpcbData=0x19f5fc*=0x0 | out: lpType=0x19f600*=0x1, lpData=0x0, lpcbData=0x19f5fc*=0x20) returned 0x0 [0149.553] RegQueryValueExW (in: hKey=0x460, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f600, lpData=0x218e5b4, lpcbData=0x19f5fc*=0x20 | out: lpType=0x19f600*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19f5fc*=0x20) returned 0x0 [0149.574] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.574] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x56ddb0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0149.576] CoTaskMemFree (pv=0x56ddb0) [0149.577] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.577] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f61c, pwszFileMUIPath=0x56ddb0, pcchFileMUIPath=0x19f620, pululEnumerator=0x19f614 | out: pwszLanguage=0x0, pcchLanguage=0x19f61c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f620, pululEnumerator=0x19f614) returned 1 [0149.600] CoTaskMemFree (pv=0x0) [0149.600] CoTaskMemFree (pv=0x56ddb0) [0149.600] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5390001 [0149.619] CoTaskMemAlloc (cb=0x3ec) returned 0x50eeac0 [0149.620] LoadStringW (in: hInstance=0x5390001, uID=0x140, lpBuffer=0x50eeac0, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0149.620] CoTaskMemFree (pv=0x50eeac0) [0149.620] FreeLibrary (hLibModule=0x5390001) returned 1 [0149.621] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.621] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x56ddb0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0149.621] CoTaskMemFree (pv=0x56ddb0) [0149.621] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.621] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f61c, pwszFileMUIPath=0x56ddb0, pcchFileMUIPath=0x19f620, pululEnumerator=0x19f614 | out: pwszLanguage=0x0, pcchLanguage=0x19f61c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f620, pululEnumerator=0x19f614) returned 1 [0149.624] CoTaskMemFree (pv=0x0) [0149.624] CoTaskMemFree (pv=0x56ddb0) [0149.625] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5390001 [0149.628] CoTaskMemAlloc (cb=0x3ec) returned 0x50eeac0 [0149.628] LoadStringW (in: hInstance=0x5390001, uID=0x142, lpBuffer=0x50eeac0, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0149.628] CoTaskMemFree (pv=0x50eeac0) [0149.628] FreeLibrary (hLibModule=0x5390001) returned 1 [0149.629] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.629] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x56ddb0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0149.629] CoTaskMemFree (pv=0x56ddb0) [0149.629] CoTaskMemAlloc (cb=0x20c) returned 0x56ddb0 [0149.629] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f61c, pwszFileMUIPath=0x56ddb0, pcchFileMUIPath=0x19f620, pululEnumerator=0x19f614 | out: pwszLanguage=0x0, pcchLanguage=0x19f61c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f620, pululEnumerator=0x19f614) returned 1 [0149.632] CoTaskMemFree (pv=0x0) [0149.632] CoTaskMemFree (pv=0x56ddb0) [0149.632] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5390001 [0149.639] CoTaskMemAlloc (cb=0x3ec) returned 0x50eeac0 [0149.639] LoadStringW (in: hInstance=0x5390001, uID=0x141, lpBuffer=0x50eeac0, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0149.639] CoTaskMemFree (pv=0x50eeac0) [0149.639] FreeLibrary (hLibModule=0x5390001) returned 1 [0149.641] RegCloseKey (hKey=0x460) returned 0x0 [0149.657] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\\\tmpG692.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpg692.tmp"), dwFlags=0x8) returned 1 [0220.256] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19f2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0220.257] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19f258, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0220.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19f224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0220.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19f1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0220.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19f258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0220.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6b8) returned 1 [0220.265] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f734 | out: lpFileInformation=0x19f734*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0220.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6b4) returned 1 [0220.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19f194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0220.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f688) returned 1 [0220.267] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3bc [0220.267] GetFileType (hFile=0x3bc) returned 0x1 [0220.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f684) returned 1 [0220.267] GetFileType (hFile=0x3bc) returned 0x1 [0220.271] GetFileSize (in: hFile=0x3bc, lpFileSizeHigh=0x19f6c0 | out: lpFileSizeHigh=0x19f6c0*=0x0) returned 0x8c8f [0220.272] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f67c, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f67c*=0x1000, lpOverlapped=0x0) returned 1 [0220.274] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f61c, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f61c*=0x1000, lpOverlapped=0x0) returned 1 [0220.275] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f598, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f598*=0x1000, lpOverlapped=0x0) returned 1 [0220.275] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f598, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f598*=0x1000, lpOverlapped=0x0) returned 1 [0220.275] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f598, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f598*=0x1000, lpOverlapped=0x0) returned 1 [0220.275] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f598, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f598*=0x1000, lpOverlapped=0x0) returned 1 [0220.275] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f618, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f618*=0x1000, lpOverlapped=0x0) returned 1 [0220.275] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f598, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f598*=0x1000, lpOverlapped=0x0) returned 1 [0220.276] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f598, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f598*=0xc8f, lpOverlapped=0x0) returned 1 [0220.276] ReadFile (in: hFile=0x3bc, lpBuffer=0x21934d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f640, lpOverlapped=0x0 | out: lpBuffer=0x21934d4*, lpNumberOfBytesRead=0x19f640*=0x0, lpOverlapped=0x0) returned 1 [0220.276] CloseHandle (hObject=0x3bc) returned 1 [0220.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19f1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0220.277] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", nBufferLength=0x105, lpBuffer=0x19f254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config", lpFilePart=0x0) returned 0x69 [0220.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6b4) returned 1 [0220.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19f730 | out: lpFileInformation=0x19f730*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6b0) returned 1 [0220.456] CoTaskMemAlloc (cb=0x20c) returned 0x58bb08 [0220.456] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x58bb08 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0220.459] CoTaskMemFree (pv=0x58bb08) [0220.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0220.461] CoTaskMemAlloc (cb=0x20c) returned 0x58bb08 [0220.461] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x58bb08 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0220.461] CoTaskMemFree (pv=0x58bb08) [0220.461] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0221.423] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0221.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x41 [0221.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3e [0221.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.426] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0221.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.426] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x33 [0221.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0221.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0221.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0221.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0221.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0221.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0221.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0221.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.429] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0221.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0221.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0221.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0221.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0221.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0221.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0221.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0221.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0221.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0221.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0221.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0221.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0221.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.435] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0221.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.500] CoTaskMemAlloc (cb=0x20c) returned 0x58cb10 [0221.500] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x58cb10, nSize=0x104 | out: lpBuffer="") returned 0x25 [0221.500] CoTaskMemFree (pv=0x58cb10) [0221.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x19ee70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x3b [0221.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d0) returned 1 [0221.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f34c | out: lpFileInformation=0x19f34c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2cc) returned 1 [0221.512] CoTaskMemAlloc (cb=0x20c) returned 0x58cb10 [0221.512] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x58cb10, nSize=0x104 | out: lpBuffer="") returned 0x25 [0221.512] CoTaskMemFree (pv=0x58cb10) [0221.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0221.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0221.598] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0221.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0221.703] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0221.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0221.703] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0221.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0221.753] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f368 | out: phkResult=0x19f368*=0x0) returned 0x2 [0221.787] CoTaskMemAlloc (cb=0x20c) returned 0x58cb10 [0221.787] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x58cb10, nSize=0x104 | out: lpBuffer="") returned 0x2 [0221.787] CoTaskMemFree (pv=0x58cb10) [0221.789] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x19eeb0, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13 [0221.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f310) returned 1 [0221.789] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x19f38c | out: lpFileInformation=0x19f38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f30c) returned 1 [0221.794] CoTaskMemAlloc (cb=0x20c) returned 0x58cb10 [0221.794] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x58cb10 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0221.794] CoTaskMemFree (pv=0x58cb10) [0221.794] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0221.797] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ee50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x3c [0221.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0221.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f328 | out: lpFileInformation=0x19f328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0221.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a8) returned 1 [0221.828] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f358 | out: phkResult=0x19f358*=0x0) returned 0x2 [0221.864] CoTaskMemAlloc (cb=0x20c) returned 0x58cb10 [0221.864] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x58cb10 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0221.864] CoTaskMemFree (pv=0x58cb10) [0221.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19edf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0221.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ee8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0221.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2e8) returned 1 [0221.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x19f364 | out: lpFileInformation=0x19f364*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cb400, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0221.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2e4) returned 1 [0221.867] CoTaskMemAlloc (cb=0x20c) returned 0x58cb10 [0221.867] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x58cb10 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0221.867] CoTaskMemFree (pv=0x58cb10) [0221.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19edf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0221.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f364) returned 1 [0221.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ee6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0221.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ee40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0221.871] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x19f08c | out: lpFindFileData=0x19f08c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cb400, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5804b0 [0221.873] FindNextFileW (in: hFindFile=0x5804b0, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cb400, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.873] FindNextFileW (in: hFindFile=0x5804b0, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0221.873] FindNextFileW (in: hFindFile=0x5804b0, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0221.874] FindClose (in: hFindFile=0x5804b0 | out: hFindFile=0x5804b0) returned 1 [0221.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f324) returned 1 [0221.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0221.876] CoTaskMemAlloc (cb=0x20c) returned 0x50e6080 [0221.876] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x50e6080 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0221.876] CoTaskMemFree (pv=0x50e6080) [0221.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19edf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0221.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ee8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0221.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2e8) returned 1 [0221.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x19f364 | out: lpFileInformation=0x19f364*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0221.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2e4) returned 1 [0221.877] CoTaskMemAlloc (cb=0x20c) returned 0x50e6080 [0221.877] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x50e6080 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0221.877] CoTaskMemFree (pv=0x50e6080) [0221.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19edf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0221.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f364) returned 1 [0221.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ee6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0221.878] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ee40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0221.878] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x19f08c | out: lpFindFileData=0x19f08c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x57ff70 [0221.878] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0221.879] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0221.879] FindClose (in: hFindFile=0x57ff70 | out: hFindFile=0x57ff70) returned 1 [0221.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f324) returned 1 [0221.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0221.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19edf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0221.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2a4) returned 1 [0221.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x21b9a54 | out: lpFileInformation=0x21b9a54*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0221.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2a0) returned 1 [0221.934] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ece8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0221.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1dc) returned 1 [0221.934] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0221.935] GetFileType (hFile=0x3a8) returned 0x1 [0221.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1d8) returned 1 [0221.935] GetFileType (hFile=0x3a8) returned 0x1 [0221.935] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x19f2e4 | out: lpFileSizeHigh=0x19f2e4*=0x0) returned 0x2ac0 [0221.936] ReadFile (in: hFile=0x3a8, lpBuffer=0x21b9d1c, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f290, lpOverlapped=0x0 | out: lpBuffer=0x21b9d1c*, lpNumberOfBytesRead=0x19f290*=0x2ac0, lpOverlapped=0x0) returned 1 [0221.939] CloseHandle (hObject=0x3a8) returned 1 [0222.086] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ede0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0222.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f274) returned 1 [0222.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x19f2f0 | out: lpFileInformation=0x19f2f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0222.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f270) returned 1 [0222.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ede0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0222.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f274) returned 1 [0222.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x19f2f0 | out: lpFileInformation=0x19f2f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0222.088] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f270) returned 1 [0222.122] CoTaskMemAlloc (cb=0x20c) returned 0x50e6080 [0222.122] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x50e6080 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0222.123] CoTaskMemFree (pv=0x50e6080) [0222.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19edf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0222.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f364) returned 1 [0222.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x19ee6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0222.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x19ee40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0222.125] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x19f08c | out: lpFindFileData=0x19f08c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x57ff70 [0222.126] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.126] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa55c36e7, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0222.126] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0222.126] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0222.126] FindNextFileW (in: hFindFile=0x57ff70, lpFindFileData=0x19f09c | out: lpFindFileData=0x19f09c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0222.127] FindClose (in: hFindFile=0x57ff70 | out: hFindFile=0x57ff70) returned 1 [0222.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f324) returned 1 [0222.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0222.166] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19ee94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0222.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f4) returned 1 [0222.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24"), fInfoLevelId=0x0, lpFileInformation=0x19f370 | out: lpFileInformation=0x19f370*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xde7dde0f, ftCreationTime.dwHighDateTime=0x1d7b055, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0222.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f0) returned 1 [0222.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19eea4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0222.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19ee78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0222.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", nBufferLength=0x105, lpBuffer=0x19ee7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0222.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\.", nBufferLength=0x105, lpBuffer=0x19ee10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0222.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19ed80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0222.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f274) returned 1 [0222.348] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0222.349] GetFileType (hFile=0x3a8) returned 0x1 [0222.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f270) returned 1 [0222.349] GetFileType (hFile=0x3a8) returned 0x1 [0222.349] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x19f37c | out: lpFileSizeHigh=0x19f37c*=0x0) returned 0x1d4 [0222.349] ReadFile (in: hFile=0x3a8, lpBuffer=0x21c4e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f328, lpOverlapped=0x0 | out: lpBuffer=0x21c4e18*, lpNumberOfBytesRead=0x19f328*=0x1d4, lpOverlapped=0x0) returned 1 [0222.350] CloseHandle (hObject=0x3a8) returned 1 [0223.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ed80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0223.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f274) returned 1 [0223.842] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0223.843] GetFileType (hFile=0x45c) returned 0x1 [0223.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f270) returned 1 [0223.844] GetFileType (hFile=0x45c) returned 0x1 [0223.844] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x19f37c | out: lpFileSizeHigh=0x19f37c*=0x0) returned 0x2ac0 [0223.844] ReadFile (in: hFile=0x45c, lpBuffer=0x219b69c, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f328, lpOverlapped=0x0 | out: lpBuffer=0x219b69c*, lpNumberOfBytesRead=0x19f328*=0x2ac0, lpOverlapped=0x0) returned 1 [0223.845] CloseHandle (hObject=0x45c) returned 1 [0224.004] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.004] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0224.005] CoTaskMemFree (pv=0x5bb408) [0224.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ed3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0224.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x19edd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x30 [0224.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f22c) returned 1 [0224.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x19f2a8 | out: lpFileInformation=0x19f2a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f228) returned 1 [0224.015] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x19edd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x38 [0224.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x19f2b4 | out: lpFileInformation=0x19f2b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f234) returned 1 [0224.038] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.038] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0224.038] CoTaskMemFree (pv=0x5bb408) [0224.039] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.039] GetEnvironmentVariableW (in: lpName="Username", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0xc [0224.039] CoTaskMemFree (pv=0x5bb408) [0224.051] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", nBufferLength=0x105, lpBuffer=0x19eeac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", lpFilePart=0x0) returned 0x36 [0224.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f30c) returned 1 [0224.051] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat" (normalized: "c:\\users\\all users\\appdata\\roaming\\flashfxp\\3quick.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f388 | out: lpFileInformation=0x19f388*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f308) returned 1 [0224.058] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0224.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.058] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0224.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.073] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.104] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.104] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0224.105] CoTaskMemFree (pv=0x5bb408) [0224.105] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19edfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0224.106] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x19ee98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x44 [0224.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f8) returned 1 [0224.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f374 | out: lpFileInformation=0x19f374*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f4) returned 1 [0224.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0224.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.110] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.115] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0224.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.199] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f354 | out: phkResult=0x19f354*=0x0) returned 0x2 [0224.204] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.204] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0224.204] CoTaskMemFree (pv=0x5bb408) [0224.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0224.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f37c) returned 1 [0224.207] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x19ee84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0224.208] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x19ee58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0224.208] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\*", lpFindFileData=0x19f0a4 | out: lpFindFileData=0x19f0a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0224.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f340) returned 1 [0224.327] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f32c | out: phkResult=0x19f32c*=0x0) returned 0x2 [0224.329] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x19ee98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Folder.lst", lpFilePart=0x0) returned 0x2f [0224.329] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Folder.lst", lpszLongPath=0x19ee84, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0224.331] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x19ee48, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0224.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f8) returned 1 [0224.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\Folder.lst" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x19f374 | out: lpFileInformation=0x19f374*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f4) returned 1 [0224.371] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.371] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0224.371] CoTaskMemFree (pv=0x5bb408) [0224.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0224.374] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ee94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0224.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f0) returned 1 [0224.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f36c | out: lpFileInformation=0x19f36c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2ec) returned 1 [0224.375] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19ee9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x58 [0224.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2fc) returned 1 [0224.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19f378 | out: lpFileInformation=0x19f378*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f8) returned 1 [0224.380] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0224.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.380] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0224.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.386] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.399] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.399] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0224.399] CoTaskMemFree (pv=0x5bb408) [0224.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0224.405] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x19eed8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x3b [0224.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f338) returned 1 [0224.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x19f3b4 | out: lpFileInformation=0x19f3b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f334) returned 1 [0224.432] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x19f378 | out: phkResult=0x19f378*=0x0) returned 0x2 [0224.452] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.452] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0224.452] CoTaskMemFree (pv=0x5bb408) [0224.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0224.454] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x19eeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4d [0224.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f310) returned 1 [0224.454] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f38c | out: lpFileInformation=0x19f38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f30c) returned 1 [0224.517] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.517] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0224.517] CoTaskMemFree (pv=0x5bb408) [0224.518] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x19ee60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x46 [0224.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2c0) returned 1 [0224.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f33c | out: lpFileInformation=0x19f33c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2bc) returned 1 [0224.525] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.525] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0224.526] CoTaskMemFree (pv=0x5bb408) [0224.527] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x19ee8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2e [0224.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2e8) returned 1 [0224.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x19f364 | out: lpFileInformation=0x19f364*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2e4) returned 1 [0224.541] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x40 [0224.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f20c) returned 1 [0224.541] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d8e8) returned 1 [0224.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0224.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.731] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0224.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.737] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.793] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.793] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0224.793] CoTaskMemFree (pv=0x5bb408) [0224.793] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0224.795] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x19ee98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x2b [0224.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0224.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x21b5b10 | out: lpFileInformation=0x21b5b10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0224.799] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0224.817] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x19f26c, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0224.817] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x19f26c, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0224.821] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0224.821] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0224.821] CoTaskMemFree (pv=0x5bb408) [0224.822] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x19eeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d [0224.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f30c) returned 1 [0224.822] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x19f388 | out: lpFileInformation=0x19f388*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f308) returned 1 [0224.823] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x19eeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f [0224.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f30c) returned 1 [0224.823] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x19f388 | out: lpFileInformation=0x19f388*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f308) returned 1 [0224.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0224.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.826] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.830] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0224.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.830] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0224.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.846] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.852] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0224.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0224.852] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0224.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0224.914] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x0) returned 0x2 [0224.917] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x0) returned 0x2 [0224.919] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x0) returned 0x2 [0224.921] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x45c) returned 0x0 [0224.924] RegQueryInfoKeyW (in: hKey=0x45c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f330, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f32c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f330*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f32c*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0224.924] RegEnumKeyExW (in: hKey=0x45c, dwIndex=0x0, lpName=0x21bcaa8, lpcchName=0x19f34c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19f34c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0224.924] RegEnumKeyExW (in: hKey=0x45c, dwIndex=0x1, lpName=0x21bcaa8, lpcchName=0x19f34c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19f34c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0224.924] RegEnumKeyExW (in: hKey=0x45c, dwIndex=0x2, lpName=0x21bcaa8, lpcchName=0x19f34c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19f34c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0224.927] RegOpenKeyExW (in: hKey=0x45c, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x460) returned 0x0 [0224.928] RegQueryValueExW (in: hKey=0x460, lpValueName="Email", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.930] RegQueryValueExW (in: hKey=0x460, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.932] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.933] RegQueryValueExW (in: hKey=0x460, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.934] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.934] RegCloseKey (hKey=0x460) returned 0x0 [0224.934] RegOpenKeyExW (in: hKey=0x45c, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x460) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="Email", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x1, lpData=0x0, lpcbData=0x19f324*=0x1e) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="Email", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd09c, lpcbData=0x19f324*=0x1e | out: lpType=0x19f328*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f324*=0x1e) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x3, lpData=0x0, lpcbData=0x19f324*=0x121) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd0f4, lpcbData=0x19f324*=0x121 | out: lpType=0x19f328*=0x3, lpData=0x21bd0f4*, lpcbData=0x19f324*=0x121) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x3, lpData=0x0, lpcbData=0x19f324*=0x121) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd258, lpcbData=0x19f324*=0x121 | out: lpType=0x19f328*=0x3, lpData=0x21bd258*, lpcbData=0x19f324*=0x121) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x3, lpData=0x0, lpcbData=0x19f324*=0x121) returned 0x0 [0224.935] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd388, lpcbData=0x19f324*=0x121 | out: lpType=0x19f328*=0x3, lpData=0x21bd388*, lpcbData=0x19f324*=0x121) returned 0x0 [0225.899] CryptUnprotectData (in: pDataIn=0x19f310, ppszDataDescr=0x0, pOptionalEntropy=0x19f308, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f318 | out: ppszDataDescr=0x0, pDataOut=0x19f318) returned 1 [0225.946] LocalFree (hMem=0x580030) returned 0x0 [0225.952] RegQueryValueExW (in: hKey=0x460, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.952] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.952] RegQueryValueExW (in: hKey=0x460, lpValueName="Email", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x1, lpData=0x0, lpcbData=0x19f324*=0x1e) returned 0x0 [0225.952] RegQueryValueExW (in: hKey=0x460, lpValueName="Email", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd6b8, lpcbData=0x19f324*=0x1e | out: lpType=0x19f328*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f324*=0x1e) returned 0x0 [0225.956] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x1, lpData=0x0, lpcbData=0x19f324*=0x1c) returned 0x0 [0225.956] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd734, lpcbData=0x19f324*=0x1c | out: lpType=0x19f328*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f324*=0x1c) returned 0x0 [0225.956] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x1, lpData=0x0, lpcbData=0x19f324*=0x1c) returned 0x0 [0225.956] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f328, lpData=0x21bd784, lpcbData=0x19f324*=0x1c | out: lpType=0x19f328*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f324*=0x1c) returned 0x0 [0225.968] RegCloseKey (hKey=0x460) returned 0x0 [0225.968] RegOpenKeyExW (in: hKey=0x45c, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f308 | out: phkResult=0x19f308*=0x460) returned 0x0 [0225.969] RegQueryValueExW (in: hKey=0x460, lpValueName="Email", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.969] RegQueryValueExW (in: hKey=0x460, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.969] RegQueryValueExW (in: hKey=0x460, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.969] RegQueryValueExW (in: hKey=0x460, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.969] RegQueryValueExW (in: hKey=0x460, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f328, lpData=0x0, lpcbData=0x19f324*=0x0 | out: lpType=0x19f328*=0x0, lpData=0x0, lpcbData=0x19f324*=0x0) returned 0x2 [0225.969] RegCloseKey (hKey=0x460) returned 0x0 [0225.970] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0225.970] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0225.970] CoTaskMemFree (pv=0x5bb408) [0226.003] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CoreFTP\\sites.idx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CoreFTP\\sites.idx", lpFilePart=0x0) returned 0x37 [0226.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f288) returned 1 [0226.004] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CoreFTP\\sites.idx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\coreftp\\sites.idx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0226.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d960) returned 1 [0226.051] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19f260 | out: lpclsid=0x19f260*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0226.082] CoGetClassObject (in: rclsid=0x5815bc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee90 | out: ppv=0x19ee90*=0x598e94) returned 0x0 [0226.588] WshShell:IUnknown:QueryInterface (in: This=0x598e94, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a8 | out: ppvObject=0x19f0a8*=0x0) returned 0x80004002 [0226.589] WshShell:IClassFactory:CreateInstance (in: This=0x598e94, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0bc | out: ppvObject=0x19f0bc*=0x5924e8) returned 0x0 [0226.590] WshShell:IUnknown:Release (This=0x598e94) returned 0x0 [0226.591] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecdc | out: ppvObject=0x19ecdc*=0x5924e8) returned 0x0 [0226.591] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec98 | out: ppvObject=0x19ec98*=0x0) returned 0x80004002 [0226.592] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x598d74) returned 0x0 [0226.592] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x598d74, ppTI=0x19eabc | out: ppTI=0x19eabc*=0x598aec) returned 0x0 [0226.602] ITypeInfo:RemoteGetTypeAttr (in: This=0x598aec, ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6 | out: ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6) returned 0x0 [0226.602] ITypeInfo:LocalReleaseTypeAttr (This=0x598aec) returned 0x1 [0226.602] WbemLocator:IUnknown:Release (This=0x598d74) returned 0x2 [0226.602] WbemLocator:IUnknown:Release (This=0x598aec) returned 0x0 [0226.603] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0226.603] WbemLocator:IUnknown:AddRef (This=0x5924e8) returned 0x3 [0226.603] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0226.603] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0226.603] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x592444) returned 0x0 [0226.604] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x592444, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0226.604] WbemLocator:IUnknown:Release (This=0x592444) returned 0x3 [0226.604] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0226.604] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0226.604] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x5924cc) returned 0x0 [0226.604] WbemLocator:IRpcOptions:Query (in: This=0x5924cc, pPrx=0x5924e8, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x0 [0226.604] WbemLocator:IUnknown:Release (This=0x5924cc) returned 0x3 [0226.604] WbemLocator:IUnknown:Release (This=0x5924e8) returned 0x2 [0226.604] WbemLocator:IUnknown:Release (This=0x5924e8) returned 0x1 [0226.609] CoGetContextToken (in: pToken=0x19ee30 | out: pToken=0x19ee30) returned 0x0 [0226.609] WbemLocator:IUnknown:QueryInterface (in: This=0x5924e8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eea4 | out: ppvObject=0x19eea4*=0x598bc4) returned 0x0 [0226.610] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x598bc4, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19eea0*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ee90 | out: rgDispId=0x19ee90*=2000) returned 0x0 [0226.611] WbemLocator:IDispatch:Invoke (in: This=0x598bc4, dispIdMember=2000, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x21be5cc)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4, pExcepInfo=0x19ed8c, puArgErr=0x19edc0 | out: pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x21be5cc)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x19ed8c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070002), puArgErr=0x19edc0*=0x0) returned 0x80020009 [0226.677] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".") returned 0x55 [0226.677] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0226.706] WbemLocator:IUnknown:Release (This=0x598bc4) returned 0x1 [0226.714] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19f260 | out: lpclsid=0x19f260*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0226.715] CoGetClassObject (in: rclsid=0x5815bc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee90 | out: ppv=0x19ee90*=0x598aec) returned 0x0 [0226.716] WshShell:IUnknown:QueryInterface (in: This=0x598aec, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a8 | out: ppvObject=0x19f0a8*=0x0) returned 0x80004002 [0226.717] WshShell:IClassFactory:CreateInstance (in: This=0x598aec, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0bc | out: ppvObject=0x19f0bc*=0x5920e8) returned 0x0 [0226.717] WshShell:IUnknown:Release (This=0x598aec) returned 0x0 [0226.717] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecdc | out: ppvObject=0x19ecdc*=0x5920e8) returned 0x0 [0226.718] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec98 | out: ppvObject=0x19ec98*=0x0) returned 0x80004002 [0226.718] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x598d2c) returned 0x0 [0226.718] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x598d2c, ppTI=0x19eabc | out: ppTI=0x19eabc*=0x598a5c) returned 0x0 [0226.719] ITypeInfo:RemoteGetTypeAttr (in: This=0x598a5c, ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6 | out: ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6) returned 0x0 [0226.719] ITypeInfo:LocalReleaseTypeAttr (This=0x598a5c) returned 0x1 [0226.719] WbemLocator:IUnknown:Release (This=0x598d2c) returned 0x2 [0226.719] WbemLocator:IUnknown:Release (This=0x598a5c) returned 0x0 [0226.720] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0226.720] WbemLocator:IUnknown:AddRef (This=0x5920e8) returned 0x3 [0226.720] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0226.720] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0226.721] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x592044) returned 0x0 [0226.721] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x592044, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0226.721] WbemLocator:IUnknown:Release (This=0x592044) returned 0x3 [0226.721] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0226.721] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0226.721] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x5920cc) returned 0x0 [0226.721] WbemLocator:IRpcOptions:Query (in: This=0x5920cc, pPrx=0x5920e8, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x0 [0226.721] WbemLocator:IUnknown:Release (This=0x5920cc) returned 0x3 [0226.721] WbemLocator:IUnknown:Release (This=0x5920e8) returned 0x2 [0226.721] WbemLocator:IUnknown:Release (This=0x5920e8) returned 0x1 [0226.721] CoGetContextToken (in: pToken=0x19ee30 | out: pToken=0x19ee30) returned 0x0 [0226.721] WbemLocator:IUnknown:QueryInterface (in: This=0x5920e8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eea4 | out: ppvObject=0x19eea4*=0x59911c) returned 0x0 [0226.722] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x59911c, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19eea0*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ee90 | out: rgDispId=0x19ee90*=2000) returned 0x0 [0226.723] WbemLocator:IDispatch:Invoke (in: This=0x59911c, dispIdMember=2000, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x21bef50)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4, pExcepInfo=0x19ed8c, puArgErr=0x19edc0 | out: pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x21bef50)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x19ed8c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19edc0*=0x0) returned 0x80020009 [0226.729] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".") returned 0x50 [0226.729] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0226.733] WbemLocator:IUnknown:Release (This=0x59911c) returned 0x1 [0226.739] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19f260 | out: lpclsid=0x19f260*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0226.741] CoGetClassObject (in: rclsid=0x5815bc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee90 | out: ppv=0x19ee90*=0x598aec) returned 0x0 [0226.745] WshShell:IUnknown:QueryInterface (in: This=0x598aec, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a8 | out: ppvObject=0x19f0a8*=0x0) returned 0x80004002 [0226.746] WshShell:IClassFactory:CreateInstance (in: This=0x598aec, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0bc | out: ppvObject=0x19f0bc*=0x5911e8) returned 0x0 [0226.746] WshShell:IUnknown:Release (This=0x598aec) returned 0x0 [0226.747] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecdc | out: ppvObject=0x19ecdc*=0x5911e8) returned 0x0 [0226.747] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec98 | out: ppvObject=0x19ec98*=0x0) returned 0x80004002 [0226.747] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x598c9c) returned 0x0 [0226.748] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x598c9c, ppTI=0x19eabc | out: ppTI=0x19eabc*=0x598ffc) returned 0x0 [0226.748] ITypeInfo:RemoteGetTypeAttr (in: This=0x598ffc, ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6 | out: ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6) returned 0x0 [0226.749] ITypeInfo:LocalReleaseTypeAttr (This=0x598ffc) returned 0x1 [0226.749] WbemLocator:IUnknown:Release (This=0x598c9c) returned 0x2 [0226.749] WbemLocator:IUnknown:Release (This=0x598ffc) returned 0x0 [0226.749] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0226.750] WbemLocator:IUnknown:AddRef (This=0x5911e8) returned 0x3 [0226.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0226.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0226.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x591144) returned 0x0 [0226.750] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591144, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0226.750] WbemLocator:IUnknown:Release (This=0x591144) returned 0x3 [0226.750] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0226.750] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0226.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x5911cc) returned 0x0 [0226.750] WbemLocator:IRpcOptions:Query (in: This=0x5911cc, pPrx=0x5911e8, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x0 [0226.750] WbemLocator:IUnknown:Release (This=0x5911cc) returned 0x3 [0226.750] WbemLocator:IUnknown:Release (This=0x5911e8) returned 0x2 [0226.750] WbemLocator:IUnknown:Release (This=0x5911e8) returned 0x1 [0226.751] CoGetContextToken (in: pToken=0x19ee30 | out: pToken=0x19ee30) returned 0x0 [0226.751] WbemLocator:IUnknown:QueryInterface (in: This=0x5911e8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eea4 | out: ppvObject=0x19eea4*=0x598ffc) returned 0x0 [0226.751] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x598ffc, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19eea0*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ee90 | out: rgDispId=0x19ee90*=2000) returned 0x0 [0226.752] WbemLocator:IDispatch:Invoke (in: This=0x598ffc, dispIdMember=2000, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x21bf65c)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4, pExcepInfo=0x19ed8c, puArgErr=0x19edc0 | out: pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x21bf65c)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x19ed8c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19edc0*=0x0) returned 0x80020009 [0226.754] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".") returned 0x50 [0226.754] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0226.757] WbemLocator:IUnknown:Release (This=0x598ffc) returned 0x1 [0226.763] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19f260 | out: lpclsid=0x19f260*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0226.764] CoGetClassObject (in: rclsid=0x5815bc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee90 | out: ppv=0x19ee90*=0x599044) returned 0x0 [0226.766] WshShell:IUnknown:QueryInterface (in: This=0x599044, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a8 | out: ppvObject=0x19f0a8*=0x0) returned 0x80004002 [0226.766] WshShell:IClassFactory:CreateInstance (in: This=0x599044, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0bc | out: ppvObject=0x19f0bc*=0x591ae8) returned 0x0 [0226.767] WshShell:IUnknown:Release (This=0x599044) returned 0x0 [0226.768] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecdc | out: ppvObject=0x19ecdc*=0x591ae8) returned 0x0 [0226.768] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec98 | out: ppvObject=0x19ec98*=0x0) returned 0x80004002 [0226.768] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x5991ac) returned 0x0 [0226.769] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x5991ac, ppTI=0x19eabc | out: ppTI=0x19eabc*=0x5989cc) returned 0x0 [0226.770] ITypeInfo:RemoteGetTypeAttr (in: This=0x5989cc, ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6 | out: ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6) returned 0x0 [0226.771] ITypeInfo:LocalReleaseTypeAttr (This=0x5989cc) returned 0x1 [0226.771] WbemLocator:IUnknown:Release (This=0x5991ac) returned 0x2 [0226.771] WbemLocator:IUnknown:Release (This=0x5989cc) returned 0x0 [0226.772] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0226.772] WbemLocator:IUnknown:AddRef (This=0x591ae8) returned 0x3 [0226.772] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0226.772] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0226.772] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x591a44) returned 0x0 [0226.773] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591a44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0226.773] WbemLocator:IUnknown:Release (This=0x591a44) returned 0x3 [0226.773] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0226.773] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0226.773] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x591acc) returned 0x0 [0226.773] WbemLocator:IRpcOptions:Query (in: This=0x591acc, pPrx=0x591ae8, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x0 [0226.773] WbemLocator:IUnknown:Release (This=0x591acc) returned 0x3 [0226.773] WbemLocator:IUnknown:Release (This=0x591ae8) returned 0x2 [0226.773] WbemLocator:IUnknown:Release (This=0x591ae8) returned 0x1 [0226.773] CoGetContextToken (in: pToken=0x19ee30 | out: pToken=0x19ee30) returned 0x0 [0226.773] WbemLocator:IUnknown:QueryInterface (in: This=0x591ae8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eea4 | out: ppvObject=0x19eea4*=0x599044) returned 0x0 [0226.774] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x599044, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19eea0*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ee90 | out: rgDispId=0x19ee90*=2000) returned 0x0 [0226.775] WbemLocator:IDispatch:Invoke (in: This=0x599044, dispIdMember=2000, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x21bfca0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4, pExcepInfo=0x19ed8c, puArgErr=0x19edc0 | out: pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x21bfca0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x19ed8c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19edc0*=0x0) returned 0x80020009 [0226.776] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".") returned 0x4e [0226.777] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0226.780] WbemLocator:IUnknown:Release (This=0x599044) returned 0x1 [0226.785] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19f260 | out: lpclsid=0x19f260*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0226.786] CoGetClassObject (in: rclsid=0x5815bc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee90 | out: ppv=0x19ee90*=0x598c54) returned 0x0 [0226.787] WshShell:IUnknown:QueryInterface (in: This=0x598c54, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0a8 | out: ppvObject=0x19f0a8*=0x0) returned 0x80004002 [0226.788] WshShell:IClassFactory:CreateInstance (in: This=0x598c54, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0bc | out: ppvObject=0x19f0bc*=0x5927e8) returned 0x0 [0226.788] WshShell:IUnknown:Release (This=0x598c54) returned 0x0 [0226.789] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecdc | out: ppvObject=0x19ecdc*=0x5927e8) returned 0x0 [0226.789] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec98 | out: ppvObject=0x19ec98*=0x0) returned 0x80004002 [0226.789] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x598c54) returned 0x0 [0226.790] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x598c54, ppTI=0x19eabc | out: ppTI=0x19eabc*=0x5991f4) returned 0x0 [0226.790] ITypeInfo:RemoteGetTypeAttr (in: This=0x5991f4, ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6 | out: ppTypeAttr=0x19eab0, pDummy=0x44c1e3f6) returned 0x0 [0226.791] ITypeInfo:LocalReleaseTypeAttr (This=0x5991f4) returned 0x1 [0226.791] WbemLocator:IUnknown:Release (This=0x598c54) returned 0x2 [0226.791] WbemLocator:IUnknown:Release (This=0x5991f4) returned 0x0 [0226.791] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0226.792] WbemLocator:IUnknown:AddRef (This=0x5927e8) returned 0x3 [0226.792] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0226.792] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0226.792] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x592744) returned 0x0 [0226.792] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x592744, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0226.792] WbemLocator:IUnknown:Release (This=0x592744) returned 0x3 [0226.792] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0226.792] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0226.792] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x5927cc) returned 0x0 [0226.792] WbemLocator:IRpcOptions:Query (in: This=0x5927cc, pPrx=0x5927e8, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x0 [0226.793] WbemLocator:IUnknown:Release (This=0x5927cc) returned 0x3 [0226.793] WbemLocator:IUnknown:Release (This=0x5927e8) returned 0x2 [0226.793] WbemLocator:IUnknown:Release (This=0x5927e8) returned 0x1 [0226.793] CoGetContextToken (in: pToken=0x19ee30 | out: pToken=0x19ee30) returned 0x0 [0226.793] WbemLocator:IUnknown:QueryInterface (in: This=0x5927e8, riid=0x6ac091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eea4 | out: ppvObject=0x19eea4*=0x5991f4) returned 0x0 [0226.793] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x5991f4, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19eea0*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ee90 | out: rgDispId=0x19ee90*=2000) returned 0x0 [0226.794] WbemLocator:IDispatch:Invoke (in: This=0x5991f4, dispIdMember=2000, riid=0x6aabc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x21c02e8)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4, pExcepInfo=0x19ed8c, puArgErr=0x19edc0 | out: pDispParams=0x19f024*(rgvarg=([0]=0x19eeb0*(varType=0x4008, wReserved1=0x6adb, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ee80*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x21c02e8)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19efb4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x19ed8c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19edc0*=0x0) returned 0x80020009 [0226.796] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".") returned 0x50 [0226.796] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0226.799] WbemLocator:IUnknown:Release (This=0x5991f4) returned 0x1 [0226.848] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f344 | out: phkResult=0x19f344*=0x0) returned 0x2 [0226.940] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0226.940] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0226.940] CoTaskMemFree (pv=0x5bb408) [0226.943] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19ed54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0226.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f248) returned 1 [0226.943] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0226.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d920) returned 1 [0227.079] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f1fc | out: phkResult=0x19f1fc*=0x0) returned 0x2 [0227.082] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f1fc | out: phkResult=0x19f1fc*=0x0) returned 0x2 [0227.083] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x19ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0227.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1c4) returned 1 [0227.083] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x19f240 | out: lpFileInformation=0x19f240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1c0) returned 1 [0227.086] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x19ed68, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0227.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1c4) returned 1 [0227.086] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19f240 | out: lpFileInformation=0x19f240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1c0) returned 1 [0227.087] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.087] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0227.087] CoTaskMemFree (pv=0x5bb408) [0227.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ecd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0227.089] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4c [0227.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1c4) returned 1 [0227.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19f240 | out: lpFileInformation=0x19f240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1c0) returned 1 [0227.090] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.090] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0227.090] CoTaskMemFree (pv=0x5bb408) [0227.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ecd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0227.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x52 [0227.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1c4) returned 1 [0227.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19f240 | out: lpFileInformation=0x19f240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1c0) returned 1 [0227.195] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.195] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0227.197] CoTaskMemFree (pv=0x5bb408) [0227.197] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19edfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0227.200] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x19ee98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x48 [0227.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f8) returned 1 [0227.201] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f374 | out: lpFileInformation=0x19f374*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f4) returned 1 [0227.208] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0227.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0227.208] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0227.218] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0227.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0227.219] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0227.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0227.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0227.237] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0227.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0227.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0227.243] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0227.257] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.257] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0227.261] CoTaskMemFree (pv=0x5bb408) [0227.261] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0227.266] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.266] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0227.266] CoTaskMemFree (pv=0x5bb408) [0227.266] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0227.351] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x19ee90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0227.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f0) returned 1 [0227.351] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f36c | out: lpFileInformation=0x19f36c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2ec) returned 1 [0227.421] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.421] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0227.421] CoTaskMemFree (pv=0x5bb408) [0227.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0227.423] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x19eea8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x3b [0227.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f308) returned 1 [0227.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f384 | out: lpFileInformation=0x19f384*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f304) returned 1 [0227.440] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.440] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.441] CoTaskMemFree (pv=0x5bb408) [0227.444] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.445] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.445] CoTaskMemFree (pv=0x5bb408) [0227.448] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x19ee70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39 [0227.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d0) returned 1 [0227.448] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x19f34c | out: lpFileInformation=0x19f34c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2cc) returned 1 [0227.530] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.530] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0227.530] CoTaskMemFree (pv=0x5bb408) [0227.533] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.533] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0227.534] CoTaskMemFree (pv=0x5bb408) [0227.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19ede0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0227.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x19edfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x57 [0227.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19edd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0227.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x19edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x51 [0227.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2a4) returned 1 [0227.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x19edac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x51 [0227.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19ed80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0227.647] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFindFileData=0x19efcc | out: lpFindFileData=0x19efcc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0227.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f268) returned 1 [0227.663] SetErrorInfo (dwReserved=0x0, perrinfo=0x4cac6c) returned 0x0 [0227.664] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19ee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0227.756] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.756] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0227.756] CoTaskMemFree (pv=0x5bb408) [0227.757] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0227.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x40 [0227.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f21c) returned 1 [0227.761] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d8f8) returned 1 [0227.790] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0227.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0227.790] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0227.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0227.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0227.801] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0227.904] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.905] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.905] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.906] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.906] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.906] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.906] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.907] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.907] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.908] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.908] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.908] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f28c | out: phkResult=0x19f28c*=0x0) returned 0x2 [0227.911] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.911] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.911] CoTaskMemFree (pv=0x5bb408) [0227.917] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.917] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.917] CoTaskMemFree (pv=0x5bb408) [0227.921] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.921] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.922] CoTaskMemFree (pv=0x5bb408) [0227.922] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.922] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.922] CoTaskMemFree (pv=0x5bb408) [0227.922] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.922] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.922] CoTaskMemFree (pv=0x5bb408) [0227.923] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.923] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.923] CoTaskMemFree (pv=0x5bb408) [0227.923] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.924] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.924] CoTaskMemFree (pv=0x5bb408) [0227.924] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.924] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x16 [0227.924] CoTaskMemFree (pv=0x5bb408) [0227.924] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0227.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.924] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.924] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0227.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.924] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.925] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0227.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.925] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.925] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0227.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.925] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.925] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0227.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.925] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.926] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0227.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.926] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.926] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0227.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.926] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.926] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19edc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0227.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0227.927] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f29c | out: lpFileInformation=0x19f29c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f21c) returned 1 [0227.964] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.964] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0227.964] CoTaskMemFree (pv=0x5bb408) [0227.966] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0227.966] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x25 [0227.966] CoTaskMemFree (pv=0x5bb408) [0227.968] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x19ee74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x32 [0227.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d0) returned 1 [0227.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x19f34c | out: lpFileInformation=0x19f34c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2cc) returned 1 [0227.969] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x19ee74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x33 [0227.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d0) returned 1 [0227.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x19f34c | out: lpFileInformation=0x19f34c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2cc) returned 1 [0228.081] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0228.081] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0228.081] CoTaskMemFree (pv=0x5bb408) [0228.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ec30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0228.083] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0228.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f104) returned 1 [0228.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f180 | out: lpFileInformation=0x19f180*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0228.992] VaultEnumerateVaults () returned 0x0 [0229.093] VaultOpenVault () returned 0x0 [0229.109] VaultEnumerateItems () returned 0x0 [0229.109] VaultOpenVault () returned 0x0 [0229.110] VaultEnumerateItems () returned 0x0 [0229.170] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0229.170] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0229.170] CoTaskMemFree (pv=0x5bb408) [0229.170] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0229.172] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0229.172] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5bb408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0229.172] CoTaskMemFree (pv=0x5bb408) [0229.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0229.174] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x19eea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2f [0229.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2fc) returned 1 [0229.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x19f378 | out: lpFileInformation=0x19f378*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0229.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f8) returned 1 [0229.187] CoTaskMemAlloc (cb=0x20c) returned 0x5bb408 [0229.187] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x5bb408, nSize=0x104 | out: lpBuffer="") returned 0x2 [0229.187] CoTaskMemFree (pv=0x5bb408) [0229.189] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x19ed48, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c [0229.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f23c) returned 1 [0229.189] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0229.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d918) returned 1 [0229.212] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0229.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0229.212] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0229.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0229.218] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0229.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f238) returned 1 [0229.219] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0229.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d910) returned 1 [0229.249] GetUserNameW (in: lpBuffer=0x19f178, pcbBuffer=0x21db654 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x21db654) returned 1 [0229.250] GetComputerNameW (in: lpBuffer=0x19f178, nSize=0x21dbb1c | out: lpBuffer="XC64ZB", nSize=0x21dbb1c) returned 1 [0229.345] GetUserNameW (in: lpBuffer=0x19f168, pcbBuffer=0x21df3ec | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x21df3ec) returned 1 [0229.351] GetComputerNameW (in: lpBuffer=0x19f168, nSize=0x21df884 | out: lpBuffer="XC64ZB", nSize=0x21df884) returned 1 [0229.390] CoGetObjectContext (in: riid=0x2106418*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f33c | out: ppv=0x19f33c*=0x508aac) returned 0x0 [0229.390] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f334 | out: pAptType=0x19f334*=1) returned 0x0 [0229.390] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2106400*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f338 | out: ppvObject=0x19f338*=0x0) returned 0x80004002 [0229.391] IUnknown:Release (This=0x508aac) returned 0x1 [0229.393] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eca8 | out: ppv=0x19eca8*=0x59f510) returned 0x0 [0229.394] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f510, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eec0 | out: ppvObject=0x19eec0*=0x0) returned 0x80004002 [0229.394] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f510, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eed4 | out: ppvObject=0x19eed4*=0x5baba0) returned 0x0 [0229.394] WbemDefPath:IUnknown:Release (This=0x59f510) returned 0x0 [0229.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaf4 | out: ppvObject=0x19eaf4*=0x5baba0) returned 0x0 [0229.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eab0 | out: ppvObject=0x19eab0*=0x0) returned 0x80004002 [0229.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e6a4 | out: ppvObject=0x19e6a4*=0x0) returned 0x80004002 [0229.395] WbemDefPath:IUnknown:AddRef (This=0x5baba0) returned 0x3 [0229.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e40c | out: ppvObject=0x19e40c*=0x0) returned 0x80004002 [0229.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e3bc | out: ppvObject=0x19e3bc*=0x0) returned 0x80004002 [0229.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e3c8 | out: ppvObject=0x19e3c8*=0x50d3320) returned 0x0 [0229.395] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d3320, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e3d0 | out: pCid=0x19e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0229.395] WbemDefPath:IUnknown:Release (This=0x50d3320) returned 0x3 [0229.396] CoGetContextToken (in: pToken=0x19e428 | out: pToken=0x19e428) returned 0x0 [0229.396] CoGetContextToken (in: pToken=0x19e830 | out: pToken=0x19e830) returned 0x0 [0229.396] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8c0 | out: ppvObject=0x19e8c0*=0x0) returned 0x80004002 [0229.396] WbemDefPath:IUnknown:Release (This=0x5baba0) returned 0x2 [0229.396] WbemDefPath:IUnknown:Release (This=0x5baba0) returned 0x1 [0229.396] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0229.396] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0229.396] WbemDefPath:IUnknown:QueryInterface (in: This=0x5baba0, riid=0x19f1e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x5baba0) returned 0x0 [0229.396] WbemDefPath:IUnknown:AddRef (This=0x5baba0) returned 0x3 [0229.396] WbemDefPath:IUnknown:Release (This=0x5baba0) returned 0x2 [0229.397] WbemDefPath:IWbemPath:SetText (This=0x5baba0, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0229.397] WbemDefPath:IWbemPath:GetInfo (in: This=0x5baba0, uRequestedInfo=0x0, puResponse=0x19f394 | out: puResponse=0x19f394*=0xc15) returned 0x0 [0229.397] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5baba0, puCount=0x19f38c | out: puCount=0x19f38c*=0x0) returned 0x0 [0229.399] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f364 | out: puCount=0x19f364*=0x2) returned 0x0 [0229.399] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f360*=0x0, pszText=0x0 | out: puBuffLength=0x19f360*=0xf, pszText=0x0) returned 0x0 [0229.399] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f360*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f360*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0229.399] CoGetObjectContext (in: riid=0x2106418*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f2e0 | out: ppv=0x19f2e0*=0x508aac) returned 0x0 [0229.400] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f2d8 | out: pAptType=0x19f2d8*=1) returned 0x0 [0229.400] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2106400*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f2dc | out: ppvObject=0x19f2dc*=0x0) returned 0x80004002 [0229.400] IUnknown:Release (This=0x508aac) returned 0x1 [0229.401] CoGetClassObject (in: rclsid=0x59a764*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ef00 | out: ppv=0x19ef00*=0x50d2ee8) returned 0x0 [0229.401] WbemLocator:IUnknown:QueryInterface (in: This=0x50d2ee8, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f118 | out: ppvObject=0x19f118*=0x0) returned 0x80004002 [0229.401] WbemLocator:IClassFactory:CreateInstance (in: This=0x50d2ee8, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x59f580) returned 0x0 [0229.401] WbemLocator:IUnknown:Release (This=0x50d2ee8) returned 0x0 [0229.401] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed4c | out: ppvObject=0x19ed4c*=0x59f580) returned 0x0 [0229.401] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed08 | out: ppvObject=0x19ed08*=0x0) returned 0x80004002 [0229.401] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8fc | out: ppvObject=0x19e8fc*=0x0) returned 0x80004002 [0229.402] WbemLocator:IUnknown:AddRef (This=0x59f580) returned 0x3 [0229.402] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x0) returned 0x80004002 [0229.402] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e614 | out: ppvObject=0x19e614*=0x0) returned 0x80004002 [0229.402] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e620 | out: ppvObject=0x19e620*=0x0) returned 0x80004002 [0229.402] CoGetContextToken (in: pToken=0x19e680 | out: pToken=0x19e680) returned 0x0 [0229.402] CoGetContextToken (in: pToken=0x19ea88 | out: pToken=0x19ea88) returned 0x0 [0229.402] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb18 | out: ppvObject=0x19eb18*=0x0) returned 0x80004002 [0229.402] WbemLocator:IUnknown:Release (This=0x59f580) returned 0x2 [0229.402] WbemLocator:IUnknown:Release (This=0x59f580) returned 0x1 [0229.402] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0229.402] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0229.402] WbemLocator:IUnknown:QueryInterface (in: This=0x59f580, riid=0x19f128*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x59f580) returned 0x0 [0229.402] WbemLocator:IUnknown:AddRef (This=0x59f580) returned 0x3 [0229.402] WbemLocator:IUnknown:Release (This=0x59f580) returned 0x2 [0229.403] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f2bc | out: puCount=0x19f2bc*=0x2) returned 0x0 [0229.403] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=8, puBuffLength=0x19f2b8*=0x0, pszText=0x0 | out: puBuffLength=0x19f2b8*=0xf, pszText=0x0) returned 0x0 [0229.403] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=8, puBuffLength=0x19f2b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f2b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0229.403] CoCreateInstance (in: rclsid=0x6f901284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f9012e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f194 | out: ppv=0x19f194*=0x59f440) returned 0x0 [0229.403] WbemLocator:IWbemLocator:ConnectServer (in: This=0x59f440, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f228 | out: ppNamespace=0x19f228*=0x594068) returned 0x0 [0229.439] WbemLocator:IUnknown:QueryInterface (in: This=0x594068, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0c4 | out: ppvObject=0x19f0c4*=0x5921c4) returned 0x0 [0229.439] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5921c4, pProxy=0x594068, pAuthnSvc=0x19f114, pAuthzSvc=0x19f110, pServerPrincName=0x19f108, pAuthnLevel=0x19f10c, pImpLevel=0x19f0fc, pAuthInfo=0x19f100, pCapabilites=0x19f104 | out: pAuthnSvc=0x19f114*=0xa, pAuthzSvc=0x19f110*=0x0, pServerPrincName=0x19f108, pAuthnLevel=0x19f10c*=0x6, pImpLevel=0x19f0fc*=0x2, pAuthInfo=0x19f100, pCapabilites=0x19f104*=0x1) returned 0x0 [0229.439] WbemLocator:IUnknown:Release (This=0x5921c4) returned 0x1 [0229.439] WbemLocator:IUnknown:QueryInterface (in: This=0x594068, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0b8 | out: ppvObject=0x19f0b8*=0x5921e8) returned 0x0 [0229.439] WbemLocator:IUnknown:QueryInterface (in: This=0x594068, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0b4 | out: ppvObject=0x19f0b4*=0x5921c4) returned 0x0 [0229.439] WbemLocator:IClientSecurity:SetBlanket (This=0x5921c4, pProxy=0x594068, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0229.440] WbemLocator:IUnknown:Release (This=0x5921c4) returned 0x2 [0229.440] WbemLocator:IUnknown:Release (This=0x5921e8) returned 0x1 [0229.440] CoTaskMemFree (pv=0x581400) [0229.440] WbemLocator:IUnknown:Release (This=0x59f440) returned 0x0 [0229.440] WbemLocator:IUnknown:QueryInterface (in: This=0x594068, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecb4 | out: ppvObject=0x19ecb4*=0x5921e8) returned 0x0 [0229.440] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec70 | out: ppvObject=0x19ec70*=0x0) returned 0x80004002 [0229.441] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea8c | out: ppvObject=0x19ea8c*=0x0) returned 0x80004002 [0229.441] WbemLocator:IUnknown:QueryInterface (in: This=0x594068, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e864 | out: ppvObject=0x19e864*=0x0) returned 0x80004002 [0229.441] WbemLocator:IUnknown:AddRef (This=0x5921e8) returned 0x3 [0229.441] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5cc | out: ppvObject=0x19e5cc*=0x0) returned 0x80004002 [0229.441] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0229.442] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e588 | out: ppvObject=0x19e588*=0x592144) returned 0x0 [0229.442] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x592144, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e590 | out: pCid=0x19e590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0229.442] WbemLocator:IUnknown:Release (This=0x592144) returned 0x3 [0229.442] CoGetContextToken (in: pToken=0x19e5e8 | out: pToken=0x19e5e8) returned 0x0 [0229.442] CoGetContextToken (in: pToken=0x19e9f0 | out: pToken=0x19e9f0) returned 0x0 [0229.442] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea80 | out: ppvObject=0x19ea80*=0x5921cc) returned 0x0 [0229.442] WbemLocator:IRpcOptions:Query (in: This=0x5921cc, pPrx=0x5921e8, dwProperty=2, pdwValue=0x19eaa8 | out: pdwValue=0x19eaa8) returned 0x80004002 [0229.442] WbemLocator:IUnknown:Release (This=0x5921cc) returned 0x3 [0229.442] WbemLocator:IUnknown:Release (This=0x5921e8) returned 0x2 [0229.442] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0229.442] CoGetContextToken (in: pToken=0x19ef28 | out: pToken=0x19ef28) returned 0x0 [0229.442] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x19eff8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x594068) returned 0x0 [0229.442] WbemLocator:IUnknown:AddRef (This=0x594068) returned 0x4 [0229.442] WbemLocator:IUnknown:Release (This=0x594068) returned 0x3 [0229.442] WbemLocator:IUnknown:Release (This=0x594068) returned 0x2 [0229.442] SysStringLen (param_1=0x0) returned 0x0 [0229.443] CoGetContextToken (in: pToken=0x19efc0 | out: pToken=0x19efc0) returned 0x0 [0229.443] WbemLocator:IUnknown:AddRef (This=0x5921e8) returned 0x3 [0229.443] WbemLocator:IUnknown:QueryInterface (in: This=0x5921e8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee54 | out: ppvObject=0x19ee54*=0x5921e8) returned 0x0 [0229.443] WbemLocator:IUnknown:Release (This=0x5921e8) returned 0x3 [0229.443] WbemLocator:IUnknown:Release (This=0x5921e8) returned 0x2 [0229.443] CoGetContextToken (in: pToken=0x19f0a8 | out: pToken=0x19f0a8) returned 0x0 [0229.443] WbemLocator:IUnknown:AddRef (This=0x594068) returned 0x3 [0229.443] IWbemServices:ExecQuery (in: This=0x594068, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x19f2c4 | out: ppEnum=0x19f2c4*=0x595230) returned 0x0 [0229.491] IUnknown:QueryInterface (in: This=0x595230, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f11c | out: ppvObject=0x19f11c*=0x595234) returned 0x0 [0229.491] IClientSecurity:QueryBlanket (in: This=0x595234, pProxy=0x595230, pAuthnSvc=0x19f16c, pAuthzSvc=0x19f168, pServerPrincName=0x19f160, pAuthnLevel=0x19f164, pImpLevel=0x19f154, pAuthInfo=0x19f158, pCapabilites=0x19f15c | out: pAuthnSvc=0x19f16c*=0xa, pAuthzSvc=0x19f168*=0x0, pServerPrincName=0x19f160, pAuthnLevel=0x19f164*=0x6, pImpLevel=0x19f154*=0x2, pAuthInfo=0x19f158, pCapabilites=0x19f15c*=0x1) returned 0x0 [0229.491] IUnknown:Release (This=0x595234) returned 0x1 [0229.492] IUnknown:QueryInterface (in: This=0x595230, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f110 | out: ppvObject=0x19f110*=0x5915e8) returned 0x0 [0229.492] IUnknown:QueryInterface (in: This=0x595230, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f10c | out: ppvObject=0x19f10c*=0x595234) returned 0x0 [0229.492] IClientSecurity:SetBlanket (This=0x595234, pProxy=0x595230, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0229.494] IUnknown:Release (This=0x595234) returned 0x2 [0229.494] WbemLocator:IUnknown:Release (This=0x5915e8) returned 0x1 [0229.494] CoTaskMemFree (pv=0x5811f0) [0229.494] IUnknown:QueryInterface (in: This=0x595230, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed08 | out: ppvObject=0x19ed08*=0x5915e8) returned 0x0 [0229.494] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc4 | out: ppvObject=0x19ecc4*=0x0) returned 0x80004002 [0229.495] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0229.495] IUnknown:QueryInterface (in: This=0x595230, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0229.496] WbemLocator:IUnknown:AddRef (This=0x5915e8) returned 0x3 [0229.496] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0229.496] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0229.496] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x591544) returned 0x0 [0229.496] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591544, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0229.496] WbemLocator:IUnknown:Release (This=0x591544) returned 0x3 [0229.497] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0229.497] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0229.497] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x5915cc) returned 0x0 [0229.497] WbemLocator:IRpcOptions:Query (in: This=0x5915cc, pPrx=0x5915e8, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0229.497] WbemLocator:IUnknown:Release (This=0x5915cc) returned 0x3 [0229.497] WbemLocator:IUnknown:Release (This=0x5915e8) returned 0x2 [0229.497] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0229.497] CoGetContextToken (in: pToken=0x19ef78 | out: pToken=0x19ef78) returned 0x0 [0229.497] WbemLocator:IUnknown:QueryInterface (in: This=0x5915e8, riid=0x19f048*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f044 | out: ppvObject=0x19f044*=0x595230) returned 0x0 [0229.497] IUnknown:AddRef (This=0x595230) returned 0x4 [0229.497] IUnknown:Release (This=0x595230) returned 0x3 [0229.497] IUnknown:Release (This=0x595230) returned 0x2 [0229.497] WbemLocator:IUnknown:Release (This=0x594068) returned 0x2 [0229.497] SysStringLen (param_1=0x0) returned 0x0 [0229.498] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f310 | out: puCount=0x19f310*=0x2) returned 0x0 [0229.498] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f30c*=0x0, pszText=0x0 | out: puBuffLength=0x19f30c*=0xf, pszText=0x0) returned 0x0 [0229.498] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f30c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f30c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0229.498] CoGetContextToken (in: pToken=0x19f150 | out: pToken=0x19f150) returned 0x0 [0229.498] IUnknown:AddRef (This=0x595230) returned 0x3 [0229.498] IEnumWbemClassObject:Clone (in: This=0x595230, ppEnum=0x19f30c | out: ppEnum=0x19f30c*=0x595c58) returned 0x0 [0229.499] IUnknown:QueryInterface (in: This=0x595c58, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d0 | out: ppvObject=0x19f1d0*=0x595c5c) returned 0x0 [0229.499] IClientSecurity:QueryBlanket (in: This=0x595c5c, pProxy=0x595c58, pAuthnSvc=0x19f220, pAuthzSvc=0x19f21c, pServerPrincName=0x19f214, pAuthnLevel=0x19f218, pImpLevel=0x19f208, pAuthInfo=0x19f20c, pCapabilites=0x19f210 | out: pAuthnSvc=0x19f220*=0xa, pAuthzSvc=0x19f21c*=0x0, pServerPrincName=0x19f214, pAuthnLevel=0x19f218*=0x6, pImpLevel=0x19f208*=0x2, pAuthInfo=0x19f20c, pCapabilites=0x19f210*=0x1) returned 0x0 [0229.499] IUnknown:Release (This=0x595c5c) returned 0x1 [0229.499] IUnknown:QueryInterface (in: This=0x595c58, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x5919e8) returned 0x0 [0229.499] IUnknown:QueryInterface (in: This=0x595c58, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1c0 | out: ppvObject=0x19f1c0*=0x595c5c) returned 0x0 [0229.499] IClientSecurity:SetBlanket (This=0x595c5c, pProxy=0x595c58, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0229.501] IUnknown:Release (This=0x595c5c) returned 0x2 [0229.501] WbemLocator:IUnknown:Release (This=0x5919e8) returned 0x1 [0229.501] CoTaskMemFree (pv=0x59a518) [0229.501] IUnknown:QueryInterface (in: This=0x595c58, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edac | out: ppvObject=0x19edac*=0x5919e8) returned 0x0 [0229.501] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed68 | out: ppvObject=0x19ed68*=0x0) returned 0x80004002 [0229.532] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb84 | out: ppvObject=0x19eb84*=0x0) returned 0x80004002 [0229.532] IUnknown:QueryInterface (in: This=0x595c58, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e95c | out: ppvObject=0x19e95c*=0x0) returned 0x80004002 [0229.533] WbemLocator:IUnknown:AddRef (This=0x5919e8) returned 0x3 [0229.533] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e6c4 | out: ppvObject=0x19e6c4*=0x0) returned 0x80004002 [0229.533] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e674 | out: ppvObject=0x19e674*=0x0) returned 0x80004002 [0229.533] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e680 | out: ppvObject=0x19e680*=0x591944) returned 0x0 [0229.533] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591944, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e688 | out: pCid=0x19e688*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0229.533] WbemLocator:IUnknown:Release (This=0x591944) returned 0x3 [0229.533] CoGetContextToken (in: pToken=0x19e6e0 | out: pToken=0x19e6e0) returned 0x0 [0229.533] CoGetContextToken (in: pToken=0x19eae8 | out: pToken=0x19eae8) returned 0x0 [0229.533] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb78 | out: ppvObject=0x19eb78*=0x5919cc) returned 0x0 [0229.533] WbemLocator:IRpcOptions:Query (in: This=0x5919cc, pPrx=0x5919e8, dwProperty=2, pdwValue=0x19eba0 | out: pdwValue=0x19eba0) returned 0x80004002 [0229.533] WbemLocator:IUnknown:Release (This=0x5919cc) returned 0x3 [0229.533] WbemLocator:IUnknown:Release (This=0x5919e8) returned 0x2 [0229.533] CoGetContextToken (in: pToken=0x19f0c0 | out: pToken=0x19f0c0) returned 0x0 [0229.534] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0229.534] WbemLocator:IUnknown:QueryInterface (in: This=0x5919e8, riid=0x19f0f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f0ec | out: ppvObject=0x19f0ec*=0x595c58) returned 0x0 [0229.534] IUnknown:AddRef (This=0x595c58) returned 0x4 [0229.534] IUnknown:Release (This=0x595c58) returned 0x3 [0229.534] IUnknown:Release (This=0x595c58) returned 0x2 [0229.534] IUnknown:Release (This=0x595230) returned 0x2 [0229.534] SysStringLen (param_1=0x0) returned 0x0 [0229.534] IEnumWbemClassObject:Reset (This=0x595c58) returned 0x0 [0229.535] CoTaskMemAlloc (cb=0x4) returned 0x59f660 [0229.535] IEnumWbemClassObject:Next (in: This=0x595c58, lTimeout=-1, uCount=0x1, apObjects=0x59f660, puReturned=0x21e0d0c | out: apObjects=0x59f660*=0x55b468, puReturned=0x21e0d0c*=0x1) returned 0x0 [0230.124] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e970 | out: ppvObject=0x19e970*=0x55b468) returned 0x0 [0230.124] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x0) returned 0x80004002 [0230.124] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e74c | out: ppvObject=0x19e74c*=0x0) returned 0x80004002 [0230.124] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e524 | out: ppvObject=0x19e524*=0x0) returned 0x80004002 [0230.125] IUnknown:AddRef (This=0x55b468) returned 0x3 [0230.125] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e28c | out: ppvObject=0x19e28c*=0x0) returned 0x80004002 [0230.125] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e23c | out: ppvObject=0x19e23c*=0x0) returned 0x80004002 [0230.125] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e248 | out: ppvObject=0x19e248*=0x55b46c) returned 0x0 [0230.125] IMarshal:GetUnmarshalClass (in: This=0x55b46c, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e250 | out: pCid=0x19e250*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0230.125] IUnknown:Release (This=0x55b46c) returned 0x3 [0230.125] CoGetContextToken (in: pToken=0x19e2a8 | out: pToken=0x19e2a8) returned 0x0 [0230.126] CoGetContextToken (in: pToken=0x19e6b0 | out: pToken=0x19e6b0) returned 0x0 [0230.126] IUnknown:QueryInterface (in: This=0x55b468, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e740 | out: ppvObject=0x19e740*=0x0) returned 0x80004002 [0230.126] IUnknown:Release (This=0x55b468) returned 0x2 [0230.126] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0230.126] CoGetContextToken (in: pToken=0x19ebe0 | out: pToken=0x19ebe0) returned 0x0 [0230.126] IUnknown:QueryInterface (in: This=0x55b468, riid=0x19ecb0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecac | out: ppvObject=0x19ecac*=0x55b468) returned 0x0 [0230.126] IUnknown:AddRef (This=0x55b468) returned 0x4 [0230.126] IUnknown:Release (This=0x55b468) returned 0x3 [0230.126] IUnknown:Release (This=0x55b468) returned 0x2 [0230.126] CoTaskMemFree (pv=0x59f660) [0230.126] CoGetContextToken (in: pToken=0x19efe8 | out: pToken=0x19efe8) returned 0x0 [0230.126] IUnknown:AddRef (This=0x55b468) returned 0x3 [0230.126] CoTaskMemAlloc (cb=0x4) returned 0x59f700 [0230.126] IEnumWbemClassObject:Next (in: This=0x595c58, lTimeout=-1, uCount=0x1, apObjects=0x59f700, puReturned=0x21e0d0c | out: apObjects=0x59f700*=0x0, puReturned=0x21e0d0c*=0x0) returned 0x1 [0230.127] CoTaskMemFree (pv=0x59f700) [0230.127] CoGetContextToken (in: pToken=0x19f160 | out: pToken=0x19f160) returned 0x0 [0230.127] IUnknown:AddRef (This=0x595230) returned 0x3 [0230.127] IEnumWbemClassObject:Clone (in: This=0x595230, ppEnum=0x19f31c | out: ppEnum=0x19f31c*=0x595b90) returned 0x0 [0230.129] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e0 | out: ppvObject=0x19f1e0*=0x595b94) returned 0x0 [0230.129] IClientSecurity:QueryBlanket (in: This=0x595b94, pProxy=0x595b90, pAuthnSvc=0x19f230, pAuthzSvc=0x19f22c, pServerPrincName=0x19f224, pAuthnLevel=0x19f228, pImpLevel=0x19f218, pAuthInfo=0x19f21c, pCapabilites=0x19f220 | out: pAuthnSvc=0x19f230*=0xa, pAuthzSvc=0x19f22c*=0x0, pServerPrincName=0x19f224, pAuthnLevel=0x19f228*=0x6, pImpLevel=0x19f218*=0x2, pAuthInfo=0x19f21c, pCapabilites=0x19f220*=0x1) returned 0x0 [0230.129] IUnknown:Release (This=0x595b94) returned 0x1 [0230.129] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d4 | out: ppvObject=0x19f1d4*=0x590be8) returned 0x0 [0230.129] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d0 | out: ppvObject=0x19f1d0*=0x595b94) returned 0x0 [0230.129] IClientSecurity:SetBlanket (This=0x595b94, pProxy=0x595b90, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0230.131] IUnknown:Release (This=0x595b94) returned 0x2 [0230.131] WbemLocator:IUnknown:Release (This=0x590be8) returned 0x1 [0230.131] CoTaskMemFree (pv=0x59a548) [0230.131] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edbc | out: ppvObject=0x19edbc*=0x590be8) returned 0x0 [0230.131] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed78 | out: ppvObject=0x19ed78*=0x0) returned 0x80004002 [0230.132] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb94 | out: ppvObject=0x19eb94*=0x0) returned 0x80004002 [0230.132] IUnknown:QueryInterface (in: This=0x595b90, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e96c | out: ppvObject=0x19e96c*=0x0) returned 0x80004002 [0230.132] WbemLocator:IUnknown:AddRef (This=0x590be8) returned 0x3 [0230.132] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e6d4 | out: ppvObject=0x19e6d4*=0x0) returned 0x80004002 [0230.133] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e684 | out: ppvObject=0x19e684*=0x0) returned 0x80004002 [0230.133] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e690 | out: ppvObject=0x19e690*=0x590b44) returned 0x0 [0230.133] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x590b44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e698 | out: pCid=0x19e698*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0230.133] WbemLocator:IUnknown:Release (This=0x590b44) returned 0x3 [0230.133] CoGetContextToken (in: pToken=0x19e6f0 | out: pToken=0x19e6f0) returned 0x0 [0230.133] CoGetContextToken (in: pToken=0x19eaf8 | out: pToken=0x19eaf8) returned 0x0 [0230.133] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb88 | out: ppvObject=0x19eb88*=0x590bcc) returned 0x0 [0230.133] WbemLocator:IRpcOptions:Query (in: This=0x590bcc, pPrx=0x590be8, dwProperty=2, pdwValue=0x19ebb0 | out: pdwValue=0x19ebb0) returned 0x80004002 [0230.133] WbemLocator:IUnknown:Release (This=0x590bcc) returned 0x3 [0230.133] WbemLocator:IUnknown:Release (This=0x590be8) returned 0x2 [0230.133] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0230.134] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0230.134] WbemLocator:IUnknown:QueryInterface (in: This=0x590be8, riid=0x19f100*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f0fc | out: ppvObject=0x19f0fc*=0x595b90) returned 0x0 [0230.134] IUnknown:AddRef (This=0x595b90) returned 0x4 [0230.134] IUnknown:Release (This=0x595b90) returned 0x3 [0230.134] IUnknown:Release (This=0x595b90) returned 0x2 [0230.134] IUnknown:Release (This=0x595230) returned 0x2 [0230.134] SysStringLen (param_1=0x0) returned 0x0 [0230.134] IEnumWbemClassObject:Reset (This=0x595b90) returned 0x0 [0230.134] CoTaskMemAlloc (cb=0x4) returned 0x59f660 [0230.134] IEnumWbemClassObject:Next (in: This=0x595b90, lTimeout=-1, uCount=0x1, apObjects=0x59f660, puReturned=0x21e0df0 | out: apObjects=0x59f660*=0x55bdf8, puReturned=0x21e0df0*=0x1) returned 0x0 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e980 | out: ppvObject=0x19e980*=0x55bdf8) returned 0x0 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x0) returned 0x80004002 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e75c | out: ppvObject=0x19e75c*=0x0) returned 0x80004002 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e534 | out: ppvObject=0x19e534*=0x0) returned 0x80004002 [0230.138] IUnknown:AddRef (This=0x55bdf8) returned 0x3 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e29c | out: ppvObject=0x19e29c*=0x0) returned 0x80004002 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e24c | out: ppvObject=0x19e24c*=0x0) returned 0x80004002 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e258 | out: ppvObject=0x19e258*=0x55bdfc) returned 0x0 [0230.138] IMarshal:GetUnmarshalClass (in: This=0x55bdfc, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e260 | out: pCid=0x19e260*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0230.138] IUnknown:Release (This=0x55bdfc) returned 0x3 [0230.138] CoGetContextToken (in: pToken=0x19e2b8 | out: pToken=0x19e2b8) returned 0x0 [0230.138] CoGetContextToken (in: pToken=0x19e6c0 | out: pToken=0x19e6c0) returned 0x0 [0230.138] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x0) returned 0x80004002 [0230.139] IUnknown:Release (This=0x55bdf8) returned 0x2 [0230.139] CoGetContextToken (in: pToken=0x19ec90 | out: pToken=0x19ec90) returned 0x0 [0230.139] CoGetContextToken (in: pToken=0x19ebf0 | out: pToken=0x19ebf0) returned 0x0 [0230.139] IUnknown:QueryInterface (in: This=0x55bdf8, riid=0x19ecc0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecbc | out: ppvObject=0x19ecbc*=0x55bdf8) returned 0x0 [0230.139] IUnknown:AddRef (This=0x55bdf8) returned 0x4 [0230.139] IUnknown:Release (This=0x55bdf8) returned 0x3 [0230.139] IUnknown:Release (This=0x55bdf8) returned 0x2 [0230.139] CoTaskMemFree (pv=0x59f660) [0230.139] CoGetContextToken (in: pToken=0x19eff8 | out: pToken=0x19eff8) returned 0x0 [0230.139] IUnknown:AddRef (This=0x55bdf8) returned 0x3 [0230.139] IWbemClassObject:Get (in: This=0x55bdf8, wszName="__GENUS", lFlags=0, pVal=0x19f30c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f38c*=0, plFlavor=0x19f388*=0 | out: pVal=0x19f30c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f38c*=3, plFlavor=0x19f388*=64) returned 0x0 [0230.139] IWbemClassObject:Get (in: This=0x55bdf8, wszName="__PATH", lFlags=0, pVal=0x19f2f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f374*=0, plFlavor=0x19f370*=0 | out: pVal=0x19f2f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"", varVal2=0x0), pType=0x19f374*=8, plFlavor=0x19f370*=64) returned 0x0 [0230.140] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0230.140] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0230.140] CoGetObjectContext (in: riid=0x2106418*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f31c | out: ppv=0x19f31c*=0x508aac) returned 0x0 [0230.140] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f314 | out: pAptType=0x19f314*=1) returned 0x0 [0230.140] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2106400*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f318 | out: ppvObject=0x19f318*=0x0) returned 0x80004002 [0230.140] IUnknown:Release (This=0x508aac) returned 0x1 [0230.151] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ec88 | out: ppv=0x19ec88*=0x59f660) returned 0x0 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x59f660, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eea0 | out: ppvObject=0x19eea0*=0x0) returned 0x80004002 [0230.152] WbemDefPath:IClassFactory:CreateInstance (in: This=0x59f660, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x5badd0) returned 0x0 [0230.152] WbemDefPath:IUnknown:Release (This=0x59f660) returned 0x0 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead4 | out: ppvObject=0x19ead4*=0x5badd0) returned 0x0 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea90 | out: ppvObject=0x19ea90*=0x0) returned 0x80004002 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e684 | out: ppvObject=0x19e684*=0x0) returned 0x80004002 [0230.152] WbemDefPath:IUnknown:AddRef (This=0x5badd0) returned 0x3 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e3ec | out: ppvObject=0x19e3ec*=0x0) returned 0x80004002 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e39c | out: ppvObject=0x19e39c*=0x0) returned 0x80004002 [0230.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e3a8 | out: ppvObject=0x19e3a8*=0x50d2dc8) returned 0x0 [0230.152] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x50d2dc8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e3b0 | out: pCid=0x19e3b0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0230.152] WbemDefPath:IUnknown:Release (This=0x50d2dc8) returned 0x3 [0230.152] CoGetContextToken (in: pToken=0x19e408 | out: pToken=0x19e408) returned 0x0 [0230.152] CoGetContextToken (in: pToken=0x19e810 | out: pToken=0x19e810) returned 0x0 [0230.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8a0 | out: ppvObject=0x19e8a0*=0x0) returned 0x80004002 [0230.153] WbemDefPath:IUnknown:Release (This=0x5badd0) returned 0x2 [0230.153] WbemDefPath:IUnknown:Release (This=0x5badd0) returned 0x1 [0230.153] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0230.153] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0230.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x5badd0, riid=0x19f1c8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x5badd0) returned 0x0 [0230.153] WbemDefPath:IUnknown:AddRef (This=0x5badd0) returned 0x3 [0230.153] WbemDefPath:IUnknown:Release (This=0x5badd0) returned 0x2 [0230.153] WbemDefPath:IWbemPath:SetText (This=0x5badd0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x0 [0230.153] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f348 | out: puCount=0x19f348*=0x2) returned 0x0 [0230.153] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f344*=0x0, pszText=0x0 | out: puBuffLength=0x19f344*=0xf, pszText=0x0) returned 0x0 [0230.153] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.154] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f33c | out: puCount=0x19f33c*=0x2) returned 0x0 [0230.154] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f338*=0x0, pszText=0x0 | out: puBuffLength=0x19f338*=0xf, pszText=0x0) returned 0x0 [0230.154] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f338*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f338*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.154] IWbemClassObject:Get (in: This=0x55bdf8, wszName="Name", lFlags=0, pVal=0x19f338*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x21e1608*=0, plFlavor=0x21e160c*=0 | out: pVal=0x19f338*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x21e1608*=8, plFlavor=0x21e160c*=0) returned 0x0 [0230.154] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0230.154] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0230.154] IWbemClassObject:Get (in: This=0x55bdf8, wszName="Name", lFlags=0, pVal=0x19f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x21e1608*=8, plFlavor=0x21e160c*=0 | out: pVal=0x19f340*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x21e1608*=8, plFlavor=0x21e160c*=0) returned 0x0 [0230.154] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0230.154] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0230.215] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f354 | out: puCount=0x19f354*=0x2) returned 0x0 [0230.215] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f350*=0x0, pszText=0x0 | out: puBuffLength=0x19f350*=0xf, pszText=0x0) returned 0x0 [0230.215] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f350*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f350*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.215] CoGetObjectContext (in: riid=0x2106418*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f2e0 | out: ppv=0x19f2e0*=0x508aac) returned 0x0 [0230.215] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f2d8 | out: pAptType=0x19f2d8*=1) returned 0x0 [0230.215] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2106400*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f2dc | out: ppvObject=0x19f2dc*=0x0) returned 0x80004002 [0230.215] IUnknown:Release (This=0x508aac) returned 0x1 [0230.216] CoGetClassObject (in: rclsid=0x59a764*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ef00 | out: ppv=0x19ef00*=0x594c48) returned 0x0 [0230.216] WbemLocator:IUnknown:QueryInterface (in: This=0x594c48, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f118 | out: ppvObject=0x19f118*=0x0) returned 0x80004002 [0230.216] WbemLocator:IClassFactory:CreateInstance (in: This=0x594c48, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x59f5d0) returned 0x0 [0230.216] WbemLocator:IUnknown:Release (This=0x594c48) returned 0x0 [0230.216] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed4c | out: ppvObject=0x19ed4c*=0x59f5d0) returned 0x0 [0230.217] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed08 | out: ppvObject=0x19ed08*=0x0) returned 0x80004002 [0230.217] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8fc | out: ppvObject=0x19e8fc*=0x0) returned 0x80004002 [0230.217] WbemLocator:IUnknown:AddRef (This=0x59f5d0) returned 0x3 [0230.217] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x0) returned 0x80004002 [0230.220] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e614 | out: ppvObject=0x19e614*=0x0) returned 0x80004002 [0230.220] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e620 | out: ppvObject=0x19e620*=0x0) returned 0x80004002 [0230.220] CoGetContextToken (in: pToken=0x19e680 | out: pToken=0x19e680) returned 0x0 [0230.220] CoGetContextToken (in: pToken=0x19ea88 | out: pToken=0x19ea88) returned 0x0 [0230.220] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb18 | out: ppvObject=0x19eb18*=0x0) returned 0x80004002 [0230.220] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x2 [0230.220] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x1 [0230.220] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0230.220] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0230.220] WbemLocator:IUnknown:QueryInterface (in: This=0x59f5d0, riid=0x19f128*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x59f5d0) returned 0x0 [0230.221] WbemLocator:IUnknown:AddRef (This=0x59f5d0) returned 0x3 [0230.221] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x2 [0230.221] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f2bc | out: puCount=0x19f2bc*=0x2) returned 0x0 [0230.221] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=8, puBuffLength=0x19f2b8*=0x0, pszText=0x0 | out: puBuffLength=0x19f2b8*=0xf, pszText=0x0) returned 0x0 [0230.221] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=8, puBuffLength=0x19f2b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f2b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.221] CoCreateInstance (in: rclsid=0x6f901284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f9012e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f194 | out: ppv=0x19f194*=0x59f700) returned 0x0 [0230.221] WbemLocator:IWbemLocator:ConnectServer (in: This=0x59f700, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f228 | out: ppNamespace=0x19f228*=0x5475f8) returned 0x0 [0230.245] WbemLocator:IUnknown:QueryInterface (in: This=0x5475f8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0c4 | out: ppvObject=0x19f0c4*=0x590dc4) returned 0x0 [0230.245] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x590dc4, pProxy=0x5475f8, pAuthnSvc=0x19f114, pAuthzSvc=0x19f110, pServerPrincName=0x19f108, pAuthnLevel=0x19f10c, pImpLevel=0x19f0fc, pAuthInfo=0x19f100, pCapabilites=0x19f104 | out: pAuthnSvc=0x19f114*=0xa, pAuthzSvc=0x19f110*=0x0, pServerPrincName=0x19f108, pAuthnLevel=0x19f10c*=0x6, pImpLevel=0x19f0fc*=0x2, pAuthInfo=0x19f100, pCapabilites=0x19f104*=0x1) returned 0x0 [0230.245] WbemLocator:IUnknown:Release (This=0x590dc4) returned 0x1 [0230.245] WbemLocator:IUnknown:QueryInterface (in: This=0x5475f8, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0b8 | out: ppvObject=0x19f0b8*=0x590de8) returned 0x0 [0230.245] WbemLocator:IUnknown:QueryInterface (in: This=0x5475f8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0b4 | out: ppvObject=0x19f0b4*=0x590dc4) returned 0x0 [0230.245] WbemLocator:IClientSecurity:SetBlanket (This=0x590dc4, pProxy=0x5475f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0230.245] WbemLocator:IUnknown:Release (This=0x590dc4) returned 0x2 [0230.245] WbemLocator:IUnknown:Release (This=0x590de8) returned 0x1 [0230.245] CoTaskMemFree (pv=0x59a608) [0230.246] WbemLocator:IUnknown:Release (This=0x59f700) returned 0x0 [0230.246] WbemLocator:IUnknown:QueryInterface (in: This=0x5475f8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecb4 | out: ppvObject=0x19ecb4*=0x590de8) returned 0x0 [0230.246] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec70 | out: ppvObject=0x19ec70*=0x0) returned 0x80004002 [0230.246] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea8c | out: ppvObject=0x19ea8c*=0x0) returned 0x80004002 [0230.247] WbemLocator:IUnknown:QueryInterface (in: This=0x5475f8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e864 | out: ppvObject=0x19e864*=0x0) returned 0x80004002 [0230.248] WbemLocator:IUnknown:AddRef (This=0x590de8) returned 0x3 [0230.249] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5cc | out: ppvObject=0x19e5cc*=0x0) returned 0x80004002 [0230.249] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0230.249] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e588 | out: ppvObject=0x19e588*=0x590d44) returned 0x0 [0230.249] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x590d44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e590 | out: pCid=0x19e590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0230.249] WbemLocator:IUnknown:Release (This=0x590d44) returned 0x3 [0230.249] CoGetContextToken (in: pToken=0x19e5e8 | out: pToken=0x19e5e8) returned 0x0 [0230.249] CoGetContextToken (in: pToken=0x19e9f0 | out: pToken=0x19e9f0) returned 0x0 [0230.249] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea80 | out: ppvObject=0x19ea80*=0x590dcc) returned 0x0 [0230.249] WbemLocator:IRpcOptions:Query (in: This=0x590dcc, pPrx=0x590de8, dwProperty=2, pdwValue=0x19eaa8 | out: pdwValue=0x19eaa8) returned 0x80004002 [0230.249] WbemLocator:IUnknown:Release (This=0x590dcc) returned 0x3 [0230.249] WbemLocator:IUnknown:Release (This=0x590de8) returned 0x2 [0230.249] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0230.249] CoGetContextToken (in: pToken=0x19ef28 | out: pToken=0x19ef28) returned 0x0 [0230.249] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x19eff8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x5475f8) returned 0x0 [0230.250] WbemLocator:IUnknown:AddRef (This=0x5475f8) returned 0x4 [0230.250] WbemLocator:IUnknown:Release (This=0x5475f8) returned 0x3 [0230.250] WbemLocator:IUnknown:Release (This=0x5475f8) returned 0x2 [0230.250] SysStringLen (param_1=0x0) returned 0x0 [0230.250] CoGetContextToken (in: pToken=0x19efc0 | out: pToken=0x19efc0) returned 0x0 [0230.250] WbemLocator:IUnknown:AddRef (This=0x590de8) returned 0x3 [0230.250] WbemLocator:IUnknown:QueryInterface (in: This=0x590de8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee54 | out: ppvObject=0x19ee54*=0x590de8) returned 0x0 [0230.250] WbemLocator:IUnknown:Release (This=0x590de8) returned 0x3 [0230.250] WbemLocator:IUnknown:Release (This=0x590de8) returned 0x2 [0230.250] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0230.250] WbemLocator:IUnknown:AddRef (This=0x5475f8) returned 0x3 [0230.250] IWbemServices:ExecQuery (in: This=0x5475f8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x19f2c4 | out: ppEnum=0x19f2c4*=0x5956e0) returned 0x0 [0230.321] IUnknown:QueryInterface (in: This=0x5956e0, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f128 | out: ppvObject=0x19f128*=0x5956e4) returned 0x0 [0230.321] IClientSecurity:QueryBlanket (in: This=0x5956e4, pProxy=0x5956e0, pAuthnSvc=0x19f178, pAuthzSvc=0x19f174, pServerPrincName=0x19f16c, pAuthnLevel=0x19f170, pImpLevel=0x19f160, pAuthInfo=0x19f164, pCapabilites=0x19f168 | out: pAuthnSvc=0x19f178*=0xa, pAuthzSvc=0x19f174*=0x0, pServerPrincName=0x19f16c, pAuthnLevel=0x19f170*=0x6, pImpLevel=0x19f160*=0x2, pAuthInfo=0x19f164, pCapabilites=0x19f168*=0x1) returned 0x0 [0230.321] IUnknown:Release (This=0x5956e4) returned 0x1 [0230.321] IUnknown:QueryInterface (in: This=0x5956e0, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f11c | out: ppvObject=0x19f11c*=0x591de8) returned 0x0 [0230.321] IUnknown:QueryInterface (in: This=0x5956e0, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f118 | out: ppvObject=0x19f118*=0x5956e4) returned 0x0 [0230.321] IClientSecurity:SetBlanket (This=0x5956e4, pProxy=0x5956e0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0230.424] IUnknown:Release (This=0x5956e4) returned 0x2 [0230.424] WbemLocator:IUnknown:Release (This=0x591de8) returned 0x1 [0230.424] CoTaskMemFree (pv=0x59a7b8) [0230.424] IUnknown:QueryInterface (in: This=0x5956e0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed14 | out: ppvObject=0x19ed14*=0x591de8) returned 0x0 [0230.424] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecd0 | out: ppvObject=0x19ecd0*=0x0) returned 0x80004002 [0230.425] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eaec | out: ppvObject=0x19eaec*=0x0) returned 0x80004002 [0230.425] IUnknown:QueryInterface (in: This=0x5956e0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8c4 | out: ppvObject=0x19e8c4*=0x0) returned 0x80004002 [0230.426] WbemLocator:IUnknown:AddRef (This=0x591de8) returned 0x3 [0230.426] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e62c | out: ppvObject=0x19e62c*=0x0) returned 0x80004002 [0230.426] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x0) returned 0x80004002 [0230.426] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e8 | out: ppvObject=0x19e5e8*=0x591d44) returned 0x0 [0230.426] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591d44, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5f0 | out: pCid=0x19e5f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0230.426] WbemLocator:IUnknown:Release (This=0x591d44) returned 0x3 [0230.426] CoGetContextToken (in: pToken=0x19e648 | out: pToken=0x19e648) returned 0x0 [0230.426] CoGetContextToken (in: pToken=0x19ea50 | out: pToken=0x19ea50) returned 0x0 [0230.426] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eae0 | out: ppvObject=0x19eae0*=0x591dcc) returned 0x0 [0230.426] WbemLocator:IRpcOptions:Query (in: This=0x591dcc, pPrx=0x591de8, dwProperty=2, pdwValue=0x19eb08 | out: pdwValue=0x19eb08) returned 0x80004002 [0230.426] WbemLocator:IUnknown:Release (This=0x591dcc) returned 0x3 [0230.426] WbemLocator:IUnknown:Release (This=0x591de8) returned 0x2 [0230.426] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0230.427] CoGetContextToken (in: pToken=0x19ef88 | out: pToken=0x19ef88) returned 0x0 [0230.427] WbemLocator:IUnknown:QueryInterface (in: This=0x591de8, riid=0x19f058*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f054 | out: ppvObject=0x19f054*=0x5956e0) returned 0x0 [0230.427] IUnknown:AddRef (This=0x5956e0) returned 0x4 [0230.427] IUnknown:Release (This=0x5956e0) returned 0x3 [0230.427] IUnknown:Release (This=0x5956e0) returned 0x2 [0230.427] WbemLocator:IUnknown:Release (This=0x5475f8) returned 0x2 [0230.427] SysStringLen (param_1=0x0) returned 0x0 [0230.427] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f310 | out: puCount=0x19f310*=0x2) returned 0x0 [0230.427] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f30c*=0x0, pszText=0x0 | out: puBuffLength=0x19f30c*=0xf, pszText=0x0) returned 0x0 [0230.427] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f30c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f30c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0230.427] CoGetContextToken (in: pToken=0x19f160 | out: pToken=0x19f160) returned 0x0 [0230.427] IUnknown:AddRef (This=0x5956e0) returned 0x3 [0230.427] IEnumWbemClassObject:Clone (in: This=0x5956e0, ppEnum=0x19f31c | out: ppEnum=0x19f31c*=0x5957a8) returned 0x0 [0230.428] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e0 | out: ppvObject=0x19f1e0*=0x5957ac) returned 0x0 [0230.428] IClientSecurity:QueryBlanket (in: This=0x5957ac, pProxy=0x5957a8, pAuthnSvc=0x19f230, pAuthzSvc=0x19f22c, pServerPrincName=0x19f224, pAuthnLevel=0x19f228, pImpLevel=0x19f218, pAuthInfo=0x19f21c, pCapabilites=0x19f220 | out: pAuthnSvc=0x19f230*=0xa, pAuthzSvc=0x19f22c*=0x0, pServerPrincName=0x19f224, pAuthnLevel=0x19f228*=0x6, pImpLevel=0x19f218*=0x2, pAuthInfo=0x19f21c, pCapabilites=0x19f220*=0x1) returned 0x0 [0230.428] IUnknown:Release (This=0x5957ac) returned 0x1 [0230.429] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6f9010f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d4 | out: ppvObject=0x19f1d4*=0x5910e8) returned 0x0 [0230.429] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6f901104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d0 | out: ppvObject=0x19f1d0*=0x5957ac) returned 0x0 [0230.429] IClientSecurity:SetBlanket (This=0x5957ac, pProxy=0x5957a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0230.431] IUnknown:Release (This=0x5957ac) returned 0x2 [0230.431] WbemLocator:IUnknown:Release (This=0x5910e8) returned 0x1 [0230.431] CoTaskMemFree (pv=0x56bb38) [0230.431] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edbc | out: ppvObject=0x19edbc*=0x5910e8) returned 0x0 [0230.469] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed78 | out: ppvObject=0x19ed78*=0x0) returned 0x80004002 [0230.469] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb94 | out: ppvObject=0x19eb94*=0x0) returned 0x80004002 [0230.470] IUnknown:QueryInterface (in: This=0x5957a8, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e96c | out: ppvObject=0x19e96c*=0x0) returned 0x80004002 [0230.470] WbemLocator:IUnknown:AddRef (This=0x5910e8) returned 0x3 [0230.470] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e6d4 | out: ppvObject=0x19e6d4*=0x0) returned 0x80004002 [0230.470] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e684 | out: ppvObject=0x19e684*=0x0) returned 0x80004002 [0230.470] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e690 | out: ppvObject=0x19e690*=0x591044) returned 0x0 [0230.471] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x591044, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e698 | out: pCid=0x19e698*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0230.471] WbemLocator:IUnknown:Release (This=0x591044) returned 0x3 [0230.471] CoGetContextToken (in: pToken=0x19e6f0 | out: pToken=0x19e6f0) returned 0x0 [0230.471] CoGetContextToken (in: pToken=0x19eaf8 | out: pToken=0x19eaf8) returned 0x0 [0230.471] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb88 | out: ppvObject=0x19eb88*=0x5910cc) returned 0x0 [0230.471] WbemLocator:IRpcOptions:Query (in: This=0x5910cc, pPrx=0x5910e8, dwProperty=2, pdwValue=0x19ebb0 | out: pdwValue=0x19ebb0) returned 0x80004002 [0230.471] WbemLocator:IUnknown:Release (This=0x5910cc) returned 0x3 [0230.471] WbemLocator:IUnknown:Release (This=0x5910e8) returned 0x2 [0230.471] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0230.471] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0230.471] WbemLocator:IUnknown:QueryInterface (in: This=0x5910e8, riid=0x19f100*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f0fc | out: ppvObject=0x19f0fc*=0x5957a8) returned 0x0 [0230.471] IUnknown:AddRef (This=0x5957a8) returned 0x4 [0230.471] IUnknown:Release (This=0x5957a8) returned 0x3 [0230.472] IUnknown:Release (This=0x5957a8) returned 0x2 [0230.472] IUnknown:Release (This=0x5956e0) returned 0x2 [0230.472] SysStringLen (param_1=0x0) returned 0x0 [0230.472] IEnumWbemClassObject:Reset (This=0x5957a8) returned 0x0 [0230.472] CoTaskMemAlloc (cb=0x4) returned 0x55d3e8 [0230.472] IEnumWbemClassObject:Next (in: This=0x5957a8, lTimeout=-1, uCount=0x1, apObjects=0x55d3e8, puReturned=0x21e226c | out: apObjects=0x55d3e8*=0x55b2d0, puReturned=0x21e226c*=0x1) returned 0x0 [0231.516] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e980 | out: ppvObject=0x19e980*=0x55b2d0) returned 0x0 [0231.516] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x0) returned 0x80004002 [0231.516] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6abefb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e75c | out: ppvObject=0x19e75c*=0x0) returned 0x80004002 [0231.516] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e534 | out: ppvObject=0x19e534*=0x0) returned 0x80004002 [0231.516] IUnknown:AddRef (This=0x55b2d0) returned 0x3 [0231.516] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e29c | out: ppvObject=0x19e29c*=0x0) returned 0x80004002 [0231.516] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e24c | out: ppvObject=0x19e24c*=0x0) returned 0x80004002 [0231.517] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e258 | out: ppvObject=0x19e258*=0x55b2d4) returned 0x0 [0231.517] IMarshal:GetUnmarshalClass (in: This=0x55b2d4, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e260 | out: pCid=0x19e260*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0231.517] IUnknown:Release (This=0x55b2d4) returned 0x3 [0231.517] CoGetContextToken (in: pToken=0x19e2b8 | out: pToken=0x19e2b8) returned 0x0 [0231.517] CoGetContextToken (in: pToken=0x19e6c0 | out: pToken=0x19e6c0) returned 0x0 [0231.517] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x0) returned 0x80004002 [0231.517] IUnknown:Release (This=0x55b2d0) returned 0x2 [0231.517] CoGetContextToken (in: pToken=0x19ec90 | out: pToken=0x19ec90) returned 0x0 [0231.517] CoGetContextToken (in: pToken=0x19ebf0 | out: pToken=0x19ebf0) returned 0x0 [0231.517] IUnknown:QueryInterface (in: This=0x55b2d0, riid=0x19ecc0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecbc | out: ppvObject=0x19ecbc*=0x55b2d0) returned 0x0 [0231.518] IUnknown:AddRef (This=0x55b2d0) returned 0x4 [0231.518] IUnknown:Release (This=0x55b2d0) returned 0x3 [0231.518] IUnknown:Release (This=0x55b2d0) returned 0x2 [0231.518] CoTaskMemFree (pv=0x55d3e8) [0231.518] CoGetContextToken (in: pToken=0x19eff8 | out: pToken=0x19eff8) returned 0x0 [0231.518] IUnknown:AddRef (This=0x55b2d0) returned 0x3 [0231.518] IWbemClassObject:Get (in: This=0x55b2d0, wszName="__GENUS", lFlags=0, pVal=0x19f30c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f38c*=0, plFlavor=0x19f388*=0 | out: pVal=0x19f30c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f38c*=3, plFlavor=0x19f388*=64) returned 0x0 [0231.518] IWbemClassObject:Get (in: This=0x55b2d0, wszName="__PATH", lFlags=0, pVal=0x19f2f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f374*=0, plFlavor=0x19f370*=0 | out: pVal=0x19f2f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f374*=8, plFlavor=0x19f370*=64) returned 0x0 [0231.519] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0231.519] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0231.519] CoGetObjectContext (in: riid=0x2106418*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f31c | out: ppv=0x19f31c*=0x508aac) returned 0x0 [0231.519] IComThreadingInfo:GetCurrentApartmentType (in: This=0x508aac, pAptType=0x19f314 | out: pAptType=0x19f314*=1) returned 0x0 [0231.519] IUnknown:QueryInterface (in: This=0x508aac, riid=0x2106400*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f318 | out: ppvObject=0x19f318*=0x0) returned 0x80004002 [0231.520] IUnknown:Release (This=0x508aac) returned 0x1 [0231.521] CoGetClassObject (in: rclsid=0x59a824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6ab654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ec88 | out: ppv=0x19ec88*=0x55d3e8) returned 0x0 [0231.522] WbemDefPath:IUnknown:QueryInterface (in: This=0x55d3e8, riid=0x6ab195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eea0 | out: ppvObject=0x19eea0*=0x0) returned 0x80004002 [0231.522] WbemDefPath:IClassFactory:CreateInstance (in: This=0x55d3e8, pUnkOuter=0x0, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x5ba660) returned 0x0 [0231.522] WbemDefPath:IUnknown:Release (This=0x55d3e8) returned 0x0 [0231.522] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead4 | out: ppvObject=0x19ead4*=0x5ba660) returned 0x0 [0231.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6abefdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea90 | out: ppvObject=0x19ea90*=0x0) returned 0x80004002 [0231.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6abf056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e684 | out: ppvObject=0x19e684*=0x0) returned 0x80004002 [0231.523] WbemDefPath:IUnknown:AddRef (This=0x5ba660) returned 0x3 [0231.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6abf0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e3ec | out: ppvObject=0x19e3ec*=0x0) returned 0x80004002 [0231.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6abf015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e39c | out: ppvObject=0x19e39c*=0x0) returned 0x80004002 [0231.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6aac40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e3a8 | out: ppvObject=0x19e3a8*=0x594738) returned 0x0 [0231.523] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x594738, riid=0x6aab6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e3b0 | out: pCid=0x19e3b0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0231.523] WbemDefPath:IUnknown:Release (This=0x594738) returned 0x3 [0231.523] CoGetContextToken (in: pToken=0x19e408 | out: pToken=0x19e408) returned 0x0 [0231.523] CoGetContextToken (in: pToken=0x19e810 | out: pToken=0x19e810) returned 0x0 [0231.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x6abf0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8a0 | out: ppvObject=0x19e8a0*=0x0) returned 0x80004002 [0231.524] WbemDefPath:IUnknown:Release (This=0x5ba660) returned 0x2 [0231.524] WbemDefPath:IUnknown:Release (This=0x5ba660) returned 0x1 [0231.524] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0231.524] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0231.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ba660, riid=0x19f1c8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x5ba660) returned 0x0 [0231.524] WbemDefPath:IUnknown:AddRef (This=0x5ba660) returned 0x3 [0231.524] WbemDefPath:IUnknown:Release (This=0x5ba660) returned 0x2 [0231.524] WbemDefPath:IWbemPath:SetText (This=0x5ba660, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0231.524] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f348 | out: puCount=0x19f348*=0x2) returned 0x0 [0231.524] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f344*=0x0, pszText=0x0 | out: puBuffLength=0x19f344*=0xf, pszText=0x0) returned 0x0 [0231.524] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.525] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f318 | out: puCount=0x19f318*=0x2) returned 0x0 [0231.525] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f314*=0x0, pszText=0x0 | out: puBuffLength=0x19f314*=0xf, pszText=0x0) returned 0x0 [0231.525] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f314*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f314*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.525] IWbemClassObject:Get (in: This=0x55b2d0, wszName="Name", lFlags=0, pVal=0x19f314*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x21e2a78*=0, plFlavor=0x21e2a7c*=0 | out: pVal=0x19f314*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x21e2a78*=8, plFlavor=0x21e2a7c*=0) returned 0x0 [0231.525] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0231.525] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0231.525] IWbemClassObject:Get (in: This=0x55b2d0, wszName="Name", lFlags=0, pVal=0x19f31c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x21e2a78*=8, plFlavor=0x21e2a7c*=0 | out: pVal=0x19f31c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x21e2a78*=8, plFlavor=0x21e2a7c*=0) returned 0x0 [0231.525] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0231.525] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0231.526] CoTaskMemAlloc (cb=0x4) returned 0x55d358 [0231.526] IEnumWbemClassObject:Next (in: This=0x5957a8, lTimeout=-1, uCount=0x1, apObjects=0x55d358, puReturned=0x21e226c | out: apObjects=0x55d358*=0x0, puReturned=0x21e226c*=0x0) returned 0x1 [0231.530] CoTaskMemFree (pv=0x55d358) [0231.530] CoGetContextToken (in: pToken=0x19f248 | out: pToken=0x19f248) returned 0x0 [0231.530] WbemLocator:IUnknown:Release (This=0x5910e8) returned 0x1 [0231.530] IUnknown:Release (This=0x5957a8) returned 0x0 [0231.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x580720, puCount=0x19f354 | out: puCount=0x19f354*=0x2) returned 0x0 [0231.537] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f350*=0x0, pszText=0x0 | out: puBuffLength=0x19f350*=0xf, pszText=0x0) returned 0x0 [0231.537] WbemDefPath:IWbemPath:GetText (in: This=0x580720, lFlags=4, puBuffLength=0x19f350*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f350*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0231.570] GlobalMemoryStatusEx (in: lpBuffer=0x21e2cb4 | out: lpBuffer=0x21e2cb4) returned 1 [0231.763] GetCurrentProcess () returned 0xffffffff [0231.763] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef38 | out: TokenHandle=0x19ef38*=0x478) returned 1 [0231.770] GetCurrentProcess () returned 0xffffffff [0231.770] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef4c | out: TokenHandle=0x19ef4c*=0x47c) returned 1 [0231.939] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19f2b0 | out: pFixedInfo=0x0, pOutBufLen=0x19f2b0) returned 0x6f [0232.713] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x50f0dc0 [0232.713] GetNetworkParams (in: pFixedInfo=0x50f0dc0, pOutBufLen=0x19f2b0 | out: pFixedInfo=0x50f0dc0, pOutBufLen=0x19f2b0) returned 0x0 [0232.727] LocalFree (hMem=0x50f0dc0) returned 0x0 [0232.744] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0232.744] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x21e4eac, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0232.802] SystemFunction041 (in: Memory=0x5a219c, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x5a219c) returned 0x0 [0232.804] SysStringLen (param_1="W3oxtsMvzRhJV&eBZoFabwZV") returned 0x18 [0232.804] SystemFunction040 (in: Memory=0x56f654, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x56f654) returned 0x0 [0232.834] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f290 | out: UnbiasedTime=0x19f290) returned 1 [0232.834] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f280 | out: UnbiasedTime=0x19f280) returned 1 [0232.839] GetCurrentProcess () returned 0xffffffff [0232.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee84 | out: TokenHandle=0x19ee84*=0x4d4) returned 1 [0232.840] GetCurrentProcess () returned 0xffffffff [0232.840] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee98 | out: TokenHandle=0x19ee98*=0x494) returned 1 [0232.846] SetEvent (hEvent=0x2cc) returned 1 [0232.868] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19efe8 | out: lpWSAData=0x19efe8) returned 0 [0232.878] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x504 [0232.887] setsockopt (s=0x504, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0232.887] closesocket (s=0x504) returned 0 [0232.887] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x504 [0232.889] setsockopt (s=0x504, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0232.889] closesocket (s=0x504) returned 0 [0232.892] GetCurrentProcess () returned 0xffffffff [0232.892] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ed9c | out: TokenHandle=0x19ed9c*=0x504) returned 1 [0232.912] GetCurrentProcess () returned 0xffffffff [0232.912] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19edb0 | out: TokenHandle=0x19edb0*=0x508) returned 1 [0232.935] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x50c [0232.936] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x510 [0232.938] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x514 [0232.939] SetEvent (hEvent=0x2cc) returned 1 [0232.940] ReleaseMutex (hMutex=0x514) returned 1 [0232.941] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x518 [0232.942] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x51c [0232.943] GetAddrInfoW (in: pNodeName="mail.globalmedical.nl", pServiceName=0x0, pHints=0x19f0dc*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f084 | out: ppResult=0x19f084*=0x5a7a48*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.globalmedical.nl", ai_addr=0x50d2170*(sa_family=2, sin_port=0x0, sin_addr="185.104.29.70"), ai_next=0x0)) returned 0 [0233.275] FreeAddrInfoW (pAddrInfo=0x5a7a48*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.globalmedical.nl", ai_addr=0x50d2170*(sa_family=2, sin_port=0x0, sin_addr="185.104.29.70"), ai_next=0x0)) [0233.284] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x520 [0233.284] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x52c [0233.285] ioctlsocket (in: s=0x520, cmd=-2147195266, argp=0x19f0b4 | out: argp=0x19f0b4) returned 0 [0233.285] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x530 [0233.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x534 [0233.286] ioctlsocket (in: s=0x530, cmd=-2147195266, argp=0x19f0b4 | out: argp=0x19f0b4) returned 0 [0233.286] WSAIoctl (in: s=0x520, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f09c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f09c, lpOverlapped=0x0) returned -1 [0233.288] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19edcc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0233.290] WSAEventSelect (s=0x520, hEventObject=0x52c, lNetworkEvents=512) returned 0 [0233.290] WSAIoctl (in: s=0x530, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f09c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f09c, lpOverlapped=0x0) returned -1 [0233.290] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19edcc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0233.290] WSAEventSelect (s=0x530, hEventObject=0x534, lNetworkEvents=512) returned 0 [0233.291] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19f098*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19f098*=0xa78) returned 0x6f [0233.298] LocalAlloc (uFlags=0x0, uBytes=0xa78) returned 0x50f9fc8 [0233.298] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x50f9fc8, SizePointer=0x19f098*=0xa78 | out: AdapterAddresses=0x50f9fc8*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x50fa270, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0x50fa1e4, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x40, [1]=0x30, [2]=0x4, [3]=0xfb, [4]=0x63, [5]=0xbd, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0x50fa140*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x19f098*=0xa78) returned 0x0 [0233.308] LocalFree (hMem=0x50f9fc8) returned 0x0 [0233.309] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0a8 | out: phkResult=0x19f0a8*=0x538) returned 0x0 [0233.309] RegQueryValueExW (in: hKey=0x538, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19f0c4, lpData=0x0, lpcbData=0x19f0c0*=0x0 | out: lpType=0x19f0c4*=0x0, lpData=0x0, lpcbData=0x19f0c0*=0x0) returned 0x2 [0233.309] RegCloseKey (hKey=0x538) returned 0x0 [0233.310] WSAConnect (in: s=0x518, name=0x21ed214*(sa_family=2, sin_port=0x24b, sin_addr="185.104.29.70"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0233.341] closesocket (s=0x51c) returned 0 [0233.341] setsockopt (s=0x518, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0233.349] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 71 [0233.399] send (s=0x518, buf=0x21e6a80*, len=13, flags=0) returned 13 [0233.401] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 201 [0233.437] send (s=0x518, buf=0x21e6a80*, len=41, flags=0) returned 41 [0233.438] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 18 [0233.460] SysStringLen (param_1="焈샍꿺桍푎鹢ি쑍짝냆軖㸝狜ڕꥧ઻툇멛Ꮷ") returned 0x18 [0233.460] SystemFunction041 (in: Memory=0x56f654, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x56f654) returned 0x0 [0233.461] SysStringLen (param_1="W3oxtsMvzRhJV&eBZoFabwZV") returned 0x18 [0233.461] SystemFunction040 (in: Memory=0x56f654, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x56f654) returned 0x0 [0233.461] SysStringLen (param_1="W3oxtsMvzRhJV&eBZoFabwZV") returned 0x18 [0233.461] SysStringLen (param_1="W3oxtsMvzRhJV&eBZoFabwZV") returned 0x18 [0233.461] send (s=0x518, buf=0x21e6a80*, len=34, flags=0) returned 34 [0233.462] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 30 [0233.509] send (s=0x518, buf=0x21e6a80*, len=34, flags=0) returned 34 [0233.510] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 8 [0233.533] send (s=0x518, buf=0x21e6a80*, len=37, flags=0) returned 37 [0233.534] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 14 [0233.588] send (s=0x518, buf=0x21e6a80*, len=6, flags=0) returned 6 [0233.589] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 56 [0233.655] send (s=0x518, buf=0x21ef2b0*, len=235, flags=0) returned 235 [0233.658] send (s=0x518, buf=0x21f5ba8*, len=355, flags=0) returned 355 [0233.661] send (s=0x518, buf=0x21ef2b0*, len=2, flags=0) returned 2 [0233.661] send (s=0x518, buf=0x21e6a80*, len=5, flags=0) returned 5 [0233.662] recv (in: s=0x518, buf=0x21ed308, len=256, flags=0 | out: buf=0x21ed308*) returned 28 [0233.712] ReleaseSemaphore (in: hSemaphore=0x50c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0233.725] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1d2 [0233.725] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1d0 [0233.728] GetSystemMetrics (nIndex=75) returned 1 [0233.747] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0233.763] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6b210000 [0233.788] GetStockObject (i=5) returned 0x1900015 [0233.789] GetModuleHandleW (lpModuleName=0x0) returned 0x4600000 [0233.789] CoTaskMemAlloc (cb=0x5c) returned 0x50d63c8 [0233.789] RegisterClassW (lpWndClass=0x19f648) returned 0xc1d1 [0233.790] CoTaskMemFree (pv=0x50d63c8) [0233.790] GetModuleHandleW (lpModuleName=0x0) returned 0x4600000 [0233.791] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.378734a_r32_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x4600000, lpParam=0x0) returned 0x4035a [0233.792] SetWindowLongW (hWnd=0x4035a, nIndex=-4, dwNewLong=1999548128) returned 75189102 [0233.792] GetWindowLongW (hWnd=0x4035a, nIndex=-4) returned 1999548128 [0233.793] SetWindowLongW (hWnd=0x4035a, nIndex=-4, dwNewLong=75189142) returned 1999548128 [0233.793] GetWindowLongW (hWnd=0x4035a, nIndex=-4) returned 75189142 [0233.793] GetWindowLongW (hWnd=0x4035a, nIndex=-16) returned 113311744 [0233.793] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1b4 [0233.793] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4035a, Msg=0x24, wParam=0x0, lParam=0x19f1bc) returned 0x0 [0233.794] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4035a, Msg=0x81, wParam=0x0, lParam=0x19f1b0) returned 0x1 [0233.795] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4035a, Msg=0x83, wParam=0x0, lParam=0x19f19c) returned 0x0 [0233.795] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4035a, Msg=0x1, wParam=0x0, lParam=0x19f1b0) returned 0x0 [0233.796] GetClientRect (in: hWnd=0x4035a, lpRect=0x19eedc | out: lpRect=0x19eedc) returned 1 [0233.796] GetWindowRect (in: hWnd=0x4035a, lpRect=0x19eedc | out: lpRect=0x19eedc) returned 1 [0233.798] GetParent (hWnd=0x4035a) returned 0x0 [0233.801] OleInitialize (pvReserved=0x0) returned 0x80010106 [0233.803] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f868 | out: lplpMessageFilter=0x19f868*=0x0) returned 0x80004021 [0233.804] PeekMessageW (in: lpMsg=0x19f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f83c) returned 1 [0233.805] IsWindowUnicode (hWnd=0x601e2) returned 1 [0233.805] GetMessageW (in: lpMsg=0x19f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f83c) returned 1 [0233.824] TranslateMessage (lpMsg=0x19f83c) returned 0 [0233.824] DispatchMessageW (lpMsg=0x19f83c) returned 0x0 [0233.824] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x601e2, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0233.824] PeekMessageW (in: lpMsg=0x19f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f83c) returned 0 [0233.827] PeekMessageW (in: lpMsg=0x19f83c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f83c) returned 0 [0233.827] WaitMessage () Thread: id = 6 os_tid = 0x7a0 Thread: id = 7 os_tid = 0x670 Thread: id = 8 os_tid = 0x340 [0110.635] CoGetContextToken (in: pToken=0x427fc3c | out: pToken=0x427fc3c) returned 0x0 [0110.635] CObjectContext::QueryInterface () returned 0x0 [0110.635] CObjectContext::GetCurrentThreadType () returned 0x0 [0110.635] Release () returned 0x0 [0110.635] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0110.635] RoInitialize () returned 0x1 [0110.635] RoUninitialize () returned 0x0 [0222.644] CoGetContextToken (in: pToken=0x427fc30 | out: pToken=0x427fc30) returned 0x0 [0222.644] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.644] IUnknown:Release (This=0x50d848) returned 0x1 [0222.644] IUnknown:Release (This=0x50d848) returned 0x0 [0222.644] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.644] IUnknown:Release (This=0x57e250) returned 0x1 [0222.644] IUnknown:Release (This=0x57e250) returned 0x0 [0222.644] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.644] WbemLocator:IUnknown:Release (This=0x5570c8) returned 0x0 [0222.648] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.648] WbemLocator:IUnknown:Release (This=0x557dc8) returned 0x0 [0222.720] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.720] WbemLocator:IUnknown:Release (This=0x5913e8) returned 0x0 [0222.817] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.817] WbemLocator:IUnknown:Release (This=0x5924e8) returned 0x0 [0222.872] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.872] WbemLocator:IUnknown:Release (This=0x59f660) returned 0x1 [0222.872] WbemLocator:IUnknown:Release (This=0x59f660) returned 0x0 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] IUnknown:Release (This=0x55bdf8) returned 0x2 [0222.873] IUnknown:Release (This=0x55bdf8) returned 0x1 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x1 [0222.873] WbemLocator:IUnknown:Release (This=0x59f5d0) returned 0x0 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] IUnknown:Release (This=0x55b600) returned 0x1 [0222.873] IUnknown:Release (This=0x55b600) returned 0x0 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] IUnknown:Release (This=0x55bc60) returned 0x1 [0222.873] IUnknown:Release (This=0x55bc60) returned 0x0 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] IUnknown:Release (This=0x5b18d8) returned 0x2 [0222.873] IUnknown:Release (This=0x5b18d8) returned 0x1 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] IUnknown:Release (This=0x5b1c08) returned 0x2 [0222.873] IUnknown:Release (This=0x5b1c08) returned 0x1 [0222.873] CoGetContextToken (in: pToken=0x427fc30 | out: pToken=0x427fc30) returned 0x0 [0222.873] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.873] WbemDefPath:IUnknown:Release (This=0x580bf0) returned 0x1 [0222.874] WbemDefPath:IUnknown:Release (This=0x580bf0) returned 0x0 [0222.874] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.874] WbemDefPath:IUnknown:Release (This=0x580db0) returned 0x1 [0222.874] WbemDefPath:IUnknown:Release (This=0x580db0) returned 0x0 [0222.874] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.874] WbemDefPath:IUnknown:Release (This=0x5806b0) returned 0x1 [0222.874] WbemDefPath:IUnknown:Release (This=0x5806b0) returned 0x0 [0222.874] CoGetContextToken (in: pToken=0x427fbb8 | out: pToken=0x427fbb8) returned 0x0 [0222.874] WbemDefPath:IUnknown:Release (This=0x580870) returned 0x1 [0222.874] WbemDefPath:IUnknown:Release (This=0x580870) returned 0x0 [0222.875] IUnknown:Release (This=0x5b1c08) returned 0x0 [0222.875] CoGetContextToken (in: pToken=0x427fa50 | out: pToken=0x427fa50) returned 0x0 [0222.875] WbemLocator:IUnknown:Release (This=0x5915e8) returned 0x1 [0222.875] IUnknown:Release (This=0x595b90) returned 0x0 [0222.880] IUnknown:Release (This=0x50d2a40) returned 0x0 [0222.882] IUnknown:Release (This=0x55bdf8) returned 0x0 [0222.882] IUnknown:Release (This=0x5b18d8) returned 0x0 [0222.883] CoGetContextToken (in: pToken=0x427fa50 | out: pToken=0x427fa50) returned 0x0 [0222.883] WbemLocator:IUnknown:Release (This=0x590ce8) returned 0x1 [0222.883] IUnknown:Release (This=0x5957a8) returned 0x0 [0222.887] IUnknown:Release (This=0x5b6f38) returned 0x0 [0222.888] CloseHandle (hObject=0x2e0) returned 1 [0222.888] CloseHandle (hObject=0x2dc) returned 1 [0222.888] CloseHandle (hObject=0x2d8) returned 1 [0222.888] CloseHandle (hObject=0x2d4) returned 1 [0222.888] CloseHandle (hObject=0x2f0) returned 1 [0222.889] CloseHandle (hObject=0x2ec) returned 1 [0222.889] CloseHandle (hObject=0x2e8) returned 1 [0222.889] CloseHandle (hObject=0x2e4) returned 1 Thread: id = 9 os_tid = 0x978 Thread: id = 10 os_tid = 0x68c Thread: id = 11 os_tid = 0x7ac Thread: id = 12 os_tid = 0x794 [0123.211] malloc (_Size=0x80) returned 0x9633d0 [0123.214] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5712d8 [0123.214] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.217] DllGetClassObject (in: rclsid=0x578e04*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x76dc53f4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e4eff4 | out: ppv=0x4e4eff4*=0x5712a8) returned 0x0 [0123.218] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5712a8 [0123.218] WinMGMTS:IClassFactory:CreateInstance (in: This=0x5712a8, pUnkOuter=0x0, riid=0x19f330*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4efdc | out: ppvObject=0x4e4efdc*=0x55d418) returned 0x0 [0123.219] GetVersionExW (in: lpVersionInformation=0x4e4ede8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x4e4ee50, dwMinorVersion=0x1, dwBuildNumber=0x4e4ee38, dwPlatformId=0x76e665c7, szCSDVersion="ӤӤ\x10") | out: lpVersionInformation=0x4e4ede8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0123.219] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x4e4ede0 | out: phkResult=0x4e4ede0*=0x3a4) returned 0x0 [0123.220] RegQueryValueExW (in: hKey=0x3a4, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x4e4edd8, lpcbData=0x4e4ede4*=0x4 | out: lpType=0x0, lpData=0x4e4edd8*=0x3, lpcbData=0x4e4ede4*=0x4) returned 0x0 [0123.220] RegCloseKey (hKey=0x3a4) returned 0x0 [0123.220] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x579c00 [0123.220] GetSystemDirectoryW (in: lpBuffer=0x579c00, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0123.220] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a90000 [0123.221] GetProcAddress (hModule=0x76a90000, lpProcName="DuplicateTokenEx") returned 0x76ab0ad0 [0123.221] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.221] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x564f58 [0123.221] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x55d418 [0123.221] WinMGMTS:IUnknown:AddRef (This=0x55d418) returned 0x2 [0123.221] WinMGMTS:IUnknown:Release (This=0x55d418) returned 0x1 [0123.221] WinMGMTS:IUnknown:Release (This=0x5712a8) returned 0x0 [0123.221] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.222] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7490*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e4ee6c | out: ppvObject=0x4e4ee6c*=0x0) returned 0x80004002 [0123.222] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73c0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ed38 | out: ppvObject=0x4e4ed38*=0x0) returned 0x80004002 [0123.222] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7460*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ed5c | out: ppvObject=0x4e4ed5c*=0x0) returned 0x80004002 [0123.222] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7410*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ed88 | out: ppvObject=0x4e4ed88*=0x55d418) returned 0x0 [0123.222] WinMGMTS:IUnknown:AddRef (This=0x55d418) returned 0x3 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db76f0*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ec80 | out: ppvObject=0x4e4ec80*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76dc3d58*(Data1=0x40, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ec64 | out: ppvObject=0x4e4ec64*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7700*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e4ec74 | out: ppvObject=0x4e4ec74*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7710*(Data1=0x77dd1250, Data2=0x139c, Data3=0x2bc3, Data4=([0]=0xbd, [1]=0x95, [2]=0x90, [3]=0xa, [4]=0xce, [5]=0xd6, [6]=0x1b, [7]=0xe5)), ppvObject=0x4e4ec88 | out: ppvObject=0x4e4ec88*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7720*(Data1=0xbfd60505, Data2=0x5a1f, Data3=0x4e41, Data4=([0]=0x88, [1]=0xba, [2]=0xa6, [3]=0xfb, [4]=0x7, [5]=0x20, [6]=0x2d, [7]=0xa9)), ppvObject=0x4e4ec84 | out: ppvObject=0x4e4ec84*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7730*(Data1=0x3fb5c57, Data2=0xd534, Data3=0x45f5, Data4=([0]=0xa1, [1]=0xf4, [2]=0xd3, [3]=0x95, [4]=0x56, [5]=0x98, [6]=0x38, [7]=0x75)), ppvObject=0x4e4ec78 | out: ppvObject=0x4e4ec78*=0x0) returned 0x80004002 [0123.223] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0123.224] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7740*(Data1=0x2c258ae7, Data2=0x50dc, Data3=0x49ff, Data4=([0]=0x9d, [1]=0x1d, [2]=0x2e, [3]=0xcb, [4]=0x9a, [5]=0x52, [6]=0xcd, [7]=0xd7)), ppvObject=0x4e4ec7c | out: ppvObject=0x4e4ec7c*=0x0) returned 0x80004002 [0123.224] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db76e0*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557fe0 | out: ppvObject=0x557fe0*=0x0) returned 0x80004002 [0123.224] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db7750*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x4e4ec8c | out: ppvObject=0x4e4ec8c*=0x0) returned 0x80004002 [0123.224] WinMGMTS:IUnknown:Release (This=0x55d418) returned 0x2 [0123.225] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x569df8*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eb38 | out: ppvObject=0x4e4eb38*=0x55d418) returned 0x0 [0123.226] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x4e4eadc*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x564f10 | out: ppvObject=0x564f10*=0x55d418) returned 0x0 [0123.227] WinMGMTS:IUnknown:Release (This=0x55d418) returned 0x3 [0123.228] WinMGMTS:IUnknown:QueryInterface (in: This=0x55d418, riid=0x76db6b80*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x4e4f698 | out: ppvObject=0x4e4f698*=0x0) returned 0x80004002 [0123.229] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x55d418, pbc=0x56ebec, pszDisplayName="WinMgmts:", pchEaten=0x4e4f330, ppmkOut=0x56e7f0 | out: pchEaten=0x4e4f330*=0x9, ppmkOut=0x56e7f0*=0x57e3e0) returned 0x0 [0123.229] ApiSetQueryApiSetPresence () returned 0x0 [0123.229] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0123.229] IBindCtx:GetObjectParam (in: This=0x56ebec, pszKey="WmiObject", ppunk=0x4e4efc8 | out: ppunk=0x4e4efc8*=0x0) returned 0x80004005 [0123.246] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56ead0 [0123.246] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0123.246] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x574c80 [0123.246] ResolveDelayLoadedAPI () returned 0x76e20060 [0123.247] CoCreateInstance (in: rclsid=0x6cc91c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc91c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x574c98 | out: ppv=0x574c98*=0x55d468) returned 0x0 [0123.426] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x575570 [0123.426] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x576460 [0123.426] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56eaf0 [0123.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0123.427] GetCurrentThreadId () returned 0x794 [0123.427] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0123.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0123.427] GetCurrentThreadId () returned 0x794 [0123.428] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x4e4ee3c | out: phkResult=0x4e4ee3c*=0x3c0) returned 0x0 [0123.428] RegQueryValueExW (in: hKey=0x3c0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x4e4ee40*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x4e4ee40*=0x16) returned 0x0 [0123.428] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56e870 [0123.428] RegQueryValueExW (in: hKey=0x3c0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x56e870, lpcbData=0x4e4ee40*=0x16 | out: lpType=0x0, lpData=0x56e870*=0x72, lpcbData=0x4e4ee40*=0x16) returned 0x0 [0123.428] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56e890 [0123.429] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.429] RegCloseKey (hKey=0x3c0) returned 0x0 [0123.430] CoCreateInstance (in: rclsid=0x6cc921a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc921b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x4e4ee74 | out: ppv=0x4e4ee74*=0x54afa8) returned 0x0 [0123.578] SysStringLen (param_1=".") returned 0x1 [0123.578] WbemDefPath:IWbemPath:SetServer (This=0x54afa8, Name=".") returned 0x0 [0123.579] CoCreateInstance (in: rclsid=0x6cc921a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc921b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x4e4ee20 | out: ppv=0x4e4ee20*=0x552db0) returned 0x0 [0123.579] CoCreateInstance (in: rclsid=0x6cc921a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc921b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x4e4edbc | out: ppv=0x4e4edbc*=0x579d80) returned 0x0 [0123.579] WbemDefPath:IWbemPath:SetText (This=0x579d80, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0123.579] WbemDefPath:IUnknown:Release (This=0x579d80) returned 0x0 [0123.579] SysStringLen (param_1="root\\cimv2") returned 0xa [0123.579] WbemDefPath:IWbemPath:SetText (This=0x552db0, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0123.579] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x552db0, puCount=0x4e4ee38 | out: puCount=0x4e4ee38*=0x2) returned 0x0 [0123.579] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x54afa8) returned 0x0 [0123.579] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x552db0, uIndex=0x0, puNameBufLength=0x4e4edf4*=0x0, pName=0x0 | out: puNameBufLength=0x4e4edf4*=0x5, pName=0x0) returned 0x0 [0123.579] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x571308 [0123.579] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x552db0, uIndex=0x0, puNameBufLength=0x4e4edf4*=0x5, pName="䅬盜䆐盜漨" | out: puNameBufLength=0x4e4edf4*=0x5, pName="root") returned 0x0 [0123.580] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.580] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x54afa8, uIndex=0x0, pszName="root") returned 0x0 [0123.580] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x552db0, uIndex=0x1, puNameBufLength=0x4e4edf4*=0x0, pName=0x0 | out: puNameBufLength=0x4e4edf4*=0x6, pName=0x0) returned 0x0 [0123.580] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x571248 [0123.580] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x552db0, uIndex=0x1, puNameBufLength=0x4e4edf4*=0x6, pName="cimv2" | out: puNameBufLength=0x4e4edf4*=0x6, pName="cimv2") returned 0x0 [0123.580] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.581] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x54afa8, uIndex=0x1, pszName="cimv2") returned 0x0 [0123.581] WbemDefPath:IUnknown:Release (This=0x552db0) returned 0x0 [0123.581] WbemDefPath:IWbemPath:GetText (in: This=0x54afa8, lFlags=4, puBuffLength=0x4e4ee3c*=0x0, pszText=0x0 | out: puBuffLength=0x4e4ee3c*=0xf, pszText=0x0) returned 0x0 [0123.581] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x565098 [0123.581] WbemDefPath:IWbemPath:GetText (in: This=0x54afa8, lFlags=4, puBuffLength=0x4e4ee3c*=0xf, pszText="cimv2" | out: puBuffLength=0x4e4ee3c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0123.581] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0123.581] WbemDefPath:IUnknown:Release (This=0x54afa8) returned 0x0 [0123.581] WbemLocator:IWbemLocator:ConnectServer (in: This=0x55d468, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x4e4eebc | out: ppNamespace=0x4e4eebc*=0x546f68) returned 0x0 [0127.040] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x580d40 [0127.040] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x575fe0 [0127.040] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57cf70 [0127.040] WbemLocator:IUnknown:QueryInterface (in: This=0x546f68, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eeac | out: ppvObject=0x4e4eeac*=0x5575a4) returned 0x0 [0127.041] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5575a4, pProxy=0x546f68, pAuthnSvc=0x4e4ee88, pAuthzSvc=0x4e4ee8c, pServerPrincName=0x0, pAuthnLevel=0x4e4eefc, pImpLevel=0x4e4ef04, pAuthInfo=0x0, pCapabilites=0x4e4ee90 | out: pAuthnSvc=0x4e4ee88*=0xa, pAuthzSvc=0x4e4ee8c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4eefc*=0x6, pImpLevel=0x4e4ef04*=0x2, pAuthInfo=0x0, pCapabilites=0x4e4ee90*=0x1) returned 0x0 [0127.041] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x1 [0127.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0127.041] GetCurrentThreadId () returned 0x794 [0127.041] WbemLocator:IUnknown:QueryInterface (in: This=0x546f68, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ef24 | out: ppvObject=0x4e4ef24*=0x5575a4) returned 0x0 [0127.041] WbemLocator:IClientSecurity:CopyProxy (in: This=0x5575a4, pProxy=0x546f68, ppCopy=0x4e4ef48 | out: ppCopy=0x4e4ef48*=0x547288) returned 0x0 [0127.041] WbemLocator:IUnknown:QueryInterface (in: This=0x547288, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4edc0 | out: ppvObject=0x4e4edc0*=0x5575a4) returned 0x0 [0127.041] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5575a4, pProxy=0x547288, pAuthnSvc=0x4e4edf0, pAuthzSvc=0x4e4edec, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x4e4edf0*=0xa, pAuthzSvc=0x4e4edec*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0127.041] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x3 [0127.042] WbemLocator:IUnknown:QueryInterface (in: This=0x547288, riid=0x6cc91f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eda4 | out: ppvObject=0x4e4eda4*=0x5575c8) returned 0x0 [0127.042] WbemLocator:IUnknown:QueryInterface (in: This=0x547288, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eda8 | out: ppvObject=0x4e4eda8*=0x5575a4) returned 0x0 [0127.042] WbemLocator:IClientSecurity:SetBlanket (This=0x5575a4, pProxy=0x547288, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0127.042] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x4 [0127.042] WbemLocator:IUnknown:Release (This=0x5575c8) returned 0x3 [0127.042] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x2 [0127.042] WbemLocator:IUnknown:AddRef (This=0x547288) returned 0x3 [0127.042] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x575e00 [0127.043] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56e550 [0127.043] WbemLocator:IUnknown:Release (This=0x546f68) returned 0x2 [0127.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0127.043] GetCurrentThreadId () returned 0x794 [0127.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0127.043] GetCurrentThreadId () returned 0x794 [0127.043] WbemLocator:IUnknown:QueryInterface (in: This=0x547288, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ef4c | out: ppvObject=0x4e4ef4c*=0x5575a4) returned 0x0 [0127.043] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5575a4, pProxy=0x547288, pAuthnSvc=0x4e4ef38, pAuthzSvc=0x4e4ef3c, pServerPrincName=0x0, pAuthnLevel=0x4e4ef48, pImpLevel=0x4e4ef44, pAuthInfo=0x0, pCapabilites=0x4e4ef40 | out: pAuthnSvc=0x4e4ef38*=0xa, pAuthzSvc=0x4e4ef3c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4ef48*=0x6, pImpLevel=0x4e4ef44*=0x3, pAuthInfo=0x0, pCapabilites=0x4e4ef40*=0x20) returned 0x0 [0127.043] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x2 [0127.043] ResolveDelayLoadedAPI () returned 0x76b42060 [0127.044] CreatePointerMoniker (in: punk=0x580d40, ppmk=0x56e7f0 | out: ppmk=0x56e7f0*=0x57e3e0) returned 0x0 [0127.044] IUnknown:AddRef (This=0x580d40) returned 0x2 [0127.048] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0127.048] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0127.048] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0127.048] WbemLocator:IUnknown:Release (This=0x55d468) returned 0x0 [0127.048] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0127.048] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0127.053] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73c0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ef98 | out: ppvObject=0x4e4ef98*=0x0) returned 0x80004002 [0127.057] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73c0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ee64 | out: ppvObject=0x4e4ee64*=0x0) returned 0x80004002 [0127.057] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7490*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e4ee3c | out: ppvObject=0x4e4ee3c*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73c0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ed08 | out: ppvObject=0x4e4ed08*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7460*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ed2c | out: ppvObject=0x4e4ed2c*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7410*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ed58 | out: ppvObject=0x4e4ed58*=0x580d40) returned 0x0 [0127.058] IUnknown:AddRef (This=0x580d40) returned 0x3 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db76f0*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ec50 | out: ppvObject=0x4e4ec50*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec14 | out: ppvObject=0x4e4ec14*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76dc3d58*(Data1=0x40, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ec34 | out: ppvObject=0x4e4ec34*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec14 | out: ppvObject=0x4e4ec14*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7700*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e4ec44 | out: ppvObject=0x4e4ec44*=0x0) returned 0x80004002 [0127.058] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec14 | out: ppvObject=0x4e4ec14*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7710*(Data1=0x77dd1250, Data2=0x139c, Data3=0x2bc3, Data4=([0]=0xbd, [1]=0x95, [2]=0x90, [3]=0xa, [4]=0xce, [5]=0xd6, [6]=0x1b, [7]=0xe5)), ppvObject=0x4e4ec58 | out: ppvObject=0x4e4ec58*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec14 | out: ppvObject=0x4e4ec14*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7720*(Data1=0xbfd60505, Data2=0x5a1f, Data3=0x4e41, Data4=([0]=0x88, [1]=0xba, [2]=0xa6, [3]=0xfb, [4]=0x7, [5]=0x20, [6]=0x2d, [7]=0xa9)), ppvObject=0x4e4ec54 | out: ppvObject=0x4e4ec54*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec14 | out: ppvObject=0x4e4ec14*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7730*(Data1=0x3fb5c57, Data2=0xd534, Data3=0x45f5, Data4=([0]=0xa1, [1]=0xf4, [2]=0xd3, [3]=0x95, [4]=0x56, [5]=0x98, [6]=0x38, [7]=0x75)), ppvObject=0x4e4ec48 | out: ppvObject=0x4e4ec48*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db73b0*(Data1=0x334d391f, Data2=0xe79, Data3=0x3b15, Data4=([0]=0xc9, [1]=0xff, [2]=0xea, [3]=0xc6, [4]=0x5d, [5]=0xd0, [6]=0x7c, [7]=0x42)), ppvObject=0x4e4ec14 | out: ppvObject=0x4e4ec14*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7740*(Data1=0x2c258ae7, Data2=0x50dc, Data3=0x49ff, Data4=([0]=0x9d, [1]=0x1d, [2]=0x2e, [3]=0xcb, [4]=0x9a, [5]=0x52, [6]=0xcd, [7]=0xd7)), ppvObject=0x4e4ec4c | out: ppvObject=0x4e4ec4c*=0x0) returned 0x80004002 [0127.059] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db76e0*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5579e0 | out: ppvObject=0x5579e0*=0x0) returned 0x80004002 [0127.060] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db7750*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x4e4ec5c | out: ppvObject=0x4e4ec5c*=0x0) returned 0x80004002 [0127.060] IUnknown:Release (This=0x580d40) returned 0x2 [0127.061] IUnknown:Release (This=0x580d40) returned 0x1 [0127.456] WinMGMTS:IUnknown:Release (This=0x55d418) returned 0x2 [0127.456] WinMGMTS:IUnknown:Release (This=0x55d418) returned 0x1 [0127.457] WinMGMTS:IUnknown:Release (This=0x55d418) returned 0x0 [0127.457] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0127.460] IUnknown:QueryInterface (in: This=0x580d40, riid=0x569df8*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e4ef08 | out: ppvObject=0x4e4ef08*=0x0) returned 0x80004002 [0127.460] IUnknown:QueryInterface (in: This=0x580d40, riid=0x569df8*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e4ef08 | out: ppvObject=0x4e4ef08*=0x580d50) returned 0x0 [0127.462] IUnknown:QueryInterface (in: This=0x580d40, riid=0x4e4eeac*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x57e4b0 | out: ppvObject=0x57e4b0*=0x580d50) returned 0x0 [0127.465] IUnknown:QueryInterface (in: This=0x580d50, riid=0x76db6b80*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x4e4f698 | out: ppvObject=0x4e4f698*=0x0) returned 0x80004002 [0127.465] IProvideClassInfo:GetClassInfo (in: This=0x580d50, ppTI=0x56ead0 | out: ppTI=0x56ead0*=0x586094) returned 0x0 [0127.466] LoadRegTypeLib (in: rguid=0x6cc92198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x4e4f09c*=0x0 | out: pptlib=0x4e4f09c*=0x584640) returned 0x0 [0127.821] ITypeLib:GetTypeInfoOfGuid (in: This=0x584640, GUID=0x580d84*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x580d6c | out: ppTInfo=0x580d6c*=0x586094) returned 0x0 [0127.824] IUnknown:Release (This=0x584640) returned 0x1 [0127.985] IUnknown:QueryInterface (in: This=0x580d40, riid=0x569e48*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e4ef08 | out: ppvObject=0x4e4ef08*=0x0) returned 0x80004002 [0128.267] IUnknown:QueryInterface (in: This=0x580d40, riid=0x569e48*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4ef08 | out: ppvObject=0x4e4ef08*=0x580d40) returned 0x0 [0128.269] IUnknown:AddRef (This=0x580d40) returned 0x5 [0128.270] IUnknown:QueryInterface (in: This=0x580d40, riid=0x76db6b80*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x4e4f698 | out: ppvObject=0x4e4f698*=0x0) returned 0x80004002 [0128.270] IUnknown:QueryInterface (in: This=0x580d40, riid=0x56ebb4*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57e348 | out: ppvObject=0x57e348*=0x580d40) returned 0x0 [0128.270] IDispatch:GetIDsOfNames (in: This=0x580d40, riid=0x575ce0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x575cf4*="InstancesOf", cNames=0x1, lcid=0x409, rgDispId=0x56eaf0 | out: rgDispId=0x56eaf0*=5) returned 0x0 [0128.270] LoadRegTypeLib (in: rguid=0x6cc92198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x4e4f020*=0x0 | out: pptlib=0x4e4f020*=0x584640) returned 0x0 [0128.271] ITypeLib:GetTypeInfoOfGuid (in: This=0x584640, GUID=0x580d74*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x580d68 | out: ppTInfo=0x580d68*=0x5860c0) returned 0x0 [0128.272] IUnknown:Release (This=0x584640) returned 0x2 [0128.272] IUnknown:AddRef (This=0x5860c0) returned 0x2 [0128.272] DispGetIDsOfNames (in: ptinfo=0x5860c0, rgszNames=0x575cf4*="InstancesOf", cNames=0x1, rgdispid=0x56eaf0 | out: rgdispid=0x56eaf0*=5) returned 0x0 [0128.273] IUnknown:Release (This=0x5860c0) returned 0x1 [0128.275] IUnknown:AddRef (This=0x5860c0) returned 0x2 [0128.275] ITypeInfo:LocalInvoke (This=0x5860c0) returned 0x0 [0128.276] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.276] GetCurrentThreadId () returned 0x794 [0128.276] WbemLocator:IUnknown:AddRef (This=0x547288) returned 0x3 [0128.276] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.277] GetCurrentThreadId () returned 0x794 [0128.277] IWbemServices:CreateInstanceEnum (in: This=0x547288, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x4e4ea30 | out: ppEnum=0x4e4ea30*=0x57d400) returned 0x0 [0128.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5762e0 [0128.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x576520 [0128.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x576820 [0128.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56eaf0 [0128.293] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57ceb8 [0128.293] IUnknown:QueryInterface (in: This=0x57d400, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e8d8 | out: ppvObject=0x4e4e8d8*=0x57d404) returned 0x0 [0128.293] IClientSecurity:QueryBlanket (in: This=0x57d404, pProxy=0x57d400, pAuthnSvc=0x4e4e8c4, pAuthzSvc=0x4e4e8cc, pServerPrincName=0x0, pAuthnLevel=0x4e4e900, pImpLevel=0x4e4e904, pAuthInfo=0x0, pCapabilites=0x4e4e8c8 | out: pAuthnSvc=0x4e4e8c4*=0xa, pAuthzSvc=0x4e4e8cc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4e900*=0x6, pImpLevel=0x4e4e904*=0x2, pAuthInfo=0x0, pCapabilites=0x4e4e8c8*=0x1) returned 0x0 [0128.293] IUnknown:Release (This=0x57d404) returned 0x1 [0128.293] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.293] GetCurrentThreadId () returned 0x794 [0128.293] WbemLocator:IUnknown:QueryInterface (in: This=0x547288, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e8c8 | out: ppvObject=0x4e4e8c8*=0x5575a4) returned 0x0 [0128.294] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5575a4, pProxy=0x547288, pAuthnSvc=0x4e4e8b0, pAuthzSvc=0x4e4e8b4, pServerPrincName=0x0, pAuthnLevel=0x4e4e8c0, pImpLevel=0x4e4e8c4, pAuthInfo=0x0, pCapabilites=0x4e4e8b8 | out: pAuthnSvc=0x4e4e8b0*=0xa, pAuthzSvc=0x4e4e8b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4e8c0*=0x6, pImpLevel=0x4e4e8c4*=0x3, pAuthInfo=0x0, pCapabilites=0x4e4e8b8*=0x20) returned 0x0 [0128.294] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x3 [0128.294] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.294] GetCurrentThreadId () returned 0x794 [0128.294] WbemLocator:IUnknown:QueryInterface (in: This=0x547288, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e8c8 | out: ppvObject=0x4e4e8c8*=0x5575a4) returned 0x0 [0128.294] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5575a4, pProxy=0x547288, pAuthnSvc=0x4e4e8b0, pAuthzSvc=0x4e4e8b4, pServerPrincName=0x0, pAuthnLevel=0x4e4e8c4, pImpLevel=0x4e4e8c0, pAuthInfo=0x0, pCapabilites=0x4e4e8b8 | out: pAuthnSvc=0x4e4e8b0*=0xa, pAuthzSvc=0x4e4e8b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4e8c4*=0x6, pImpLevel=0x4e4e8c0*=0x3, pAuthInfo=0x0, pCapabilites=0x4e4e8b8*=0x20) returned 0x0 [0128.294] WbemLocator:IUnknown:Release (This=0x5575a4) returned 0x3 [0128.294] IUnknown:QueryInterface (in: This=0x57d400, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e8f8 | out: ppvObject=0x4e4e8f8*=0x57d404) returned 0x0 [0128.308] IClientSecurity:CopyProxy (in: This=0x57d404, pProxy=0x57d400, ppCopy=0x4e4e8fc | out: ppCopy=0x4e4e8fc*=0x589878) returned 0x0 [0128.308] IUnknown:QueryInterface (in: This=0x589878, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e850 | out: ppvObject=0x4e4e850*=0x58987c) returned 0x0 [0128.308] IClientSecurity:QueryBlanket (in: This=0x58987c, pProxy=0x589878, pAuthnSvc=0x4e4e880, pAuthzSvc=0x4e4e87c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x4e4e880*=0xa, pAuthzSvc=0x4e4e87c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0128.309] IUnknown:Release (This=0x58987c) returned 0x3 [0128.309] IUnknown:QueryInterface (in: This=0x589878, riid=0x6cc91f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e834 | out: ppvObject=0x4e4e834*=0x5573c8) returned 0x0 [0128.309] IUnknown:QueryInterface (in: This=0x589878, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4e838 | out: ppvObject=0x4e4e838*=0x58987c) returned 0x0 [0128.309] IClientSecurity:SetBlanket (This=0x58987c, pProxy=0x589878, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0128.491] IUnknown:Release (This=0x58987c) returned 0x4 [0128.492] WbemLocator:IUnknown:Release (This=0x5573c8) returned 0x3 [0128.492] IUnknown:Release (This=0x57d404) returned 0x2 [0128.492] IUnknown:AddRef (This=0x589878) returned 0x3 [0128.492] IUnknown:Release (This=0x57d400) returned 0x2 [0128.492] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4e4e9ec | out: pperrinfo=0x4e4e9ec*=0x0) returned 0x1 [0128.492] WbemLocator:IUnknown:Release (This=0x547288) returned 0x2 [0128.492] IUnknown:Release (This=0x5860c0) returned 0x1 [0128.495] LoadRegTypeLib (in: rguid=0x6cc92198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x4e4f09c*=0x0 | out: pptlib=0x4e4f09c*=0x584640) returned 0x0 [0128.496] ITypeLib:GetTypeInfoOfGuid (in: This=0x584640, GUID=0x576318*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x576300 | out: ppTInfo=0x576300*=0x5861c8) returned 0x0 [0128.496] IUnknown:Release (This=0x584640) returned 0x3 [0128.496] IUnknown:AddRef (This=0x5861c8) returned 0x2 [0128.502] LoadRegTypeLib (in: rguid=0x6cc92198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x4e4efd0*=0x0 | out: pptlib=0x4e4efd0*=0x584640) returned 0x0 [0128.503] ITypeLib:GetTypeInfoOfGuid (in: This=0x584640, GUID=0x576308*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5762fc | out: ppTInfo=0x5762fc*=0x586170) returned 0x0 [0128.503] IUnknown:Release (This=0x584640) returned 0x4 [0128.503] IUnknown:AddRef (This=0x586170) returned 0x2 [0128.503] ITypeInfo:LocalInvoke (This=0x586170) returned 0x0 [0128.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.503] GetCurrentThreadId () returned 0x794 [0128.503] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x571410 [0128.503] IUnknown:Release (This=0x586170) returned 0x1 [0128.503] WinMGMTS:IUnknown:AddRef (This=0x571410) returned 0x3 [0128.505] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0128.993] IUnknown:AddRef (This=0x586170) returned 0x2 [0128.993] ITypeInfo:LocalInvoke (This=0x586170) returned 0x0 [0128.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.993] GetCurrentThreadId () returned 0x794 [0128.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.994] GetCurrentThreadId () returned 0x794 [0128.994] IUnknown:AddRef (This=0x589878) returned 0x3 [0128.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0128.994] GetCurrentThreadId () returned 0x794 [0128.994] IEnumWbemClassObject:Clone (in: This=0x589878, ppEnum=0x4e4eca8 | out: ppEnum=0x4e4eca8*=0x58d590) returned 0x0 [0129.045] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x575e60 [0129.045] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x576280 [0129.045] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x576340 [0129.045] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56e730 [0129.045] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57c8f8 [0129.045] IUnknown:QueryInterface (in: This=0x58d590, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eb54 | out: ppvObject=0x4e4eb54*=0x58d594) returned 0x0 [0129.045] IClientSecurity:QueryBlanket (in: This=0x58d594, pProxy=0x58d590, pAuthnSvc=0x4e4eb40, pAuthzSvc=0x4e4eb48, pServerPrincName=0x0, pAuthnLevel=0x4e4eb7c, pImpLevel=0x4e4eb80, pAuthInfo=0x0, pCapabilites=0x4e4eb44 | out: pAuthnSvc=0x4e4eb40*=0xa, pAuthzSvc=0x4e4eb48*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4eb7c*=0x6, pImpLevel=0x4e4eb80*=0x2, pAuthInfo=0x0, pCapabilites=0x4e4eb44*=0x1) returned 0x0 [0129.046] IUnknown:Release (This=0x58d594) returned 0x1 [0129.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.046] GetCurrentThreadId () returned 0x794 [0129.046] IUnknown:QueryInterface (in: This=0x589878, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eb44 | out: ppvObject=0x4e4eb44*=0x58987c) returned 0x0 [0129.046] IClientSecurity:QueryBlanket (in: This=0x58987c, pProxy=0x589878, pAuthnSvc=0x4e4eb2c, pAuthzSvc=0x4e4eb30, pServerPrincName=0x0, pAuthnLevel=0x4e4eb3c, pImpLevel=0x4e4eb40, pAuthInfo=0x0, pCapabilites=0x4e4eb34 | out: pAuthnSvc=0x4e4eb2c*=0xa, pAuthzSvc=0x4e4eb30*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4eb3c*=0x6, pImpLevel=0x4e4eb40*=0x3, pAuthInfo=0x0, pCapabilites=0x4e4eb34*=0x20) returned 0x0 [0129.046] IUnknown:Release (This=0x58987c) returned 0x3 [0129.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.046] GetCurrentThreadId () returned 0x794 [0129.046] IUnknown:QueryInterface (in: This=0x589878, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eb44 | out: ppvObject=0x4e4eb44*=0x58987c) returned 0x0 [0129.046] IClientSecurity:QueryBlanket (in: This=0x58987c, pProxy=0x589878, pAuthnSvc=0x4e4eb2c, pAuthzSvc=0x4e4eb30, pServerPrincName=0x0, pAuthnLevel=0x4e4eb40, pImpLevel=0x4e4eb3c, pAuthInfo=0x0, pCapabilites=0x4e4eb34 | out: pAuthnSvc=0x4e4eb2c*=0xa, pAuthzSvc=0x4e4eb30*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4eb40*=0x6, pImpLevel=0x4e4eb3c*=0x3, pAuthInfo=0x0, pCapabilites=0x4e4eb34*=0x20) returned 0x0 [0129.046] IUnknown:Release (This=0x58987c) returned 0x3 [0129.046] IUnknown:QueryInterface (in: This=0x58d590, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eb74 | out: ppvObject=0x4e4eb74*=0x58d594) returned 0x0 [0129.046] IClientSecurity:CopyProxy (in: This=0x58d594, pProxy=0x58d590, ppCopy=0x4e4eb78 | out: ppCopy=0x4e4eb78*=0x595de8) returned 0x0 [0129.046] IUnknown:QueryInterface (in: This=0x595de8, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eacc | out: ppvObject=0x4e4eacc*=0x595dec) returned 0x0 [0129.046] IClientSecurity:QueryBlanket (in: This=0x595dec, pProxy=0x595de8, pAuthnSvc=0x4e4eafc, pAuthzSvc=0x4e4eaf8, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x4e4eafc*=0xa, pAuthzSvc=0x4e4eaf8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0129.046] IUnknown:Release (This=0x595dec) returned 0x3 [0129.046] IUnknown:QueryInterface (in: This=0x595de8, riid=0x6cc91f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eab0 | out: ppvObject=0x4e4eab0*=0x557ec8) returned 0x0 [0129.046] IUnknown:QueryInterface (in: This=0x595de8, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4eab4 | out: ppvObject=0x4e4eab4*=0x595dec) returned 0x0 [0129.046] IClientSecurity:SetBlanket (This=0x595dec, pProxy=0x595de8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0129.103] IUnknown:Release (This=0x595dec) returned 0x4 [0129.103] WbemLocator:IUnknown:Release (This=0x557ec8) returned 0x3 [0129.103] IUnknown:Release (This=0x58d594) returned 0x2 [0129.103] IUnknown:AddRef (This=0x595de8) returned 0x3 [0129.103] IUnknown:Release (This=0x58d590) returned 0x2 [0129.103] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4e4ec68 | out: pperrinfo=0x4e4ec68*=0x0) returned 0x1 [0129.103] IUnknown:Release (This=0x589878) returned 0x2 [0129.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.103] GetCurrentThreadId () returned 0x794 [0129.104] IUnknown:AddRef (This=0x595de8) returned 0x3 [0129.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.104] GetCurrentThreadId () returned 0x794 [0129.104] IEnumWbemClassObject:Reset (This=0x595de8) returned 0x0 [0129.115] IUnknown:Release (This=0x595de8) returned 0x2 [0129.115] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x594618 [0129.115] IUnknown:Release (This=0x586170) returned 0x1 [0129.115] WinMGMTS:IUnknown:AddRef (This=0x594618) returned 0x3 [0129.118] WinMGMTS:IUnknown:AddRef (This=0x594618) returned 0x3 [0129.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.187] GetCurrentThreadId () returned 0x794 [0129.187] IUnknown:AddRef (This=0x595de8) returned 0x3 [0129.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.187] GetCurrentThreadId () returned 0x794 [0129.187] IEnumWbemClassObject:Next (in: This=0x595de8, lTimeout=-1, uCount=0x1, apObjects=0x4e4f01c, puReturned=0x4e4effc | out: apObjects=0x4e4f01c*=0x55b138, puReturned=0x4e4effc*=0x1) returned 0x0 [0129.199] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56f890 [0129.199] IUnknown:AddRef (This=0x55b138) returned 0x2 [0129.199] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5809c0 [0129.199] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x576160 [0129.200] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5760a0 [0129.200] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56e430 [0129.200] WbemLocator:IUnknown:AddRef (This=0x547288) returned 0x3 [0129.200] IUnknown:AddRef (This=0x595de8) returned 0x4 [0129.200] IUnknown:QueryInterface (in: This=0x595de8, riid=0x6cc91f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e4f048 | out: ppvObject=0x4e4f048*=0x595dec) returned 0x0 [0129.200] IClientSecurity:QueryBlanket (in: This=0x595dec, pProxy=0x595de8, pAuthnSvc=0x4e4efcc, pAuthzSvc=0x4e4efd4, pServerPrincName=0x0, pAuthnLevel=0x4e4eff8, pImpLevel=0x4e4f004, pAuthInfo=0x0, pCapabilites=0x4e4efc8 | out: pAuthnSvc=0x4e4efcc*=0xa, pAuthzSvc=0x4e4efd4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x4e4eff8*=0x6, pImpLevel=0x4e4f004*=0x3, pAuthInfo=0x0, pCapabilites=0x4e4efc8*=0x20) returned 0x0 [0129.200] IUnknown:Release (This=0x595dec) returned 0x4 [0129.200] WbemLocator:IUnknown:Release (This=0x547288) returned 0x2 [0129.200] WbemLocator:IUnknown:AddRef (This=0x547288) returned 0x3 [0129.200] IUnknown:Release (This=0x595de8) returned 0x3 [0129.200] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0129.200] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x581610 [0129.200] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x56e710 [0129.200] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57e778 [0129.200] IUnknown:AddRef (This=0x55b138) returned 0x3 [0129.200] IUnknown:Release (This=0x55b138) returned 0x2 [0129.200] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4e4ef94 | out: pperrinfo=0x4e4ef94*=0x0) returned 0x1 [0129.200] IUnknown:Release (This=0x595de8) returned 0x2 [0129.200] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4e4f04c | out: pperrinfo=0x4e4f04c*=0x0) returned 0x1 [0129.205] LoadRegTypeLib (in: rguid=0x6cc92198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x4e4f09c*=0x0 | out: pptlib=0x4e4f09c*=0x584640) returned 0x0 [0129.205] ITypeLib:GetTypeInfoOfGuid (in: This=0x584640, GUID=0x6cc94c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x58162c | out: ppTInfo=0x58162c*=0x5861f4) returned 0x0 [0129.206] IUnknown:Release (This=0x584640) returned 0x5 [0129.206] IUnknown:AddRef (This=0x5861f4) returned 0x2 [0129.214] LoadRegTypeLib (in: rguid=0x6cc92198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x4e4f020*=0x0 | out: pptlib=0x4e4f020*=0x584640) returned 0x0 [0129.215] ITypeLib:GetTypeInfoOfGuid (in: This=0x584640, GUID=0x6cc91e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x581628 | out: ppTInfo=0x581628*=0x586220) returned 0x0 [0129.215] IUnknown:Release (This=0x584640) returned 0x6 [0129.215] IUnknown:AddRef (This=0x586220) returned 0x2 [0129.215] DispGetIDsOfNames (in: ptinfo=0x586220, rgszNames=0x59b9d4*="SerialNumber", cNames=0x1, rgdispid=0x56e610 | out: rgdispid=0x56e610*=-1) returned 0x80020006 [0129.236] IUnknown:AddRef (This=0x55b138) returned 0x3 [0129.236] IWbemClassObject:Get (in: This=0x55b138, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x4e4eff0*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x4e4eff0*=0) returned 0x0 [0129.236] IUnknown:Release (This=0x55b138) returned 0x2 [0129.236] SysStringLen (param_1="SerialNumber") returned 0xc [0129.236] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57e5c0 [0129.236] SysStringLen (param_1="SerialNumber") returned 0xc [0129.236] IUnknown:Release (This=0x586220) returned 0x1 [0129.237] IUnknown:AddRef (This=0x586220) returned 0x2 [0129.237] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.237] GetCurrentThreadId () returned 0x794 [0129.237] SysStringLen (param_1="SerialNumber") returned 0xc [0129.237] IWbemClassObject:Get (in: This=0x55b138, wszName="SerialNumber", lFlags=0, pVal=0x4e4ef98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x4e4ef90*=-1581269021, plFlavor=0x0 | out: pVal=0x4e4ef98*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x4e4ef90*=8, plFlavor=0x0) returned 0x0 [0129.239] IUnknown:Release (This=0x586220) returned 0x1 [0129.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.327] GetCurrentThreadId () returned 0x794 [0129.327] IUnknown:AddRef (This=0x595de8) returned 0x3 [0129.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0129.327] GetCurrentThreadId () returned 0x794 [0129.327] IEnumWbemClassObject:Next (in: This=0x595de8, lTimeout=-1, uCount=0x1, apObjects=0x4e4f01c, puReturned=0x4e4effc | out: apObjects=0x4e4f01c*=0x0, puReturned=0x4e4effc*=0x0) returned 0x1 [0129.328] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4e4ef94 | out: pperrinfo=0x4e4ef94*=0x0) returned 0x1 [0129.328] IUnknown:Release (This=0x595de8) returned 0x2 [0129.328] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4e4f04c | out: pperrinfo=0x4e4f04c*=0x0) returned 0x1 [0222.647] IUnknown:Release (This=0x580d40) returned 0x7 [0222.647] IUnknown:Release (This=0x580d40) returned 0x6 [0222.647] IUnknown:Release (This=0x580d40) returned 0x5 [0222.647] IUnknown:Release (This=0x580d50) returned 0x4 [0222.647] IUnknown:Release (This=0x580d50) returned 0x3 [0222.648] IUnknown:Release (This=0x580d40) returned 0x2 [0222.649] IUnknown:Release (This=0x589878) returned 0x1 [0222.649] IUnknown:Release (This=0x589878) returned 0x0 [0222.719] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.719] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.719] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.719] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.719] IUnknown:Release (This=0x586170) returned 0x0 [0222.720] IUnknown:Release (This=0x5861c8) returned 0x0 [0222.720] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.720] WbemLocator:IUnknown:Release (This=0x547288) returned 0x2 [0222.720] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.720] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.720] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.721] IUnknown:Release (This=0x5860c0) returned 0x0 [0222.721] IUnknown:Release (This=0x586094) returned 0x0 [0222.721] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.721] IUnknown:Release (This=0x595de8) returned 0x1 [0222.721] IUnknown:Release (This=0x595de8) returned 0x0 [0222.816] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.816] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.816] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.816] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.816] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.816] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.817] IUnknown:Release (This=0x55b138) returned 0x1 [0222.817] WbemLocator:IUnknown:Release (This=0x547288) returned 0x1 [0222.817] WbemLocator:IUnknown:Release (This=0x547288) returned 0x0 [0222.868] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.868] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.868] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.868] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.868] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.868] IUnknown:Release (This=0x55b138) returned 0x0 [0222.868] IUnknown:Release (This=0x586220) returned 0x0 [0222.868] IUnknown:Release (This=0x5861f4) returned 0x0 [0222.872] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.872] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.872] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.872] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0222.872] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 Thread: id = 13 os_tid = 0x84c Thread: id = 120 os_tid = 0x990 [0140.031] CoGetContextToken (in: pToken=0x524febc | out: pToken=0x524febc) returned 0x0 [0140.031] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x524fee0 | out: ppvObject=0x524fee0*=0x508aac) returned 0x0 [0140.032] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x524ff0c | out: pThreadType=0x524ff0c*=0) returned 0x0 [0140.032] IUnknown:Release (This=0x508aac) returned 0x1 [0140.032] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0140.032] RoInitialize () returned 0x1 [0140.032] RoUninitialize () returned 0x0 Thread: id = 121 os_tid = 0x890 [0140.170] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0140.171] CoGetContextToken (in: pToken=0x538fd44 | out: pToken=0x538fd44) returned 0x0 [0140.171] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x538fd68 | out: ppvObject=0x538fd68*=0x508aac) returned 0x0 [0140.171] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x538fd94 | out: pThreadType=0x538fd94*=0) returned 0x0 [0140.171] IUnknown:Release (This=0x508aac) returned 0x1 [0140.171] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0140.171] CoUninitialize () [0140.171] RoInitialize () returned 0x1 [0140.171] RoUninitialize () returned 0x0 [0140.171] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x538fa54 | out: UnbiasedTime=0x538fa54) returned 1 [0140.172] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x538fa44 | out: UnbiasedTime=0x538fa44) returned 1 [0160.330] CoUninitialize () Thread: id = 122 os_tid = 0xa3c Thread: id = 124 os_tid = 0x758 [0170.064] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0170.066] CoGetContextToken (in: pToken=0x554fcc4 | out: pToken=0x554fcc4) returned 0x0 [0170.066] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x554fce8 | out: ppvObject=0x554fce8*=0x508aac) returned 0x0 [0170.066] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x554fd14 | out: pThreadType=0x554fd14*=0) returned 0x0 [0170.066] IUnknown:Release (This=0x508aac) returned 0x1 [0170.066] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0170.066] CoUninitialize () [0170.067] RoInitialize () returned 0x1 [0170.067] RoUninitialize () returned 0x0 [0170.067] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x554f9d4 | out: UnbiasedTime=0x554f9d4) returned 1 [0170.068] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x554f9c4 | out: UnbiasedTime=0x554f9c4) returned 1 [0170.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x554f8c8 | out: lpSystemTimeAsFileTime=0x554f8c8*(dwLowDateTime=0x576bedba, dwHighDateTime=0x1d7b461)) [0170.101] GetLastInputInfo (in: plii=0x20e1ec8 | out: plii=0x20e1ec8*(cbSize=0x8, dwTime=0x1efe586)) returned 1 [0190.152] CoUninitialize () Thread: id = 125 os_tid = 0x6f8 Thread: id = 126 os_tid = 0x1210 [0170.144] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0170.146] CoGetContextToken (in: pToken=0x534fc44 | out: pToken=0x534fc44) returned 0x0 [0170.146] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x534fc68 | out: ppvObject=0x534fc68*=0x508aac) returned 0x0 [0170.146] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x534fc94 | out: pThreadType=0x534fc94*=0) returned 0x0 [0170.146] IUnknown:Release (This=0x508aac) returned 0x1 [0170.146] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0170.146] CoUninitialize () [0170.146] RoInitialize () returned 0x1 [0170.146] RoUninitialize () returned 0x0 [0190.167] CoUninitialize () Thread: id = 128 os_tid = 0x820 [0200.109] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.111] CoGetContextToken (in: pToken=0x77fbc4 | out: pToken=0x77fbc4) returned 0x0 [0200.111] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x77fbe8 | out: ppvObject=0x77fbe8*=0x508aac) returned 0x0 [0200.112] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x77fc14 | out: pThreadType=0x77fc14*=0) returned 0x0 [0200.112] IUnknown:Release (This=0x508aac) returned 0x1 [0200.112] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0200.112] CoUninitialize () [0200.112] RoInitialize () returned 0x1 [0200.112] RoUninitialize () returned 0x0 [0200.113] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x77f8d4 | out: UnbiasedTime=0x77f8d4) returned 1 [0200.113] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x77f8c4 | out: UnbiasedTime=0x77f8c4) returned 1 [0200.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x77f7c8 | out: lpSystemTimeAsFileTime=0x77f7c8*(dwLowDateTime=0x6953d57b, dwHighDateTime=0x1d7b461)) [0200.116] GetLastInputInfo (in: plii=0x20e1ec8 | out: plii=0x20e1ec8*(cbSize=0x8, dwTime=0x1f05b04)) returned 1 [0220.174] CoUninitialize () Thread: id = 129 os_tid = 0x11c0 Thread: id = 130 os_tid = 0x1324 [0200.124] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.125] CoGetContextToken (in: pToken=0x534fb44 | out: pToken=0x534fb44) returned 0x0 [0200.125] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x534fb68 | out: ppvObject=0x534fb68*=0x508aac) returned 0x0 [0200.125] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x534fb94 | out: pThreadType=0x534fb94*=0) returned 0x0 [0200.125] IUnknown:Release (This=0x508aac) returned 0x1 [0200.125] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0200.125] CoUninitialize () [0200.125] RoInitialize () returned 0x1 [0200.125] RoUninitialize () returned 0x0 [0220.168] CoUninitialize () Thread: id = 157 os_tid = 0xedc Thread: id = 161 os_tid = 0xd28 [0230.190] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0230.191] CoGetContextToken (in: pToken=0x574fac4 | out: pToken=0x574fac4) returned 0x0 [0230.191] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x574fae8 | out: ppvObject=0x574fae8*=0x508aac) returned 0x0 [0230.192] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x574fb14 | out: pThreadType=0x574fb14*=0) returned 0x0 [0230.192] IUnknown:Release (This=0x508aac) returned 0x1 [0230.192] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0230.192] CoUninitialize () [0230.192] RoInitialize () returned 0x1 [0230.192] RoUninitialize () returned 0x0 [0230.193] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x574f7d4 | out: UnbiasedTime=0x574f7d4) returned 1 [0230.193] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x574f7c4 | out: UnbiasedTime=0x574f7c4) returned 1 [0230.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x574f6c8 | out: lpSystemTimeAsFileTime=0x574f6c8*(dwLowDateTime=0x7b419518, dwHighDateTime=0x1d7b461)) [0230.194] GetLastInputInfo (in: plii=0x20e1bd0 | out: plii=0x20e1bd0*(cbSize=0x8, dwTime=0x1f0d11e)) returned 1 [0250.573] CoUninitialize () Thread: id = 162 os_tid = 0x848 Thread: id = 164 os_tid = 0x708 [0232.853] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0232.853] RoInitialize () returned 0x1 [0232.853] RoUninitialize () returned 0x0 [0232.855] ResetEvent (hEvent=0x2cc) returned 1 [0282.959] ReleaseSemaphore (in: hSemaphore=0x50c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0282.960] ReleaseSemaphore (in: hSemaphore=0x50c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0282.960] SetEvent (hEvent=0x2cc) returned 1 Thread: id = 165 os_tid = 0x614 [0260.237] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0260.238] CoGetContextToken (in: pToken=0x574f9c4 | out: pToken=0x574f9c4) returned 0x0 [0260.239] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x574f9e8 | out: ppvObject=0x574f9e8*=0x508aac) returned 0x0 [0260.239] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x574fa14 | out: pThreadType=0x574fa14*=0) returned 0x0 [0260.239] IUnknown:Release (This=0x508aac) returned 0x1 [0260.239] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0260.239] CoUninitialize () [0260.239] RoInitialize () returned 0x1 [0260.239] RoUninitialize () returned 0x0 [0260.240] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x574f6d4 | out: UnbiasedTime=0x574f6d4) returned 1 [0260.240] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x574f6c4 | out: UnbiasedTime=0x574f6c4) returned 1 [0260.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x574f5c8 | out: lpSystemTimeAsFileTime=0x574f5c8*(dwLowDateTime=0x8d289550, dwHighDateTime=0x1d7b461)) [0260.241] GetLastInputInfo (in: plii=0x20e1bd0 | out: plii=0x20e1bd0*(cbSize=0x8, dwTime=0x1f1470a)) returned 1 [0281.108] CoUninitialize () Thread: id = 166 os_tid = 0xd10 Thread: id = 167 os_tid = 0xf30 [0290.259] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0290.261] CoGetContextToken (in: pToken=0x5aff944 | out: pToken=0x5aff944) returned 0x0 [0290.262] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5aff968 | out: ppvObject=0x5aff968*=0x508aac) returned 0x0 [0290.262] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x5aff994 | out: pThreadType=0x5aff994*=0) returned 0x0 [0290.262] IUnknown:Release (This=0x508aac) returned 0x1 [0290.262] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0290.262] CoUninitialize () [0290.262] RoInitialize () returned 0x1 [0290.262] RoUninitialize () returned 0x0 [0290.263] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x5aff654 | out: UnbiasedTime=0x5aff654) returned 1 [0290.263] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x5aff644 | out: UnbiasedTime=0x5aff644) returned 1 [0290.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x5aff548 | out: lpSystemTimeAsFileTime=0x5aff548*(dwLowDateTime=0x9f0d690e, dwHighDateTime=0x1d7b461)) [0290.264] GetLastInputInfo (in: plii=0x20e1bd0 | out: plii=0x20e1bd0*(cbSize=0x8, dwTime=0x1f1be0e)) returned 1 [0310.306] CoUninitialize () Thread: id = 168 os_tid = 0x8b8 Thread: id = 169 os_tid = 0xcfc [0290.270] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0290.272] CoGetContextToken (in: pToken=0x574f8c4 | out: pToken=0x574f8c4) returned 0x0 [0290.272] IUnknown:QueryInterface (in: This=0x508aa0, riid=0x6ab34564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x574f8e8 | out: ppvObject=0x574f8e8*=0x508aac) returned 0x0 [0290.272] IComThreadingInfo:GetCurrentThreadType (in: This=0x508aac, pThreadType=0x574f914 | out: pThreadType=0x574f914*=0) returned 0x0 [0290.272] IUnknown:Release (This=0x508aac) returned 0x1 [0290.272] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0290.272] CoUninitialize () [0290.272] RoInitialize () returned 0x1 [0290.272] RoUninitialize () returned 0x0 [0310.294] CoUninitialize () Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75fd1000" os_pid = "0x344" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a36c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 555 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 556 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 557 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 558 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 559 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 560 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 561 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 562 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 563 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 564 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 565 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 566 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 567 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 568 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 569 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 570 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 571 start_va = 0x520000 end_va = 0x521fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 572 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 573 start_va = 0x540000 end_va = 0x54ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 574 start_va = 0x550000 end_va = 0x550fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 575 start_va = 0x560000 end_va = 0x577fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 576 start_va = 0x580000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 577 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 578 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 579 start_va = 0x660000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 580 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 581 start_va = 0x6f0000 end_va = 0x6f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 582 start_va = 0x700000 end_va = 0x706fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 583 start_va = 0x710000 end_va = 0x71ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 584 start_va = 0x740000 end_va = 0x74ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 585 start_va = 0x750000 end_va = 0x75ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 586 start_va = 0x760000 end_va = 0x76ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 587 start_va = 0x770000 end_va = 0x77ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 588 start_va = 0x780000 end_va = 0x781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 589 start_va = 0x790000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 590 start_va = 0x7a0000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 591 start_va = 0x7b0000 end_va = 0x7bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 592 start_va = 0x7c0000 end_va = 0x7c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 593 start_va = 0x7d0000 end_va = 0x7d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 594 start_va = 0x7e0000 end_va = 0x7e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 595 start_va = 0x7f0000 end_va = 0x7f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 596 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 597 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 598 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 599 start_va = 0xc20000 end_va = 0x101afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 600 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 601 start_va = 0x10a0000 end_va = 0x10a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 602 start_va = 0x10b0000 end_va = 0x10b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 603 start_va = 0x10c0000 end_va = 0x10c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010c0000" filename = "" Region: id = 604 start_va = 0x10d0000 end_va = 0x10d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 605 start_va = 0x10e0000 end_va = 0x10e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 606 start_va = 0x10f0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 607 start_va = 0x11f0000 end_va = 0x11f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 608 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 609 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 610 start_va = 0x1400000 end_va = 0x1736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 611 start_va = 0x1740000 end_va = 0x17bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 612 start_va = 0x17c0000 end_va = 0x17c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017c0000" filename = "" Region: id = 613 start_va = 0x17d0000 end_va = 0x17d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 614 start_va = 0x17e0000 end_va = 0x17e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 615 start_va = 0x17f0000 end_va = 0x17fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 616 start_va = 0x1800000 end_va = 0x180ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 617 start_va = 0x1810000 end_va = 0x181ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001810000" filename = "" Region: id = 618 start_va = 0x1820000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 619 start_va = 0x1830000 end_va = 0x1830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 620 start_va = 0x1840000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 621 start_va = 0x1940000 end_va = 0x19bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 622 start_va = 0x19c0000 end_va = 0x19c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 623 start_va = 0x19d0000 end_va = 0x19d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 624 start_va = 0x19e0000 end_va = 0x19e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 625 start_va = 0x19f0000 end_va = 0x19f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 626 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 627 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 628 start_va = 0x1c00000 end_va = 0x1cdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 629 start_va = 0x1ce0000 end_va = 0x1ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 630 start_va = 0x1cf0000 end_va = 0x1cf3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 631 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 632 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 633 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 634 start_va = 0x2000000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 635 start_va = 0x2080000 end_va = 0x20c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 636 start_va = 0x20d0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 637 start_va = 0x20f0000 end_va = 0x20f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 638 start_va = 0x2100000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 639 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 640 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 641 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 642 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 643 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 644 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 645 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 646 start_va = 0x2900000 end_va = 0x2944fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 647 start_va = 0x2950000 end_va = 0x29ddfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 648 start_va = 0x29e0000 end_va = 0x2adffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029e0000" filename = "" Region: id = 649 start_va = 0x2ae0000 end_va = 0x2ae1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 650 start_va = 0x2af0000 end_va = 0x2afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 651 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 652 start_va = 0x2c00000 end_va = 0x2c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 653 start_va = 0x2c80000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 654 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 655 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 656 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 657 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 658 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 659 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 660 start_va = 0x3300000 end_va = 0x337ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 661 start_va = 0x3380000 end_va = 0x347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 662 start_va = 0x3480000 end_va = 0x348ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003480000" filename = "" Region: id = 663 start_va = 0x3490000 end_va = 0x349ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003490000" filename = "" Region: id = 664 start_va = 0x34a0000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034a0000" filename = "" Region: id = 665 start_va = 0x34b0000 end_va = 0x34bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034b0000" filename = "" Region: id = 666 start_va = 0x34c0000 end_va = 0x34cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034c0000" filename = "" Region: id = 667 start_va = 0x34d0000 end_va = 0x34dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034d0000" filename = "" Region: id = 668 start_va = 0x34e0000 end_va = 0x34e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 669 start_va = 0x34f0000 end_va = 0x353dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034f0000" filename = "" Region: id = 670 start_va = 0x3540000 end_va = 0x354ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 671 start_va = 0x3550000 end_va = 0x355ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 672 start_va = 0x3560000 end_va = 0x3566fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 673 start_va = 0x3570000 end_va = 0x35effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 674 start_va = 0x35f0000 end_va = 0x366ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 675 start_va = 0x3670000 end_va = 0x376ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 676 start_va = 0x3770000 end_va = 0x37effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 677 start_va = 0x37f0000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037f0000" filename = "" Region: id = 678 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 679 start_va = 0x3900000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 680 start_va = 0x3980000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003980000" filename = "" Region: id = 681 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 682 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 683 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 684 start_va = 0x3c80000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 685 start_va = 0x3d00000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 686 start_va = 0x3d80000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 687 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 688 start_va = 0x3f80000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f80000" filename = "" Region: id = 689 start_va = 0x4080000 end_va = 0x417ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 690 start_va = 0x4180000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 691 start_va = 0x4280000 end_va = 0x437ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004280000" filename = "" Region: id = 692 start_va = 0x4380000 end_va = 0x438ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Region: id = 693 start_va = 0x4390000 end_va = 0x439ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004390000" filename = "" Region: id = 694 start_va = 0x43a0000 end_va = 0x43affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 695 start_va = 0x43b0000 end_va = 0x43b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043b0000" filename = "" Region: id = 696 start_va = 0x43c0000 end_va = 0x43cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 697 start_va = 0x43d0000 end_va = 0x43d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 698 start_va = 0x43e0000 end_va = 0x43effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 699 start_va = 0x43f0000 end_va = 0x43fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 700 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 701 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 702 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 703 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 704 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 705 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 706 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 707 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 708 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 709 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 710 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 711 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 712 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 713 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 714 start_va = 0x5200000 end_va = 0x520ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 715 start_va = 0x5210000 end_va = 0x521ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 716 start_va = 0x5220000 end_va = 0x522ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 717 start_va = 0x5230000 end_va = 0x523ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 718 start_va = 0x5240000 end_va = 0x524ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 719 start_va = 0x5250000 end_va = 0x525ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 720 start_va = 0x5260000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 721 start_va = 0x52e0000 end_va = 0x52effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 722 start_va = 0x52f0000 end_va = 0x52fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 723 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 724 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 725 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 726 start_va = 0x5610000 end_va = 0x5611fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005610000" filename = "" Region: id = 727 start_va = 0x5800000 end_va = 0x580ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 728 start_va = 0x5810000 end_va = 0x581ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 729 start_va = 0x5820000 end_va = 0x582ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 730 start_va = 0x5830000 end_va = 0x583ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 731 start_va = 0x5840000 end_va = 0x584ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 732 start_va = 0x5850000 end_va = 0x585ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 733 start_va = 0x5860000 end_va = 0x586ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 734 start_va = 0x5870000 end_va = 0x587ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 735 start_va = 0x5880000 end_va = 0x588ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 736 start_va = 0x5890000 end_va = 0x589ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 737 start_va = 0x58a0000 end_va = 0x58affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 738 start_va = 0x58b0000 end_va = 0x58bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 739 start_va = 0x58c0000 end_va = 0x58cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 740 start_va = 0x58d0000 end_va = 0x58dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 741 start_va = 0x58e0000 end_va = 0x58effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 742 start_va = 0x58f0000 end_va = 0x58fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 743 start_va = 0x5900000 end_va = 0x590ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 744 start_va = 0x5910000 end_va = 0x591ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 745 start_va = 0x5920000 end_va = 0x592ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 746 start_va = 0x5930000 end_va = 0x593ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 747 start_va = 0x5940000 end_va = 0x594ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 748 start_va = 0x5950000 end_va = 0x595ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 749 start_va = 0x5960000 end_va = 0x596ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 750 start_va = 0x5970000 end_va = 0x597ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 751 start_va = 0x5980000 end_va = 0x598ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 752 start_va = 0x5990000 end_va = 0x599ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 753 start_va = 0x59a0000 end_va = 0x59affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 754 start_va = 0x59b0000 end_va = 0x59bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 755 start_va = 0x59c0000 end_va = 0x59cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 756 start_va = 0x59d0000 end_va = 0x59dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 757 start_va = 0x59e0000 end_va = 0x59effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 758 start_va = 0x59f0000 end_va = 0x59fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 759 start_va = 0x5a00000 end_va = 0x5a0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 760 start_va = 0x5a10000 end_va = 0x5a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 761 start_va = 0x5a20000 end_va = 0x5a2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 762 start_va = 0x5a30000 end_va = 0x5a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 763 start_va = 0x5a40000 end_va = 0x5a46fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 764 start_va = 0x5a50000 end_va = 0x5a50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 765 start_va = 0x5a60000 end_va = 0x5a60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005a60000" filename = "" Region: id = 766 start_va = 0x5a70000 end_va = 0x5a7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 767 start_va = 0x5a80000 end_va = 0x5a8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 768 start_va = 0x5a90000 end_va = 0x5aa0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 769 start_va = 0x5ab0000 end_va = 0x5ac0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 770 start_va = 0x5ad0000 end_va = 0x5ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 771 start_va = 0x5af0000 end_va = 0x5afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 772 start_va = 0x5b00000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 773 start_va = 0x5c00000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 774 start_va = 0x5d00000 end_va = 0x5d0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 775 start_va = 0x5d10000 end_va = 0x5d1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 776 start_va = 0x5d20000 end_va = 0x5d2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 777 start_va = 0x5d30000 end_va = 0x5d3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 778 start_va = 0x5d40000 end_va = 0x5d4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 779 start_va = 0x5d50000 end_va = 0x5d5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 780 start_va = 0x5d60000 end_va = 0x5d6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 781 start_va = 0x5d70000 end_va = 0x5d7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 782 start_va = 0x5d80000 end_va = 0x5d8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 783 start_va = 0x5d90000 end_va = 0x5d9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 784 start_va = 0x5da0000 end_va = 0x5daffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 785 start_va = 0x5db0000 end_va = 0x5dbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 786 start_va = 0x5dc0000 end_va = 0x5dcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 787 start_va = 0x5dd0000 end_va = 0x5ddffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 788 start_va = 0x5de0000 end_va = 0x5deffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 789 start_va = 0x5df0000 end_va = 0x5dfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 790 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 791 start_va = 0x5f00000 end_va = 0x5f10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 792 start_va = 0x5f20000 end_va = 0x5f30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 793 start_va = 0x5f40000 end_va = 0x5f50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 794 start_va = 0x5f60000 end_va = 0x5f70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 795 start_va = 0x5f80000 end_va = 0x5fa7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 796 start_va = 0x5fb0000 end_va = 0x5fbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 797 start_va = 0x5fc0000 end_va = 0x5fc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 798 start_va = 0x5fd0000 end_va = 0x60cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fd0000" filename = "" Region: id = 799 start_va = 0x60d0000 end_va = 0x60e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 800 start_va = 0x60f0000 end_va = 0x60fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 801 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 802 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 803 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 804 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 805 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 806 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 807 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 808 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 809 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 810 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 811 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 812 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 813 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 814 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 815 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 816 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 817 start_va = 0x7100000 end_va = 0x714dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 818 start_va = 0x7150000 end_va = 0x715ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007150000" filename = "" Region: id = 819 start_va = 0x7160000 end_va = 0x716ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007160000" filename = "" Region: id = 820 start_va = 0x7170000 end_va = 0x717ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007170000" filename = "" Region: id = 821 start_va = 0x7180000 end_va = 0x718ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007180000" filename = "" Region: id = 822 start_va = 0x7190000 end_va = 0x719ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007190000" filename = "" Region: id = 823 start_va = 0x71a0000 end_va = 0x71affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000071a0000" filename = "" Region: id = 824 start_va = 0x71b0000 end_va = 0x71bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 825 start_va = 0x71c0000 end_va = 0x71cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 826 start_va = 0x71d0000 end_va = 0x71dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 827 start_va = 0x71e0000 end_va = 0x71effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 828 start_va = 0x71f0000 end_va = 0x71fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 829 start_va = 0x7200000 end_va = 0x7230fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 830 start_va = 0x7240000 end_va = 0x7250fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 831 start_va = 0x7260000 end_va = 0x7290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 832 start_va = 0x72a0000 end_va = 0x72d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 833 start_va = 0x72e0000 end_va = 0x72effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 834 start_va = 0x72f0000 end_va = 0x72fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 835 start_va = 0x7300000 end_va = 0x73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 836 start_va = 0x7400000 end_va = 0x740ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 837 start_va = 0x7410000 end_va = 0x741ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 838 start_va = 0x7420000 end_va = 0x742ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 839 start_va = 0x7430000 end_va = 0x743ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 840 start_va = 0x7440000 end_va = 0x744ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 841 start_va = 0x7450000 end_va = 0x745ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 842 start_va = 0x7460000 end_va = 0x746ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 843 start_va = 0x7470000 end_va = 0x747ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 844 start_va = 0x7480000 end_va = 0x748ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 845 start_va = 0x7490000 end_va = 0x749ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 846 start_va = 0x74a0000 end_va = 0x74affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 847 start_va = 0x74b0000 end_va = 0x74bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 848 start_va = 0x74c0000 end_va = 0x74cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 849 start_va = 0x74d0000 end_va = 0x74dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 850 start_va = 0x74e0000 end_va = 0x74effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 851 start_va = 0x74f0000 end_va = 0x74fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 852 start_va = 0x7500000 end_va = 0x75fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007500000" filename = "" Region: id = 853 start_va = 0x7600000 end_va = 0x760ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 854 start_va = 0x7610000 end_va = 0x761ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 855 start_va = 0x7620000 end_va = 0x762ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 856 start_va = 0x7630000 end_va = 0x763ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 857 start_va = 0x7740000 end_va = 0x774ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 858 start_va = 0x7750000 end_va = 0x775ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 859 start_va = 0x7760000 end_va = 0x776ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 860 start_va = 0x7770000 end_va = 0x777ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 861 start_va = 0x7780000 end_va = 0x778ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 862 start_va = 0x7790000 end_va = 0x779ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 863 start_va = 0x7830000 end_va = 0x792ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007830000" filename = "" Region: id = 864 start_va = 0x7930000 end_va = 0x7a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007930000" filename = "" Region: id = 865 start_va = 0x8230000 end_va = 0x832ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008230000" filename = "" Region: id = 866 start_va = 0x8d30000 end_va = 0x8e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d30000" filename = "" Region: id = 867 start_va = 0x8e30000 end_va = 0x8f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e30000" filename = "" Region: id = 868 start_va = 0x8f30000 end_va = 0x902ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f30000" filename = "" Region: id = 869 start_va = 0x9030000 end_va = 0x912ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009030000" filename = "" Region: id = 870 start_va = 0x9130000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009130000" filename = "" Region: id = 871 start_va = 0x9230000 end_va = 0x932ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009230000" filename = "" Region: id = 872 start_va = 0x9330000 end_va = 0x942ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009330000" filename = "" Region: id = 873 start_va = 0x9430000 end_va = 0x952ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009430000" filename = "" Region: id = 874 start_va = 0x9530000 end_va = 0x962ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009530000" filename = "" Region: id = 875 start_va = 0x9630000 end_va = 0x972ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009630000" filename = "" Region: id = 876 start_va = 0x9730000 end_va = 0xa72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009730000" filename = "" Region: id = 877 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 878 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 879 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 880 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 881 start_va = 0x7ff60e670000 end_va = 0x7ff60e67cfff monitored = 0 entry_point = 0x7ff60e673980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 882 start_va = 0x7ffc41420000 end_va = 0x7ffc416cffff monitored = 0 entry_point = 0x7ffc41421cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 883 start_va = 0x7ffc417e0000 end_va = 0x7ffc417f6fff monitored = 0 entry_point = 0x7ffc417e7520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 884 start_va = 0x7ffc418a0000 end_va = 0x7ffc418e3fff monitored = 0 entry_point = 0x7ffc418c83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 885 start_va = 0x7ffc43080000 end_va = 0x7ffc430befff monitored = 0 entry_point = 0x7ffc430a82d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 886 start_va = 0x7ffc430c0000 end_va = 0x7ffc430d7fff monitored = 0 entry_point = 0x7ffc430cb850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 887 start_va = 0x7ffc430e0000 end_va = 0x7ffc4313cfff monitored = 0 entry_point = 0x7ffc4310e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 888 start_va = 0x7ffc44900000 end_va = 0x7ffc44910fff monitored = 0 entry_point = 0x7ffc449028d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 889 start_va = 0x7ffc44920000 end_va = 0x7ffc44937fff monitored = 0 entry_point = 0x7ffc44921b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 890 start_va = 0x7ffc44940000 end_va = 0x7ffc44971fff monitored = 0 entry_point = 0x7ffc4494b0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 891 start_va = 0x7ffc44ac0000 end_va = 0x7ffc44adcfff monitored = 0 entry_point = 0x7ffc44ac4f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 892 start_va = 0x7ffc45d40000 end_va = 0x7ffc45e4efff monitored = 0 entry_point = 0x7ffc45d7c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 893 start_va = 0x7ffc45ff0000 end_va = 0x7ffc46035fff monitored = 0 entry_point = 0x7ffc45ff79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 894 start_va = 0x7ffc46090000 end_va = 0x7ffc460f6fff monitored = 0 entry_point = 0x7ffc4609b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 895 start_va = 0x7ffc46180000 end_va = 0x7ffc46191fff monitored = 0 entry_point = 0x7ffc46181a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 896 start_va = 0x7ffc462f0000 end_va = 0x7ffc4640cfff monitored = 0 entry_point = 0x7ffc4631fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 897 start_va = 0x7ffc4bc90000 end_va = 0x7ffc4bcc5fff monitored = 0 entry_point = 0x7ffc4bc927f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 898 start_va = 0x7ffc4bd50000 end_va = 0x7ffc4bd63fff monitored = 0 entry_point = 0x7ffc4bd53710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 899 start_va = 0x7ffc4bd70000 end_va = 0x7ffc4bd97fff monitored = 0 entry_point = 0x7ffc4bd7efc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 900 start_va = 0x7ffc4be00000 end_va = 0x7ffc4be1dfff monitored = 0 entry_point = 0x7ffc4be0ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 901 start_va = 0x7ffc4be20000 end_va = 0x7ffc4be35fff monitored = 0 entry_point = 0x7ffc4be21af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 902 start_va = 0x7ffc4be40000 end_va = 0x7ffc4be59fff monitored = 0 entry_point = 0x7ffc4be42330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 903 start_va = 0x7ffc4be60000 end_va = 0x7ffc4be6cfff monitored = 0 entry_point = 0x7ffc4be61420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 904 start_va = 0x7ffc4c120000 end_va = 0x7ffc4c127fff monitored = 0 entry_point = 0x7ffc4c1213b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 905 start_va = 0x7ffc4c140000 end_va = 0x7ffc4c1c3fff monitored = 0 entry_point = 0x7ffc4c158d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 906 start_va = 0x7ffc4c1d0000 end_va = 0x7ffc4c1e5fff monitored = 0 entry_point = 0x7ffc4c1d55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 907 start_va = 0x7ffc4c1f0000 end_va = 0x7ffc4c2c5fff monitored = 0 entry_point = 0x7ffc4c21a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 908 start_va = 0x7ffc4c2d0000 end_va = 0x7ffc4c333fff monitored = 0 entry_point = 0x7ffc4c2ebed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 909 start_va = 0x7ffc4c340000 end_va = 0x7ffc4c364fff monitored = 0 entry_point = 0x7ffc4c349900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 910 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 911 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 912 start_va = 0x7ffc4c490000 end_va = 0x7ffc4c503fff monitored = 0 entry_point = 0x7ffc4c4a5eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 913 start_va = 0x7ffc4c510000 end_va = 0x7ffc4c646fff monitored = 0 entry_point = 0x7ffc4c550480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 914 start_va = 0x7ffc4c650000 end_va = 0x7ffc4c65efff monitored = 0 entry_point = 0x7ffc4c654960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 915 start_va = 0x7ffc4c680000 end_va = 0x7ffc4c8f9fff monitored = 0 entry_point = 0x7ffc4c69a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 916 start_va = 0x7ffc4c9c0000 end_va = 0x7ffc4c9cffff monitored = 0 entry_point = 0x7ffc4c9c1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 917 start_va = 0x7ffc4ca10000 end_va = 0x7ffc4ca22fff monitored = 0 entry_point = 0x7ffc4ca11b10 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 918 start_va = 0x7ffc4ca30000 end_va = 0x7ffc4cab1fff monitored = 0 entry_point = 0x7ffc4ca31790 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 919 start_va = 0x7ffc4cac0000 end_va = 0x7ffc4cb43fff monitored = 0 entry_point = 0x7ffc4cad2830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 920 start_va = 0x7ffc4cb50000 end_va = 0x7ffc4cbb4fff monitored = 0 entry_point = 0x7ffc4cb63170 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 921 start_va = 0x7ffc4cc10000 end_va = 0x7ffc4cc20fff monitored = 0 entry_point = 0x7ffc4cc17480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 922 start_va = 0x7ffc4ccb0000 end_va = 0x7ffc4cee5fff monitored = 0 entry_point = 0x7ffc4cd3a450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 923 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 924 start_va = 0x7ffc4dbd0000 end_va = 0x7ffc4dbedfff monitored = 0 entry_point = 0x7ffc4dbd3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 925 start_va = 0x7ffc4dbf0000 end_va = 0x7ffc4dc71fff monitored = 0 entry_point = 0x7ffc4dbf2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 926 start_va = 0x7ffc4dcd0000 end_va = 0x7ffc4dd0ffff monitored = 0 entry_point = 0x7ffc4dcdcbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 927 start_va = 0x7ffc4dd10000 end_va = 0x7ffc4dd56fff monitored = 0 entry_point = 0x7ffc4dd11d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 928 start_va = 0x7ffc4dd60000 end_va = 0x7ffc4dda1fff monitored = 0 entry_point = 0x7ffc4dd63670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 929 start_va = 0x7ffc4ddd0000 end_va = 0x7ffc4ddf1fff monitored = 0 entry_point = 0x7ffc4dde2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 930 start_va = 0x7ffc4de00000 end_va = 0x7ffc4ded4fff monitored = 0 entry_point = 0x7ffc4de1cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 931 start_va = 0x7ffc4dfc0000 end_va = 0x7ffc4dffffff monitored = 0 entry_point = 0x7ffc4dfd6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 932 start_va = 0x7ffc4e070000 end_va = 0x7ffc4e08efff monitored = 0 entry_point = 0x7ffc4e0737e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 933 start_va = 0x7ffc4e090000 end_va = 0x7ffc4e108fff monitored = 0 entry_point = 0x7ffc4e0976a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 934 start_va = 0x7ffc4e2f0000 end_va = 0x7ffc4e305fff monitored = 0 entry_point = 0x7ffc4e2f1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 935 start_va = 0x7ffc4e310000 end_va = 0x7ffc4e327fff monitored = 0 entry_point = 0x7ffc4e314e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 936 start_va = 0x7ffc4e330000 end_va = 0x7ffc4e354fff monitored = 0 entry_point = 0x7ffc4e335ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 937 start_va = 0x7ffc4e3c0000 end_va = 0x7ffc4e400fff monitored = 0 entry_point = 0x7ffc4e3c3750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 938 start_va = 0x7ffc4e410000 end_va = 0x7ffc4e502fff monitored = 0 entry_point = 0x7ffc4e435d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 939 start_va = 0x7ffc4e510000 end_va = 0x7ffc4e527fff monitored = 0 entry_point = 0x7ffc4e512000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 940 start_va = 0x7ffc4e530000 end_va = 0x7ffc4e6b1fff monitored = 0 entry_point = 0x7ffc4e5482a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 941 start_va = 0x7ffc4e890000 end_va = 0x7ffc4eb88fff monitored = 0 entry_point = 0x7ffc4e957280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 942 start_va = 0x7ffc4eca0000 end_va = 0x7ffc4ed42fff monitored = 0 entry_point = 0x7ffc4eca2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 943 start_va = 0x7ffc4ed50000 end_va = 0x7ffc4eda1fff monitored = 0 entry_point = 0x7ffc4ed55770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 944 start_va = 0x7ffc4edb0000 end_va = 0x7ffc4edddfff monitored = 1 entry_point = 0x7ffc4edb2300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 945 start_va = 0x7ffc4ede0000 end_va = 0x7ffc4ee3dfff monitored = 0 entry_point = 0x7ffc4ede5080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 946 start_va = 0x7ffc4ee40000 end_va = 0x7ffc4ee5ffff monitored = 0 entry_point = 0x7ffc4ee41f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 947 start_va = 0x7ffc4ee60000 end_va = 0x7ffc4ee68fff monitored = 0 entry_point = 0x7ffc4ee618f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 948 start_va = 0x7ffc4ee70000 end_va = 0x7ffc4ee80fff monitored = 0 entry_point = 0x7ffc4ee71d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 949 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 950 start_va = 0x7ffc4ef10000 end_va = 0x7ffc4ef4bfff monitored = 0 entry_point = 0x7ffc4ef16aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 951 start_va = 0x7ffc4f0d0000 end_va = 0x7ffc4f11bfff monitored = 0 entry_point = 0x7ffc4f0e5310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 952 start_va = 0x7ffc4f220000 end_va = 0x7ffc4f22bfff monitored = 0 entry_point = 0x7ffc4f2235c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 953 start_va = 0x7ffc505f0000 end_va = 0x7ffc505f8fff monitored = 0 entry_point = 0x7ffc505f21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 954 start_va = 0x7ffc50660000 end_va = 0x7ffc50694fff monitored = 0 entry_point = 0x7ffc5066a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 955 start_va = 0x7ffc50a50000 end_va = 0x7ffc50d89fff monitored = 0 entry_point = 0x7ffc50a58520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 956 start_va = 0x7ffc51300000 end_va = 0x7ffc51309fff monitored = 0 entry_point = 0x7ffc51301350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 957 start_va = 0x7ffc516a0000 end_va = 0x7ffc516b1fff monitored = 0 entry_point = 0x7ffc516a3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 958 start_va = 0x7ffc538e0000 end_va = 0x7ffc538e9fff monitored = 0 entry_point = 0x7ffc538e14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 959 start_va = 0x7ffc53d70000 end_va = 0x7ffc53d7ffff monitored = 0 entry_point = 0x7ffc53d71700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 960 start_va = 0x7ffc53d80000 end_va = 0x7ffc53d88fff monitored = 0 entry_point = 0x7ffc53d81ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 961 start_va = 0x7ffc53d90000 end_va = 0x7ffc53dbcfff monitored = 0 entry_point = 0x7ffc53d92290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 962 start_va = 0x7ffc53dc0000 end_va = 0x7ffc53e11fff monitored = 0 entry_point = 0x7ffc53dc38e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 963 start_va = 0x7ffc54080000 end_va = 0x7ffc540fffff monitored = 0 entry_point = 0x7ffc540ad280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 964 start_va = 0x7ffc54160000 end_va = 0x7ffc54174fff monitored = 0 entry_point = 0x7ffc54162dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 965 start_va = 0x7ffc541c0000 end_va = 0x7ffc541cdfff monitored = 0 entry_point = 0x7ffc541c1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 966 start_va = 0x7ffc541d0000 end_va = 0x7ffc541eafff monitored = 0 entry_point = 0x7ffc541d1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 967 start_va = 0x7ffc54510000 end_va = 0x7ffc545a9fff monitored = 0 entry_point = 0x7ffc5452ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 968 start_va = 0x7ffc54680000 end_va = 0x7ffc546e6fff monitored = 0 entry_point = 0x7ffc546863e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 969 start_va = 0x7ffc54720000 end_va = 0x7ffc54733fff monitored = 0 entry_point = 0x7ffc54722a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 970 start_va = 0x7ffc54740000 end_va = 0x7ffc54754fff monitored = 0 entry_point = 0x7ffc54743460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 971 start_va = 0x7ffc54830000 end_va = 0x7ffc548effff monitored = 0 entry_point = 0x7ffc5485fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 972 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 973 start_va = 0x7ffc54b40000 end_va = 0x7ffc54b53fff monitored = 0 entry_point = 0x7ffc54b42d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 974 start_va = 0x7ffc54b60000 end_va = 0x7ffc54b6afff monitored = 0 entry_point = 0x7ffc54b61de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 975 start_va = 0x7ffc54ed0000 end_va = 0x7ffc54f62fff monitored = 0 entry_point = 0x7ffc54ed9680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 976 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 977 start_va = 0x7ffc55360000 end_va = 0x7ffc55378fff monitored = 0 entry_point = 0x7ffc55364520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 978 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 979 start_va = 0x7ffc55860000 end_va = 0x7ffc5586afff monitored = 0 entry_point = 0x7ffc55861d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 980 start_va = 0x7ffc55c60000 end_va = 0x7ffc55fe1fff monitored = 0 entry_point = 0x7ffc55cb1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 981 start_va = 0x7ffc570e0000 end_va = 0x7ffc571edfff monitored = 0 entry_point = 0x7ffc5712eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 982 start_va = 0x7ffc574f0000 end_va = 0x7ffc57506fff monitored = 0 entry_point = 0x7ffc574f5630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 983 start_va = 0x7ffc57570000 end_va = 0x7ffc57582fff monitored = 0 entry_point = 0x7ffc575757f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 984 start_va = 0x7ffc57590000 end_va = 0x7ffc57609fff monitored = 0 entry_point = 0x7ffc575b7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 985 start_va = 0x7ffc57620000 end_va = 0x7ffc5764dfff monitored = 0 entry_point = 0x7ffc57627550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 986 start_va = 0x7ffc57650000 end_va = 0x7ffc57665fff monitored = 0 entry_point = 0x7ffc57651b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 987 start_va = 0x7ffc57670000 end_va = 0x7ffc576d3fff monitored = 0 entry_point = 0x7ffc57685ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 988 start_va = 0x7ffc578a0000 end_va = 0x7ffc5794dfff monitored = 0 entry_point = 0x7ffc578b80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 989 start_va = 0x7ffc57950000 end_va = 0x7ffc57961fff monitored = 0 entry_point = 0x7ffc57959260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 990 start_va = 0x7ffc57970000 end_va = 0x7ffc57a20fff monitored = 0 entry_point = 0x7ffc579e88b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 991 start_va = 0x7ffc57a30000 end_va = 0x7ffc57a54fff monitored = 0 entry_point = 0x7ffc57a42f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 992 start_va = 0x7ffc57a60000 end_va = 0x7ffc57a70fff monitored = 0 entry_point = 0x7ffc57a67ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 993 start_va = 0x7ffc57a80000 end_va = 0x7ffc57a99fff monitored = 0 entry_point = 0x7ffc57a82cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 994 start_va = 0x7ffc57aa0000 end_va = 0x7ffc57af4fff monitored = 0 entry_point = 0x7ffc57aa3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 995 start_va = 0x7ffc57b00000 end_va = 0x7ffc57b36fff monitored = 0 entry_point = 0x7ffc57b06020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 996 start_va = 0x7ffc57b40000 end_va = 0x7ffc57b5ffff monitored = 0 entry_point = 0x7ffc57b439a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 997 start_va = 0x7ffc57b60000 end_va = 0x7ffc57ba0fff monitored = 0 entry_point = 0x7ffc57b64840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 998 start_va = 0x7ffc57bb0000 end_va = 0x7ffc57ce5fff monitored = 0 entry_point = 0x7ffc57bdf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 999 start_va = 0x7ffc57cf0000 end_va = 0x7ffc57dd5fff monitored = 0 entry_point = 0x7ffc57d0cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1000 start_va = 0x7ffc57de0000 end_va = 0x7ffc57debfff monitored = 0 entry_point = 0x7ffc57de14d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1001 start_va = 0x7ffc57df0000 end_va = 0x7ffc57dfbfff monitored = 0 entry_point = 0x7ffc57df2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1002 start_va = 0x7ffc57e00000 end_va = 0x7ffc57e3dfff monitored = 0 entry_point = 0x7ffc57e0a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1003 start_va = 0x7ffc57e40000 end_va = 0x7ffc57e66fff monitored = 0 entry_point = 0x7ffc57e43bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1004 start_va = 0x7ffc57e70000 end_va = 0x7ffc57f37fff monitored = 0 entry_point = 0x7ffc57eb13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1005 start_va = 0x7ffc57f40000 end_va = 0x7ffc57fa0fff monitored = 0 entry_point = 0x7ffc57f44b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1006 start_va = 0x7ffc57fb0000 end_va = 0x7ffc5812bfff monitored = 0 entry_point = 0x7ffc58001650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1007 start_va = 0x7ffc58130000 end_va = 0x7ffc5813afff monitored = 0 entry_point = 0x7ffc58131770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1008 start_va = 0x7ffc58140000 end_va = 0x7ffc58194fff monitored = 0 entry_point = 0x7ffc5814fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1009 start_va = 0x7ffc58230000 end_va = 0x7ffc582c1fff monitored = 0 entry_point = 0x7ffc5827a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1010 start_va = 0x7ffc58350000 end_va = 0x7ffc5835cfff monitored = 0 entry_point = 0x7ffc58352ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1011 start_va = 0x7ffc58360000 end_va = 0x7ffc58388fff monitored = 0 entry_point = 0x7ffc5836ca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1012 start_va = 0x7ffc58b50000 end_va = 0x7ffc58b7efff monitored = 0 entry_point = 0x7ffc58b58910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1013 start_va = 0x7ffc58b80000 end_va = 0x7ffc58b8ffff monitored = 0 entry_point = 0x7ffc58b82c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1014 start_va = 0x7ffc58c20000 end_va = 0x7ffc58c55fff monitored = 0 entry_point = 0x7ffc58c30070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1015 start_va = 0x7ffc58c80000 end_va = 0x7ffc58c9efff monitored = 0 entry_point = 0x7ffc58c84960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1016 start_va = 0x7ffc58cd0000 end_va = 0x7ffc58d3dfff monitored = 0 entry_point = 0x7ffc58cd7f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1017 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1018 start_va = 0x7ffc58d60000 end_va = 0x7ffc58da0fff monitored = 0 entry_point = 0x7ffc58d77eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1019 start_va = 0x7ffc58db0000 end_va = 0x7ffc58eabfff monitored = 0 entry_point = 0x7ffc58de6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1020 start_va = 0x7ffc58eb0000 end_va = 0x7ffc58f6efff monitored = 0 entry_point = 0x7ffc58ed1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1021 start_va = 0x7ffc58fc0000 end_va = 0x7ffc58fc9fff monitored = 0 entry_point = 0x7ffc58fc1660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1022 start_va = 0x7ffc58fd0000 end_va = 0x7ffc58fe7fff monitored = 0 entry_point = 0x7ffc58fd5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1023 start_va = 0x7ffc58ff0000 end_va = 0x7ffc5913cfff monitored = 0 entry_point = 0x7ffc59033da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1024 start_va = 0x7ffc59500000 end_va = 0x7ffc59992fff monitored = 0 entry_point = 0x7ffc5950f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1025 start_va = 0x7ffc599a0000 end_va = 0x7ffc59a06fff monitored = 0 entry_point = 0x7ffc599be710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1026 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1027 start_va = 0x7ffc5a2e0000 end_va = 0x7ffc5a358fff monitored = 0 entry_point = 0x7ffc5a2ffb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1028 start_va = 0x7ffc5a360000 end_va = 0x7ffc5a367fff monitored = 0 entry_point = 0x7ffc5a3613e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1029 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1030 start_va = 0x7ffc5a530000 end_va = 0x7ffc5a54bfff monitored = 0 entry_point = 0x7ffc5a5337a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1031 start_va = 0x7ffc5a6e0000 end_va = 0x7ffc5a71ffff monitored = 0 entry_point = 0x7ffc5a6f1960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1032 start_va = 0x7ffc5a7b0000 end_va = 0x7ffc5a845fff monitored = 0 entry_point = 0x7ffc5a7d5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1033 start_va = 0x7ffc5a850000 end_va = 0x7ffc5a876fff monitored = 0 entry_point = 0x7ffc5a857940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1034 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1035 start_va = 0x7ffc5a950000 end_va = 0x7ffc5aa4ffff monitored = 0 entry_point = 0x7ffc5a990f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1036 start_va = 0x7ffc5aae0000 end_va = 0x7ffc5aaebfff monitored = 0 entry_point = 0x7ffc5aae2480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1037 start_va = 0x7ffc5abb0000 end_va = 0x7ffc5abe1fff monitored = 0 entry_point = 0x7ffc5abc2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1038 start_va = 0x7ffc5ae20000 end_va = 0x7ffc5ae2bfff monitored = 0 entry_point = 0x7ffc5ae22790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1039 start_va = 0x7ffc5ae30000 end_va = 0x7ffc5ae53fff monitored = 0 entry_point = 0x7ffc5ae33260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1040 start_va = 0x7ffc5afd0000 end_va = 0x7ffc5b0c3fff monitored = 0 entry_point = 0x7ffc5afda960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1041 start_va = 0x7ffc5b120000 end_va = 0x7ffc5b168fff monitored = 0 entry_point = 0x7ffc5b12a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1042 start_va = 0x7ffc5b240000 end_va = 0x7ffc5b24bfff monitored = 0 entry_point = 0x7ffc5b2427e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1043 start_va = 0x7ffc5b320000 end_va = 0x7ffc5b350fff monitored = 0 entry_point = 0x7ffc5b327d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1044 start_va = 0x7ffc5b380000 end_va = 0x7ffc5b3f9fff monitored = 0 entry_point = 0x7ffc5b3a1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1045 start_va = 0x7ffc5b440000 end_va = 0x7ffc5b473fff monitored = 0 entry_point = 0x7ffc5b45ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1046 start_va = 0x7ffc5b480000 end_va = 0x7ffc5b489fff monitored = 0 entry_point = 0x7ffc5b481830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1047 start_va = 0x7ffc5b590000 end_va = 0x7ffc5b5aefff monitored = 0 entry_point = 0x7ffc5b595d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1048 start_va = 0x7ffc5b700000 end_va = 0x7ffc5b75bfff monitored = 0 entry_point = 0x7ffc5b716f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1049 start_va = 0x7ffc5b7b0000 end_va = 0x7ffc5b7c6fff monitored = 0 entry_point = 0x7ffc5b7b79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1050 start_va = 0x7ffc5b8d0000 end_va = 0x7ffc5b8dafff monitored = 0 entry_point = 0x7ffc5b8d19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1051 start_va = 0x7ffc5b910000 end_va = 0x7ffc5b930fff monitored = 0 entry_point = 0x7ffc5b920250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1052 start_va = 0x7ffc5b960000 end_va = 0x7ffc5b999fff monitored = 0 entry_point = 0x7ffc5b968d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1053 start_va = 0x7ffc5b9a0000 end_va = 0x7ffc5b9c6fff monitored = 0 entry_point = 0x7ffc5b9b0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1054 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1055 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1056 start_va = 0x7ffc5bca0000 end_va = 0x7ffc5bcb8fff monitored = 0 entry_point = 0x7ffc5bca5e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1057 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1058 start_va = 0x7ffc5bcf0000 end_va = 0x7ffc5bd88fff monitored = 0 entry_point = 0x7ffc5bd1f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1059 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1060 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1061 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1062 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1063 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1064 start_va = 0x7ffc5bf10000 end_va = 0x7ffc5bf95fff monitored = 0 entry_point = 0x7ffc5bf1d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1065 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1066 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1067 start_va = 0x7ffc5c360000 end_va = 0x7ffc5c3b4fff monitored = 0 entry_point = 0x7ffc5c377970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1068 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1069 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1070 start_va = 0x7ffc5cb30000 end_va = 0x7ffc5cb46fff monitored = 0 entry_point = 0x7ffc5cb31390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1071 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1072 start_va = 0x7ffc5cc10000 end_va = 0x7ffc5cc6bfff monitored = 0 entry_point = 0x7ffc5cc2b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1073 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1074 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1075 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1076 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1077 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1078 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1079 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1080 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1081 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1082 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1083 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1084 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1085 start_va = 0x7ffc5ee90000 end_va = 0x7ffc5f2b8fff monitored = 0 entry_point = 0x7ffc5eeb8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1086 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1087 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1088 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1089 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1122 start_va = 0x8930000 end_va = 0x8a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008930000" filename = "" Region: id = 1123 start_va = 0x8a30000 end_va = 0x8b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a30000" filename = "" Region: id = 1124 start_va = 0x8b30000 end_va = 0x8c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b30000" filename = "" Region: id = 1125 start_va = 0x8c30000 end_va = 0x8d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c30000" filename = "" Region: id = 1243 start_va = 0x720000 end_va = 0x724fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1310 start_va = 0x720000 end_va = 0x721fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1311 start_va = 0x740000 end_va = 0x741fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 1405 start_va = 0x17f0000 end_va = 0x183efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017f0000" filename = "" Region: id = 1414 start_va = 0x9730000 end_va = 0x982ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009730000" filename = "" Region: id = 1420 start_va = 0x9830000 end_va = 0x992ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009830000" filename = "" Region: id = 1869 start_va = 0x9930000 end_va = 0x9a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009930000" filename = "" Region: id = 1870 start_va = 0x9a30000 end_va = 0x9b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a30000" filename = "" Region: id = 1960 start_va = 0x9b30000 end_va = 0x9c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b30000" filename = "" Region: id = 1961 start_va = 0x9c30000 end_va = 0x9d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c30000" filename = "" Region: id = 1971 start_va = 0x9d30000 end_va = 0x9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009d30000" filename = "" Thread: id = 14 os_tid = 0xa44 Thread: id = 15 os_tid = 0x1360 Thread: id = 16 os_tid = 0x12c4 Thread: id = 17 os_tid = 0x12bc Thread: id = 18 os_tid = 0x4a8 Thread: id = 19 os_tid = 0x12b8 Thread: id = 20 os_tid = 0x12b4 Thread: id = 21 os_tid = 0x12ac Thread: id = 22 os_tid = 0x1274 Thread: id = 23 os_tid = 0x1260 Thread: id = 24 os_tid = 0x124c Thread: id = 25 os_tid = 0x11a4 Thread: id = 26 os_tid = 0x11a0 Thread: id = 27 os_tid = 0x330 Thread: id = 28 os_tid = 0x378 Thread: id = 29 os_tid = 0x268 Thread: id = 30 os_tid = 0x38c Thread: id = 31 os_tid = 0xe30 Thread: id = 32 os_tid = 0x254 Thread: id = 33 os_tid = 0x2ec Thread: id = 34 os_tid = 0x4b8 Thread: id = 35 os_tid = 0xe38 Thread: id = 36 os_tid = 0xec Thread: id = 37 os_tid = 0xd00 Thread: id = 38 os_tid = 0xed0 Thread: id = 39 os_tid = 0xcc0 Thread: id = 40 os_tid = 0xc9c Thread: id = 41 os_tid = 0xc90 Thread: id = 42 os_tid = 0xca0 Thread: id = 43 os_tid = 0xc94 Thread: id = 44 os_tid = 0xab8 Thread: id = 45 os_tid = 0xc44 Thread: id = 46 os_tid = 0xc28 Thread: id = 47 os_tid = 0xc04 Thread: id = 48 os_tid = 0x938 Thread: id = 49 os_tid = 0xb98 Thread: id = 50 os_tid = 0xa0c Thread: id = 51 os_tid = 0xfc4 Thread: id = 52 os_tid = 0xfc0 Thread: id = 53 os_tid = 0xfb8 Thread: id = 54 os_tid = 0xfac Thread: id = 55 os_tid = 0xf9c Thread: id = 56 os_tid = 0xf70 Thread: id = 57 os_tid = 0xc64 Thread: id = 58 os_tid = 0xb4c Thread: id = 59 os_tid = 0x9fc Thread: id = 60 os_tid = 0x9f8 Thread: id = 61 os_tid = 0x9d8 Thread: id = 62 os_tid = 0x9b4 Thread: id = 63 os_tid = 0x9ac Thread: id = 64 os_tid = 0x9a4 Thread: id = 65 os_tid = 0x950 Thread: id = 66 os_tid = 0x94c Thread: id = 67 os_tid = 0x948 Thread: id = 68 os_tid = 0x93c Thread: id = 69 os_tid = 0x928 Thread: id = 70 os_tid = 0x8f8 Thread: id = 71 os_tid = 0x8f4 Thread: id = 72 os_tid = 0x8c4 Thread: id = 73 os_tid = 0x8b0 Thread: id = 74 os_tid = 0x894 Thread: id = 75 os_tid = 0x888 Thread: id = 76 os_tid = 0x86c Thread: id = 77 os_tid = 0x840 Thread: id = 78 os_tid = 0x4f4 Thread: id = 79 os_tid = 0x464 Thread: id = 80 os_tid = 0x4d0 Thread: id = 81 os_tid = 0x420 Thread: id = 82 os_tid = 0x7c0 Thread: id = 83 os_tid = 0x608 Thread: id = 84 os_tid = 0x4f8 Thread: id = 85 os_tid = 0x49c Thread: id = 86 os_tid = 0x2ac Thread: id = 87 os_tid = 0x1b4 Thread: id = 88 os_tid = 0x1b8 Thread: id = 89 os_tid = 0x1cc Thread: id = 90 os_tid = 0x16c Thread: id = 91 os_tid = 0x190 Thread: id = 92 os_tid = 0x3fc Thread: id = 93 os_tid = 0x3f4 Thread: id = 94 os_tid = 0x3e8 Thread: id = 95 os_tid = 0x3e4 Thread: id = 96 os_tid = 0x3d0 Thread: id = 97 os_tid = 0x3cc Thread: id = 98 os_tid = 0x348 Thread: id = 115 os_tid = 0x844 Thread: id = 116 os_tid = 0x80c Thread: id = 117 os_tid = 0x818 Thread: id = 118 os_tid = 0x5ec Thread: id = 123 os_tid = 0x5f8 Thread: id = 127 os_tid = 0x838 Thread: id = 155 os_tid = 0x1220 Thread: id = 156 os_tid = 0xc7c Thread: id = 158 os_tid = 0x1248 Thread: id = 159 os_tid = 0x748 Thread: id = 163 os_tid = 0xfc8 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5f81c000" os_pid = "0xcf8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a36c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1340 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1341 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1342 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1343 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1344 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1345 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1346 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1347 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1348 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1349 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1350 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1351 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1352 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1353 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1354 start_va = 0x490000 end_va = 0x494fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1355 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1356 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1357 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1358 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1359 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1360 start_va = 0x670000 end_va = 0x9a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1361 start_va = 0x9b0000 end_va = 0xb37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 1362 start_va = 0xb40000 end_va = 0xcc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 1363 start_va = 0xcd0000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 1364 start_va = 0xd90000 end_va = 0xe0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 1365 start_va = 0xe10000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 1366 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1367 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1368 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1369 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1370 start_va = 0x1110000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 1371 start_va = 0x1190000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 1372 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1373 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1374 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1375 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1376 start_va = 0x7ff681dc0000 end_va = 0x7ff681e3ffff monitored = 0 entry_point = 0x7ff681dd5f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1377 start_va = 0x7ffc41800000 end_va = 0x7ffc4184cfff monitored = 0 entry_point = 0x7ffc4180b470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1378 start_va = 0x7ffc41850000 end_va = 0x7ffc41874fff monitored = 0 entry_point = 0x7ffc41865dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 1379 start_va = 0x7ffc431d0000 end_va = 0x7ffc4320cfff monitored = 0 entry_point = 0x7ffc431db760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1380 start_va = 0x7ffc4c1d0000 end_va = 0x7ffc4c1e5fff monitored = 0 entry_point = 0x7ffc4c1d55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1381 start_va = 0x7ffc4c340000 end_va = 0x7ffc4c364fff monitored = 0 entry_point = 0x7ffc4c349900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1382 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1383 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1384 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1385 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1386 start_va = 0x7ffc57670000 end_va = 0x7ffc576d3fff monitored = 0 entry_point = 0x7ffc57685ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1387 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1388 start_va = 0x7ffc5b320000 end_va = 0x7ffc5b350fff monitored = 0 entry_point = 0x7ffc5b327d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1389 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1390 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1391 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1392 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1393 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1394 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1395 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1396 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1397 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1398 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1399 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1400 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1401 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1402 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1403 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1404 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 99 os_tid = 0x7e0 Thread: id = 100 os_tid = 0x368 Thread: id = 101 os_tid = 0x4bc Thread: id = 102 os_tid = 0xc8c Thread: id = 103 os_tid = 0x7a4 Thread: id = 104 os_tid = 0x638 Thread: id = 105 os_tid = 0x1d0 Thread: id = 106 os_tid = 0x6f4 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x1a212000" os_pid = "0xd78" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00033fa1" [0xc000000f] Region: id = 1126 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1127 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1128 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1129 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1130 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1131 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1132 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1133 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1134 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1135 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1136 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1137 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1138 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1139 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1140 start_va = 0x490000 end_va = 0x494fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1141 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1142 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1143 start_va = 0x4c0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1144 start_va = 0x5c0000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1145 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 1146 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1147 start_va = 0x6a0000 end_va = 0x9d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1148 start_va = 0x9e0000 end_va = 0xb67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1149 start_va = 0xb70000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 1150 start_va = 0xd80000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1151 start_va = 0xe80000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 1152 start_va = 0xf80000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1153 start_va = 0x1000000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1154 start_va = 0x1080000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1155 start_va = 0x1180000 end_va = 0x1182fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1156 start_va = 0x1190000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 1157 start_va = 0x1210000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 1158 start_va = 0x1310000 end_va = 0x138ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1159 start_va = 0x1390000 end_va = 0x140ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1160 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1161 start_va = 0x180000000 end_va = 0x180002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1162 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1163 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1164 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1165 start_va = 0x7ff681dc0000 end_va = 0x7ff681e3ffff monitored = 0 entry_point = 0x7ff681dd5f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1166 start_va = 0x7ffc41880000 end_va = 0x7ffc41893fff monitored = 0 entry_point = 0x7ffc41881310 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1167 start_va = 0x7ffc45230000 end_va = 0x7ffc4527dfff monitored = 0 entry_point = 0x7ffc45241ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1168 start_va = 0x7ffc45280000 end_va = 0x7ffc4544efff monitored = 0 entry_point = 0x7ffc452a7df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1169 start_va = 0x7ffc4a290000 end_va = 0x7ffc4a29afff monitored = 0 entry_point = 0x7ffc4a2912b0 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1170 start_va = 0x7ffc4c130000 end_va = 0x7ffc4c13dfff monitored = 0 entry_point = 0x7ffc4c131da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1171 start_va = 0x7ffc4c1d0000 end_va = 0x7ffc4c1e5fff monitored = 0 entry_point = 0x7ffc4c1d55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1172 start_va = 0x7ffc4c340000 end_va = 0x7ffc4c364fff monitored = 0 entry_point = 0x7ffc4c349900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1173 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1174 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1175 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1176 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1177 start_va = 0x7ffc4f220000 end_va = 0x7ffc4f22bfff monitored = 0 entry_point = 0x7ffc4f2235c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1178 start_va = 0x7ffc516a0000 end_va = 0x7ffc516b1fff monitored = 0 entry_point = 0x7ffc516a3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1179 start_va = 0x7ffc516c0000 end_va = 0x7ffc516e5fff monitored = 0 entry_point = 0x7ffc516c1cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1180 start_va = 0x7ffc55360000 end_va = 0x7ffc55378fff monitored = 0 entry_point = 0x7ffc55364520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1181 start_va = 0x7ffc57650000 end_va = 0x7ffc57665fff monitored = 0 entry_point = 0x7ffc57651b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1182 start_va = 0x7ffc57e00000 end_va = 0x7ffc57e3dfff monitored = 0 entry_point = 0x7ffc57e0a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1183 start_va = 0x7ffc58fc0000 end_va = 0x7ffc58fc9fff monitored = 0 entry_point = 0x7ffc58fc1660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1184 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1185 start_va = 0x7ffc5a850000 end_va = 0x7ffc5a876fff monitored = 0 entry_point = 0x7ffc5a857940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1186 start_va = 0x7ffc5b240000 end_va = 0x7ffc5b24bfff monitored = 0 entry_point = 0x7ffc5b2427e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1187 start_va = 0x7ffc5b380000 end_va = 0x7ffc5b3f9fff monitored = 0 entry_point = 0x7ffc5b3a1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1188 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1189 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1190 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1191 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1192 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1193 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1194 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1195 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1196 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1197 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1198 start_va = 0x7ffc5cb30000 end_va = 0x7ffc5cb46fff monitored = 0 entry_point = 0x7ffc5cb31390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1199 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1200 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1201 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1202 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1203 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1204 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1205 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1206 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1207 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1208 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1209 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1210 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1245 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1246 start_va = 0x1410000 end_va = 0x150ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 1247 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1248 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1249 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1250 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1251 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1252 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1253 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1254 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1255 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1256 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1257 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1258 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1259 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1260 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1261 start_va = 0x15d0000 end_va = 0x19cafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015d0000" filename = "" Region: id = 1262 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1263 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1264 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1265 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1266 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1267 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1268 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1269 start_va = 0x19d0000 end_va = 0x1ab3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1270 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1271 start_va = 0x19d0000 end_va = 0x1ab3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1272 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1273 start_va = 0x1510000 end_va = 0x15a2fff monitored = 0 entry_point = 0x1589000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1274 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1275 start_va = 0x1510000 end_va = 0x15a2fff monitored = 0 entry_point = 0x1589000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1276 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1277 start_va = 0x1510000 end_va = 0x15b0fff monitored = 0 entry_point = 0x15a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1278 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1279 start_va = 0x1510000 end_va = 0x15b0fff monitored = 0 entry_point = 0x15a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1280 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1281 start_va = 0x1510000 end_va = 0x1595fff monitored = 0 entry_point = 0x1581000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1282 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1283 start_va = 0x1510000 end_va = 0x1595fff monitored = 0 entry_point = 0x1581000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1284 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1285 start_va = 0x1510000 end_va = 0x1595fff monitored = 0 entry_point = 0x1581000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1286 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1287 start_va = 0x1510000 end_va = 0x1595fff monitored = 0 entry_point = 0x1581000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1288 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1289 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1290 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1291 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1292 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1293 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1294 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1295 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1296 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1297 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1298 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1299 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1300 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1301 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1302 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1303 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1304 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1305 start_va = 0x19d0000 end_va = 0x1adefff monitored = 0 entry_point = 0x1a0c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1306 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1307 start_va = 0x19d0000 end_va = 0x1adefff monitored = 0 entry_point = 0x1a0c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1308 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1309 start_va = 0x19d0000 end_va = 0x1c26fff monitored = 0 entry_point = 0x1bdce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1312 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1313 start_va = 0x19d0000 end_va = 0x1c26fff monitored = 0 entry_point = 0x1bdce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1314 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1315 start_va = 0x19d0000 end_va = 0x1ae0fff monitored = 0 entry_point = 0x1ac1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1320 start_va = 0x19d0000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 1321 start_va = 0x7ffc54a00000 end_va = 0x7ffc54a0dfff monitored = 0 entry_point = 0x7ffc54a02b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 1325 start_va = 0x410000 end_va = 0x412fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1326 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1327 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1328 start_va = 0x1510000 end_va = 0x158ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 1329 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1330 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1331 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1970 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Thread: id = 107 os_tid = 0x12ec Thread: id = 108 os_tid = 0x12a4 Thread: id = 109 os_tid = 0xfbc Thread: id = 110 os_tid = 0xf8c Thread: id = 111 os_tid = 0xd94 Thread: id = 112 os_tid = 0xd90 Thread: id = 113 os_tid = 0xd88 Thread: id = 114 os_tid = 0xd7c Thread: id = 119 os_tid = 0xb78 Thread: id = 160 os_tid = 0x1264 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x757f8000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bf3c" [0xc000000f], "LOCAL" [0x7] Region: id = 1425 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1426 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1427 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1428 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1429 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1430 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1431 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1432 start_va = 0x100000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1433 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1434 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1435 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1436 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1437 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1438 start_va = 0x1e0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1439 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1440 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1441 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1442 start_va = 0x5c0000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1443 start_va = 0x680000 end_va = 0x6e3fff monitored = 0 entry_point = 0x695ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1444 start_va = 0x6f0000 end_va = 0x6f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1445 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1446 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 1447 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 1448 start_va = 0xb20000 end_va = 0xf1afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 1449 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 1450 start_va = 0xfa0000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1451 start_va = 0x1020000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1452 start_va = 0x1040000 end_va = 0x1040fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 1453 start_va = 0x1050000 end_va = 0x1050fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001050000" filename = "" Region: id = 1454 start_va = 0x1060000 end_va = 0x1066fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1455 start_va = 0x1070000 end_va = 0x10effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1456 start_va = 0x10f0000 end_va = 0x10f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 1457 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1458 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1459 start_va = 0x1300000 end_va = 0x1300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1460 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 1461 start_va = 0x1480000 end_va = 0x1480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 1462 start_va = 0x1490000 end_va = 0x1490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001490000" filename = "" Region: id = 1463 start_va = 0x14a0000 end_va = 0x14a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014a0000" filename = "" Region: id = 1464 start_va = 0x14f0000 end_va = 0x14f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 1465 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1466 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1467 start_va = 0x1700000 end_va = 0x177ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1468 start_va = 0x1780000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001780000" filename = "" Region: id = 1469 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1470 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1471 start_va = 0x1a00000 end_va = 0x1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1472 start_va = 0x1a90000 end_va = 0x1b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a90000" filename = "" Region: id = 1473 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 1474 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 1475 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 1476 start_va = 0x2000000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 1477 start_va = 0x2080000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1478 start_va = 0x2200000 end_va = 0x22dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1479 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1480 start_va = 0x2400000 end_va = 0x2736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1481 start_va = 0x2740000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002740000" filename = "" Region: id = 1482 start_va = 0x2840000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1483 start_va = 0x2940000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 1484 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1485 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 1486 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 1487 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 1488 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 1489 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1490 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 1491 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1492 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 1493 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 1494 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 1495 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 1496 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 1497 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1498 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1499 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1500 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1501 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1502 start_va = 0x7ff60e670000 end_va = 0x7ff60e67cfff monitored = 0 entry_point = 0x7ff60e673980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1503 start_va = 0x7ffc450c0000 end_va = 0x7ffc450f2fff monitored = 0 entry_point = 0x7ffc450cae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 1504 start_va = 0x7ffc45b70000 end_va = 0x7ffc45d27fff monitored = 0 entry_point = 0x7ffc45b75550 region_type = mapped_file name = "wmalfxgfxdsp.dll" filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll") Region: id = 1505 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1506 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1507 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1508 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1509 start_va = 0x7ffc53440000 end_va = 0x7ffc5346afff monitored = 0 entry_point = 0x7ffc5344c3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 1510 start_va = 0x7ffc53470000 end_va = 0x7ffc5357cfff monitored = 0 entry_point = 0x7ffc5349f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 1511 start_va = 0x7ffc54990000 end_va = 0x7ffc5499dfff monitored = 0 entry_point = 0x7ffc54992e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 1512 start_va = 0x7ffc549a0000 end_va = 0x7ffc549d7fff monitored = 0 entry_point = 0x7ffc549a68f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 1513 start_va = 0x7ffc54a10000 end_va = 0x7ffc54aa8fff monitored = 0 entry_point = 0x7ffc54a2a090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 1514 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1515 start_va = 0x7ffc54ff0000 end_va = 0x7ffc55077fff monitored = 0 entry_point = 0x7ffc55004510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1516 start_va = 0x7ffc55080000 end_va = 0x7ffc5518afff monitored = 0 entry_point = 0x7ffc550c2610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 1517 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1518 start_va = 0x7ffc552a0000 end_va = 0x7ffc5530ffff monitored = 0 entry_point = 0x7ffc552c2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1519 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1520 start_va = 0x7ffc55860000 end_va = 0x7ffc5586afff monitored = 0 entry_point = 0x7ffc55861d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1521 start_va = 0x7ffc55870000 end_va = 0x7ffc558b7fff monitored = 0 entry_point = 0x7ffc5587a1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1522 start_va = 0x7ffc57510000 end_va = 0x7ffc5756cfff monitored = 0 entry_point = 0x7ffc57522bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1523 start_va = 0x7ffc576e0000 end_va = 0x7ffc57890fff monitored = 0 entry_point = 0x7ffc57733690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1524 start_va = 0x7ffc57bb0000 end_va = 0x7ffc57ce5fff monitored = 0 entry_point = 0x7ffc57bdf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1525 start_va = 0x7ffc57e70000 end_va = 0x7ffc57f37fff monitored = 0 entry_point = 0x7ffc57eb13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1526 start_va = 0x7ffc581a0000 end_va = 0x7ffc581e9fff monitored = 0 entry_point = 0x7ffc581aac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 1527 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1528 start_va = 0x7ffc58fa0000 end_va = 0x7ffc58fa8fff monitored = 0 entry_point = 0x7ffc58fa19a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 1529 start_va = 0x7ffc58fb0000 end_va = 0x7ffc58fbafff monitored = 0 entry_point = 0x7ffc58fb1cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1530 start_va = 0x7ffc58fd0000 end_va = 0x7ffc58fe7fff monitored = 0 entry_point = 0x7ffc58fd5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1531 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1532 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1533 start_va = 0x7ffc5a850000 end_va = 0x7ffc5a876fff monitored = 0 entry_point = 0x7ffc5a857940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1534 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1535 start_va = 0x7ffc5abb0000 end_va = 0x7ffc5abe1fff monitored = 0 entry_point = 0x7ffc5abc2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1536 start_va = 0x7ffc5ae30000 end_va = 0x7ffc5ae53fff monitored = 0 entry_point = 0x7ffc5ae33260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1537 start_va = 0x7ffc5afd0000 end_va = 0x7ffc5b0c3fff monitored = 0 entry_point = 0x7ffc5afda960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1538 start_va = 0x7ffc5b240000 end_va = 0x7ffc5b24bfff monitored = 0 entry_point = 0x7ffc5b2427e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1539 start_va = 0x7ffc5b320000 end_va = 0x7ffc5b350fff monitored = 0 entry_point = 0x7ffc5b327d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1540 start_va = 0x7ffc5b590000 end_va = 0x7ffc5b5aefff monitored = 0 entry_point = 0x7ffc5b595d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1541 start_va = 0x7ffc5b700000 end_va = 0x7ffc5b75bfff monitored = 0 entry_point = 0x7ffc5b716f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1542 start_va = 0x7ffc5b8d0000 end_va = 0x7ffc5b8dafff monitored = 0 entry_point = 0x7ffc5b8d19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1543 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1544 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1545 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1546 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1547 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1548 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1549 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1550 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1551 start_va = 0x7ffc5bf10000 end_va = 0x7ffc5bf95fff monitored = 0 entry_point = 0x7ffc5bf1d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1552 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1553 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1554 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1555 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1556 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1557 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1558 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1559 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1560 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1561 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1562 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1563 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1564 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1565 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1566 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1567 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1568 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1962 start_va = 0x1310000 end_va = 0x13e9fff monitored = 0 entry_point = 0x1343c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 1995 start_va = 0x1310000 end_va = 0x1334fff monitored = 0 entry_point = 0x131b320 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Thread: id = 131 os_tid = 0xa28 Thread: id = 132 os_tid = 0x698 Thread: id = 133 os_tid = 0xd20 Thread: id = 134 os_tid = 0xe84 Thread: id = 135 os_tid = 0x13c8 Thread: id = 136 os_tid = 0x119c Thread: id = 137 os_tid = 0xf0 Thread: id = 138 os_tid = 0x4a0 Thread: id = 139 os_tid = 0x970 Thread: id = 140 os_tid = 0xff8 Thread: id = 141 os_tid = 0xfd8 Thread: id = 142 os_tid = 0x47c Thread: id = 143 os_tid = 0x470 Thread: id = 144 os_tid = 0x468 Thread: id = 145 os_tid = 0x440 Thread: id = 146 os_tid = 0x43c Thread: id = 147 os_tid = 0x158 Thread: id = 148 os_tid = 0x2f0 Thread: id = 149 os_tid = 0x2cc Thread: id = 150 os_tid = 0x168 Thread: id = 151 os_tid = 0x2d0 Thread: id = 152 os_tid = 0x264 Thread: id = 153 os_tid = 0x210 Thread: id = 154 os_tid = 0x374